This is cut/pasted from today's @RISK email from sans.org:
Title: Adobe Releases Emergency to Patch Zero Day Under Active Exploitation in the Wild Description: Adobe released an out-of-band patch to address CVE-2015-3113, a Flash Player zero-day vulnerability that is actively being used by an APT group. The exploit has been ongoing since early this month via phishing emails and affects Windows, Mac, and Linux users. CVE-2015-3113 is a vulnerability in the way Flash parses Flash Video Files (FLV). The exploit bypasses memory-based protection such as ASLR and uses return-oriented programming (ROP) to bypass data execution prevention (DEP). Reference: https://helpx.adobe.com/security/products/flash-player/apsb15-14.html I see that the gentoo devs have already added the latest version to my ~amd64 machine (thanks, team) but what about all the people who are running stable gentoo?
