On Fri, Jan 23, 2015 at 4:29 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > On 01/23/2015 10:25 AM, poma wrote: >> On 23.01.2015 15:12, Kevin Fenzi wrote: >>> On Fri, 23 Jan 2015 12:44:23 +0100 >>> poma <pomidorabelisima@xxxxxxxxx> wrote: >>> >>>> On 23.01.2015 10:51, Martin Stransky wrote: >>>>> Folk, >>>>> >>>>> There's a live 0-day flash vulnerability which is not fixed yet >>>>> [1][2]. If you use flash plugin I recommend you to enable the >>>>> click-to-play mode for it. >>>> Are we covered with >>>> $ rpm -q flash-plugin >>>> flash-plugin-11.2.202.438-release.x86_64 >>>> ? >>>> >>>> Ref. >>>> http://helpx.adobe.com/security.html >>> No. >>> >>> http://helpx.adobe.com/security/products/flash-player/apsa15-01.html >>> >>> kevin >>> >>> >>> >> Thanks for reference. >> >> Until this is resolved, is this a valid way: >> $ sandbox -X -T tmp -t sandbox_web_t firefox >> to cover this security issue, or can we isolate only libflashplayer.so, >> not the entire browser. >> >> Daniel, can you comment. >> >> > libflashplayer.so runs within the Mozilla-plugin I believe. If so it > would be confined > if you have not turned on the unconfined_mozilla_plugin_transition boolean. > # getsebool unconfined_mozilla_plugin_transition unconfined_mozilla_plugin_transition --> on I can't recall ever turning that on ... what is it set to by default? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
