Flash plugin of debian vulnerable?
The simpliest method I've found : re-run the installer which downloads automaticaly the latest version :
# apt-get install --reinstall flashplugin-nonfree
then restart your browser
On Debian, you often have to update the Chrome and Mozilla flash plugins separately. The commmands to do so are:
# update-pepperflashplugin-nonfree --install # chrome
# update-flashplugin-nonfree --install # mozilla
The Mozilla one is still given .350, though. It only will download versions verified by it's maintainer (Bart Martens), which can take a few days.
You can ask for unverified ones for chrome with the --unverified option, but the Mozilla one doesn't have that option, unfortunately.
Does Debian provide updates for the Iceweasel plugin Flash at all? Are they not automatically provided?
The issue with Debian is when.
You can download the latest Shockwave version, 11.2.202.356 from here. Choose the .tar.gz format.
Create an empty directory, move the downloaded .tar.gz file into it and unpack:
tar -xzf install_flash_player_11_linux.x86_64.tar.gz
Which should leave you a directory tree starting with usr/, a readme.txt and a libflashplayer.so. The latter is what you are really after.
Find your current version, possibly:
find ~/.mozilla libflashplayer.so
You want to replace that with the one from the tarball. If it is not found, there should be a ~/.mozilla/plugins/ directory. Shut down Iceweasel and copy libflashplayer.so into that directory. Start it up and check the version again, you should be using the newest one.
You can keep the .tar.gz file but delete the rest of the stuff unpacked from within it; it is not needed.
Chrome uses its own version of the flash player that is supposedly updated with Chrome, but there doesn't seem to be another way, and my version is still 13.0.0.182 here (which is also vulnerable, the chrome "pepperplayer" versions are different). However, Chrome on Linux will pick up the ~/.mozilla/plugins one and if you navigate to chrome://plugins you'll see two under "Adobe Flash Player". The first one will probably be "Version: 13.0.0.182" and in an /opt/google/chrome directory, you can disable that and fall back on the ~/.mozilla one until it is upgraded.