Adobe has released Flash Player 184.108.40.2064 for Linux to correct the following flaws:
These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2014-4671).
A flaw was found that would lead to Cross-Site Request Forgery (CSRF) attacks.
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2014:0860 https://rhn.redhat.com/errata/RHSA-2014-0860.html
Detailed write-up of the issue form its reporter:
Tools to generate SWF files encoded in ASCII-only:
Metasploit module exploiting this issue: