FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 12-20-2008, 10:31 AM
Gardier
 
Default Flash 9 Vulnerability on Linux - was it patched in house

http://snipurl.com/8x52r
http://www.securityfocus.com/bid/32896

Was this patch rolled out though the updater?

I seem to have 9,0,152,0 according to http://www.macromedia.com/software/
flash/about

But where do I look to look for a record recently completed software
updates?


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-20-2008, 11:07 AM
Aki Utoslahti
 
Default Flash 9 Vulnerability on Linux - was it patched in house

Gardier wrote:
> http://snipurl.com/8x52r
> http://www.securityfocus.com/bid/32896
>
> Was this patch rolled out though the updater?
>
> I seem to have 9,0,152,0 according to http://www.macromedia.com/software/
> flash/about
>
> But where do I look to look for a record recently completed software
> updates?
>
>
>
Hi,

I ran yesterday full updates via updater and my flash seems to be
version: 10.0.15.3
Also if you look on the details for package flashplugin-nonfree from
repositories, it says:

"$apt-cache show flashplugin-nonfree
.....
Version: 10.0.15.3ubuntu1~intrepid1
....
"
And that is fortunately the version which seems not to be vulnerable for
exploits.
Have you rolled every single update from repositories?

Best Regards,
Aki Utoslahti



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-20-2008, 02:18 PM
Gardier
 
Default Flash 9 Vulnerability on Linux - was it patched in house

On Sat, 20 Dec 2008 14:07:25 +0200, Aki Utoslahti wrote:

> And that is fortunately the version which seems not to be vulnerable for
> exploits. Have you rolled every single update from repositories?

I haven't got around to upgrading to 8.10 yet and this is partly what I
was checking, whether Hardy users will get this patch. Surely we ought to
as it's a security patch?


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-20-2008, 10:47 PM
NoOp
 
Default Flash 9 Vulnerability on Linux - was it patched in house

On 12/20/2008 07:18 AM, Gardier wrote:
> On Sat, 20 Dec 2008 14:07:25 +0200, Aki Utoslahti wrote:
>
>> And that is fortunately the version which seems not to be vulnerable for
>> exploits. Have you rolled every single update from repositories?
>
> I haven't got around to upgrading to 8.10 yet and this is partly what I
> was checking, whether Hardy users will get this patch. Surely we ought to
> as it's a security patch?
>
>

If you are running 32bit; enable the Universe repository via Synaptic
(System|Administration|Synaptic...|Settings|Reposi tories|Ubuntu
Software|Community-maintained... (Universe) is checked. Reload your
repositories (Reload button).

Now, from Synaptic, search using 'flash' (no quotes). Right click on
'flashplugin-nonfree' and 'Mark for complete removal'. Right click on
'adobe-flashplugin' and "Mark for installation". Click the apply button.
When completed you will have flash 10.0.15.3-1hardy2 installed on your
system.





--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-21-2008, 02:20 AM
NoOp
 
Default Flash 9 Vulnerability on Linux - was it patched in house

On 12/20/2008 03:47 PM, NoOp wrote:
> On 12/20/2008 07:18 AM, Gardier wrote:
>> On Sat, 20 Dec 2008 14:07:25 +0200, Aki Utoslahti wrote:
>>
>>> And that is fortunately the version which seems not to be vulnerable for
>>> exploits. Have you rolled every single update from repositories?
>>
>> I haven't got around to upgrading to 8.10 yet and this is partly what I
>> was checking, whether Hardy users will get this patch. Surely we ought to
>> as it's a security patch?
>>
>>
>
> If you are running 32bit; enable the Universe repository via Synaptic
> (System|Administration|Synaptic...|Settings|Reposi tories|Ubuntu
> Software|Community-maintained... (Universe) is checked. Reload your
> repositories (Reload button).
>
> Now, from Synaptic, search using 'flash' (no quotes). Right click on
> 'flashplugin-nonfree' and 'Mark for complete removal'. Right click on
> 'adobe-flashplugin' and "Mark for installation". Click the apply button.
> When completed you will have flash 10.0.15.3-1hardy2 installed on your
> system.
>

And, as a kudos to Mario Vukelic from the "Flashplugin-nonfree' thread:
I found that after checking:

http://www.adobe.com/products/flash/about/

I'd forgotten to update my ~/.mozilla/plugins libflashplayer.so to
version .15, which adobe-flashplugin provides. So I've now created a
link in ~/.mozilla/plugins to /usr/lib/adobe-flashplugin/libflashplayer.so
Thanks Mario :-)





--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-21-2008, 08:24 PM
Gardier
 
Default Flash 9 Vulnerability on Linux - was it patched in house

On Sat, 20 Dec 2008 15:47:39 -0800, NoOp wrote:

> If you are running 32bit; enable the Universe repository via Synaptic
> (System|Administration|Synaptic...|Settings|Reposi tories|Ubuntu
> Software|Community-maintained... (Universe) is checked. Reload your
> repositories (Reload button).

Thanks for pointing me in the right direction. Actually the update
appears to be in the partners repo here. I use the UK server so maybe
that accounts for the difference.

I still say security updates shouldn't have to be found. They should be
rolled out to us automatically.

I can accept my responsibility where I have taken it on myself to install
an unsupported package but flash-non-free was added as part of the ubuntu-
restricted-extras.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-21-2008, 10:11 PM
NoOp
 
Default Flash 9 Vulnerability on Linux - was it patched in house

On 12/21/2008 01:24 PM, Gardier wrote:
> On Sat, 20 Dec 2008 15:47:39 -0800, NoOp wrote:
>
>> If you are running 32bit; enable the Universe repository via Synaptic
>> (System|Administration|Synaptic...|Settings|Reposi tories|Ubuntu
>> Software|Community-maintained... (Universe) is checked. Reload your
>> repositories (Reload button).
>
> Thanks for pointing me in the right direction. Actually the update
> appears to be in the partners repo here. I use the UK server so maybe
> that accounts for the difference.
>
> I still say security updates shouldn't have to be found. They should be
> rolled out to us automatically.
>
> I can accept my responsibility where I have taken it on myself to install
> an unsupported package but flash-non-free was added as part of the ubuntu-
> restricted-extras.
>
>

It's a very recent change & yes, it's the partners repo, my apologies.

In the future you should see it sync'ing properly. For example; I had
.12 on another test machine - the update manager notified me of the
update to .15 as with any standard security update. Hopefully, when
Adobe finally get their 64bit flash version released it can be added as
well. I for one am very pleased to see Adobe _finally_ hooked into
Ubuntu w/regards to flash. I particularly like the bit on:

http://www.adobe.com/products/flashplayer/systemreqs/

that states:

Ubuntu 7.10 or later or 8.04 or later

included with Red Hat & openSUSE.

That's a *big* step forward & a definate acknowledgment that Ubuntu is
rapidly becoming a desktop distro of note :-)




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 01:23 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org