LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Flash plugin
From:	"Robert E. Blair" <[log in to unmask]>
Reply To:	Robert E. Blair
Date:	Fri, 7 Oct 2011 02:27:59 -0500
Content-Type:	multipart/signed
Parts/Attachments:	text/plain (2910 bytes) , reb.vcf (446 bytes) , smime.p7s (6 kB)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The 64 bit version I installed an hour or so ago from the Adobe yum repo is:
flash-plugin-11.0.1.152-release.x86_64

Dag Wieers wrote:
| On Thu, 6 Oct 2011, Yasha Karant wrote:
|
|> On 10/06/2011 04:37 PM, Dag Wieers wrote:
|>>  On Thu, 6 Oct 2011, Yasha Karant wrote:
|>>
|>> >  I realise that except for the Fermilab/CERN staff persons, almost all
|>> >  of the rest of those maintaining material for SL are unpaid
|>> >  volunteers. With that stated, what is the
|>> >  typical/average/median/whatever delay from the Adobe release until
|>> the
|>> >  SL compatible port for the flash plugin?
|>> > >  In some cases, Adobe adds functionality -- but in most cases it
|>> is a
|>> >  matter of bug and security-hole fixes -- and the sooner one
|>> installs a
|>> >  valid security fix, the better.
|>>
|>>  Do you have proof that this is a security fix. Because I track the RHEL
|>>  packages and no such update has come through their channels. It
|>> seems as
|>>  if the release was simply their official Flash Player 11 release,
|>> rather
|>>  than a security fix.
|>>
|>>  If it is a security fix, even Red Hat is behind. Somehow I don't
|>> believe
|>>  that, but for you to provide proof of what you state. Thanks.
|>
|> I use the direct Mozilla (and OpenOffice) distributions and updates.
|> For Firefox 7.x (that the Firefox update on Help --> About Firefox
|> reports as up to date), I ran an update check on the addons, including
|> plugins using Tools --> Add ons and URL
|> https://www.mozilla.org/en-US/plugincheck/  and the following was
|> displayed:
|>
|> Vulnerable plugins:
|> Plugin Icon
|> Shockwave Flash
|> Shockwave Flash 11.0 r1 Vulnerable (more info)
|>
|> (11.0.1.129 is what actually is installed)
|
| Again, without any information it is hard to determine whether the
| plugincheck is mainly checking the version against the latest (known)
| available, or whether it actually knows about vulnerabilities.
|
| I bet the first option is what is implemented (because the second adds
| complexity without any real gain). Their aim is to have people running
| the latest.
|
| ALso, if we look at TUV, they still offer
| flash-plugin-10.3.183.10-1.el6, which is most likely not vulnerable (and
| which was the version offered by Repoforge until this morning too). In
| other words, we are now disconnected from the RHSA information.
|
| If you noticed a flash-plugin update from Adobe, feel free to let us
| know so we can update our flash-plugin package too.
|
| Thanks in advance,

- --
Robert E. Blair, Room C221, Building 360
Argonne National Laboratory (High Energy Physics Division)
9700 South Cass Avenue, Argonne, IL 60439, USA
Phone: (630)-252-7545  FAX: (630)-252-5782
GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFOjqn/OMIGC6x7/XQRAhFvAJ9QBWWochI/ODbT+jfTvfM8YpxjLwCgrOxG
qdBTZXJirs0EQgmSn2XL/Eg=
=gp6S
-----END PGP SIGNATURE-----

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV