LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Flash plugin
From:	Dag Wieers <[log in to unmask]>
Reply To:	Dag Wieers <[log in to unmask]>
Date:	Fri, 7 Oct 2011 09:12:53 +0200
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (59 lines)

On Thu, 6 Oct 2011, Yasha Karant wrote:

> On 10/06/2011 04:37 PM, Dag Wieers wrote:
>>  On Thu, 6 Oct 2011, Yasha Karant wrote:
>>
>> >  I realise that except for the Fermilab/CERN staff persons, almost all
>> >  of the rest of those maintaining material for SL are unpaid
>> >  volunteers. With that stated, what is the
>> >  typical/average/median/whatever delay from the Adobe release until the
>> >  SL compatible port for the flash plugin?
>> > 
>> >  In some cases, Adobe adds functionality -- but in most cases it is a
>> >  matter of bug and security-hole fixes -- and the sooner one installs a
>> >  valid security fix, the better.
>>
>>  Do you have proof that this is a security fix. Because I track the RHEL
>>  packages and no such update has come through their channels. It seems as
>>  if the release was simply their official Flash Player 11 release, rather
>>  than a security fix.
>>
>>  If it is a security fix, even Red Hat is behind. Somehow I don't believe
>>  that, but for you to provide proof of what you state. Thanks.
>
> I use the direct Mozilla (and OpenOffice) distributions and updates. For 
> Firefox 7.x (that the Firefox update on Help --> About Firefox reports as up 
> to date), I ran an update check on the addons, including plugins using Tools 
> --> Add ons and URL https://www.mozilla.org/en-US/plugincheck/  and the 
> following was displayed:
>
> Vulnerable plugins:
> Plugin Icon
> Shockwave Flash
> Shockwave Flash 11.0 r1 Vulnerable (more info)
>
> (11.0.1.129 is what actually is installed)

Again, without any information it is hard to determine whether the 
plugincheck is mainly checking the version against the latest (known) 
available, or whether it actually knows about vulnerabilities.

I bet the first option is what is implemented (because the second adds 
complexity without any real gain). Their aim is to have people running the 
latest.

ALso, if we look at TUV, they still offer flash-plugin-10.3.183.10-1.el6, 
which is most likely not vulnerable (and which was the version offered by 
Repoforge until this morning too). In other words, we are now disconnected 
from the RHSA information.

If you noticed a flash-plugin update from Adobe, feel free to let us know 
so we can update our flash-plugin package too.

Thanks in advance,
-- 
-- dag wieers, [log in to unmask], http://dag.wieers.com/
-- dagit linux solutions, [log in to unmask], http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV