Mailinglist Archive: opensuse-security (37 mails)

< Previous Next >
[opensuse-security] Older version of Adobe Flash Player was still installed after April upgrade :(
  • From: Gar Ulbricht <garulbricht7@xxxxxxxxxxxx>
  • Date: Sun, 01 Jun 2008 05:29:41 -0400
  • Message-id: <48426C05.2030504@xxxxxxxxxxxx>
Hi all,

As you probably know, SANS last week reported a vulnerability in
Adobe Flash Player versions 9.0.124.0 and older. Reference:
<http://isc.sans.org/diary.html?storyid=4465>

Two days later in a follow-up report,they amended their analysis
to versions ___ earlier than ___ "9.0.124.0."
<http://isc.sans.org/diary.html?storyid=4474>

("9.0.124.0" was released in April by Adobe.)

In the follow-up story, they included a link to Adobe's site to
test what version of Flash Player (if any) you have installed.
<http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507>

(I use "no-script" -- and as a policy I try not to go to any
flash sites -- but sometimes I need to :(

I tested my machine using the Adobe test page,
and first got "9.0.124.0" -- which is what I expected.

I then re-ran the test from a copy of their page
which I had downloaded and got Version: "9.0.115.0" !!!!!
Which is not so good and not what i expected.

It turns out last Fall when I installed openSUSE-10.3
I installed from the openSUSE DVD, the rpm labled "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0."

When the new patch came out for Adobe Flash in April,
I installed the rpm labled: "flash-player-9.0.124.0-0.1 --
Macromedia Flash Plug-In,"
but that install did not remove the old rpm --
it was still there.

So after reading the SAN's story, I removed the old rpm tonight
using kpackage (after testing if it was needed)
and as far as I can tell my "flash player is still working"
and the Adobe test page tells me I have
Flash Player 9.0.124.0 installed -- so life is good.

Since most of you probably don't use Flash,
this is probably not worth knowing,
but in case you do use Flash, using YaST2 or kpackage
you might want to check if you still have
"flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0
installed if you are running openSUSE-10.3.

(Sorry I wrote such a long email --
but I wanted it to be clear what the issue was in my mind.)

Hope this helps,
HAND.

--






---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation