Mailinglist Archive: opensuse (1264 mails)

< Previous Next >
Re: [opensuse] flash plugin compromised
11.06.2017 09:28, stakanov пишет:
In data domenica 11 giugno 2017 08:19:16 CEST, jdd@xxxxxxxxx ha scritto:
Hello,

For some reason I forget, I once installed the flash plugin from:

http://linuxdownload.adobe.com/linux/x86_64/

that seems an official Adobe repository

No, it is not. Official FP download from Adobe would be:

https://get.adobe.com/flashplayer/download/?installer=FP_25.0_for_Linux_64-bit_(.rpm)_-_NPAPI&stype=6593&standalone=1


This repository provides the same RPM versions as download site.

and then it is http so you do not even know what and from where you
downloaded.


RPMs in repo are signed (and those you get from your URL are not). Do
not ask me why Adobe decided to build them twice; probably to avoid RPM
warnings when you install packages from web download.

So if anything packages from repo are more secure as you can always
verify them stand-alone, without knowing where they come from.

But in any case - they are the same version (currently 25.0.0.171) so
the question is why they were not updated. Probably repo was disabled.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References