Hi all, As you probably know, SANS last week reported a vulnerability in Adobe Flash Player versions 9.0.124.0 and older. Reference: <http://isc.sans.org/diary.html?storyid=4465> Two days later in a follow-up report,they amended their analysis to versions ___ earlier than ___ "9.0.124.0." <http://isc.sans.org/diary.html?storyid=4474> ("9.0.124.0" was released in April by Adobe.) In the follow-up story, they included a link to Adobe's site to test what version of Flash Player (if any) you have installed. <http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507> (I use "no-script" -- and as a policy I try not to go to any flash sites -- but sometimes I need to :( I tested my machine using the Adobe test page, and first got "9.0.124.0" -- which is what I expected. I then re-ran the test from a copy of their page which I had downloaded and got Version: "9.0.115.0" !!!!! Which is not so good and not what i expected. It turns out last Fall when I installed openSUSE-10.3 I installed from the openSUSE DVD, the rpm labled "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0." When the new patch came out for Adobe Flash in April, I installed the rpm labled: "flash-player-9.0.124.0-0.1 -- Macromedia Flash Plug-In," but that install did not remove the old rpm -- it was still there. So after reading the SAN's story, I removed the old rpm tonight using kpackage (after testing if it was needed) and as far as I can tell my "flash player is still working" and the Adobe test page tells me I have Flash Player 9.0.124.0 installed -- so life is good. Since most of you probably don't use Flash, this is probably not worth knowing, but in case you do use Flash, using YaST2 or kpackage you might want to check if you still have "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0 installed if you are running openSUSE-10.3. (Sorry I wrote such a long email -- but I wanted it to be clear what the issue was in my mind.) Hope this helps, HAND. -- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org