On Sun, Jun 01, 2008 at 05:29:41AM -0400, Gar Ulbricht wrote:
Hi all,
As you probably know, SANS last week reported a vulnerability in Adobe Flash Player versions 9.0.124.0 and older. Reference: http://isc.sans.org/diary.html?storyid=4465
Two days later in a follow-up report,they amended their analysis to versions ___ earlier than ___ "9.0.124.0." http://isc.sans.org/diary.html?storyid=4474
("9.0.124.0" was released in April by Adobe.)
In the follow-up story, they included a link to Adobe's site to test what version of Flash Player (if any) you have installed. http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507
(I use "no-script" -- and as a policy I try not to go to any flash sites -- but sometimes I need to :(
I tested my machine using the Adobe test page, and first got "9.0.124.0" -- which is what I expected.
I then re-ran the test from a copy of their page which I had downloaded and got Version: "9.0.115.0" !!!!! Which is not so good and not what i expected.
It turns out last Fall when I installed openSUSE-10.3 I installed from the openSUSE DVD, the rpm labled "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0."
When the new patch came out for Adobe Flash in April, I installed the rpm labled: "flash-player-9.0.124.0-0.1 -- Macromedia Flash Plug-In," but that install did not remove the old rpm -- it was still there.
How did it not remove the old RPM for you? How did you notice it was still installed? Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org