Page 1 of 8

Flash Security Update

Posted: Wed Feb 05, 2014 12:59 pm
by soundtech
There is a current security concern with flash player on all platforms.

http://arstechnica.com/security/2014/02 ... ay-threat/

Adobe recommends Linux users to update to version 11.2.202.336.
I was running 11.2.202.275, so I figured it was time to update. I ran the update script as root:

Code: Select all

update-flashplugin-nonfree -iv
I checked my version, and am now running 11.2.202.335. This version is vulnerable to the latest exploit. I was able to download .336 from Adobe's website, but I'm not sure how to install it manually, or even if I should - would a manual install have an undesirable impact on the update script?

Or will 11.2.202.336 make it to the update script's repository soon? Thanks.

Re: Flash Security Update

Posted: Thu Feb 13, 2014 4:34 pm
by Nix Hard
Hey Soundtech, good on you for raising this Adobe Zero-Day Attack issue. [42 views only :confused: ] (429 views now Saturday 15 February 2014 09:51 NZ time) ya :happy:

Just a shame everyone is too busy playing in the MX sandpit. :bagoverhead:

I just read the news on this and have updated to the 11.2.202.336 version of flash myself today.

I followed the instruction here; Out of Band Update for Flash Player
http://forum.mepiscommunity.org/viewtop ... 80&t=34300

Code: Select all

su -c 'update-flashplugin-nonfree --install --verbose'
Cheers NH

Yell-out to any of the Administrators, Global moderators, Moderators, it may be worth while sticking the Adobe Flash update news to the front page for a week or four.

Re: Flash Security Update

Posted: Thu Feb 13, 2014 4:46 pm
by kmathern
Nix Hard wrote:Hey Soundtech, good on you for raising this Adobe Zero-Day Attack issue. [42 views only :confused: ]

Just a shame everyone is too busy playing in the MX sandpit. :bagoverhead:

I just read the news on this and have updated to the 11.2.202.336 version ...
It wasn't a reply in this thread, but I did mention the update-flashplugin-nonfree updater about a week ago in this topic: http://forum.mepiscommunity.org/viewtop ... 49#p329449

And a couple days ago Stevo mentioned about having a cron job to keep the flashplugin updated: http://forum.mepiscommunity.org/viewtop ... 95#p330295, also using the update-flashplugin-nonfree updater.

Re: Flash Security Update

Posted: Thu Feb 13, 2014 5:02 pm
by lucky9
And I upgraded after that mention a week ago. It did take a day or two to be able to get the x.336 version for Linux.

Re: Flash Security Update

Posted: Thu Feb 13, 2014 5:09 pm
by Nix Hard
Thanks kmathern,
that's good info on the script, going to add that to my anacron job/cron list now.
Such a script should be in any and all OS releases, until flash just goes away.

I do think it is valid to have a banner post on the front page of MCF for at least 4 weeks.

This is a nasty piece of coding.
One quick update or uninstall fixes it.

Cheers NH

Re: Flash Security Update

Posted: Thu Feb 13, 2014 5:19 pm
by richb
I have made it a Global Announcement. It will be at the top of every forum on the Board. I chose not to put it in Site Announcements.

Re: Flash Security Update

Posted: Thu Feb 13, 2014 5:33 pm
by Nix Hard
richb wrote:I have made it a Global Announcement. It will be at the top of every forum on the Board. I chose not to put it in Site Announcements.
Thank you Rich

Re: Flash Security Update

Posted: Thu Feb 13, 2014 5:45 pm
by Nix Hard
Nix Hard wrote:
richb wrote:I have made it a Global Announcement. It will be at the top of every forum on the Board. I chose not to put it in Site Announcements.
Thank you Rich
Just had a look at that Rich and it "kind-of" gets lost in the mire mate.

What's with not sticking it in plain sight on the front door for all to see easily.

Joe Blow average is not going to notice this news where it sits at the moment.

This has slipped under my radar for at least 8 days.
That's 8 days too long.

Cheers NH

Point of Order.

Posted: Thu Feb 13, 2014 8:35 pm
by GuiGuy
When I try to thank any post in this thread, I get the message "invalid thank".
Why?

Re: Flash Security Update

Posted: Thu Feb 13, 2014 9:00 pm
by lucky9
non-Moderator comment: Have you been a good boy?