[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Older version of Adobe Flash Player was still installed after April upgrade :(



On Sun, Jun 01, 2008 at 05:29:41AM -0400, Gar Ulbricht wrote:
> Hi all,
> 
> As you probably know, SANS last week reported a vulnerability in
> Adobe Flash Player versions 9.0.124.0 and older.  Reference:
> <http://isc.sans.org/diary.html?storyid=4465>
> 
> Two days later in a follow-up report,they amended their analysis
> to versions ___ earlier than ___  "9.0.124.0."
> <http://isc.sans.org/diary.html?storyid=4474>
> 
> ("9.0.124.0" was released in April by Adobe.)
> 
> In the follow-up story, they included a link to Adobe's site to
> test what version of Flash Player (if any) you have installed.
> <http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507>
> 
> (I use "no-script" -- and as a policy I try not to go to any
> flash sites -- but sometimes I need to :(
> 
> I tested my machine using the Adobe test page,
> and first got "9.0.124.0" -- which is what I expected.
> 
> I then re-ran the test from a copy of their page
> which I had downloaded and got Version: "9.0.115.0" !!!!!
> Which is not so good and not what i expected.
> 
> It turns out last Fall when I installed openSUSE-10.3
> I installed from the openSUSE DVD, the rpm labled 
> "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0."
> 
> When the new patch came out for Adobe Flash in April,
> I installed the rpm labled: "flash-player-9.0.124.0-0.1 --
> Macromedia Flash Plug-In,"
> but that install did not remove the old rpm  --
> it was still there.

How did it not remove the old RPM for you? How did you notice
it was still installed?

Ciao, Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx