PSA: Please update your flash plugin!
in [Kernel]
|
Prev: [PATCH V2 net-next 2/3] drivers/net/bfin_mac.c: Use pr_<level>, netdev_<level>
Next: [PATCH] backlight: use __devinit/__devexit for the platform_driver.probe/remove handler
From: Theodore Ts'o on 29 Jul 2010 23:00 This is a public service announcement --- if you are running Flash 10.0, make sure you upgrade to 10.1. Flash 10.0 has a horrible security vulnerability: http://www.adobe.com/support/security/bulletins/apsb10-14.html I have Google Analytics running on the ksummit2010 website, and in addition to discovering that 59% used Firefox and 25% were using Chrome, and that the most popular screen resolution was 1280x800 followed by 1280x1024, etc. --- I also was able to find that while 59% were running Flash 10.1, over 40% of the visitors to the ksummit2010 web site were running a vulnerable version of Adobe flash, which has a remote code execution vulerability. If you were visiting that site from your development system, which you use to push changes to a subsystem maintianer, or even Linus, hopefully I don't need to tell you what a bad idea it is to leave yourself open and vulnerable like this. (This particular security problem with Flash has been announced for almost 2 months at this point!) - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Justin P. Mattock on 30 Jul 2010 00:10 On 07/29/2010 07:50 PM, Theodore Ts'o wrote: > This is a public service announcement --- if you are running Flash 10.0, > make sure you upgrade to 10.1. Flash 10.0 has a horrible security > vulnerability: > > http://www.adobe.com/support/security/bulletins/apsb10-14.html > > I have Google Analytics running on the ksummit2010 website, and in > addition to discovering that 59% used Firefox and 25% were using Chrome, > and that the most popular screen resolution was 1280x800 followed by > 1280x1024, etc. --- I also was able to find that while 59% were running > Flash 10.1, over 40% of the visitors to the ksummit2010 web site were > running a vulnerable version of Adobe flash, which has a remote code > execution vulerability. > > If you were visiting that site from your development system, which you > use to push changes to a subsystem maintianer, or even Linus, hopefully > I don't need to tell you what a bad idea it is to leave yourself open > and vulnerable like this. (This particular security problem with Flash > has been announced for almost 2 months at this point!) > > - Ted > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo(a)vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > biggest problem here is they havn't updated their x86_64(pure64) version yet. hopefully hey release an update soon. Justin P. Mattock -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Boaz Harrosh on 1 Aug 2010 10:20 On 07/30/2010 07:05 AM, Justin P. Mattock wrote: > On 07/29/2010 07:50 PM, Theodore Ts'o wrote: >> This is a public service announcement --- if you are running Flash 10.0, >> make sure you upgrade to 10.1. Flash 10.0 has a horrible security >> vulnerability: >> >> http://www.adobe.com/support/security/bulletins/apsb10-14.html >> >> I have Google Analytics running on the ksummit2010 website, and in >> addition to discovering that 59% used Firefox and 25% were using Chrome, >> and that the most popular screen resolution was 1280x800 followed by >> 1280x1024, etc. --- I also was able to find that while 59% were running >> Flash 10.1, over 40% of the visitors to the ksummit2010 web site were >> running a vulnerable version of Adobe flash, which has a remote code >> execution vulerability. >> >> If you were visiting that site from your development system, which you >> use to push changes to a subsystem maintianer, or even Linus, hopefully >> I don't need to tell you what a bad idea it is to leave yourself open >> and vulnerable like this. (This particular security problem with Flash >> has been announced for almost 2 months at this point!) >> >> - Ted >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in >> the body of a message to majordomo(a)vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> Please read the FAQ at http://www.tux.org/lkml/ >> > > > biggest problem here is they havn't updated their x86_64(pure64) version > yet. hopefully hey release an update soon. > > Justin P. Mattock > -- Here too. How do I run (any) Flash-10.1 on a 64bit system (say FC12) without actually reverting to a 32bit browser? Do I still get to install half of my system as 32bit duplicates? Boaz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Dr. David Alan Gilbert on 1 Aug 2010 11:10 * Boaz Harrosh (bharrosh(a)panasas.com) wrote: > On 07/30/2010 07:05 AM, Justin P. Mattock wrote: > > On 07/29/2010 07:50 PM, Theodore Ts'o wrote: <snip - warning> > > biggest problem here is they havn't updated their x86_64(pure64) version > > yet. hopefully hey release an update soon. > > > > Justin P. Mattock > > -- > > Here too. How do I run (any) Flash-10.1 on a 64bit system (say FC12) without > actually reverting to a 32bit browser? Do I still get to install half of my > system as 32bit duplicates? nspluginwrapper works well enough for me on Ubuntu, but this isn't a kernel problem. (It seems to work better for me in Chrome than ff but hey that's another problem again). Since there isn't an announced date for if a 64bit version is going to be available (only a fluffy statement that they intend to do one) it's a case of having to move back to 32. See: http://www.theregister.co.uk/2010/06/11/64_bit_flash_for_linux_dead/ Dave -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ gro.gilbert @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Justin P. Mattock on 1 Aug 2010 14:00
On 08/01/2010 07:18 AM, Boaz Harrosh wrote: > On 07/30/2010 07:05 AM, Justin P. Mattock wrote: >> On 07/29/2010 07:50 PM, Theodore Ts'o wrote: >>> This is a public service announcement --- if you are running Flash 10.0, >>> make sure you upgrade to 10.1. Flash 10.0 has a horrible security >>> vulnerability: >>> >>> http://www.adobe.com/support/security/bulletins/apsb10-14.html >>> >>> I have Google Analytics running on the ksummit2010 website, and in >>> addition to discovering that 59% used Firefox and 25% were using Chrome, >>> and that the most popular screen resolution was 1280x800 followed by >>> 1280x1024, etc. --- I also was able to find that while 59% were running >>> Flash 10.1, over 40% of the visitors to the ksummit2010 web site were >>> running a vulnerable version of Adobe flash, which has a remote code >>> execution vulerability. >>> >>> If you were visiting that site from your development system, which you >>> use to push changes to a subsystem maintianer, or even Linus, hopefully >>> I don't need to tell you what a bad idea it is to leave yourself open >>> and vulnerable like this. (This particular security problem with Flash >>> has been announced for almost 2 months at this point!) >>> >>> - Ted >>> -- >>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in >>> the body of a message to majordomo(a)vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> Please read the FAQ at http://www.tux.org/lkml/ >>> >> >> >> biggest problem here is they havn't updated their x86_64(pure64) version >> yet. hopefully hey release an update soon. >> >> Justin P. Mattock >> -- > > Here too. How do I run (any) Flash-10.1 on a 64bit system (say FC12) without > actually reverting to a 32bit browser? Do I still get to install half of my > system as 32bit duplicates? > > Boaz > right now I decided to just run the 32bit flash through qemu-kvm either a windows install or an x86_32 linux distro this way I can watch hulu stream TV etc.. Justin P. Mattock -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |