Siduction Forum
Siduction Forum => Upgrade Warnings => Topic started by: devil on 2013/12/11, 20:42:58
-
Adobe fixed 4 vulnerabilities in Flash Player and Shockwave Player.
flash Player can be updated by:
update-flashplugin-nonfree --install
New Version is: 11.2.202.332
Check version with:
update-flashplugin-nonfree --status |grep Fla
https://www.computerbase.de/news/2013-12/adobe-schliesst-sicherheitsluecken-in-flash-und-shockwave/ (https://www.computerbase.de/news/2013-12/adobe-schliesst-sicherheitsluecken-in-flash-und-shockwave/)
http://www.zdnet.com/adobe-patches-security-issues-in-flash-and-shockwave-players-7000024150/ (http://www.zdnet.com/adobe-patches-security-issues-in-flash-and-shockwave-players-7000024150/)
greetz
devil
-
Thanks for the info devil. I need the reminders.
-
Thanks for the info devil. I need the reminders.
+1
-
in this regard, i'd like to point out that you can also run flash-update via a cronjob, as described in this thread:
http://forum.siduction.org/index.php?topic=3449.30
thus, flash will be updated automatically
-
yes, I have installed the cronjob, and it really seems to work as the installed version is 11.2.202.332.
But I wonder *when* it happend:# ls -la /usr/lib/flashplugin-nonfree/libflashplayer.so
-rw-r--r-- 1 root root 17422820 Dez 1 10:12 /usr/lib/flashplugin-nonfree/libflashplayer.so
Does that mean the cronjob installed it 12 days ago?
No, it seems to show the time the file was created (compiled or packed). Anyway, I got it automatically via the cronjob.
-
Thanks!
-
Thanks for the info devil. I need the reminders.
+1
+10 or can the update be incorporated in a apt-get update?
-
You could run a cronjob.
greetz
devil
-
Don't know if this helps, but somehow I am getting updates automatically. I can't find a cron job that would be making the call, so I think it might be somewhere in apt?
-
If you see "flashplugin-nonfree" updated in apt-get, that's *not* the player but the updater!
-
If you see "flashplugin-nonfree" updated in apt-get, that's *not* the player but the updater!
I think I'm OK, but check me out:
root@siductionbox:~# update-flashplugin-nonfree --status|grep Fla
Flash Player version installed on this system : 11.2.202.332
Flash Player version available on upstream site: 11.2.202.332
root@siductionbox:~# dpkg --get-selections|grep flash
flashplugin-nonfree install
root@siductionbox:~# apt-cache policy flashplugin-nonfree
flashplugin-nonfree:
Installed: 1:3.4
Candidate: 1:3.4
Version table:
*** 1:3.4 0
500 ftp://ftp.us.debian.org/debian/ unstable/contrib i386 Packages
100 /var/lib/dpkg/status
root@siductionbox:~# apt-cache policy iceweasel
iceweasel:
Installed: 24.2.0esr-1
Candidate: 24.2.0esr-1
Version table:
*** 24.2.0esr-1 0
500 ftp://ftp.us.debian.org/debian/ unstable/main i386 Packages
100 /var/lib/dpkg/status
root@siductionbox:~# apt-cache policy google-chrome-stable
google-chrome-stable:
Installed: 31.0.1650.63-1
Candidate: 31.0.1650.63-1
Version table:
*** 31.0.1650.63-1 0
500 http://dl.google.com/linux/chrome/deb/ stable/main i386 Packages
100 /var/lib/dpkg/status
root@siductionbox:~# find $(find /etc -mindepth 1 -maxdepth 1 -type d -name '*cron*' -print) -depth -type f -not -empty -iname '*flash*'|wc
0 0 0
root@siductionbox:~# find $(find /etc -mindepth 1 -maxdepth 1 -type d -name '*cron*' -print) -depth -type f -not -empty -print|xargs grep -il flash|wc
0 0 0
root@siductionbox:~# find /etc/apt -depth -type f -name '*.list' -print|xargs cat|grep -v '#'|tr -s '\n'
deb http://packages.siduction.org/base unstable main
deb http://packages.siduction.org/extra unstable main
deb http://packages.siduction.org/fixes unstable main
deb ftp://ftp.us.debian.org/debian unstable main contrib non-free
deb http://dl.google.com/linux/chrome/deb/ stable main
-
This tells you the version of the *updater*. If you want to know the version of the flashplugin-nonfree you need to go on a website where there is flash content. Then rightclick and see your version.
Or simply click here and compare the output to the newest linux version:
http://www.adobe.com/de/software/flash/about/ (http://www.adobe.com/de/software/flash/about/)
Edit: ok, didn't see the whole input, you are right, "update-flashplugin-nonfree --status" tells you what you need to know, too.
-
and another update...........
for everyone's information :
http://arstechnica.com/security/2014/02/adobe-releases-emergency-flash-update-amid-new-zero-day-drive-by-attacks/
-
Thanks for the headup!
Once again the update-flashplayer-nonfree utility failed to download.# update-flashplugin-nonfree -iv
options : -i -v --
temporary directory: /tmp/flashplugin-nonfree.LOWfsvYe7d
importing public key ...
selected action = --install
installed version = 11.2.202.336
upstream version = 11.2.202.341
wgetoptions= -nd -P . -v --progress=dot:default
downloading http://people.debian.org/~bartm/flashplugin-nonfree/fp.11.2.202.341.sha512.amd64.pgp.asc ...
--2014-02-21 07:49:34-- http://people.debian.org/~bartm/flashplugin-nonfree/fp.11.2.202.341.sha512.amd64.pgp.asc
Auflösen des Hostnamen »people.debian.org (people.debian.org)«... 206.12.19.5, 2607:f8f0:610:4000:214:38ff:feee:b65a
Verbindungsaufbau zu people.debian.org (people.debian.org)|206.12.19.5|:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 404 Not Found
2014-02-21 07:49:34 FEHLER 404: Not Found.
wget failed to download http://people.debian.org/~bartm/flashplugin-nonfree/fp.11.2.202.341.sha512.amd64.pgp.asc
downloading http://people.debian.org/~bartm/flashplugin-nonfree/fp10.sha512.amd64.pgp.asc ...
--2014-02-21 07:49:34-- http://people.debian.org/~bartm/flashplugin-nonfree/fp10.sha512.amd64.pgp.asc
Auflösen des Hostnamen »people.debian.org (people.debian.org)«... 206.12.19.5, 2607:f8f0:610:4000:214:38ff:feee:b65a
Verbindungsaufbau zu people.debian.org (people.debian.org)|206.12.19.5|:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 1273 (1,2K) [text/plain]
In »»./fp10.sha512.amd64.pgp.asc«« speichern.
0K . 100% 59,0M=0s
2014-02-21 07:49:35 (59,0 MB/s) - »»./fp10.sha512.amd64.pgp.asc«« gespeichert [1273/1273]
verifying PGP fp10.sha512.amd64.pgp.asc ...
copying /var/cache/flashplugin-nonfree/install_flash_player_11_linux.x86_64.tar.gz ...
verifying checksum install_flash_player_11_linux.x86_64.tar.gz ...
wgetoptions= -nd -P . -v --progress=dot:default -O /tmp/flashplugin-nonfree.LOWfsvYe7d/install_flash_player_11_linux.x86_64.tar.gz
downloading http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.336/install_flash_player_11_linux.x86_64.tar.gz ...
verifying checksum install_flash_player_11_linux.x86_64.tar.gz ...
unpacking install_flash_player_11_linux.x86_64.tar.gz ...
verifying checksum contents of install_flash_player_11_linux.x86_64.tar.gz ...
moving libflashplayer.so to /usr/lib/flashplugin-nonfree ...
setting permissions and ownership of /usr/lib/flashplugin-nonfree/libflashplayer.so ...
Flash Player version: 11.2.202.336
moving install_flash_player_11_linux.x86_64.tar.gz to /var/cache/flashplugin-nonfree ...
flash-mozilla.so - Auto-Modus
Link verweist zur Zeit auf /usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - Priorität 50
Gegenwärtig »beste« Version ist »/usr/lib/flashplugin-nonfree/libflashplayer.so«.
calling update-alternatives ...
flash-mozilla.so - Auto-Modus
Link verweist zur Zeit auf /usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - Priorität 50
Gegenwärtig »beste« Version ist »/usr/lib/flashplugin-nonfree/libflashplayer.so«.
removing /usr/bin/flash-player-properties
removing /usr/share/applications/flash-player-properties.desktop
removing /usr/share/icons/hicolor/16x16/apps/flash-player-properties.png
removing /usr/share/icons/hicolor/22x22/apps/flash-player-properties.png
removing /usr/share/icons/hicolor/24x24/apps/flash-player-properties.png
removing /usr/share/icons/hicolor/32x32/apps/flash-player-properties.png
removing /usr/share/icons/hicolor/48x48/apps/flash-player-properties.png
installing /usr/bin/flash-player-properties
installing /usr/share/applications/flash-player-properties.desktop
installing /usr/share/icons/hicolor/16x16/apps/flash-player-properties.png
installing /usr/share/icons/hicolor/22x22/apps/flash-player-properties.png
installing /usr/share/icons/hicolor/24x24/apps/flash-player-properties.png
installing /usr/share/icons/hicolor/32x32/apps/flash-player-properties.png
installing /usr/share/icons/hicolor/48x48/apps/flash-player-properties.png
already exists: /usr/share/pixmaps/flash-player-properties.png
end of action --install
cleaning up temporary directory /tmp/flashplugin-nonfree.LOWfsvYe7d ...
end of update-flashplugin-nonfree
The installer is as flawed as the plugin itself! Some bogus output, suggesting an install took place, when it did not download anything!
Please note the '404-not found'-error!
I ended up downloading the package http://get.adobe.com/de/flashplayer/download/?installer=Flash_Player_11.2_for_other_Linux_(.tar.gz)_64-bit&standalone=1 , extracting it and copying to the right places.
tar -xf install_flash_player_11_linux.x86_64.tar.gz
cp -r usr/* /usr
cp libflashplayer.so /usr/lib/flashplugin-nonfree/After that # update-flashplugin-nonfree -iv
options : -i -v --
temporary directory: /tmp/flashplugin-nonfree.h8ZVmujst2
importing public key ...
selected action = --install
installed version = 11.2.202.341
upstream version = 11.2.202.341
upstream version 11.2.202.341 is already installed
end of action --install
cleaning up temporary directory /tmp/flashplugin-nonfree.h8ZVmujst2 ...
end of update-flashplugin-nonfree
-
Not happened here before . . . but has today
-
Shouldn't the first one noticing this failed d/l file a bugreport instead of installing flashplugin-nonfree manually (I did now)?
-
cp -r /usr/* /[code]
is there a way back?
-
cp -r /usr/* /[code]
is there a way back?
Look into the folder /usr, that was extracted from the installer, and remove those bits from your / directory.
This looks ugly, sorry to say, but seems to be necessary. Please read carefully and compare with the content of the package and the files and folders you have.
rm /libflashplayer.so
rm /readme.txt
rm /bin/flash-player-properties
rm -rf /lib/kde4
rm -rf /lib64/kde4
rm -rf /share
-
I ran the update and had the same result as michaaa62, the update failed to retrieve the new file from people.debian.org, but, I see no reason to remove or revert anything, flash seems to be working fine.
# update-flashplugin-nonfree --status |grep Flash
Flash Player version installed on this system : 11.2.202.336
Flash Player version available on upstream site: 11.2.202.341
The update, for me, just didn't work, but didn't change anything. It seems that any installing that it did was from the previous update. Is anyone having trouble with flash? If so, could you provide a link to the site where the problem occurs?
When I want to check flash, I go to this site and hit any one of the previews to check it out.
http://www.templateworld.com/all_full_flash_sites_1.html
-
...I see no reason to remove or revert anything, flash seems to be working fine.
except the update is due a zero-day-exploit
http://blogs.adobe.com/psirt/?p=1059
-
Well yeah, the update is needed to close a security hole, that wasn't my point. My point was that removing files wasn't needed. Performing the update didn't break anything, it just didn't work. I'm sure the Debian maintainer will have this fixed quickly.
-
@GoinEasy9:
For clarification: the removal list is for the error only, that Jeedee happen to make while copying stuff. Anyone else should not have those files and folders at that places in te file system.
-
...
For clarification: the removal list is for the error only, that Jeedee happen to make while copying stuff. ...
...or when you happen to not pay enough attention following someone's link ... but not realizing in time it downloads 64 bit flash on a 32 bit machine. As I did ...
-
i wonder, is it not better to mark the posting in question accordingly (like "danger, do not do this!", so that not so experienced users do not make things worse with copying files from somewhere as root?
my point is, we here in the forum (and especially in the upgrade warnings section), try to support people in such a way that their system stays consistent and upgradeable through apt... this rapid shooting with essentially bad advise might do additional harm...
just my opinion
-
Gerade geht bei mir das update durch. ( gestern Abend gings auch nicht)
# update-flashplugin-nonfree --install
.......
2014-02-22 11:00:09 (5,18 MB/s) - »»/tmp/flashplugin-nonfree.gbaPhRaPHG/install_flash_player_11_linux.x86_64.tar.gz«« gespeichert [7235766/7235766 ]# update-flashplugin-nonfree --install
:)
-
Update download working here again today.
-
Update download working here again today.
..because the bug is closed now.
-
Bug link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739687
i wonder, is it not better to mark the posting in question accordingly (like "danger, do not do this!", so that not so experienced users do not make things worse with copying files from somewhere as root?
No, if someone has screwed up their system and needs custom advice to fix it, it's better for them to make their own thread (or have it split off by a moderator) to avoid this kind of confusion. It wasn't bad advice to the person it was meant for...