Last week’s security updates

adobe_flash_8s600x600_2Adobe released updated Flash player plugins last tuesday, but I was too busy with other things to write a blog post about it. However, I did release updated packages the day after! The updates are for chromium-pepperflash-plugin (to be used together with my chromium package) with new version 19.0.0.245, and flashplayer-plugin which now is at version 11.2.202.548.

The PepperFlash plugin was extracted from Google Chrome 46.0.2490.86 but I did not compile a new Chromium package from the sources bearing that version this time. You’ll have to wait for the next stable release.

.

icedteaVersion 2.6.3 of IcedTea was also released last week. This version of IcedTea will compile OpenJDK 7 “Update 91 Build 02“. The release adds one missed security fix from Oracle’s october updates to OpenJDK. I could not find the announcement on the blog of release maintainer Andrew Hughes but here is his post on the mailing list instead.

The CVE which has been addressed and fixed:

  • S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed.

Note about OpenJDK usage:

I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK.

Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s binary JDK tarball contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.

My download locations for these updated packages are as always:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg update flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.

Have fun! Eric

 

2 thoughts on “Last week’s security updates

  1. thanks for the updates. One thing I noticed was although you anounced icedtea 2.6.3 the icedtea-web packages are unchanged at 1.6.1
    Is the web component unchanged?
    thanks again


  2. tim, the two are developed independently (you need an icedtea-built openjdk/jre to be able to use icedtea-web of course), and their release schedules are not coupled.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.