Last week’s security updates
Adobe released updated Flash player plugins last tuesday, but I was too busy with other things to write a blog post about it. However, I did release updated packages the day after! The updates are for chromium-pepperflash-plugin (to be used together with my chromium package) with new version 220.127.116.11, and flashplayer-plugin which now is at version 18.104.22.1688.
The PepperFlash plugin was extracted from Google Chrome 46.0.2490.86 but I did not compile a new Chromium package from the sources bearing that version this time. You’ll have to wait for the next stable release.
Version 2.6.3 of IcedTea was also released last week. This version of IcedTea will compile OpenJDK 7 “Update 91 Build 02“. The release adds one missed security fix from Oracle’s october updates to OpenJDK. I could not find the announcement on the blog of release maintainer Andrew Hughes but here is his post on the mailing list instead.
The CVE which has been addressed and fixed:
- S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed.
Note about OpenJDK usage:
I release packages for the JRE (runtime environment) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package.
Optionally: If you want to use Java in a web browser then you’ll have to install my icedtea-web package too. While Oracle’s binary JDK tarball contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job. Note that icedtea-web is a NPAPI plugin – this prevents use of Java in Chrome & Chromium because those browsers only support PPAPI plugins, but you’ll be OK with all Mozilla [-compatible] browsers of course.
My download locations for these updated packages are as always:
- http://www.slackware.com/~alien/slackbuilds/ (master site)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/ (my own US mirror)
- http://alien.slackbook.org/slackbuilds/ (US)
- http://slackware.org.uk/people/alien/slackbuilds/ (UK)
If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg update flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.
Have fun! Eric