The “Alien Pastures” blog has been moved into a Virtual Machine (hence the short downtime yesterday) after its previous host hardware was replaced with a much beefier machine. This was a nice opportunity to configure the VM with a SSL certificate issued by LetsEncrypt (again, thanks Robby Workman).
So, from now on, the blog is served with a HTTPS URL by default. I hope you understand, this is a process seen on many other web sites too.
A mountain of security fixes landed in Slackware this week. Many of these updated packages have a multilib equivalent, so today I have updated my multilib repository for Slackware releases 13.37 and newer.
New to multilib or don’t know what it is all about? Read the multilib article found in the Slackware Documentation Project. Download the new multilib packages here:
At the same time, I have uploaded the latest package versions for the Flash Player plugin for Mozilla and Chromium browsers.
They are accompanied by Flash player security bulletinAPSB16-36.
The updated plugin for the Chromium browser (chromium-pepperflash-plugin) has the version number 18.104.22.168 while the plugin for Mozilla browsers (flashplayer-plugin) is now at version 22.214.171.1243 (both 64bit and 32bit versions).
Slackware packages for these Flash plugins are available for download & install in the following locations:
If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg upgrade flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.
The recent hack of the “Hacking Team” -a company that makes money from creating spyware for repressive governments – has uncovered evidence that they have been exploiting a yet unknown security hole which is present in all Adobe Flash players since version 7. Obviously based on the information obtained from the public dump of Hacking Team’s 400 GB Intranet data, there’s a Zero-Day exploit out there in the wild that is actively targeting computers (thanks mancha for the link). Adobe have released patched Flash player plugins today that fix this security hole and you are all urgently advised to update your flash player packages.
For your information: The updated Slackware package for chromium-pepperflash-plugin has version 126.96.36.199. The updated flashplayer-plugin has version 188.8.131.521. The Chromium plugin was taken from the Google Chrome 43.0.2357.132 RPM which was released yesterday. New packages for my own chromium package based on the sources of that same version are underway, expect those tomorrow.
If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg update flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.
For your information: The updated Slackware package for chromium-pepperflash-plugin has version 184.108.40.206. The updated flashplayer-plugin has version 220.127.116.118. The Chromium plugin was taken from the Google Chrome 43.0.2357.130 RPM, and of course new packages for my own chromium package based on sources of that same version are underway – the 32-bit package is being compiled at the moment.
A new release of IcedTea is available. Version 2.5.5 of the “Java build framework” will create OpenJDK 7 “Update 79 Build 14” (resulting in a Slackware package openjdk-7u79_b14).
The release announcement can be found on the blog of release maintainer Andrew Hughes. The update synchronizes OpenJDK with Oracle’s April ’15 security updates. This will be Oracle’s final update to the Java 7 codebase. I expect that the next release of Icedtea will give us OpenJDK 8.
A list of CVE’s is associated with the new release. Here are all security fixes mentioned in the post:
Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.
Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.
If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.
Have fun! Eric
Dear visitor, you seem to be using an Ad Blocker. Please consider whitelisting 'Alien Pastures'. I use the revenue from displaying ads (small as it is) to keep this site running. Thanks!