Tag Archives: security

Alien Pastures switched to HTTPS

The “Alien Pastures” blog has been moved into a Virtual Machine (hence the short downtime yesterday) after its previous host hardware was replaced with a much beefier machine. This was a nice opportunity to configure the VM with a SSL certificate issued by LetsEncrypt (again, thanks Robby Workman).

So, from now on, the blog is served with a HTTPS URL by default. I hope you understand, this is a process seen on many other web sites too.

Cheers, Eric

Security updates: multilib and flash

blueSW-64pxMultilib

A mountain of security fixes landed in Slackware this week. Many of these updated packages have a multilib equivalent, so today I have updated my multilib repository for Slackware releases 13.37 and newer.

New to multilib or don’t know what it is all about? Read the multilib article found in the Slackware Documentation Project. Download the new multilib packages here:

Flash

At the same time, I have uploaded the latest package versions for the Flash Player plugin for Mozilla and Chromium browsers.
They are accompanied by Flash player  security bulletin APSB16-36.

The updated plugin for the Chromium browser (chromium-pepperflash-plugin) has the version number 23.0.0.205 while the plugin for Mozilla browsers (flashplayer-plugin) is now at version 11.2.202.643 (both 64bit and 32bit versions).

Slackware packages for these Flash plugins are available for download & install in the following locations:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg upgrade flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.

Have fun! Eric

July ’15 Security fixes for Adobe’s Flash web plugins (extra critical)

adobe_flash_8s600x600_2The recent hack of the “Hacking Team” -a company that makes money from creating spyware for repressive governments –  has uncovered evidence that they have been exploiting a yet unknown security hole which is present in all Adobe Flash players since version 7.  Obviously based on the  information obtained from the public dump of Hacking Team’s 400 GB Intranet data, there’s a Zero-Day exploit out there in the wild that is actively targeting computers (thanks mancha for the link). Adobe have released patched Flash player plugins today that fix this security hole and you are all urgently advised to update your flash player packages.

For your information: The updated Slackware package for chromium-pepperflash-plugin has version 18.0.0.204. The updated flashplayer-plugin has version 11.2.202.481. The Chromium plugin was taken from the Google Chrome 43.0.2357.132 RPM which was released yesterday. New packages for my own chromium package based on the sources of that same version are underway, expect those tomorrow.

Download locations for the Flash plugins:

If you are using the slackpkg+ extension for slackpkg, then you just run “slackpkg update && slackpkg update flash”. Alternatively, you can subscribe to my repository RSS feed to stay informed of any updates.

Eric

More june ’15 security fixes for Adobe’s Flash web plugins

adobe_flash_8s600x600_2Here are new packages for the flashplayer-plugin and chromium-pepperflash-plugin. It’s “patch tuesday” and therefore the chances were fairly high that there would be a new Flash security bulletin… indeed, check out Adobe Flash security bulletin: apsb15-14.

For your information: The updated Slackware package for chromium-pepperflash-plugin has version 18.0.0.194. The updated flashplayer-plugin has version 11.2.202.468. The Chromium plugin was taken from the Google Chrome 43.0.2357.130 RPM, and of course new packages for my own chromium package based on sources of that same version are underway – the 32-bit package is being compiled at the moment.

Download locations for the Flash plugins:

Eric

April 15 Java security update: OpenJDK 7u79

icedtea A new release of IcedTea  is available. Version 2.5.5 of the “Java build framework” will create OpenJDK 7 “Update 79 Build 14” (resulting in a Slackware package openjdk-7u79_b14).

The release announcement can be found on the blog of release maintainer Andrew Hughes. The update synchronizes OpenJDK with Oracle’s April ’15 security updates. This will be Oracle’s final update to the Java 7 codebase. I expect that the next release of Icedtea will give us OpenJDK 8.

A list of  CVE’s is associated with the new release. Here are all security fixes mentioned in the post:

The new Java is properly detected by the java tester page at http://javatester.org/version.html but Oracle’s Java version tester at http://java.com/en/download/testjava.jsp only mentions that this version of Java is no longer supported (it wants us all to move to Java 8 on Windows I guess):

openjdk_7u79

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK.

Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric