My thoughts on Slackware, life and everything

Tag: security (Page 2 of 3)

April 15 Java security update: OpenJDK 7u79

icedtea A new release of IcedTea  is available. Version 2.5.5 of the “Java build framework” will create OpenJDK 7 “Update 79 Build 14” (resulting in a Slackware package openjdk-7u79_b14).

The release announcement can be found on the blog of release maintainer Andrew Hughes. The update synchronizes OpenJDK with Oracle’s April ’15 security updates. This will be Oracle’s final update to the Java 7 codebase. I expect that the next release of Icedtea will give us OpenJDK 8.

A list of  CVE’s is associated with the new release. Here are all security fixes mentioned in the post:

The new Java is properly detected by the java tester page at http://javatester.org/version.html but Oracle’s Java version tester at http://java.com/en/download/testjava.jsp only mentions that this version of Java is no longer supported (it wants us all to move to Java 8 on Windows I guess):

openjdk_7u79

Note about usage:

Remember that I release packages for the JRE (runtime) and the JDK (development kit) simultaneously, but you only need to install one of the two. The JRE is sufficient if you only want to run Java programs (including Java web plugins). Only in case where you’d want to develop Java programs and need a Java compiler, you are in need of the JDK package. Get them here.

The Java package (openjre as well as openjdk) has one dependency: rhino provides JavaScript support for OpenJDK.

Optionally: If you want to use Java in a web browser (which supports NPAPI plugins – this excludes Chrome & Chromium but you’ll be OK with all Mozilla [-compatible] browsers) then you’ll have to install my icedtea-web package too. While Oracle’s JDK contains a browser plugin, that one is closed-source and therefore Icedtea offers an open source variant which does a decent job.

If you want to compile this OpenJDK package yourself, you need to install apache-ant additionally. Note that the previous requirements of xalan & xerces packages have been dropped; ant will provide all required build functionality on its own now.

Have fun! Eric

Another Flash player plugin this week

adobe_flash_8s600x600_2 I failed to mention this earlier because of the time I spent on KDE 5, but there was a new Flash from Adobe. following closely on last week’s security fix.

I have packaged the usual suspects: the plugin for chromium (PPAPI) and for mozilla-compatible browsers (NPAPI). If you have pipelight installed, you should run “pipelight-plugin –update” as root to get the latest Flash installed automatically the next time the browser loads the Windows plugin.

The new Slackware package for chromium-pepperflash-plugin has version 16.0.0.296. The updated flashplayer-plugin has version 11.2.202.440.

Download locations have not changed:

Eric

Monthly Flash Player security updates

Pepper Flash for Chromium:

chromium_iconChrome was updated because of a Flash security bulletin from Adobe. The new Slackware package for chromium-pepperflash-plugin has version 16.0.0.257.

 

 

Linux Flash for Mozilla-compatibles:

adobe_flash_8s600x600_2 The “legacy” Linux NPAPI plugin for Mozilla-compatible browsers was updated as well – never leaving version 11. My Slackware package for the flashplayer-plugin went “up” to 11.2.202.429 (micro version update).

 

 

Windows Flash for Mozilla-compatibles provided by Pipelight:

pipelight-logoFor my pipelight package, you can easily update the Windows plugins it installed for you earlier (including the Windows Flash player if you use that) by running (as root) the script:

# pipelight-plugin --update

A new package is not required therefore.

Eric

October Flash Dance

Chromium and Pepper Flash:

chromium_iconChrome was updated last week (I failed to notice because of the crunch mode at work) with a new Flash from Adobe. I had just updated the Chromium package for Slackware last week, but I decided to apply the micro version upgrade anyway.

More detail on the Chrome releases blog for Chromium 38.0.2125.104 – some bugs were fixed but apart from the Flash upgrade in Chrome, not much exciting there. The real heavy lifting was done for last week’s release.

I took the binaries from that new Chrome RPM and used those to update my Slackware package for chromium-pepperflash-plugin. New version is 15.0.0.189.

Linux Flash:

adobe_flash_8s600x600_2 Adobe releases its Flash updates for all platforms, one of them is the “legacy” Linux NPAPI plugin for Mozilla-compatible browsers. See Adobe’s monthly security bulletin for all the version numbers and vulnerabilities. The Linux flashplayer-plugin went up to 11.2.202.411.

 

 

Pipelight with Windows Flash:

pipelight-logoFor my pipelight package, you can easily update the Windows plugins it installed for you earlier (including the Windows Flash player if you use that) by running (as root) the script:

# pipelight-plugin --update

A new package is not required therefore.

 

Eric

New Flash player – security fix

Adobe released security updates of their Flash Player for all platforms. The latest Adobe security bulletin shows 11.2.202.356 as the new version for native Linux and 13.0.0.206 for the Chrome PepperFlash. Package locations:

Perfom the update today if you are using Flash! And if you are using Windows (I know some of you do) – mind the advice of US and UK governments to stop using MS Internet Explorer since it contains an unpatched zero-day vulnerability which uses a Flash vulnerability in turn to wreck havoc on your Windows computer.

Eric

 

« Older posts Newer posts »

© 2024 Alien Pastures

Theme by Anders NorenUp ↑