FW: US-CERT Technical Cyber Security Alert TA06-075A -- Adobe Macromedia Flash Products Multiple Vulnerabilities
Gene Heskett
gene.heskett at verizon.net
Mon Mar 20 01:28:46 UTC 2006
On Sunday 19 March 2006 16:33, Todd Zullinger wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Jancio Wodnik wrote:
>>>Latest rpms major distros can be found here:
>>>http://macromedia.mplug.org/site_uh.html
>>
>> yeah, the Latest. Files in this rpm for fedora are from 9 december
>> so that is ver 7.61 of macromedia player :/
>
>Why do you say that? The files inside the 7.0.63 tar archive
>available from Macromedia's website[1] are dated December 8, 2005.
>
>> But he name this rpm is: flash-plugin-7.0.63-1.i386.rpm (inside ver
>> 7.61)
>
>Did you restart your browser after updating the rpm? Firefox 1.0.7
>here shows 7.0 r63.
>
>[1]
> http://fpdownload.macromedia.com/get/flashplayer/current/install_flas
>h_player_7_linux.tar.gz
I have that same problem. First, this advisory is a wee bit old, and
second the files in that rpm are as you say, obviously dated to well
before this vulnerability was published. Like Dec 8, 2005.
If this is indeed a vulnerability fix, I think we have a reasonable
expectation of finding the executable code at least as new as the
show-license file.
Something doesn't quite smell edible here methinks.
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
More information about the fedora-legacy-list
mailing list