[Secure-testing-team] Bug#737745: /usr/sbin/update-flashplugin-nonfree: "update-flashplugin-nonfree -iv" not working
Michael Hatzold
m.hatzold at web.de
Wed Feb 5 15:56:21 UTC 2014
Package: flashplugin-nonfree
Version: 1:3.4
Severity: critical
File: /usr/sbin/update-flashplugin-nonfree
Tags: security
Justification: root security hole
Dear Maintainer,
* What led up to the situation?
according to public reports there is a new *critical* vulnerability in
flashplayer. But the command to update isn't working:
* What led up to the situation?
update-flashplugin-nonfree -iv"
* What was the outcome of this action?
# update-flashplugin-nonfree -iv
options : -i -v --
temporary directory: /tmp/flashplugin-nonfree.oN7tNrErMx
importing public key ...
selected action = --install
installed version = 11.2.202.335
upstream version = 11.2.202.336
wgetoptions= -nd -P . -v --progress=dot:default
downloading http://people.debian.org/~bartm/flashplugin-
nonfree/fp.11.2.202.336.sha512.i386.pgp.asc ...
--2014-02-05 16:38:57-- http://people.debian.org/~bartm/flashplugin-
nonfree/fp.11.2.202.336.sha512.i386.pgp.asc
Auflösen des Hostnamen »people.debian.org (people.debian.org)«...
206.12.19.5, 2607:f8f0:610:4000:214:38ff:feee:b65a
Verbindungsaufbau zu people.debian.org (people.debian.org)|206.12.19.5|:80...
verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 404 Not Found
2014-02-05 16:38:57 FEHLER 404: Not Found.
* What outcome did you expect instead?
update to upstream version = 11.2.202.336
BTW:
There is a bunch of Debian/sid users who use the following cronjob to check for
and update to new versions if available:
***script /etc/cron.daily/flash***
#!/bin/sh
test -x /usr/sbin/update-flashplugin-nonfree && /usr/sbin/update-flashplugin-
nonfree --install --quiet
***end***
Shouldn'd such functionality be part of "update-flashplugin-nonfree"?
-- Package-specific info:
Debian version: jessie/sid
Architecture: i386
Package version: 1:3.4
Adobe Flash Player version: LNX 11,2,202,335
MD5 checksums:
208968bb1109e8627fa3c08b43814bee /var/cache/flashplugin-nonfree/get-upstream-version.pl
63f3b6c3b84e36d418c421d4861f4f85 /var/cache/flashplugin-nonfree/install_flash_player_11_linux.i386.tar.gz
79dce79aed74d9bd3537e1ac1a5aad24 /usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
flash-mozilla.so - auto mode
link currently points to /usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
Current 'best' version is '/usr/lib/flashplugin-nonfree/libflashplayer.so'.
lrwxrwxrwx 1 root root 34 Dec 9 15:46 /usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so
/usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to `/etc/alternatives/flash-mozilla.so'
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (900, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.13-0.towo.3-siduction-686 (SMP w/1 CPU core; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages flashplugin-nonfree depends on:
ii binutils 2.24-3
ii debconf [debconf-2.0] 1.5.52
ii gnupg 1.4.16-1
ii libatk1.0-0 2.10.0-2
ii libcairo2 1.12.16-2
ii libcurl3-gnutls 7.35.0-1
ii libfontconfig1 2.11.0-2
ii libfreetype6 2.5.2-1
ii libgcc1 1:4.8.2-14
ii libglib2.0-0 2.37.5+really2.36.4-0r0
ii libgtk2.0-0 2.24.22-1
ii libnspr4 2:4.10.2-1
ii libnss3 2:3.15.3.1-1.1
ii libpango1.0-0 1.36.0-1+b1
ii libstdc++6 4.8.2-14
ii libx11-6 2:1.6.2-1
ii libxext6 2:1.3.2-1
ii libxt6 1:1.1.4-1
ii wget 1.15-1
flashplugin-nonfree recommends no packages.
Versions of packages flashplugin-nonfree suggests:
ii flashplugin-nonfree-extrasound 0.0.svn2431-3
ii fonts-dejavu 2.34-1
ii hal 0.5.14-8
ii iceweasel 24.2.0esr-1
pn konqueror-nsplugins <none>
ii ttf-mscorefonts-installer 3.5
ii ttf-xfree86-nonfree 4.2.1-3.1
-- no debconf information
More information about the Secure-testing-team
mailing list