Skip navigation
chesneyb
chesneyb Calculating status...
Currently Being Moderated

CVE-2012-0779

May 15, 2012 7:39 PM

Tags: #solaris #cve-2012-0779

Regarding CVE-2012-0779,

 

I see that there are updates for just about every operating system other than Solaris to cover this vulnerability.

 

1.  Are Solaris 10 SPARC and x86 affected as well?

 

2.  If so, will there be a patch released and when?

 

Thank-you!

chesneyb

Sorry if I have posted this on one too many forums.

1089 Views   9 Replies   Latest reply: David Paige, Jun 13, 2012 7:33 AM
 
Replies
  • Pat Willener
    Currently Being Moderated
    1. Pat Willener,
    May 15, 2012 11:36 PM   in reply to chesneyb
    Report

    I do not know whether or not the Solaris 10 SPARC and x86 versions are affected or not.

     

    I suggest that you just download and install the latest version 11.2.202.235 for these systems from http://www.adobe.com/products/flashplayer/distribution3.html

     
    |
    Mark as:
  • chesneyb
    Currently Being Moderated
    2. chesneyb,
    May 16, 2012 2:46 AM   in reply to Pat Willener
    Report

    Pat,

     

    I will try to download that version again.  It appears all I could download from Adobe a week ago was 223.  I will update when I have competed download.

     

    chesneyb

     
    |
    Mark as:
  • chesneyb
    Currently Being Moderated
    3. chesneyb,
    May 16, 2012 3:22 AM   in reply to Pat Willener
    Report

    Pat,

     

    I just downloaded and tested both the SPARC and x86 version from that site.

    Sad to say only version 223 is available at that location.

     

    Even if you don't have a Solaris system to check, extract the files and you will see the folder name is as follows.

     

    flash_player_solaris_11_2_202_223_x86

    flash_player_solaris_11_2_202_223_sparc

     

    I did test on a Solaris system and it confirmed that these are indeed 223.

    Thus, I asked the question, isn't Solaris affected as well?

    How may I push this up for action? The security community is rather adament that we patch for this CVE.

     

    chesneyb

     
    |
    Mark as:
  • Pat Willener
    Currently Being Moderated
    4. Pat Willener,
    May 16, 2012 8:31 PM   in reply to chesneyb
    Report

    Sorry for my misinformation; http://www.adobe.com/software/flash/about/ states that 11.2.202.223 is the latest version for Solaris.

     

    Can you send a PM to Chris Campbell and point him to this topic?

     
    |
    Mark as:
  • chesneyb
    Currently Being Moderated
    5. chesneyb,
    May 17, 2012 3:49 AM   in reply to Pat Willener
    Report

    Pat,

     

    I sent the PM as requested.

     

    I am also curious to know when Adobe will be ceasing to support Solaris for Flash.  I would assume with all the rumors about HTML5 and support dropping of for Android that it is possible support for Solaris Flash may be waning.  If so, I need to let some developers know soon.

     

    Thanks,

    chesneyb

     
    |
    Mark as:
  • Chris Campbell
    8,532 posts
    May 4, 2010
    Currently Being Moderated
    6. Chris Campbell,
    May 18, 2012 3:55 PM   in reply to chesneyb
    Report

    I responded via PM, but for anyone else interested, I have confirmed that this security patch does not apply to Solaris.  There will not be a .235 solaris update.

     

    Thanks,

    Chris

     
    |
    Mark as:
  • chesneyb
    Currently Being Moderated
    7. chesneyb,
    May 22, 2012 6:43 AM   in reply to Chris Campbell
    Report

    Chris,

     

    Thank-you!

     

    Oddly enough, did you see that patches came out for Flash in Solaris?

     

    http://wesunsolve.net/patch/id/125332-24

    http://wesunsolve.net/patch/id/125333-23

     

    I haven't figure out if this is a security update, but the timeliness is a bit close.

     

    chesneyb

     
    |
    Mark as:
  • David Paige
    Currently Being Moderated
    8. David Paige,
    Jun 12, 2012 7:05 AM   in reply to Chris Campbell
    Report

    Thank you for the information regarding the Solaris version.  The documentation for the latest update wasn't clear, leading us to wonder if our versions were vulnerable.  Hopefully, Adobe will continue to support Flash Player for Solaris.

     
    |
    Mark as:
  • David Paige
    Currently Being Moderated
    9. David Paige,
    Jun 13, 2012 7:33 AM   in reply to chesneyb
    Report

    Oracle tends to be somewhat behind when they release updates for Adobe Flash Player.  I do wish they would indicate the version being provided in the update, though....

     

    (Update)  apsb12-14 doesn't mention a thing about Solaris.  If only the other flavors could be as well written, they wouldn't be vulnerable to these new issues either, just like Solaris.....

     

    I laugh as I watch you update your systems, while I bask in invulnerability.

     

    Message was edited by: David Paige

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points