CVE-2012-0779

Report · May 15, 2012

Regarding CVE-2012-0779,

I see that there are updates for just about every operating system other than Solaris to cover this vulnerability.

1. Are Solaris 10 SPARC and x86 affected as well?

2. If so, will there be a patch released and when?

Thank-you!

chesneyb

Sorry if I have posted this on one too many forums.

Report · May 15, 2012

I do not know whether or not the Solaris 10 SPARC and x86 versions are affected or not.

I suggest that you just download and install the latest version 11.2.202.235 for these systems from http://www.adobe.com/products/flashplayer/distribution3.html

Report · May 16, 2012

Pat,

I will try to download that version again. It appears all I could download from Adobe a week ago was 223. I will update when I have competed download.

chesneyb

Report · May 16, 2012

Pat,

I just downloaded and tested both the SPARC and x86 version from that site.

Sad to say only version 223 is available at that location.

Even if you don't have a Solaris system to check, extract the files and you will see the folder name is as follows.

flash_player_solaris_11_2_202_223_x86

flash_player_solaris_11_2_202_223_sparc

I did test on a Solaris system and it confirmed that these are indeed 223.

Thus, I asked the question, isn't Solaris affected as well?

How may I push this up for action? The security community is rather adament that we patch for this CVE.

chesneyb

Report · May 16, 2012

Sorry for my misinformation; http://www.adobe.com/software/flash/about/ states that 11.2.202.223 is the latest version for Solaris.

Can you send a PM to Chris Campbell and point him to this topic?

Report · May 17, 2012

Pat,

I sent the PM as requested.

I am also curious to know when Adobe will be ceasing to support Solaris for Flash. I would assume with all the rumors about HTML5 and support dropping of for Android that it is possible support for Solaris Flash may be waning. If so, I need to let some developers know soon.

Thanks,

chesneyb

Report · May 18, 2012

I responded via PM, but for anyone else interested, I have confirmed that this security patch does not apply to Solaris. There will not be a .235 solaris update.

Thanks,

Chris

Report · May 22, 2012

Chris,

Thank-you!

Oddly enough, did you see that patches came out for Flash in Solaris?

http://wesunsolve.net/patch/id/125332-24

http://wesunsolve.net/patch/id/125333-23

I haven't figure out if this is a security update, but the timeliness is a bit close.

chesneyb

Report · Jun 12, 2012

Oracle tends to be somewhat behind when they release updates for Adobe Flash Player. I do wish they would indicate the version being provided in the update, though....

(Update) apsb12-14 doesn't mention a thing about Solaris. If only the other flavors could be as well written, they wouldn't be vulnerable to these new issues either, just like Solaris.....

I laugh as I watch you update your systems, while I bask in invulnerability.

Message was edited by: David Paige

Report · Jun 12, 2012

Thank you for the information regarding the Solaris version. The documentation for the latest update wasn't clear, leading us to wonder if our versions were vulnerable. Hopefully, Adobe will continue to support Flash Player for Solaris.

Adobe Community

CVE-2012-0779