Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 24/25 > Using Fedora
FedoraForum Search

Forgot Password? Join Us!

Using Fedora General support for current versions. Ask questions about Fedora that do not belong in any other forum.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 10th July 2014, 06:09 PM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

When I ran
Code:
sudo yum -v  --security update
It didn't offer update to flash-plugin-11.2.202.394-release.x86_64 .

This update has been offered when I ran
Code:
sudo yum -v update
So I was thinking that it wasn't security update, but adobe www page says "These updates address critical vulnerabilities in the software." (http://helpx.adobe.com/security/prod...apsb14-17.html)

Is it security update or not ?
Reply With Quote
  #2  
Old 10th July 2014, 08:28 PM
PabloTwo Offline
"Registered User" T-Shirt Winner
 
Join Date: Mar 2007
Location: Seville, FL
Posts: 7,559
Your first yum command checks for packages tagged as a security update from the Fedora repos. The flash-plugin package is from a non-fedora repo. So,yes,it's a security update, but only as stated by Adobe, not as tagged in the package.
Reply With Quote
  #3  
Old 11th July 2014, 12:46 PM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Thank you. So if someone needs ALL security updates, he must run sudo yum update ?
Reply With Quote
  #4  
Old 11th July 2014, 02:52 PM
PabloTwo Offline
"Registered User" T-Shirt Winner
 
Join Date: Mar 2007
Location: Seville, FL
Posts: 7,559
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by boycottsystemd View Post
Thank you. So if someone needs ALL security updates, he must run sudo yum update ?
Well, doing that would certainly be a "catch all" approach. But how many non-fedora repos do you have enabled, and what types of packages do you have installed from those non-fedora repos would you consider most likely to fall into the "security" category? Certainly, the Adobe flash-plugin could always be considered as a security update and any web browser.

You could continue to use the "sudo yum -v --security update" command to update only security related packages from the Fedora repos, then follow that up with:
Code:
sudo yum --disablerepo=fedora* check-update
to see what's on offer from your non-fedora repos and decide for yourself from among the list which are usually security related and update only those packages, such as:
Code:
sudo yum update flash-plugin google-chrome-stable ... ...
if you don't want everything updated.
Reply With Quote
  #5  
Old 16th July 2014, 09:30 AM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
But how many non-fedora repos do you have enabled
Code:
yum repolist
give

Code:
adobe-linux-x86_64               Adobe Systems Incorporated                    2
bumblebee/20                     bumblebee for fedora Linux 20 - x86_64 -     17
fedora/20/x86_64                 Fedora 20 - x86_64                       38,597
rpmfusion-free/20/x86_64         RPM Fusion for Fedora 20 - Free             468
rpmfusion-free-updates/20/x86_64 RPM Fusion for Fedora 20 - Free - Update    491
updates/20/x86_64                Fedora 20 - x86_64 - Updates             17,841
Quote:
what types of packages do you have installed from those non-fedora repos would you consider most likely to fall into the "security" category?
Wouldn't be better if the package maintainer decides whether update is in security category ?

Is there any reason that flash-plugin update is not tagged as security in the package ?

No offence, I'm just curious.
Reply With Quote
  #6  
Old 16th July 2014, 01:48 PM
PabloTwo Offline
"Registered User" T-Shirt Winner
 
Join Date: Mar 2007
Location: Seville, FL
Posts: 7,559
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by boycottsystemd
Is there any reason that flash-plugin update is not tagged as security in the package ?
I can't say for sure, but I don't think the "security" tag is actually part of the individual rpm package metadata, and that it is actually defined somewhere in other repo specific files, such as the many *.xml or various flavors of sqlite database files, in the same manner as how any particular package would be associated with a "group". So, should that be the case, it's not clear to me how a package maintainer would "tag" a package as being a security update. Fedora has no control of how other non Fedora repos decide to setup and mange their own repos.

One interesting command to run (to see which of your currently installed packages are of the "security" type, is:
Code:
# yum updateinfo installed security
See "man 8 yum" for for other variations of this command.

Edit: I'll have to research a bit to see if there is a "Type" field for rpm spec files. If there is, then it is possible to set the security tag at the rpm level.
Edit2: "rpm --querytags" shows me that there is no such field available.

Last edited by PabloTwo; 16th July 2014 at 02:06 PM.
Reply With Quote
  #7  
Old 17th July 2014, 01:48 PM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Location: ~
Posts: 1,875
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by boycottsystemd View Post
Code:
yum repolist
Is there any reason that flash-plugin update is not tagged as security in the package ?
Reluctant third party repo maintainers/packagers.
Reply With Quote
  #8  
Old 18th July 2014, 01:29 PM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Thanks to both for reply.

Is there any solution to this ?
Reply With Quote
  #9  
Old 18th July 2014, 01:54 PM
PabloTwo Offline
"Registered User" T-Shirt Winner
 
Join Date: Mar 2007
Location: Seville, FL
Posts: 7,559
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by boycottsystemd View Post
Thanks to both for reply.

Is there any solution to this ?
My solution would be:
Code:
sudo yum check-update flash-plugin
Reply With Quote
  #10  
Old 23rd July 2014, 12:42 PM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by PabloTwo View Post
My solution would be:
Code:
sudo yum check-update flash-plugin
This is solution for security update of one repo only. But security of whole OS is comprised of security packages of all involved repos.

Is anywhere any warning that
Code:
sudo yum -v  --security update
is unreliable and can leave OS unprotected ?
Reply With Quote
  #11  
Old 23rd July 2014, 11:11 PM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Location: ~
Posts: 1,875
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

I don't think that will go for a silver bullet, but for the Fedora repos it should be fine.
If you are that concerned about security you shouldn't be using third party repos and certainly not flash.

What's wrong about a normal update including all packages (this is Fedora after all so stability shouldn't be that high on your list)?
Reply With Quote
  #12  
Old 27th July 2014, 09:26 AM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by Dutchy View Post
If you are that concerned about security you shouldn't be using third party repos and certainly not flash.

What's wrong about a normal update including all packages (this is Fedora after all so stability shouldn't be that high on your list)?
Do you think that your answer is in accordance with Fedora security policy ?

https://fedoraproject.org/wiki/Overv...istribution.3F
Reply With Quote
  #13  
Old 27th July 2014, 03:19 PM
Kobuck Offline
Registered User
 
Join Date: Feb 2009
Location: Florida
Posts: 500
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

I am struggling to understand your issue

What is your description of the problem? What component is broken?

What I see so far in the previous messages:

1) You have added a non-Fedora repository to yum ( this appears to be working )
2) adobe has provided an update which they describe as security related ( per your OP )
3) adobe failed to correctly flag the package as security related ( apparently yum sees no "security flag" )

What is the desired behavior?

The yum security feature is a filter which limits updates based on the security content defined in the package. The safest way to ensure that all security related updates are applied is to do a full yum update. This ensures that all updates are applied regardless the packager's use of yum's security information content provisions.

No information provided so far indicates that Fedora's repositories are in error or that yum is not functioning correctly.


My apologies to @PabloTwo: I know its more than just an "rpm security flag", but for clarity I abstracted the actual implementation
__________________
Laptop: ASUS K61IC/ Intel T6600 2.20Ghz x2/ 4GB/ 320GB SataII/ NVidia G96M/ fc25.x86_64
Tower: GigaByte (990FXA)/ AMD 1100T 3.3Ghz x6/ 16GB/ 3.75TB Sata III/ AMD 6770HD/ fc25.x86_64
Bookshelf: Shuttle DS61 (H61)/ i3-3225 3.3Ghz x2/ 16GB/ 320GB Sata II/ Intel HD 4000/ fc24.x86_64
Embedded: BeagleBone Blk / ARM AM3358 1 GHz x1/ 512MB/ 2GB eMMC/ PowerVR SGX530/ fc25.armv7hl

Last edited by Kobuck; 27th July 2014 at 03:37 PM. Reason: clarification
Reply With Quote
  #14  
Old 27th July 2014, 06:26 PM
boycottsystemd Offline
Registered User
 
Join Date: Jul 2014
Location: EU
Posts: 101
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

Quote:
Originally Posted by Kobuck View Post
I am struggling to understand your issue

What is your description of the problem? What component is broken?

What I see so far in the previous messages:

1) You have added a non-Fedora repository to yum ( this appears to be working )
2) adobe has provided an update which they describe as security related ( per your OP )
3) adobe failed to correctly flag the package as security related ( apparently yum sees no "security flag" )

What is the desired behavior?

The yum security feature is a filter which limits updates based on the security content defined in the package. The safest way to ensure that all security related updates are applied is to do a full yum update. This ensures that all updates are applied regardless the packager's use of yum's security information content provisions.

No information provided so far indicates that Fedora's repositories are in error or that yum is not functioning correctly.


My apologies to @PabloTwo: I know its more than just an "rpm security flag", but for clarity I abstracted the actual implementation
Issue is when someone uses

Code:
sudo yum --security update
and supposes that he has got all security updates.
Reply With Quote
  #15  
Old 27th July 2014, 09:58 PM
Kobuck Offline
Registered User
 
Join Date: Feb 2009
Location: Florida
Posts: 500
linuxfirefox
Re: flash-plugin-11.2.202.394-release.x86_64 - is it security update or not ?

I would be interested in where you picked up that expectation.

The ability to filter enhancements, bugfixes, and security updates is dependent on the repository maintainer. You have found adobe doesn't maintain the info, and when I look at rpmfusion repos it doesn't appear that they do either. Even where the info is maintained, you would still get enhancement level updates as soon as followon security update is made to that enhancement.

Just look at the following:
Code:
]# yum updateinfo list installed kernel
Loaded plugins: langpacks, refresh-packagekit
FEDORA-2013-23445 security kernel-3.12.5-302.fc20.x86_64
FEDORA-2014-0696  security kernel-3.12.7-300.fc20.x86_64
FEDORA-2014-1062  security kernel-3.12.8-300.fc20.x86_64
FEDORA-2014-2576  security kernel-3.13.3-201.fc20.x86_64
FEDORA-2014-3094  security kernel-3.13.5-200.fc20.x86_64
FEDORA-2014-3442  security kernel-3.13.5-202.fc20.x86_64
FEDORA-2014-4317  security kernel-3.13.7-200.fc20.x86_64
FEDORA-2014-4675  security kernel-3.13.8-200.fc20.x86_64
FEDORA-2014-4844  security kernel-3.13.9-200.fc20.x86_64
FEDORA-2014-5235  security kernel-3.13.10-200.fc20.x86_64
FEDORA-2014-6122  security kernel-3.14.3-200.fc20.x86_64
FEDORA-2014-6357  security kernel-3.14.4-200.fc20.x86_64
FEDORA-2014-7033  security kernel-3.14.5-200.fc20.x86_64
FEDORA-2014-7128  security kernel-3.14.6-200.fc20.x86_64
FEDORA-2014-7430  security kernel-3.14.8-200.fc20.x86_64
FEDORA-2014-7863  security kernel-3.14.9-200.fc20.x86_64
FEDORA-2014-8171  security kernel-3.15.4-200.fc20.x86_64
FEDORA-2014-8519  security kernel-3.15.6-200.fc20.x86_64
updateinfo list done
That's the list of all kernel updates since F20 release. They are all coded as security and I'm sure there are security related changes in each update. However, I also think there has been a lot of enhancement and bugfix in those updates as well.

The current capabilities neither provide all security updates nor avoid bugfix/enhancements.
As others have said, best approach is just do the full update and enjoy
__________________
Laptop: ASUS K61IC/ Intel T6600 2.20Ghz x2/ 4GB/ 320GB SataII/ NVidia G96M/ fc25.x86_64
Tower: GigaByte (990FXA)/ AMD 1100T 3.3Ghz x6/ 16GB/ 3.75TB Sata III/ AMD 6770HD/ fc25.x86_64
Bookshelf: Shuttle DS61 (H61)/ i3-3225 3.3Ghz x2/ 16GB/ 320GB Sata II/ Intel HD 4000/ fc24.x86_64
Embedded: BeagleBone Blk / ARM AM3358 1 GHz x1/ 512MB/ 2GB eMMC/ PowerVR SGX530/ fc25.armv7hl
Reply With Quote
Reply

Tags
security, update

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can't install flash-plugin 11.1.102-62-release i386 JohnJasonJordan Using Fedora 9 4th February 2015 05:49 AM
F11 x86_64, Firefox 3.5, flash-plugin i386, mozilla-plugin-config bongoman Using Fedora 21 30th July 2009 02:58 AM


Current GMT-time: 03:33 (Saturday, 24-06-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat