Like most people I suspect, I received a Krb5 security notification today (unless it was triggered by some anti-hacker tweaks I did today).
I like the idea of Krb5… upon installation, an Adobe Flash Player licensing agreement form was presented to me. I declined to this. There are so many bugs in Flash on the Windoze side, that I do not trust it at all (this is a security update? oops). I received a very nasty virus in My space. com running Windoze. I suspect that it was built into Flash- McAfee could not even detect it, nevermind removing. There are approx. 40 threads concerning problems with Flash in the forums here.
I am trying to understand your question / situation here…
You received a notice that there some security patches available for install, I think there were more than one (krb patches and some for adobe flash), but I guess you only saw the one for krb (I doubt krb needs adobe flash).
And you chose to cancel the update because of flash.
If you are sure you do not want adobe flash patched, you can manually update from yast (manually select patches) and choose the ones to install and deselect flash update.
I really do not understand why you would do that: you already have adobe flash player installed and the version you have is vulnerable - choosing not to update / patch it would be bad for you.
Agreed; I think this was coincidence and another patch may be trying to
pull in flash. None of krb5’s dependencies show anything browser-related
from what I can tell:
rpm -q --requires krb5
Good luck.
On 05/26/2010 07:06 AM, ghostintheruins wrote:
>
> I am trying to understand your question / situation here…
>
> You received a notice that there some security patches available for
> install, I think there were more than one (krb patches and some for
> adobe flash), but I guess you only saw the one for krb (I doubt krb
> needs adobe flash).
>
> And you chose to cancel the update because of flash.
>
> If you are sure you do not want adobe flash patched, you can manually
> update from yast (manually select patches) and choose the ones to
> install and deselect flash update.
>
> I really do not understand why you would do that: you already have
> adobe flash player installed and the version you have is vulnerable -
> choosing not to update / patch it would be bad for you.
>
> Cheers
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Thank you for your response. I think I know what happened. If I am accurate, you both guessed the scenario. I did have Adobe Flash installed at one time. I decided against it and consequently removed it from Mozilla in browser ‘Manage Content Plugins’ option. Somehow the string ‘install Adobe Flash’, (did not pay that much attention to it- could have been 'Remove Adobe Flash) appeared in my Software Update list. When the Krb5 and other upgrade packages were displayed - the Krb5s were at the top of the list. I think that somehow that Adobe Flash string got ‘caught in’ with the Krb5s as an upgrade, even though it was not displayed as an item to be upgraded. When the licensing agreement form was displayed, the Flash and also whatever else was selected as an upgrade was cancelled by me.
Today I clicked on the two Krb5 upgrades in Software Update - Only the Krb5 packages installed rather smoothly and quickly. No licensing prompts were displayed. I looked in Mozilla - Tools | Manage Conten Plugins, and found VLC Multimedia Plugin - Flash Video listed only.
I hope that the above makes sense. If you have any questions, or if something is unclear, please let me know.
Removing it (flash) from firefox plugins (disableing the plugin) does NOT uninstall the software from your system.
If you did not un-install it from the software manager you still have it on your system and needs patching. Otherwise there would be no notice regarding patching.
So I still suggest - either uninstall it from yast / zypper or patch it.