Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: [13.10] Is the flashplugin-installer authenticated?

  1. #1
    Join Date
    Oct 2013
    Beans
    14

    Question [13.10] Is the flashplugin-installer authenticated?

    I'm using Ubuntu 13.10 x64. Recently I've received a warning I can't get rid of telling me that flashplugin-installer cannot be updated.


    When I click on 'Run this action now' a terminal window opens and executes this:
    Code:
    flashplugin-installer: downloading http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.335.orig.tar.gz
    which is going out as
    Code:
    GET http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.335.orig.tar.gz HTTP/1.0
    Host: archive.canonical.com
    User-Agent: Python-urllib/1.17

    My question is since this is an HTTP request to download adobe-flashplugin_11.2.202.335.orig.tar.gz can it be subject to a MITM attack? In other words, can someone compromise my machine by sending a fake file? I'm not sure about Ubuntu's update procedures but I'm figuring some python script somewhere is trying to get this file (and for whatever reason it's not coming in right, which is another issue) and then replace the existing plugin with the new plugin in that file. Is that authenticated in any way?

    Thanks

  2. #2
    Join Date
    Feb 2008
    Location
    Oblivion
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: [13.10] Is the flashplugin-installer authenticated?

    The flashplugin is no longer supported. It finished right where you are, 11.2. Nothing to do with ubuntu but a decision made by the flash folk to no longer support Linux. No comment on that. openJDK7 in software centre might solve your issue.

  3. #3
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: [13.10] Is the flashplugin-installer authenticated?

    I just checked the repository in Chromium, and can download the tar.gz package without any errors.

    http://archive.canonical.com/pool/pa...e-flashplugin/

  4. #4
    Join Date
    Feb 2008
    Location
    Oblivion
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: [13.10] Is the flashplugin-installer authenticated?

    Chromium? Oh, you want Pepper Flash. That is supported in Chromium browser but actually is used exclusively by Chromium, in Chromium. It is part of the app and will not be used in any other part of the system. Obviously some handshake between Adobe and Google. That will give you Adobe flash 12 I believe.

    Lot's of options HERE.

    Adding a PPA might be the best choice.

  5. #5
    Join Date
    Oct 2013
    Beans
    14

    Re: [13.10] Is the flashplugin-installer authenticated?

    Right I appreciate the answers but my question is since this is an HTTP request to download adobe-flashplugin_11.2.202.335.orig.tar.gz can it be subject to a MITM attack?

    Also maybe this is a question for another forum but if flash isn't supported anymore how do I get rid of it and why is ubuntu still downloading it? My last system update was 1/31/2014 and that's when it started with that failure message.

  6. #6
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    8,171
    Distro
    Ubuntu

    Re: [13.10] Is the flashplugin-installer authenticated?

    Doesn't the flashplugin-installer contain updated md5sums(or other checksum) to check the hash of the flashplugin?
    If the hash doesn't match then the download fails.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  7. #7
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    861
    Distro
    Ubuntu

    Re: [13.10] Is the flashplugin-installer authenticated?

    Quote Originally Posted by newnotice View Post
    Also maybe this is a question for another forum but if flash isn't supported anymore how do I get rid of it and why is ubuntu still downloading it? My last system update was 1/31/2014 and that's when it started with that failure message.
    Because it was last updated 1-14-14.
    http://archive.canonical.com/pool/pa...e-flashplugin/

    They're still updating it, this was a critical security update.
    http://www.adobe.com/support/flashplayer/downloads.html

    11.2 is the last version they support. "Fortunately for Linux users, Adobe says it will continue to provide security updates to non-Pepper distributions of Flash Player 11.2 on Linux for five years from its release."Quote from http://www.zdnet.com/blog/open-sourc...ns-linux/10418

    I wouldn't have a problem using it knowing it will get security updates until 2017. If you want to uninstall it, use
    Code:
     sudo apt-get remove adobe-flashplugin*
    Last edited by bashiergui; February 4th, 2014 at 04:40 AM.
    Knock knock.
    Race condition.
    Who's there?

  8. #8
    Join Date
    Oct 2013
    Beans
    14

    Re: [13.10] Is the flashplugin-installer authenticated?

    Quote Originally Posted by deadflowr View Post
    Doesn't the flashplugin-installer contain updated md5sums(or other checksum) to check the hash of the flashplugin?
    If the hash doesn't match then the download fails.
    Is there any way I can check to see if it's authenticated, I really don't know why the download is failing. Since flash will still receive security updates I am going keep flash.
    Last edited by newnotice; February 5th, 2014 at 10:46 PM.

  9. #9
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: [13.10] Is the flashplugin-installer authenticated?

    Try a different mirror, to see if you get the same result.

  10. #10
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    861
    Distro
    Ubuntu

    Re: [13.10] Is the flashplugin-installer authenticated?

    Quote Originally Posted by newnotice View Post
    Is there any way I can check to see if it's authenticated, I really don't know why the download is failing. Since flash will still receive security updates I am going keep flash.
    +1 to the different mirror.

    The way the repositories work is they have cryptographic keys. When you add a repository you also add the key. Your computer checks its key with the repository and if they match the update is downloaded. So even though it's over http, the source has been 'authenticated'.
    Knock knock.
    Race condition.
    Who's there?

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •