Adobe Flash Issues: Difference between revisions

From OLPC
Jump to navigation Jump to search
No edit summary
 
(2 intermediate revisions by one other user not shown)
Line 2: Line 2:


==Overview==
==Overview==
=== Zero-day exploits in use ===
*Xv not used


See [https://theconversation.com/using-flash-is-like-leaving-your-home-doors-open-and-sending-invites-to-criminals-44741 Using Flash is like leaving your home doors open and sending invites to criminals] by David Glance, Director of UWA Centre for Software Practice at University of Western Australia.
On all Linux devices, including XO-1 and XO-1.5, with all builds, Flash 10 does not use Xv, (Flash 9 did), and performance is significantly degraded.


*Security updates mechanism
=== No new updates ===


Adobe has ceased development of the Linux version; there are no new updates.
A deployment laptop asset base is a potential target. A mechanism will be required by deployments to ensure that security updates or mitigation can be applied rapidly.

=== Security updates mechanism ===

A deployment laptop asset base is a potential target. A mechanism will be required by deployments to ensure that security updates or mitigation can be applied rapidly. OLPC does not provide a mechanism.


(Context: in 2010-06 Adobe advised of a [http://www.adobe.com/support/security/advisories/apsa10-01.html security vulnerability] in Adobe Flash Player 10.0.45.2 (and earlier), including the Linux version. Solution is Adobe Flash Player 10.1. Mitigation is to remove the file libauthplay.so.0.0.0 and while this appears straightforward would need to be included in image build scripts, and in some post-installation update mechanism.)
(Context: in 2010-06 Adobe advised of a [http://www.adobe.com/support/security/advisories/apsa10-01.html security vulnerability] in Adobe Flash Player 10.0.45.2 (and earlier), including the Linux version. Solution is Adobe Flash Player 10.1. Mitigation is to remove the file libauthplay.so.0.0.0 and while this appears straightforward would need to be included in image build scripts, and in some post-installation update mechanism.)


===Xv not used===
*Redistribution license

On all Linux devices, including XO-1 and XO-1.5, with all builds, Flash 10 does not use Xv, (Flash 9 did), and performance is significantly degraded. See [http://dev.laptop.org/ticket/5408 OLPC ticket #5408].


===Redistribution license===


The license does not permit redistribution, therefore Adobe Flash Player cannot be bundled within an operating system image by OLPC. An alternate license or specific permission is being explored. See [http://dev.laptop.org/ticket/9811 OLPC ticket #9811].
The license does not permit redistribution, therefore Adobe Flash Player cannot be bundled within an operating system image by OLPC. An alternate license or specific permission is being explored. See [http://dev.laptop.org/ticket/9811 OLPC ticket #9811].
Line 21: Line 30:
===[[OS_images|XO-1 OS]] (Sugar Desktop)===
===[[OS_images|XO-1 OS]] (Sugar Desktop)===


*camera
====camera====


Browsing Flash apps that use the camera will turn on the indicator light above the camera. Flash 10 shows red and green static which reacts to motion. This means the camera is working, but Flash isn't communicating quite correctly with it. See [http://dev.laptop.org/ticket/8644 OLPC ticket #8644], and [http://dev.laptop.org/ticket/7001 ticket #7001].
Browsing Flash apps that use the camera will turn on the indicator light above the camera. Flash 10 shows red and green static which reacts to motion. This means the camera is working, but Flash isn't communicating quite correctly with it. See [http://dev.laptop.org/ticket/8644 OLPC ticket #8644], and [http://dev.laptop.org/ticket/7001 ticket #7001].


*fonts
====fonts====


Although not recently reproduced or confirmed, "Adobe Flash makes fonts too large", see [http://dev.laptop.org/ticket/5584 ticket #5584].
Although not recently reproduced or confirmed, "Adobe Flash makes fonts too large", see [http://dev.laptop.org/ticket/5584 ticket #5584].

Latest revision as of 00:47, 16 July 2015

This page is about issues on the OLPC XO with the proprietary Adobe Flash Player Plugin.

Overview

Zero-day exploits in use

See Using Flash is like leaving your home doors open and sending invites to criminals by David Glance, Director of UWA Centre for Software Practice at University of Western Australia.

No new updates

Adobe has ceased development of the Linux version; there are no new updates.

Security updates mechanism

A deployment laptop asset base is a potential target. A mechanism will be required by deployments to ensure that security updates or mitigation can be applied rapidly. OLPC does not provide a mechanism.

(Context: in 2010-06 Adobe advised of a security vulnerability in Adobe Flash Player 10.0.45.2 (and earlier), including the Linux version. Solution is Adobe Flash Player 10.1. Mitigation is to remove the file libauthplay.so.0.0.0 and while this appears straightforward would need to be included in image build scripts, and in some post-installation update mechanism.)

Xv not used

On all Linux devices, including XO-1 and XO-1.5, with all builds, Flash 10 does not use Xv, (Flash 9 did), and performance is significantly degraded. See OLPC ticket #5408.


Redistribution license

The license does not permit redistribution, therefore Adobe Flash Player cannot be bundled within an operating system image by OLPC. An alternate license or specific permission is being explored. See OLPC ticket #9811.

XO-1 Laptop

Issues on the XO-1 Laptop

XO-1 OS (Sugar Desktop)

camera

Browsing Flash apps that use the camera will turn on the indicator light above the camera. Flash 10 shows red and green static which reacts to motion. This means the camera is working, but Flash isn't communicating quite correctly with it. See OLPC ticket #8644, and ticket #7001.

fonts

Although not recently reproduced or confirmed, "Adobe Flash makes fonts too large", see ticket #5584.

Fedora 11 (Gnome Desktop)

placeholder

Teapot's Ubuntu 8.10 (XFCE Desktop)

placeholder


XO-1.5 Laptop

placeholder

XO-1.5 OS (Sugar Desktop)

placeholder

Fedora 11 (Gnome Desktop)

placeholder

Related Tickets

OLPC ticket #9500 "YouTube should just work", as option 3, seeking a way to ship Adobe Flash with associated codec rights.

Related Articles