cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

Flash Player, Apache, and AMS 5

beastmankumc
Community Beginner ,
Sep 19, 2016 Sep 19, 2016

Copy link to clipboard

Copied

We're using Windows Server 2008 R2 Enterprise and our security team has instructed us that we must update Flash and Apache on Adobe Media Server 5 Professional to take care of some security vulnerabilities.  I'm wondering about two things: 

First, is it necessary to have Flash installed?  We don't do any kind of live encoding/broadcasts.  Everything is vod. If it is necessary, what is the newest version of Flash we can update to if we're using Win Server 2008?

Second, we're running Apache 2.4.10 now.  Will updating Apache to the newest version (2.4.23) break anything in AMS 5?

Views

508

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
hparmar Adobe Employee
Adobe Employee ,
Sep 22, 2016 Sep 22, 2016

Copy link to clipboard

Copied

Having latest version of Flash player always helps..I guess FP is at version 23.0.0.173 as of now.

As for apache..AMS uses its own apache which is version 2.4.10 and is 64 bit...User are expected to have only one apache running on the machine and in case of AMS it should be the version of apache that is built into AMS...Although i theory you have have more than one apache running on the same machine., but that is generally not the practice. As far as the apache that comes with AMS is concerned, there are couple of adobe modules which are compiled with apache and  in theory they are apache version dependent. We would recommend to people to use apache version that ships with AMS i.e version 2.4.10...Also note that one of the security components of apache is openssl(come into play if you use enable mod_ssl in apache configs). Adobe makes sure that our latest drop/dot release of AMS  is always on one the latest versions of openssl. So if the security vulnerability is with regard to openssl..rest assured you have that fixed on form of latest version of openssl available inside Aapche. However if the vulnerability if within apache code, you will have to weigh the considerations yourself.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
hparmar Adobe Employee
Adobe Employee ,
Sep 22, 2016 Sep 22, 2016

Copy link to clipboard

Copied

LATEST
In Response To hparmar

I checked apache changelog and found no critical/important/high bug/vulnerability fix between 2.4.10 and 2.4.23.

An issue was fixed in 2.4.23 for CVE-2016-4979. but then that is applicable only of one was already on Apache version 2.4.18 or higher...i.e does not affect Apache version 2.4.10

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices