navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Flagged items can not be updated or are up to date

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
haku1 Flagged items can not be updated or are up to date
Member 3rd Oct, 2012 10:58
Ranking: 0
Posts: 7
User Since: 3rd Oct, 2012
System Score: N/A
Location: BE
Last edited on 3rd Oct, 2012 10:58

Hello,

Just installed Secunia on my Win7x64 PC

Almost all flagged items were successfully updated. Only three remained on the "Programs that need updating" list and presented various problems.

1. GIMP - The (just) installed version 2.8 is up to date, but Secunia keeps flagging it.
2. Media Player Classic V.6 - Same thing: just installed version is up to date.
3. Python - The most problematic one. Indeed, Python is all over the PC. I have detected at least 5 instances - and counting: MS Games / GIMP / Open Office / Power DVD / Cyberlink package.

What should I do so that items 1 & 2 do not appear again? And where do you recommend to install Python so it also disappears from the "Programs that need updating" list?

--
haku1

Maurice Joyce RE: Flagged items can not be updated or are up to date
Handling Contributor 3rd Oct, 2012 11:24
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Sadly,being up to date with vendor patches does not mean that programmes are secure. Have you investigated with the tools provided by PSI why they show like that?

GIMP details I found are here:
https://secunia.com/advisories/50296/


MEDIA CLASSIC details here:
https://secunia.com/advisories/product/14824/

The Python issue may be a Secunia detection issue. Do you use Python? If not uninstall it & see if that clears the problem.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
haku1 RE: Flagged items can not be updated or are up to date
Member 3rd Oct, 2012 11:40
Score: 0
Posts: 7
User Since: 3rd Oct 2012
System Score: N/A
Location: BE
Thanks for the swift reaction! I'll try to work around these problems. By the way: I'm working with Gimp since a long time, and with Media Player - never encountered any problem whatsoever. Python is new to me since I acquired my new Win7 PC. I'll ask around to see what to do.

--
haku1
Was this reply relevant?
+0
-0
Maurice Joyce RE: Flagged items can not be updated or are up to date
Handling Contributor 3rd Oct, 2012 14:55
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Pyhon is installed on many OEM versions on Windows by vendors who create addition income from such actions.

It is not a requirement for Windows & can be safely uninstalled if not used.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: Flagged items can not be updated or are up to date
Expert Contributor 3rd Oct, 2012 17:42
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I cannot comment on Gimp .

Concerning MPC 6.x there are two long standing unpatched vulnerabilities according to this "all time" Secunia Advisory (scroll down for the SA's and the comments beneath) :-

http://secunia.com/advisories/product/14824/?task=...

As a result of the above , I currently run MPC-Home Cinema rev 1.6.4.5948 from K-Lite Codec Pack and the PSI (my version is 2.0.0.3003) gives it the green light = "Patched/secure" .

Concerning Python , it comes with OOo and I have Python-core- 2.6.1 loaded in the "...\Basis\Program\ .." folder in Apache Open Office 3.4.1 and the PSI shows this version of OOo as "patched/secure" and does NOT display Python separately .

However , Pyhton 2.6.1 has 3 minor vulnerabilities where there are NO patches availableas per :-

http://secunia.com/advisories/product/26464/

So , I would suggest it is not advisable to "hide" the PSI warning(s) unless you are 100% sure why/what you are doing . You should check for SA's for your version(s) of Python (scroll down):-

http://secunia.com/advisories/product/SOFT_P/#list

Hope that is of some use .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
haku1 RE: Flagged items can not be updated or are up to date
Member 3rd Oct, 2012 18:18
Score: 0
Posts: 7
User Since: 3rd Oct 2012
System Score: N/A
Location: BE
Quote: The Python issue may be a Secunia detection issue. Do you use Python? If not uninstall it & see if that clears the problem.

As said, Python is all over the place as part of various applications (see my initial thread). Can't uninstall these of course. Never installed Python as a stand-alone item. In the end it's not what it was made for, anyway.

So... Secunia flagged or more one of these "pre-installed" Pythons, if I may put it that way...

haku1

--
haku1
Was this reply relevant?
+0
-0
Anthony Wells RE: Flagged items can not be updated or are up to date
Expert Contributor 3rd Oct, 2012 18:29
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,
In order for Maurice Joyce or myself to help further , you need to tell us :-

1)which version of the PSI you are using

and

2) the "installtion pathway/detailed location" of the programme(s) detected by the PSI .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
haku1 RE: Flagged items can not be updated or are up to date
Member 3rd Oct, 2012 18:31
Score: 0
Posts: 7
User Since: 3rd Oct 2012
System Score: N/A
Location: BE
Hi Anthony!

Here are some more replies:

Quote: As a result of the above , I currently run MPC-Home Cinema rev 1.6.4.5948 from K-Lite Codec Pack and the PSI (my version is 2.0.0.3003) gives it the green light = "Patched/secure" .

At present K-Lite Codec Pack is installed on my machine.

Quote: I would suggest it is not advisable to "hide" the PSI warning(s) unless you are 100% sure why/what you are doing . You should check for SA's for your version(s) of Python (scroll down):-

Right. I think I know what I'm doing - within limits. So, to all intents: how do I hide some items? Indeed, I do not think that the mentioned problems I encountered will go away so easily for various reasons; since they are relatively quite minor, the best solution seems hiding them for the time being.

Thanks for all your suggestions.

haku1

--
haku1
Was this reply relevant?
+0
-0
Anthony Wells RE: Flagged items can not be updated or are up to date
Expert Contributor 3rd Oct, 2012 18:41
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Cannot really comment on your points until you answer both my points/questions from my previous post , as I have no idea if you do know what to do with the problems you raise .

Re MPC , as I indicated , if you follow the links you will see that MPC 6.x has two "highly critical" unpatched vulnerablilities whilst MPC-HC 1.6.x has none and never has ; it is available in the K-lite pack .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
haku1 RE: Flagged items can not be updated or are up to date
Member 3rd Oct, 2012 18:45
Score: 0
Posts: 7
User Since: 3rd Oct 2012
System Score: N/A
Location: BE
Quote:
1)which version of the PSI you are using

> 3.0.0.4001

and

Quote:
2) the "installation pathway/detailed location" of the programme(s) detected by the PSI .

> Not quite sure what you mean by "installation pathway/detailed location", but here is where the exe files of the programmes are situated:
- GIMP: C:\Program Files\Paint Gimp\bin\ (version is 2.8.2.0 - the latest)
- MPC: C:\Program Files (x86)\Simple Player\
Note: as you know, MPC is just that one exe file. Its version is 6.4.9.1, by the way - also the latest.

haku1

--
haku1
Was this reply relevant?
+0
-0
Anthony Wells RE: Flagged items can not be updated or are up to date
Expert Contributor 3rd Oct, 2012 20:27
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 3rd Oct, 2012 20:39
Hello again ,

Thanks for the info , I am not using PSI 3.x at the moment but 'from memory" if you right click any icon or programme list display , the menu should contain "show details" ; this will give the exact "installation pathway" that the PSI is detecting for any programme .

Thus you will see where the PSI is detecting the GIMP , MPC and Python .exe or .dll (or similar files) on your computer ; that is the detailed info we need .

Re MPC , I can only repeat that I personally uninstalled MPC version 6.x as it has two unpatched Highly critical vulnerabilities in all versions of 6.x (including your's( and replaced it with MPC-Home CInema (version above from the L-Lite Codec Pack ; it is an option found during install .

EXACTLY where is the PSI detecting your "problem" installations of GIMP and Python ?????'"

EDIT/This video may help you use the PSI :-

http://www.youtube.com/watch?v=iUmaLmO0gx0&feature...



Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
haku1 RE: Flagged items can not be updated or are up to date
Member 3rd Oct, 2012 21:01
Score: 0
Posts: 7
User Since: 3rd Oct 2012
System Score: N/A
Location: BE
Thanks again for following this thread so closely, Anthony.

The right-click on relevant icon delivered exactly what I indicated before for the two first items, with just the addition of the program itself:
File location(s):
- GIMP: C:\Program Files\Paint Gimp\bin\ gimp-2.8.exe version 2.8.2.0
"More information" on the menu links to a browser site recommending to download CSI 6.0
- MPC: C:\Program Files (x86)\Simple Player\mplayerc.exe version 6.4.9.1
"More information" on the menu is grayed out
For the Python item, details say:
File Location:
- C:\Program Files\Paint Gimp\Python\python27.dll version 2.7.2150.1013

So now we know which of the five installed Pythons (see one the previous messages) Secunia is flagging. This version by the way is quite up to date - there is another one, 3xx, but Python considers the 2.7 version as up to date. Anyhow, no way to uninstall this Python 'dedicated' to Gimp - and of course no trace of Python having been installed anywhere since they came with the indicated programs.

This is the best I can do.

haku1

--
haku1
Was this reply relevant?
+0
-0
Anthony Wells RE: Flagged items can not be updated or are up to date
Expert Contributor 4th Oct, 2012 01:08
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

RE GIMP , Maurice Joyce already posted the SA 50296 :-

https://secunia.com/advisories/50296/

If you read it carefully , you will see that all versons of 2.8.x are "vulnerable "and that there is a "workaround" as a solution . The PSI uses it's own silent installers for "patches" but not usually for "workarounds" ; I cannot say what it is offering/suggesting in this case . I suggest you email Secunia at support@secunia.com and ask them to look at your problem and refer to this thread .

If the latest version of MPC is 6.4.9.1 from guliverkli at suorceforge (it only offers me 6.4.9.0b for my French OS , then I do not know what the PSI is trying to offer you . As above , you will need to ask Support in your email. I personally would change to the Home Cinema version .

This is the SA48347 which tells you that Python version 2.7.2 (like your's) is vulnerable and you should update to version 2.7.3 :-

http://secunia.com/advisories/48347/

as your Python is embedded in your GIMP (equally vulnerable) and therefore probably difficult/impossible for the PSI or yourself to update , I suggest you take the problem up with GIMP and ask them to update their software or at least explain how you can do it yourself manually .

In th PSI right click menu , as well as "show details" is an "ignore program" option (also see the YouTube video link). Until you get a satisfactory answer from Secunia support and GIMP , I would not use it ; as they say "out of sight is out of mind" and that is not good for unsolved security issues .

Let us know your progress (tomorrow/today the 4th) .

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
haku1 RE: Flagged items can not be updated or are up to date
Member 4th Oct, 2012 01:20
Score: 0
Posts: 7
User Since: 3rd Oct 2012
System Score: N/A
Location: BE
Will do. But there is already a Python V3xx.

Anyway, I inquire...

Thanks for your help.

haku1

--
haku1
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+