SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running Slack 13.37 (64bit). Firefox reports a security threat with the Java plug-in. My version of the plug-in (currently disables) is 1.6.0_25. I've been checking with slackpkg to see if there are any updates, but have not seen any.
Two questions.
Does anyone know if this security hole in the Java plug-in is a risk on Linux?
You have to update Java packages by yourself using the SlackBuild provided in Slackware since Oracle didn't allow Java packages to be distributed by third party anymore
I'm running Slack 13.37 (64bit). Firefox reports a security threat with the Java plug-in. My version of the plug-in (currently disables) is 1.6.0_25. I've been checking with slackpkg to see if there are any updates, but have not seen any.
Two questions.
Does anyone know if this security hole in the Java plug-in is a risk on Linux?
If so, how would one go about patching this?
That's strange, because Mozilla was going to issue that warning in Firefox only for Java 1.7 versions. The 1.6 series is not vulnerable to the 0day exploit.
By the way, do not expect Java updates from Slackware, there aren't going to be any. You'll have to do that yourself - the Java packages have been removed in Slackware 14 when that gets released.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
For right now you want to disable the Java plug-in in Firefox (and Seamonkey) if you've installed Oracle Java v. jdk-7u6 or jre-7u5 (JRE is included with JDK). You do that from Tools, Add-ons, Plugins. See http://www.us-cert.gov/current/#oracle_java_jre_1_7 at US-CERT. The Java plug-in should be disabled on every system's browser(s) (Linux, Solaris, Apple, Microsoft, etc.) if running the current Oracle Java version. You can go back to the prior version of Oracle Java that does not have the vulnerability; note, however, that Firefox will yammer at you that there's a new version of JRE (the vulnerable one, mind) and that you should upgrade... uh, don't.
Thanks all. So, if I understand Alien_Bob and tronayne correctly, my version 1.6.0_25 (slack pkg jre-6u25-x86_64-1) is not vulnerable so I can safely leave it enabled. Correct?
That's strange, because Mozilla was going to issue that warning in Firefox only for Java 1.7 versions. The 1.6 series is not vulnerable to the 0day exploit.
By the way, do not expect Java updates from Slackware, there aren't going to be any. You'll have to do that yourself - the Java packages have been removed in Slackware 14 when that gets released.
Eric
I'm assuming java security updates are not going to be released for Slackware versions preceding 14.0. Given this, it might be a good idea for PV to release a statement to the security list announcing this and pointing to the slackbuild for manually creating updates.
...
By the way, do not expect Java updates from Slackware, there aren't going to be any. You'll have to do that yourself - the Java packages have been removed in Slackware 14 when that gets released.
Eric
Does this mean the 4,066 executables that come with Slackware will function without java?
||
Must I build/compile java myself to have a complete working Slackware distribution?
Thanks
john
Trying to find where I saw 4066 packages in Slackware (Obviously wrong)
Now I remember!
<TAB><TAB>
Display all 4066 possibilities? (y or n)?
Last edited by AlleyTrotter; 09-01-2012 at 04:47 PM.
Reason: number of packages
The --current SlackBuild (in the extra directory) may be used to build a Slackware package. For example, the JDK download is jdk-7u7-linux-x64.tar.gz (96039818 bytes) that builds to jdk-7u7-x86_64-1.txz (72560324 bytes) on a Slackware 64-bit v. 13.37 stable system (YMMV, however).
Probably be a good idea, if you're using Oracle Java, to upgrade to this version ASAP.
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
Oracle does not allow redistribution of Java anymore -- it's still free, but a distribution cannot include the software, you have to go get it and install it yourself (this is not a Big Deal when, in the extra directory (presently in current, will be included in releases), you will find java.SlackBuild which will create a Slackware package from either the JDK or JRE "tar.gz" you download from Oracle (note that JRE is included in JDK; you only really want JDK if you're doing Java development, though).
There are options; e.g., Alien Bob's packages (detailed elsewhere) among others.
Does this mean the 4,771 packages that come with Slackware will function without java?
||
Must I build/compile java myself to have a complete working Slackware distribution?
Thanks
john
Slackware packages do not need java. If a 3rd party program wants Java you'll know soon ehough!
If you want a Java package for your Slackware, you can use my own OpenJDK package, or else you use the Slackware script in slackware-14.0/extra/source/java/ which wraps the Oracle binaries into a proper Slackware package.
Slackware packages do not need java. If a 3rd party program wants Java you'll know soon ehough!
If you want a Java package for your Slackware, you can use my own OpenJDK package, or else you use the Slackware script in slackware-14.0/extra/source/java/ which wraps the Oracle binaries into a proper Slackware package.
Eric
Thank you Eric
I do currently use a locally compiled java from your slackbuilds. It just seemed a little confusing to me on whether java is required for Slackware or not.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.