LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-07-2013, 07:16 AM   #1
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,118

Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities


National Cyber Awareness System
TA13-064A: Oracle Java Contains Multiple Vulnerabilities

Original release date: March 05, 2013

Systems Affected

* Any system using Oracle Java 7, 6, 5 (1.7, 1.6, 1.5) including
* Java Platform Standard Edition 7 (Java SE 7)
* Java Platform Standard Edition 6 (Java SE 6)
* Java Platform Standard Edition 6 (Java SE 5)
* Java SE Development Kit (JDK 7)
* Java SE Development Kit (JDK 6)
* Java SE Development Kit (JDK 5)
* Java SE Runtime Environment (JRE 7)
* Java SE Runtime Environment (JRE 6)
* Java SE Runtime Environment (JRE 5)
* OpenJDK 6 and 6u
* IcedTea 1.x (IcedTea6 1.x)

All versions of Java 7 through update 15, Java 6 through update 41, and
Java 5.0 through update 40 are affected. Web browsers using
the Java 5, 6 or 7 plug-in are at high risk.

See http://www.linuxquestions.org/questi...5/#post4906617.

Go to http://www.oracle.com/technetwork/ja...ads/index.html to download either the JDK or JRE tar.gz (note that JRE in included with JDK).

Hope this helps some.

Last edited by tronayne; 03-07-2013 at 07:49 AM. Reason: Forgot link to Oracle Downloads site.
 
Old 03-07-2013, 09:25 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,379

Rep: Reputation: Disabled
... OpenJDK 7u is not listed there, nor the IcedTea 2.x which was used to build it. Still, I suppose that an update to OpenJDK is coming soon.

Eric
 
Old 03-07-2013, 09:39 AM   #3
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,118

Original Poster
Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
US-CERT doesn't report OpenJDK, might be nice, but they don't; the concern is for the widest installed base affecting pretty much everybody. The FOSS projects you see at US-CERT would include MySQL, for example, but nothing else I can think of off-hand.

We're on our own, gotta rely on distributions (like today's sudo update), alas.
 
Old 03-07-2013, 09:53 AM   #4
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,379

Rep: Reputation: Disabled
Quote:
Originally Posted by tronayne View Post
US-CERT doesn't report OpenJDK, might be nice, but they don't; the concern is for the widest installed base affecting pretty much everybody. The FOSS projects you see at US-CERT would include MySQL, for example, but nothing else I can think of off-hand.

We're on our own, gotta rely on distributions (like today's sudo update), alas.
The following text was part of your post - I assume it was copied from the US-CERT page:
Code:
* OpenJDK 6 and 6u
* IcedTea 1.x (IcedTea6 1.x)
That is why I said that OpenJDK 7u (being the version of the package I compile and distribute) is not on the list.

Eric
 
Old 03-07-2013, 10:14 AM   #5
sizemj
Member
 
Registered: Sep 2009
Location: Louisville, KY
Distribution: Slackware. Fedora, FreeBSD
Posts: 32

Rep: Reputation: 9
Yep JRE 7 update 17 came out on Monday to address this. Java and Swiss cheese have a lot in Common : )

http://www.oracle.com/technetwork/ja...ads/index.html
 
Old 03-07-2013, 10:33 AM   #6
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,118

Original Poster
Rep: Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818Reputation: 818
Well, duh! Probably ought to read the entire thing, eh?

So, I suppose that when Oracle releases the open guys get notified and do their thing and, yup, US-CERT picks up on all of it. Usually seems to take a couple of days for the notices to get sent out, think they check (closer than I do, huh?) and get everything into one bundle before the do their thing.

The important thing is not how dumb I am but that the notice gets sent, everybody gets to download and fiddle-faddle around and that you do not want the Java Plug-in enabled in any browser unless you absolutely need it for some (trusted) web site or other.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities tronayne Linux - Security 2 03-21-2013 11:24 PM
US-CERT Alert TA13-051A - Oracle Java Multiple Vulnerabilities tronayne Linux - News 1 02-21-2013 10:00 AM
US-CERT Alert TA13-032A - Oracle Java 7 Multiple Vulnerabilities tronayne Linux - News 8 02-12-2013 09:02 AM
US-CERT Alert TA13-032A - Oracle Java 7 Multiple Vulnerabilities tronayne Slackware 0 02-03-2013 05:44 PM
Windows beats Linux / Unix on vulnerabilities - CERT Ardor Linux - Security 11 01-06-2006 11:48 PM


All times are GMT -5. The time now is 12:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration