Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear unSpawn,
Thank you for your comments. My question is not about Macs but about Java which I have enabled and the fact that MacOs is unix based. I will be sure follow up on the sites you recommend.
Matthew
You should never give advice to remove the filesystem as you did. Not funny nor should something of the sort be given as advice since some uninformed user may perform the said action.
Do not do this again! Or you will suffer more than just an infraction or warning.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by H_TeXMeX_H
Why is this in Linux General if it affects OSX ?
I think the original question is whether this could affect Linux. Since it's a bug in Java which works for both Windows and OSX it is, perhaps, worth asking whether it could be exploited in Linux also.
From what unSpawn posted it seems to affect only OSX so far.
No, you've read it wrong. The F-secure page describes the exploit according to what's been found In The Wild because the exploit currently is available for Mac only. The Oracle change list does not show anything platform-specific.
* The Oracle page also contains a list of CVE identifiers. So if you have a CVELIST=$('links -dump $URI | awk '/\| CVE-20/ {print $2}'|xargs;') then depending on your distribution you could check if those require fixing and if they are yourself. Per-CVE details are at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-yyyy-nnnn (or www.cvedetails.com/cve/CVE-yyyy-nnnn/) for Red Hat / Centos / Scientific Linux see https://access.redhat.com/security/cve/CVE-yyyy-nnnn (or 'yum --cve CVE-yyyy-nnnn'), for SuSE see support.novell.com/security/cve/CVE-yyyy-nnnn.html, for Ubuntu see people.canonical.com/~ubuntu-security/cve/CVE-yyyy-nnnn, for Debian and .*BSD see http://cvechecker.sourceforge.net and for others, well, you either know how to find your distributions SO bulletins or CVE listings yourself already or your distro maintainer(s) simply may not care.
You should never give advice to remove the filesystem as you did. Not funny nor should something of the sort be given as advice since some uninformed user may perform the said action.
Do not do this again! Or you will suffer more than just an infraction or warning.
sorry, it was meant to be an obvious joke but i see how it wouldnt be obvious to someone who isnt very computer literate.
my point was that this exploit was a trojan that duped users into typing in their administrator password -- even the best security succumb to human ignorance.
I have not read anything wrong. The report indicates that it is OSX specific. All the paths and software and everything is OSX specific. A separate trojan would have to be written for Linux, because that one wouldn't work.
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369
Rep:
It is not OS X specific .
If you are still running Java with that bug than it can effect you're system .
So if you are not running OS X install the latest version of JAVA ,
Apple used her own version of JAVA , and she was very late in patching JAVA for OS X .
I have not read anything wrong. The report indicates that it is OSX specific. All the paths and software and everything is OSX specific. A separate trojan would have to be written for Linux, because that one wouldn't work.
And who's to say one hasn't been?
BTW, Slackware 13.37 is still shipping 6u-25 and Slackware-current only has 6u-27, so unless you've updated it yourself, you're most likely exposed to far more than this one vulnerability.
BTW, Slackware 13.37 is still shipping 6u-25 and Slackware-current only has 6u-27, so unless you've updated it yourself, you're most likely exposed to far more than this one vulnerability.
I have removed it completely, because I don't trust it and don't need it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Flashback trojan threat ?
flashback-java vulnerability
