Java XML vulnerability - upgrade to 6u15

Discussion in 'all things UNIX' started by Ocky, Aug 9, 2009.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
  2. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Yet another update 1.6.0_u16
    u15 still not updated in Hardy/Jaunty, but can't be long because
    I believe Karmic is updated.
    For CentOS I had to update manually.
     

    Attached Files:

  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Install Java JRE 1.6.0 (Update x) in Linux

    ....because it's not available yet from the repos. Rather disappointing that
    a fix is not yet available from Ubuntu considering the severity of the
    security vulnerability. I often need Java for financial graphs (moving averages
    etc.) so unfortunately cannot do without.
     
  4. tlu

    tlu Guest

    An alternative would be adding the ppas mentioned here. But I agree that this should not happen - the update is only available for Karmic. BTW: 1.6.0_u16 doesn't contain security fixes.
     
  5. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    That works well, but being a 'bleeding edge' repo, I think it may be
    advisable to untick them in Software Sources after the 1.6.0_15 update
    is installed - i.e. not to upgrade everything else listed as upgradeable ?
     
  6. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Due to Ubuntu being remiss in not having provided updated packages for sun java 6 jre following the rather serious security vulnerability in all versions prior to 1.6.0_15, I had to do a manual install on my wife's notebook still running Ubuntu 8.10 Intrepid. (Hardy & Jaunty packages are available from the ppas mentioned previously by tlu).
    I followed the install instructions here and removed only the sun java jre browser plug-in via Synaptic.
    Funny thing is Firefox uses the new 1.6.0_16 build (tested at javatester.org and java.com test page) but about:plugins still shows the old 1.6.0_10 version, despite having made the correct soft link in /usr/lib/mozilla/plugins/ to my target in /opt/java//jre/1.6.0_16/ etc.etc.
    Also sudo update-alternatives --config java correctly shows the new version as default. The Java Control Panel>About shows the old version, but I added and enabled the new version under the Java View tab, and disabled the old version.
    This made no difference - about:plugins persists in showing the old version but uses the new version. That's fine, but any ideas why ?
     
  7. tlu

    tlu Guest

  8. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  9. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Thanks, will have a look.
    Had a look - a simple delete of pluginreg.dat did the job. :)
     
    Last edited: Sep 1, 2009
  10. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
Loading...
Thread Status:
Not open for further replies.