Java XML vulnerability - upgrade to 6u15

Discussion in 'all things UNIX' started by Ocky, Aug 9, 2009.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
  2. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    Yet another update 1.6.0_u16
    u15 still not updated in Hardy/Jaunty, but can't be long because
    I believe Karmic is updated.
    For CentOS I had to update manually.
     

    Attached Files:

  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    Install Java JRE 1.6.0 (Update x) in Linux

    ....because it's not available yet from the repos. Rather disappointing that
    a fix is not yet available from Ubuntu considering the severity of the
    security vulnerability. I often need Java for financial graphs (moving averages
    etc.) so unfortunately cannot do without.
     
  4. tlu

    tlu Guest

    An alternative would be adding the ppas mentioned here. But I agree that this should not happen - the update is only available for Karmic. BTW: 1.6.0_u16 doesn't contain security fixes.
     
  5. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    That works well, but being a 'bleeding edge' repo, I think it may be
    advisable to untick them in Software Sources after the 1.6.0_15 update
    is installed - i.e. not to upgrade everything else listed as upgradeable ?
     
  6. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    Due to Ubuntu being remiss in not having provided updated packages for sun java 6 jre following the rather serious security vulnerability in all versions prior to 1.6.0_15, I had to do a manual install on my wife's notebook still running Ubuntu 8.10 Intrepid. (Hardy & Jaunty packages are available from the ppas mentioned previously by tlu).
    I followed the install instructions here and removed only the sun java jre browser plug-in via Synaptic.
    Funny thing is Firefox uses the new 1.6.0_16 build (tested at javatester.org and java.com test page) but about:plugins still shows the old 1.6.0_10 version, despite having made the correct soft link in /usr/lib/mozilla/plugins/ to my target in /opt/java//jre/1.6.0_16/ etc.etc.
    Also sudo update-alternatives --config java correctly shows the new version as default. The Java Control Panel>About shows the old version, but I added and enabled the new version under the Java View tab, and disabled the old version.
    This made no difference - about:plugins persists in showing the old version but uses the new version. That's fine, but any ideas why ?
     
  7. tlu

    tlu Guest

  8. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  9. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    Thanks, will have a look.
    Had a look - a simple delete of pluginreg.dat did the job. :)
     
    Last edited: Sep 1, 2009
  10. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.