Java XML vulnerability - upgrade to 6u15

First released by Secunia on August 5th. New version not yet in repos.
Hopefully it will be soon, otherwise manual install may be advisable.

https://bugs.launchpad.net/ubuntu/ source/sun-java6/ bug/410988

 

Yet another update 1.6.0_u16
u15 still not updated in Hardy/Jaunty, but can't be long because
I believe Karmic is updated.
For CentOS I had to update manually.

 

Install Java JRE 1.6.0 (Update x) in Linux

....because it's not available yet from the repos. Rather disappointing that
a fix is not yet available from Ubuntu considering the severity of the
security vulnerability. I often need Java for financial graphs (moving averages
etc.) so unfortunately cannot do without.

 

An alternative would be adding the ppas mentioned here. But I agree that this should not happen - the update is only available for Karmic. BTW: 1.6.0_u16 doesn't contain security fixes.

 

That works well, but being a 'bleeding edge' repo, I think it may be
advisable to untick them in Software Sources after the 1.6.0_15 update
is installed - i.e. not to upgrade everything else listed as upgradeable ?

 

Due to Ubuntu being remiss in not having provided updated packages for sun java 6 jre following the rather serious security vulnerability in all versions prior to 1.6.0_15, I had to do a manual install on my wife's notebook still running Ubuntu 8.10 Intrepid. (Hardy & Jaunty packages are available from the ppas mentioned previously by tlu).
I followed the install instructions here and removed only the sun java jre browser plug-in via Synaptic.
Funny thing is Firefox uses the new 1.6.0_16 build (tested at javatester.org and java.com test page) but aboutlugins still shows the old 1.6.0_10 version, despite having made the correct soft link in /usr/lib/mozilla/plugins/ to my target in /opt/java//jre/1.6.0_16/ etc.etc.
Also sudo update-alternatives --config java correctly shows the new version as default. The Java Control Panel>About shows the old version, but I added and enabled the new version under the Java View tab, and disabled the old version.
This made no difference - aboutlugins persists in showing the old version but uses the new version. That's fine, but any ideas why ?

 

Ocky, 6b16 is now available also for hardy and jaunty in multiverse - see https://bugs.launchpad.net/ubuntu/ source/sun-java6/ bug/420426 .

 

Read all Ocky, few ideas with a potential answer down below - http://ubuntuforums.org/showthread.php?t=723078

 

Thanks, will have a look.
Had a look - a simple delete of pluginreg.dat did the job.

 

Actually I think they are available in Proposed .. see #23 http://ubuntuforums.org/showthread.php?t=1235730&page=3