8 messages in org.freebsd.freebsd-javaRe: java/jdk16 vulnerability?| From | Sent On | Attachments |
|---|---|---|
| cpghost | Sep 28, 2009 3:10 am | |
| Eugene Dzhurinsky | Sep 28, 2009 3:25 am | |
| Greg Lewis | Sep 28, 2009 8:48 pm | |
| Robert Huff | Sep 28, 2009 9:30 pm | |
| Wenliang Cai | Sep 28, 2009 10:05 pm | |
| Brian Gardner | Sep 29, 2009 8:59 am | |
| grarpamp | Sep 29, 2009 11:03 am | |
| cpghost | Sep 30, 2009 8:09 am |
| Subject: | Re: java/jdk16 vulnerability? | |
|---|---|---|
| From: | Robert Huff (robe...@rcn.com) | |
| Date: | Sep 28, 2009 9:30:30 pm | |
| List: | org.freebsd.freebsd-java | |
Greg Lewis writes:
Your installed version of Java is vulnerable to a severe remote exploit (remote code execution!). You must upgrade to at least Java 5 update 20 or Java 6 update 15 as soon as possible. Freenet has disabled any plugins handling XML for the time being, but this includes searching and chat so you should upgrade ASAP!
We're almost certainly vulnerable. The jdk16 port is at Update 3.
We need an entry in the VUXML database I guess.
Updating java/jdk16 is going to be a slow process. There are lots of changes between Update 3 and Update 15. I've partially merged Update 4, but obviously that still leaves many to go...
As someone with zero knowledge of Java internals: what is the recommended version at the moment?
Robert Huff
_______________________________________________ free...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-java To unsubscribe, send any mail to "free...@freebsd.org"