Results 1 to 2 of 2

Thread: Java/IcedTea-Malware or Rogue Applications? What are the facts?

  1. #1
    Join Date
    Sep 2006
    Location
    Southern Indiana, USA
    Beans
    1,656
    Distro
    Ubuntu 12.04 Precise Pangolin

    Exclamation Java/IcedTea-Malware or Rogue Applications? What are the facts?

    Java7 is compromised - Oracle patched - Now I hear the patch has vulnerabilities - Cut to the chase:

    I have an updated Firefox with Noscript, stock IcedTea, no Oracle Java, Updated LibreOffice; basically a stock 12.04. Also still use 10.04.

    I don't install anything I don't know what it is...

    What do I need to know, do, or not do to stay secure?
    Ubuntu 14.04.x & Windows XP-SP3, Dell Precision 390, Pentium D 3.40G, 4G RAM, NVIDIA GT360, 2M VRAM | Ubuntu 12.04.x Dell Dimension E520, Pentium D 2.80G, 3G RAM, NVIDIA GeForce 9500GT, 1M VRAM
    Debian Jessie on EeePc 1005HAB

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Java/IcedTea-Malware or Rogue Applications? What are the facts?

    Red Hat's testing indicates that the vulnerability exists in Oracle Java 7, OpenJDK 7 and IBM Java 7. If the Oracle patch has vulnerabilities, it can safely be assumed they all still do.

    Don't use Oracle Java 6, OpenJDK 6 or IBM Java 6 because although this particular spate of issues does not affect them, other serious vulnerabilities have been exploited in them.

    If you are concerned, disable the browser plugin (Oracle or IcedTea) and only enable it when you are on a trusted site. Set up an apparmor profile for Java.
    Please read The Forum Rules and The Forum Posting Guidelines
    My Blog
    This universe is crazy. I'm going back to my own.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •