Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57

Thread: Java Security Flaw

  1. #1
    Join Date
    Jul 2009
    Location
    Dayton Ohio USA
    Beans
    1,069
    Distro
    Ubuntu 13.04 Raring Ringtail

    Latest java exploit

    Considering the latest Java exploit, does it affect openjdk-6-jre ?
    I suspect not but i'm still concerned enough to enquire.
    It's okay, I'm a limo driver

  2. #2
    Join Date
    Mar 2011
    Beans
    701

    Re: Latest java exploit

    Maybe not 6, but almost certainly 7.
    sig

  3. #3
    Join Date
    Aug 2006
    Location
    gypsy encampment
    Beans
    599
    Distro
    Lubuntu 18.04 Bionic Beaver

    Java Security Flaw

    I just read about Java's security flaws at:

    http://www.mercurynews.com/business/...urce=inthenews

    I have disabled the IcedTea-Web Plugin 1.2-2ubuntu1.3 in Firefox until I get more details. Is this going to be enough until Ubuntu addresses this situation?
    Reminder: If you start a thread asking for help with a problem, please remember to use the Thread Tools to mark the issue as "SOLVED" once you have a solution. This will help other people with the same problem when they search for answers.

  4. #4
    Join Date
    Mar 2005
    Location
    Mazatlan
    Beans
    134
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Java Security Flaw

    Looking here: http://krebsonsecurity.com/2012/08/j...ged-two-flaws/

    Sounds like Ubuntu "10" could be at risk. NOTE, I did discover 3 viruses, via Clamscan, nestled in a TMP cache. Caused no problems.
    Now, the questions is: can we stop the intrusions ?+++More, Jan 16th+

    Disabled Java and all the parts in Firefox.
    Tools>Add-ons then "search" > "Java"
    then "disable" all that are enabled.
    Last edited by AllenGG; January 17th, 2013 at 01:22 AM.
    Pay now, or pay later, there's no free lunch.

  5. #5
    Join Date
    Mar 2011
    Beans
    701

    Re: Java Security Flaw

    If you disable the plugin the exploit won't work.

    If you enable it on an exploit page you will likely be exploited, regardless of whether it's OpenJDK or Oracle's JDK. This may only effect versions 7.X.

    If you would like advanced protection against Java exploits I highly suggest you use an Apparmor profile. I've written one here. Feel free to customize it to your liking.

    http://www.insanitybit.com/2012/08/2...rmor-and-java/
    sig

  6. #6
    Join Date
    Jun 2009
    Location
    0:0:0:0:0:0:0:1
    Beans
    4,984
    Distro
    Xubuntu

    Re: Java Security Flaw

    In addition, Mountain View-based Mozilla said in a blog post that it has begun blocking Java on its Firefox browser unless someone clicks on a feature to activate the software. The click-to-play feature "allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site," the blog said.
    finally, that was long overdue

    i never install java/icedtea cause there are holes every time you turn around
    Laptop: ASUS A54C-NB91 (Storage: WD3200BEKT + MKNSSDCR60GB-DX); Desktop: Custom Build - Images included; rPi Server
    Putting your Networked Printer's scanner software to shame PHP Scanner Server
    I frequently edit my post when I have the last post

  7. #7
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Java Security Flaw

    Merged two similar threads.

  8. #8
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Java Security Flaw

    First of all, we should understand how the vulnerability to be exploited.

    This video will show you that various browsers and various operating systems, including Linux will be affected.

    The captioned video is just an example but the malicious hackers will not simply do this. They will hide the suspicious prompts as far as possible. However, you will know the result of the exploit.


    Edit : CVE-2013-0422

    Samiux
    Last edited by samiux; January 12th, 2013 at 12:57 PM. Reason: add "Edit"

  9. #9
    Join Date
    Jul 2009
    Location
    Dayton Ohio USA
    Beans
    1,069
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Java Security Flaw

    Looks like openjdk-6-jre is not listed as versions affected according to the National Vulnerability Database. One big sigh of relief !
    It's okay, I'm a limo driver

  10. #10
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Java Security Flaw

    Quote Originally Posted by MooPi View Post
    Looks like openjdk-6-jre is not listed as versions affected according to the National Vulnerability Database. One big sigh of relief !
    According to the information at the wiki and my knowledge, OpenJDK is based on Sun/Oracle Java JDK source code. In addition to the information at here, the version of Oracle Java or OpenJDK 1.7 in Java 7 Update 10 or later may be also in question. Even OpenJDK 1.7.0.50 in Ubuntu 12.10 may be fell into the gap too.

    In my opinion, Java (Oracle and open source) is not safe at the moment.

    Samiux

Page 1 of 6 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •