1

So I finally decide to remove java after this one...

view story
linux-howto

http://ubuntuforums.org – Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security flaw in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software. [Above taken from arstechnica.com full story below] Yet another Java flaw allows “complete” bypass of security sandbox (Hardware)

colm's picture
Submitted by colm on 09/25/2012

Stories similar to So I finally decide to remove java after this one...

http://arstechnica.com/security/2012...urity-sandbox/

Quote:

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs.

1.

https://www.networkworld.com/news/20...rk-265923.html

http://www.springsource.org/spring-framework

Quote:

There's a major flaw in the Java-based Spring Framework open-source development code that allows remote-code execution by attackers against applications built with it, according to the security firm which identified the flaw.

First off, I know nothing about security so I don't know anything about the nature of this security risk that everyone is talking about. My question is as Ubuntu users, is there something specific we should do prevent any damage to our computers? :confused:

I've Googled around and everyone's knee-jerk response has been to remove Java. Okay. What parts? The runtime environment? The JDK?

Google has begun rolling out a patch to fix a security flaw in versions 2.3.3 and earlier of its Android mobile operating system. That flaw affects all Google services using the ClientLogin authentication protocol. It lets hackers access any personal data available through Android's application programming interfaces.

java run time error 41 weeks 4 days ago

i got following error when i try to run a java prg Exception in thread "main" java.lang.UnsupportedClassVersionError: Abc : Unsupported major.minor version 51.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:634) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineCla

http://www.theregister.co.uk/2012/08...w_about_flaws/

closed source for corruption! microshaft, now oracle!

Quote:

The critical Java vulnerabilities that have security experts cautioning users to disable Java in their browsers are not new discoveries, a security firm claims.

SuSE: 2010-028: IBM Java 5 2 years 46 weeks ago

LinuxSecurity.com: This update of IBM Java 1.5.0 to SR11 FP2 brings various bug and lots of security fixes. Following security issues were fixed: CVE-2010-0084: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 [More...]

I updated my Ubuntu 10.04 system yesterday, and because I have /etc under git control it tells me this file changed: /etc/java-6-openjdk/security/java.security

As it says "security", and I am not a java specialist, a little red flag went up.

Two lines changed, with the before/after shown below.