1

What to do about java web-plugin vulnerability.

view story
linux-howto

https://bbs.archlinux.org – Hi, I've been reading several stories this morning about a recently discovered security hole in the java web-plugin. Apparently OS X is pushing through updates to disable it and Microsoft recommends a similar course of action. It seems to be a fairly critical exploit.My question is, does this vulnerability affect users of openJDK/icedtea? If so, what course of action should we Archers take - "pacman -Rns icedtea-web-java7" ? TobyJamesJoy https://bbs.archlinux.org/profile.php?id=60984 2013-01-14T01:10:25Z (HowTos)

Tagmego's picture
Submitted by Tagmego on 01/14/2013

Stories similar to What to do about java web-plugin vulnerability.

Java 7 update 11 security hole 17 weeks 14 hours ago

Dear All,According following report, we know the java 7 update 7 exist critical security hole.http://news.techworld.com/security/3421 … searchers/I'm wonder is that hole also exist on openjdk?

dlin https://bbs.archlinux.org/profile.php?id=4446

2013-01-22T00:45:36Z

Any noticed that the IcedTea java plugin is crashing Firefox, whenever a java applet is trying to load? I've replaced it with the Sun JRE one and it seems to work fine. But I prefer to use the default OpenJDK version.

I've got the following java plugin installed:

java-1.6.0-openjdk-plugin-1.6.0.0-29.b16.fc11.i586

We all know about the Java security issues published a while back. I tested my browser at a Java test page and it warned me that my IcedTea plugin is out of date. When I look in the Chrome plugin section, it also has a warning saying my plugin is out of date and needs security patches. However, whenever I check the repos to install icedtea-plugin, it says I have the latest version. Any ideas?

Changing from openjdk to jre 23 weeks 6 days ago

I am new to Arch and this is my first post.  I formerly used kubuntu.  I am having trouble with the simple command "yaourt -S jre".  I get the following output:looking for inter-conflicts... :: jre and jre7-openjdk are in conflict (java-runtime). Remove jre7-openjdk? [y/N] y :: jre and jre7-openjdk-headless are in conflict (java-runtime-headless).

On November 7, in a security notice, Canonical published details about an Icedtea-Web vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, the Icedtea-Web plugin could have been made to crash or run programs as your login if it opened a specially crafted web page.

It was discovered that if a user was tri

Great, thank you so much! Actually, it was already fixed before I read your reply, but it's still informative (I wasn't sure how to find file lists for pacman packages).I just removed and reinstalled all the java packages and it worked. I might have done it in the wrong order or something when I did it the first time.

freeplane doesn't run 31 weeks 4 days ago

Exact same problem here:Here is the output of java --versionjava version "1.7.0_07"OpenJDK Runtime Environment (IcedTea7 2.3.2) (ArchLinux build 7.u7_2.3.2-2-x86_64)OpenJDK 64-Bit Server VM (build 23.2-b09, mixed mode)And that of echo $JAVA_HOME:/usr/lib/jvm/java-7-openjdkAny idea ?

aurelieng https://bbs.archlinux.org/profile.php?id=33541

2012-10-12T11:06:45Z

Problem with Eclipse 2 days 13 hours ago

Hello, Im trying to learn Java so Im reading stuff around the internet. Anyway, when I try to import java utils the program just closes. Does anyone experience the same thing ? Im also using OpenJDK.Thanks !

IlPrincipino https://bbs.archlinux.org/profile.php?id=37932

2013-05-19T01:05:32Z

Icedtea closes Firefox 37 weeks 1 day ago

The bug in IcedTea was solved. Regarding libvdpau_nvidia.so error, I'd like to add that I don't use nvidia, but intel. Therefore, I'm ignoring that warning.

cemsbr https://bbs.archlinux.org/profile.php?id=16324

2012-09-03T16:23:46Z