[Mageia-discuss] Current java plugin with security hole?

Wolfgang Bornath molch.b at googlemail.com
Thu Mar 29 09:22:21 CEST 2012


According to the article "Critical Java hole being exploited on a
large scale" there is a hole which is heavily exploited.
http://www.h-online.com/open/news/item/Critical-Java-hole-being-exploited-on-a-large-scale-1485681.html

(quote)
The hole that was patched by Oracle in mid-February allows malicious
code to breach the Java sandbox and permanently anchor itself in a
system. Varying types of malware have been injected; for example, it
is believed that the hole has been exploited to deploy the ZeuS
trojan.
(unquote)

The page gives a link to a test routine at java.com where you can test
which version is installed on your machine. For my Mageia 1
installation with firefox the test shows  "Your Java version: Version
6 Update 26" - which matches the installed package
(java-1.6.0-sun-plugin-1.6.0.26-0.2.mga1.nonfree).

Recommended is "version 6 update 31". But this is not available yet at Mageia.

 - will there be a security related update for Mageia 1?
 - if not, should we use the recommended newer version from java.com
(rpm packages available for 32 and 64 bit)

-- 
wobo


More information about the Mageia-discuss mailing list