[Mageia-discuss] Current java plugin with security hole?
molch.b at googlemail.com
Thu Mar 29 09:51:04 CEST 2012
2012/3/29 Luc Menut <lmenut at free.fr>:
> Le 29/03/2012 09:30, Oliver Burger a écrit :
>> Am 29.03.2012 09:22, schrieb Wolfgang Bornath:
>>> The page gives a link to a test routine at java.com where you can test
>>> which version is installed on your machine. For my Mageia 1
>>> installation with firefox the test shows "Your Java version: Version
>>> 6 Update 26" - which matches the installed package
>>> Recommended is "version 6 update 31". But this is not available yet at
>>> - will there be a security related update for Mageia 1?
>>> - if not, should we use the recommended newer version from java.com
>>> (rpm packages available for 32 and 64 bit)
>> Afaik oracle has withdrawn the redistribution license for all newer java
>> But I'm not sure if only java >= 1.7 is concerned or java > 184.108.40.206.
> java-1.6.0-sun > 220.127.116.11 is concerned too.
Ah, missed the bug report on this - but this only shows that the
average "non-mailing-list-reader" may not know about the issue at all.
Step 1: action ASAP as suggested in the bug report comment #13
("update" the version in mga1 repos with a README.urpmi)
Step 2: after this is done give out a related warning (mailing list, forum).
As Dave Hodgins wrote in Bugzilla: "It may be bad for beginner users,
but it's worse to leave them
with insecure software that is being actively exploited."
More information about the Mageia-discuss