Re: [libreoffice-users] [Don't] Re: Java & LibO: use version 6 for now if you must - was: What is the status of Java security?

Hi :)
Really the only way to void potential problems with Java is to NOT use it at all.  Sadly that means 
all our Accessibility stuff would be completely wrecked.  A few Wizards, Extensions, embedded Base 
backends would also be affected but almost all of that has work-arounds that improve the quality of 
the LO experience anyway.  The only thing that has no work-around is Accessibility.

Btw anyone enjoying the paralympics?
Regards from
Tom :)





> ________________________________
> From: NoOp <glgxg@sbcglobal.net>
> To: users@global.libreoffice.org 
> Sent: Friday, 31 August 2012, 20:39
> Subject: [libreoffice-users] [Don't] Re: Java & LibO: use version 6 for now if you must - was: 
> What is the status of Java security?
>
> On 08/31/2012 03:31 AM, Fabian Rodriguez wrote:
> > On 08/30/2012 02:14 PM, Fabian Rodriguez wrote:
> >
> > > Hi all
> >
> > > I saw this a few days ago, I'd like to know what should I make of it?:
> >
> > http://arstechnica.com/security/2012/08/critical-flaw-under-active-attack-prompts-calls-to-disable-java/
> >
> > > I never install Java when I install LibreOffice, but a few people end up
> > > installing it.
> > [..]
> >
> > I asked about this to Canonical support. Here is their reply with
> > regards to Ubuntu:
> > "OpenJDK 7 is affected too. Please note that in Precise and Oneiric,
> > openjdk-7 is in universe, so updating it is not a priority [ for
> > Canonical]. So in the meantime use OpenJDK 6."
>
> So file a security bug as iced-tea has been updated:
> <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html>
> <http://blog.fuseyism.com/index.php/2012/08/30/security-icedtea-2-3-1-released/>
> <https://bugzilla.redhat.com/show_bug.cgi?id=852051>
> <http://gnu.wildebeest.org/blog/mjw/2012/08/30/java-bug-cve-2012-4681/>
>
> > Knowing Oracle's strict updates schedule, version 7 won't have updates
> > before next month, which may then take some time to reach the proper
> > community channels.
>
> From my reponse in this thread yesterday:
> Update to Java 7u7:
> <http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html>
> <https://www.java.com/en/download/manual.jsp>
>
> > This echoes the recommendations I've seen here to user version 6 as its
> > more stable with LibO.
>
> And recommending that brings up other well known security issues. You
> are much better off turning off java until you've installed the current
> updates (released yesterday).
>
> Note:
> <http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html>
> <quote>
> Description
>
> This Security Alert addresses security issues CVE-2012-4681 (US-CERT
> Alert TA12-240A and Vulnerability Note VU#636312) and two other
> vulnerabilities affecting Java running in web browsers on desktops.
> These vulnerabilities are not applicable to Java running on servers or
> standalone Java desktop applications. They also do not affect Oracle
> server-based software.
> </quote>
>
> > Thanks for all the replies,
> >
> > Fabián Rodríguez
> > http://libreoffice.magicfab.ca
>
>
>
> -- 
> For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
> Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be deleted
-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted