Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index


Hi :)
Really the only way to void potential problems with Java is to NOT use it at all.  Sadly that means 
all our Accessibility stuff would be completely wrecked.  A few Wizards, Extensions, embedded Base 
backends would also be affected but almost all of that has work-arounds that improve the quality of 
the LO experience anyway.  The only thing that has no work-around is Accessibility.

Btw anyone enjoying the paralympics?
Regards from
Tom :)





________________________________
From: NoOp <glgxg@sbcglobal.net>
To: users@global.libreoffice.org 
Sent: Friday, 31 August 2012, 20:39
Subject: [libreoffice-users] [Don't] Re: Java & LibO: use version 6 for now if you must - was: 
What is the status of Java security?

On 08/31/2012 03:31 AM, Fabian Rodriguez wrote:

On 08/30/2012 02:14 PM, Fabian Rodriguez wrote:

Hi all

I saw this a few days ago, I'd like to know what should I make of it?:

http://arstechnica.com/security/2012/08/critical-flaw-under-active-attack-prompts-calls-to-disable-java/

I never install Java when I install LibreOffice, but a few people end up
installing it.
[..]

I asked about this to Canonical support. Here is their reply with
regards to Ubuntu:
"OpenJDK 7 is affected too. Please note that in Precise and Oneiric,
openjdk-7 is in universe, so updating it is not a priority [ for
Canonical]. So in the meantime use OpenJDK 6."

So file a security bug as iced-tea has been updated:
<http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html>
<http://blog.fuseyism.com/index.php/2012/08/30/security-icedtea-2-3-1-released/>
<https://bugzilla.redhat.com/show_bug.cgi?id=852051>
<http://gnu.wildebeest.org/blog/mjw/2012/08/30/java-bug-cve-2012-4681/>


Knowing Oracle's strict updates schedule, version 7 won't have updates
before next month, which may then take some time to reach the proper
community channels.

From my reponse in this thread yesterday:
Update to Java 7u7:
<http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html>
<https://www.java.com/en/download/manual.jsp>


This echoes the recommendations I've seen here to user version 6 as its
more stable with LibO.

And recommending that brings up other well known security issues. You
are much better off turning off java until you've installed the current
updates (released yesterday).

Note:
<http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html>
<quote>
Description

This Security Alert addresses security issues CVE-2012-4681 (US-CERT
Alert TA12-240A and Vulnerability Note VU#636312) and two other
vulnerabilities affecting Java running in web browsers on desktops.
These vulnerabilities are not applicable to Java running on servers or
standalone Java desktop applications. They also do not affect Oracle
server-based software.
</quote>


Thanks for all the replies,

Fabián Rodríguez
http://libreoffice.magicfab.ca







-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted



-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.