Re: [libreoffice-users] Embedded Java

Hi :)
I think it's less of a problem on any unix-based platform even using Oracle's main versions.  Mac 
had a problem with 2 old versions but generally the main problems are on Windows because it's much 
easier for a remote attacker to escalate their privileges.  In Mac but even more so in Gnu&Linux 
it's quite normal to run things as a normal user without Superuser privileges.  The whole Windows 
culture is for users to set their normal/only user as SuperUser otherwise stuff just doesn't work.  

Notice that Oracle's main version of java keeps getting upgraded.  Typically at least 1/month.  
It's always about security and they always advise people to upgrade to their newest version because 
of security problems with their older one (last month's).  Then the month later they say there was 
a problem with the one they said was safe last month.  The 1st 4 or 5 versions in their newer 
branch weren't even released apparently because they got compromised even before they got released. 
 

OpenJdk doesn't seem to be so perpetually troubled.  Personally i think that's due to the community 
taking notice of their bug-reports and being more careful about their coding.  "More eyes on the 
code" surely helps 'obvious' troublesome areas.  

Regards from
Tom :)  





> ________________________________
> From: James Knott <james.knott@rogers.com>
> To: LibreOffice <users@global.libreoffice.org> 
> Sent: Sunday, 13 January 2013, 13:35
> Subject: Re: [libreoffice-users] Embedded Java
>
> Jay Lozier wrote:
> > Yes, all OS's are affected because Java is cross platform. I am not sure if any of the previous 
> > version are affected or if only the current release is affected.
> >
> > The primary concern is Java applets run by your browser. The vulnerability allows a zero-day 
> > browser exploit that as yet is not patched by Oracle. The primary concerns I have heard of are 
> > installation of keyloggers and installation of ransomware. I would assume the malware will use 
> > the JVM to run and would be cross platform. AFAIK, Oracle has not yet announced when a patch 
> > will be available.
>
> As I mentioned in another note, I'm running OpenJDK, not Oracle Java.  So the question becomes is 
> it a problem in general with Java or just Oracle's.
>
>
> -- For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
> Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be deleted
-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted