Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index

On 01/13/2013 05:35 AM, James Knott wrote:
Jay Lozier wrote:
Yes, all OS's are affected because Java is cross platform. I am not 
sure if any of the previous version are affected or if only the 
current release is affected.

The primary concern is Java applets run by your browser. The 
vulnerability allows a zero-day browser exploit that as yet is not 
patched by Oracle. The primary concerns I have heard of are 
installation of keyloggers and installation of ransomware. I would 
assume the malware will use the JVM to run and would be cross 
platform. AFAIK, Oracle has not yet announced when a patch will be 

As I mentioned in another note, I'm running OpenJDK, not Oracle Java.  
So the question becomes is it a problem in general with Java or just 

It is an OpenJDK problem as well. I've just posted this on the Mozilla
SeaMonkey user support nntp group:

Given the Zero-Day Java 7 vulnerabilities (see Paul B Gallagher's
thread: 'Java 7u10 vulnerability in browsers' and for those using
OpenJDK & Icedtea for Java JRE:

Security releases for OpenJDK and Icedtea were released yesterday (Tues
Jan 17).


 This confirms that OpenJDK7 and IcedTea7 were vulnerable - of course I
reckon that it will take awhile for the builds to get pushed to the

Note that "OpenJDK 6 is not affected.". So if you are using OpenJDK7 I'd
recommend installing OpenJDK6 (you can leave OpenJDK7 installed[1]), and
then using update-alternatives to set OpenJDK6 as the system JRE.

For Debian/Ubuntu users:

$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install openjdk-6-jre
$ sudo apt-get install icedtea6-plugin

$ sudo update-alternatives --config java
$ sudo update-alternatives --config

Ensure that you are using OpenJDK6 instead of OpenJDK7. Example:
~$ java -version
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1)
OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

If you enable Java in SeaMonkey (I recommend using Prefbar to turn Java
on/off), the IcedTead plugin (Ubuntu in this example) in about:config
will show:

IcedTea-Web Plugin (using IcedTea-Web 1.2 (1.2-2ubuntu1.3))

    File: /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/
    The IcedTea-Web Plugin executes Java applets.

I'd also check your LibreOffice/ApacheOO installs & select OpenJDK6:
Tools|Options|Java| select 'Sun Microsystems, Inc. 1.6.0_24
Note: I do not know of the current zero-day vulnerablity affecting
LibreOffice/ApacheOO - but to be cautious I revert to OpenJDK6.

[1] I keep openJDK7 installed so that it will be updated when the distro
packagers issue the security update.

For unsubscribe instructions e-mail to:
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.