Mailinglist Archive: opensuse (2700 mails)
| < Previous | Next > |
Re: [SLE] java-1_4_2-sun vs java-1_5_0-sun
- From: Mark Gray <markgray-temp-1117739497@xxxxxxxxxxxx>
- Date: 07 Jul 2005 15:32:03 -0400
- Message-id: <6shdf6xvik.fsf@xxxxxxxxxxxx>
Greg Freemyer <greg.freemyer@xxxxxxxxx> writes:
> On 7/7/05, Carlos E. R. wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Hi,
>>
>> I just noticed there are two version of java in SuSE 9.3. Why? I have the
>> 1_4_2 version installed, ¿should I install 1_5 instead?
>>
>> Also, the new version has other packages, like java-1_5_0-sun-alsa and
>> java-1_5_0-sun-jdbc, that do not exist in the previous version. The
>> description for all rpms is exactly the same, so I can't know what they are
>> for.
>>
>> Should I install all of them?
>>
>> Nice "descriptions"... :-(
>>
>> - --
>> Cheers,
>> Carlos Robinson
> If you use Java 1.4.2, you may want to know that there is a
> potentially a major security hole in it.
>
> http://www.networkworld.com/news/2005/061505-sun-java.html
>
> As of 3 weeks ago, Sun was recommending everyone upgrade to Java 1.5
> to address the issue. I don't know if 1.4.2 patches came out or not.
>From the java-1_4_2-sun-52305 patch file for 9.3:
Longdescription.english:
This update fixes two security bugs in the java
implementation. Java Web Start can be exploited remotely
due to an error in input validation of tags in JNLP files.
An attacker can pass arbitrary command-line options to the
virtual machine to disable the sandbox and get access to
files (CAN-2005-0836). The second bug is equal to the first
one but can also triggered by untrusted applets
(CAN-2005-1974). Additionally a non-security bug with
japanese fonts was fixed for 9.3.
Hsilgne.noitpircsedgnol:
Size: 38869
Buildtime: 1119263563
[end quote]
markgray@k6:/srv/ftp/pub> perl -e 'print scalar localtime 1119263563, "\n";'
Mon Jun 20 06:32:43 2005
probably the bugs you are referring to.
> On 7/7/05, Carlos E. R. wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Hi,
>>
>> I just noticed there are two version of java in SuSE 9.3. Why? I have the
>> 1_4_2 version installed, ¿should I install 1_5 instead?
>>
>> Also, the new version has other packages, like java-1_5_0-sun-alsa and
>> java-1_5_0-sun-jdbc, that do not exist in the previous version. The
>> description for all rpms is exactly the same, so I can't know what they are
>> for.
>>
>> Should I install all of them?
>>
>> Nice "descriptions"... :-(
>>
>> - --
>> Cheers,
>> Carlos Robinson
> If you use Java 1.4.2, you may want to know that there is a
> potentially a major security hole in it.
>
> http://www.networkworld.com/news/2005/061505-sun-java.html
>
> As of 3 weeks ago, Sun was recommending everyone upgrade to Java 1.5
> to address the issue. I don't know if 1.4.2 patches came out or not.
>From the java-1_4_2-sun-52305 patch file for 9.3:
Longdescription.english:
This update fixes two security bugs in the java
implementation. Java Web Start can be exploited remotely
due to an error in input validation of tags in JNLP files.
An attacker can pass arbitrary command-line options to the
virtual machine to disable the sandbox and get access to
files (CAN-2005-0836). The second bug is equal to the first
one but can also triggered by untrusted applets
(CAN-2005-1974). Additionally a non-security bug with
japanese fonts was fixed for 9.3.
Hsilgne.noitpircsedgnol:
Size: 38869
Buildtime: 1119263563
[end quote]
markgray@k6:/srv/ftp/pub> perl -e 'print scalar localtime 1119263563, "\n";'
Mon Jun 20 06:32:43 2005
probably the bugs you are referring to.
| < Previous | Next > |