There was recently a security alert from Sun about J2SE 5.0 and 1.4.2 (see http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 ). SuSE supplied updates for the various 1.4.2 packages, but not for the 1.5.0 packages supplied on the 9.3 DVD, e.g. java-1_5_0-sun-plugin-1.5.0_01-5 java-1_5_0-sun-1.5.0_01-5 Now Java version numbers are a bit mysterious, but it looks to me like these packages might be vulnerable. Would anyone like to comment? Thanks, Bob
Hello. On Tue, Jul 05, 2005 at 05:05:28PM +0100, Bob Vickers wrote:
There was recently a security alert from Sun about J2SE 5.0 and 1.4.2 (see http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 ).
SuSE supplied updates for the various 1.4.2 packages, but not for the 1.5.0 packages supplied on the 9.3 DVD, e.g. java-1_5_0-sun-plugin-1.5.0_01-5 java-1_5_0-sun-1.5.0_01-5
Now Java version numbers are a bit mysterious, but it looks to me like these packages might be vulnerable. Would anyone like to comment?
We release java 1.5.0 update 3 as non-security update some time ago. This update is AFAIK not vulnerable. Just let YOU online update run and select java. thomas@spiral:~> java -fullversion java full version "1.5.0_03-b07"
Thanks, Bob
-- Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing -- Ray's Rule of Precision: Measure with a micrometer. Mark with chalk. Cut with an axe.
Dear Thomas, Thanks for the tip, that is very helpful. My policy on servers is only to apply security updates, so those ones got missed. Could the 1.5 updates be reclassified as security-related? There could well be other people in the same situation. Regards, Bob On Wed, 6 Jul 2005, Thomas Biege wrote:
Hello.
On Tue, Jul 05, 2005 at 05:05:28PM +0100, Bob Vickers wrote:
There was recently a security alert from Sun about J2SE 5.0 and 1.4.2 (see http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 ).
SuSE supplied updates for the various 1.4.2 packages, but not for the 1.5.0 packages supplied on the 9.3 DVD, e.g. java-1_5_0-sun-plugin-1.5.0_01-5 java-1_5_0-sun-1.5.0_01-5
Now Java version numbers are a bit mysterious, but it looks to me like these packages might be vulnerable. Would anyone like to comment?
We release java 1.5.0 update 3 as non-security update some time ago. This update is AFAIK not vulnerable.
Just let YOU online update run and select java.
thomas@spiral:~> java -fullversion java full version "1.5.0_03-b07"
Thanks, Bob
-- Bye, Thomas -- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing --
Ray's Rule of Precision: Measure with a micrometer. Mark with chalk. Cut with an axe.
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
participants (2)
-
Bob Vickers
-
Thomas Biege