Greg Freemyer <greg.freemyer@gmail.com> writes:

On 7/7/05, Carlos E. R. wrote:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Hi,

I just noticed there are two version of java in SuSE 9.3. Why? I have the 1_4_2 version installed, ¿should I install 1_5 instead?

Also, the new version has other packages, like java-1_5_0-sun-alsa and java-1_5_0-sun-jdbc, that do not exist in the previous version. The description for all rpms is exactly the same, so I can't know what they are for.

Should I install all of them?

Nice "descriptions"... :-(

- -- Cheers, Carlos Robinson

If you use Java 1.4.2, you may want to know that there is a potentially a major security hole in it.

http://www.networkworld.com/news/2005/061505-sun-java.html

As of 3 weeks ago, Sun was recommending everyone upgrade to Java 1.5 to address the issue. I don't know if 1.4.2 patches came out or not.

From the java-1_4_2-sun-52305 patch file for 9.3:

Longdescription.english: This update fixes two security bugs in the java implementation. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files. An attacker can pass arbitrary command-line options to the virtual machine to disable the sandbox and get access to files (CAN-2005-0836). The second bug is equal to the first one but can also triggered by untrusted applets (CAN-2005-1974). Additionally a non-security bug with japanese fonts was fixed for 9.3. Hsilgne.noitpircsedgnol: Size: 38869 Buildtime: 1119263563 [end quote] markgray@k6:/srv/ftp/pub> perl -e 'print scalar localtime 1119263563, "\n";' Mon Jun 20 06:32:43 2005 probably the bugs you are referring to.