[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNU-linux-libre] Important security update for all Java implementations
From: |
Brett Smith |
Subject: |
[GNU-linux-libre] Important security update for all Java implementations |
Date: |
Wed, 11 Apr 2012 11:33:12 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20 |
You might've heard about the malware for Mac called Flashback. It
spreads via a vulnerability in Java implementations. OpenJDK and
IcedTea, which include Java code from Sun/Oracle, were vulnerable as
well. Please make sure Java implementations in your distributions are
patched to fix this vulnerability, and publish updates as appropriate.
It doesn't look like there's a full technical report on the exploit (the
CVE is "reserved") but here's Oracle's official page about the problem:
<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>
Here are trackers for Red Hat and Debian. The Red Hat page at least
includes a high-level summary of the bug.
* <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507>
* <http://security-tracker.debian.org/tracker/CVE-2012-0507>
Best regards,
--
Brett Smith
License Compliance Engineer, Free Software Foundation
Support the FSF by becoming an Associate Member: http://fsf.org/jf
- [GNU-linux-libre] Important security update for all Java implementations,
Brett Smith <=