[GNU-linux-libre] Important security update for all Java implementations

gnu-linux-libre

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNU-linux-libre] Important security update for all Java implementations

From:	Brett Smith
Subject:	[GNU-linux-libre] Important security update for all Java implementations
Date:	Wed, 11 Apr 2012 11:33:12 -0400
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20

You might've heard about the malware for Mac called Flashback.  It
spreads via a vulnerability in Java implementations.  OpenJDK and
IcedTea, which include Java code from Sun/Oracle, were vulnerable as
well.  Please make sure Java implementations in your distributions are
patched to fix this vulnerability, and publish updates as appropriate.

It doesn't look like there's a full technical report on the exploit (the
CVE is "reserved") but here's Oracle's official page about the problem:
<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>

Here are trackers for Red Hat and Debian.  The Red Hat page at least
includes a high-level summary of the bug.

* <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507>
* <http://security-tracker.debian.org/tracker/CVE-2012-0507>

Best regards,

-- 
Brett Smith
License Compliance Engineer, Free Software Foundation

Support the FSF by becoming an Associate Member: http://fsf.org/jf

[Prev in Thread]

Current Thread

[Next in Thread]

[GNU-linux-libre] Important security update for all Java implementations, Brett Smith <=
- Re: [GNU-linux-libre] Important security update for all Java implementations, Karl Goetz, 2012/04/18

Prev by Date: Re: [GNU-linux-libre] Time to recheck Chromium?
Next by Date: [GNU-linux-libre] pstoedit documentation issue
Previous by thread: Re: [GNU-linux-libre] Fwd: Please inform free distro maintainers
Next by thread: Re: [GNU-linux-libre] Important security update for all Java implementations
Index(es):
- Date
- Thread