[Slackbuilds-users] The latest jdk on slackbuilds.org
ronayne.thomas at gmail.com
Wed Apr 17 13:48:16 UTC 2013
I can only reiterate the warning found in US-CERT TA13-064A (see Alert
(TA13-064A) Oracle Java Contains Multiple Vulnerabilities
<http://www.us-cert.gov/ncas/alerts/TA13-064A>), which is talking about
Java 7 Update 17 (7u17); down a ways is the following:
*"Disable Java in Web Browsers*
This and previous Java vulnerabilities have been widely targeted by
attackers, and new Java vulnerabilities are likely to be discovered. To
defend against these vulnerabilities, consider disabling Java in web
browsers until adequate updates are available. As with any software,
unnecessary features should be disabled or removed as appropriate for
Starting with Java 7 Update 10, it is possible to disable Java content
in web browsers through the Java control panel applet. According to
Setting the Security Level of the Java Client
For installations where the highest level of security is required, it is
possible to entirely prevent /any/ Java apps (signed or unsigned) from
running in a browser by de-selecting Enable Java content in the browser
in the Java Control Panel under the Security tab.
If you are unable to update to Java 7 Update 10, see the solution
section of Vulnerability Note VU#636312
<http://www.kb.cert.org/vuls/id/636312#solution> for instructions on how
to disable Java on a per-browser basis."
Given that Oracle updated in less than 24 hours to 21, and given the
known problems, disabling the Java plug-in in every browser you use is a
Real Good Idea. Bradly's comment about Swiss cheese is, I think, not
harsh enough -- Oracle's stewardship is more along the lines of
Microsoft's: you can drive a semi in, turn it around, load up with
whatever you want then drive off.
It would not be a bad idea in any event to subscribe to US-CERT
<http://www.us-cert.gov/>; down at the bottom of the page you can
subscribe to Alerts which are periodically issued when Bad Things Are
Afoot. You can also review Bulletins and Tips (and subscribe too for those).
If you really want (or must) have the Java plug-in your browsers, that's
pretty easy: simply make a symbolic link in /usr/lib64/mozilla/plugins
to /usr/lib64/java/jre/lib/amd64/libnpjp2.so (assuming you've installed
JDK, which includes JRE) using the SlackBuild from the extra directory
on your Slackware media -- the file you want to link to is libnpjp2.so.
Of course, if you're using 32-bit, the "64" won't be there but otherwise
the file is the same name. This is one of those don't do it unless you
really know what the consequences may be kind of things, just be aware
of that. And, if you do this, disable the damned thing in the browser
unless you must have it for some reason.
Hope this helps some.
A riddle, wrapped in a mystery, inside an enigma but that's my story and I'm stickin' to it.
More information about the SlackBuilds-users