Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Sep 2009 22:36:37 +0200
From:      cpghost <>
To:        Greg Lewis <>
Subject:   java/jdk16 vulnerability?
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi Greg,

Freenet ( on my FreeBSD/amd64 system
complains about an old and vulnerable Java version:

  Your installed version of Java is vulnerable to a severe remote
  exploit (remote code execution!). You must upgrade to at least Java
  5 update 20 or Java 6 update 15 as soon as possible. Freenet has
  disabled any plugins handling XML for the time being, but this
  includes searching and chat so you should upgrade ASAP!

  See for

  Also, please do not use Thaw or Freetalk. The UPnP plugin is
  enabled, it might present a risk if you have bad guys on your LAN,
  but without it Freenet will not be able to port forward and will
  have severe problems.

I'm running java/jdk16:

phenom# java -version
java version "1.6.0_03-p4"
Java(TM) SE Runtime Environment (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00, mixed mode)

On 7.2-STABLE:

phenom# uname -a
FreeBSD 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue Sep  8 10:43:26 CEST 2009  amd64

Is that version of Java really vulnerable? If yes, why doesn't
  # portaudit -Fda
report it as such, and could you please update the java/jdk16 port?


Cordula's Web.

Want to link to this message? Use this URL: <>