Date: Tue, 29 Sep 2009 00:30:53 -0400 From: Robert Huff <roberthuff@rcn.com> To: Greg Lewis <glewis@eyesbeyond.com> Cc: Greg Lewis <glewis@freebsd.org>, cpghost <cpghost@cordula.ws>, freebsd-questions@freebsd.org, freebsd-java@freebsd.org Subject: Re: java/jdk16 vulnerability? Message-ID: <19137.36221.789093.590674@jerusalem.litteratus.org> In-Reply-To: <20090929034837.GA56588@misty.eyesbeyond.com> References: <20090928101048.GA1189@phenom.cordula.ws> <20090929034837.GA56588@misty.eyesbeyond.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Lewis writes: > > Your installed version of Java is vulnerable to a severe remote > > exploit (remote code execution!). You must upgrade to at least Java > > 5 update 20 or Java 6 update 15 as soon as possible. Freenet has > > disabled any plugins handling XML for the time being, but this > > includes searching and chat so you should upgrade ASAP! > > We're almost certainly vulnerable. The jdk16 port is at Update 3. > We need an entry in the VUXML database I guess. > > Updating java/jdk16 is going to be a slow process. There are > lots of changes between Update 3 and Update 15. I've partially > merged Update 4, but obviously that still leaves many to go... As someone with zero knowledge of Java internals: what is the recommended version at the moment? Robert Huff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19137.36221.789093.590674>