Linux Mint Forums

[xenopeek]

Those of us who are also running Windows are receiving Warnings about Java. "With nearly every news outlet — along with the U.S. Department of Homeland Security — calling for its removal from PCs, who wouldn't worry about running Java on their computer?"

Is this warning applicable to those of us running Linux Distros with Firefox, Chrome, and other browsers, or will the uniqueness of Linux protect us from Java problems?? I'm running LMDE.
Thanks,
tlcmd (aka Dick)

[sagirfahmid3]

Yes that warning is applicable to ALL users who use Java, regardless of operating system. Java is cross-platform.

[xenopeek]

Its applicable if you have installed Oracle Java. By default Linux Mint Main Edition comes with OpenJDK, and I gather also LMDE does? That's something else than Oracle Java that has the Windows world in a fit. If you are concerned about Java security risks, you need not remove Java but like the rest of us you could consider removing Java support from your web browser.

IcedTea is the Java web client for OpenJDK, so you can on LMDE probably also use the command here to remove it: viewtopic.php?f=47&t=119955#p660774

[mockturtl]

http://dottech.org/94112/latest-version-of-java-7u11-is-still-vulnerable-oracle-issued-an-incomplete-patch-according-to-experts/

JANUARY 20, 2013
According to two security firms, Trend Micro and Immunity Inc., the most recently discovered Java exploit (the one that hit the headlines on Jan 10) was due to two vulnerabilities in Java. The most recent patch issued by Oracle on Jan 14 (Java 7u11, Java 6u37, Java 5u38, and Java 4u40) patched only one of the vulnerabilities. Both firms independently came to this conclusion (meaning they both studied the patch and figured this out)

Visit about://plugins. Disable the Java plugin there (Chrome), or Tools -> Addons -> Plugins (Firefox).

more info: viewtopic.php?f=47&t=122731

Its applicable if you have installed Oracle Java. By default Linux Mint Main Edition comes with OpenJDK

It seems to be a problem for openjdk, too.

http://security.stackexchange.com/questions/27939/java-vulnerability-what-about-openjdk-icedtea

Java 7 and OpenJDK share a lot of common code, so, as a general rule, security issues in Java 7 also apply to OpenJDK. In that specific case, it seems that the vulnerability was reported in the Debian OpenJDK package, so yes, they are vulnerable. See this question on another stackexchange site.

[xenopeek]

True, Oracle 7 is based on OpenJDK 7. I gather it is Oracle that adds the security issues... But yes, removing the Java web client or disabling Java in your browser is recommended if you are concerned about this.

Also, adding to the above, if you do need Java for some websites and you can't switch to alternatives (some banks are using Java web clients for their home banking), install NoScript for Firefox (perhaps also available on other browsers). This will allow you to block all Java / Flash / JavaScript code on all websites, and lets you create a whitelist of the websites that are allowed to use that kind of code as an exception to the rule to block all.