Java Security Warning

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Java Security Warning

Postby tlcmd on Thu Jan 24, 2013 9:57 am

Those of us who are also running Windows are receiving Warnings about Java. "With nearly every news outlet — along with the U.S. Department of Homeland Security — calling for its removal from PCs, who wouldn't worry about running Java on their computer?"

Is this warning applicable to those of us running Linux Distros with Firefox, Chrome, and other browsers, or will the uniqueness of Linux protect us from Java problems?? I'm running LMDE.
Thanks,
tlcmd (aka Dick)
Last edited by xenopeek on Thu Jan 24, 2013 12:14 pm, edited 1 time in total.
Reason: Moved to LMDE section.
tlcmd
Level 4
Level 4
 
Posts: 201
Joined: Sat Jan 30, 2010 4:43 pm

Linux Mint is funded by ads and donations.
 

Re: Java Security Warning

Postby sagirfahmid3 on Thu Jan 24, 2013 12:06 pm

Yes that warning is applicable to ALL users who use Java, regardless of operating system. Java is cross-platform.
User avatar
sagirfahmid3
Level 6
Level 6
 
Posts: 1054
Joined: Sun Sep 04, 2011 12:39 pm

Re: Java Security Warning

Postby xenopeek on Thu Jan 24, 2013 12:17 pm

Its applicable if you have installed Oracle Java. By default Linux Mint Main Edition comes with OpenJDK, and I gather also LMDE does? That's something else than Oracle Java that has the Windows world in a fit. If you are concerned about Java security risks, you need not remove Java but like the rest of us you could consider removing Java support from your web browser.

IcedTea is the Java web client for OpenJDK, so you can on LMDE probably also use the command here to remove it: viewtopic.php?f=47&t=119955#p660774
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14838
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Java Security Warning

Postby mockturtl on Thu Jan 24, 2013 12:23 pm

http://dottech.org/94112/latest-version-of-java-7u11-is-still-vulnerable-oracle-issued-an-incomplete-patch-according-to-experts/

JANUARY 20, 2013
According to two security firms, Trend Micro and Immunity Inc., the most recently discovered Java exploit (the one that hit the headlines on Jan 10) was due to two vulnerabilities in Java. The most recent patch issued by Oracle on Jan 14 (Java 7u11, Java 6u37, Java 5u38, and Java 4u40) patched only one of the vulnerabilities. Both firms independently came to this conclusion (meaning they both studied the patch and figured this out)


Visit about://plugins. Disable the Java plugin there (Chrome), or Tools -> Addons -> Plugins (Firefox).

more info: viewtopic.php?f=47&t=122731

xenopeek wrote:Its applicable if you have installed Oracle Java. By default Linux Mint Main Edition comes with OpenJDK


It seems to be a problem for openjdk, too.
http://security.stackexchange.com/questions/27939/java-vulnerability-what-about-openjdk-icedtea

Java 7 and OpenJDK share a lot of common code, so, as a general rule, security issues in Java 7 also apply to OpenJDK. In that specific case, it seems that the vulnerability was reported in the Debian OpenJDK package, so yes, they are vulnerable. See this question on another stackexchange site.
Image
User avatar
mockturtl
Level 4
Level 4
 
Posts: 437
Joined: Sat Oct 09, 2010 8:51 pm

Re: Java Security Warning

Postby xenopeek on Thu Jan 24, 2013 12:35 pm

True, Oracle 7 is based on OpenJDK 7. I gather it is Oracle that adds the security issues... But yes, removing the Java web client or disabling Java in your browser is recommended if you are concerned about this.

Also, adding to the above, if you do need Java for some websites and you can't switch to alternatives (some banks are using Java web clients for their home banking), install NoScript for Firefox (perhaps also available on other browsers). This will allow you to block all Java / Flash / JavaScript code on all websites, and lets you create a whitelist of the websites that are allowed to use that kind of code as an exception to the rule to block all.
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14838
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands


Return to Newbie Questions

Who is online

Users browsing this forum: No registered users and 2 guests