Security Info: Sun Java J2SE 5 and J2SE 1.4 vulnerable *update*

[Alexander Dalloz]

Am Mi, den 15.06.2005 schrieb Captain Bubudiu um 21:21:

> What is the "official line"? Are we getting an update
> from Fedora through yum? (Presumably a redhat dude
> should be in the know.)

The official guideline - as stated in the FC4 release notes - is to use
www.jpackage.org (non-free section) and to rpmbuild the Java engine RPM
from the non source containing SRC.RPM there. You will have to get the
self-extracting binary from java.sun.com manually.
There will be no update for Fedora through the default yum / up2date -
simply because Sun's Java isn't part of Fedora, and this due to it's
license.
To make it clear: I posted the info here, because I think a majority of
people running Fedora too have Sun's Java installed - whichever way they
did the install. And as said, like no official update or announcement
would happen I felt it was a good thing to inform list readers about the
severe security issue.

> Alexander as you are always asking for CVE numbers
> what is the CVE id for this issue? Have you considered
> filing a bug report?

I posted Sun's official notification with my initial posting.

> Captain Bubudiu

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 21:52:25 up 22 days, 20:30, load average: 0.06, 0.11, 0.09 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050615/d0213d71/attachment-0001.sig>