java/jdk16 vulnerability?
Robert Huff
roberthuff at rcn.com
Tue Sep 29 05:01:16 UTC 2009
Greg Lewis writes:
> > Your installed version of Java is vulnerable to a severe remote
> > exploit (remote code execution!). You must upgrade to at least Java
> > 5 update 20 or Java 6 update 15 as soon as possible. Freenet has
> > disabled any plugins handling XML for the time being, but this
> > includes searching and chat so you should upgrade ASAP!
>
> We're almost certainly vulnerable. The jdk16 port is at Update 3.
> We need an entry in the VUXML database I guess.
>
> Updating java/jdk16 is going to be a slow process. There are
> lots of changes between Update 3 and Update 15. I've partially
> merged Update 4, but obviously that still leaves many to go...
As someone with zero knowledge of Java internals: what is the
recommended version at the moment?
Robert Huff
More information about the freebsd-java
mailing list