Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Java plugin threat to OpenSuse 12.1?

  1. #1

    Default Java plugin threat to OpenSuse 12.1?

    Hello list, moderators!

    I don't see anything under Applications regarding the recent Oracle/Java plugin security chatter that's on the web.

    Should I do anything myself in response?

    Some websites suggest uninstalliing java.

    My Firefox is up to Vs 18.0. I see that I have five rpms installed with java in their title.

    Is this "threat" something that OpenSuse 12.1 will deal with using updates?

    Heboland

  2. #2
    Join Date
    May 2010
    Location
    Space Colony Lagrange Point 22° à, 77° Ƅ, 56° ɤ, 99° ɜ
    Posts
    3,166

    Default Re: Java plugin threat to OpenSuse 12.1?

    If you use Firefox you can use NoScript addon and block java content on all websites
    i don't know the exact component but some of the functionality of Libreoffice Java is required
    GNOME Version 3.20.2
    openSUSE Leap 42.3 64-bit

    www.vazhavandan.blogspot.com

  3. #3
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,901
    Blog Entries
    3

    Default Re: Java plugin threat to OpenSuse 12.1?

    Quote Originally Posted by heboland View Post
    Hello list, moderators!

    I don't see anything under Applications regarding the recent Oracle/Java plugin security chatter that's on the web.

    Should I do anything myself in response?
    The default is to use openjdk (or IcedTea), rather than the oracle version of java. You can maybe check which you have.

    For me, it is openjdk. I also use "noscript" which should protect me against java being used from sites that I have not whitelisted in "noscript".

    If you are using the oracle java, then you can disable the plugin for firefox, which is easier than uninstalling and easier to reverse.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  4. #4
    dd NNTP User

    Default Re: Java plugin threat to OpenSuse 12.1?

    On 01/13/2013 05:16 AM, vazhavandan wrote:
    >
    > If you use Firefox you can use NoScript addon and block java content on
    > all websites


    NoScript blocks javascript _only_.....which has nothing at all to do
    with the security threat posed by Java..

    --
    dd http://goo.gl/PUjnL
    http://tinyurl.com/DD-Caveat http://tinyurl.com/DD-Hardware
    http://tinyurl.com/DD-Software

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Java plugin threat to OpenSuse 12.1?

    On 2013-01-13 12:25, dd wrote:
    > On 01/13/2013 05:16 AM, vazhavandan wrote:
    >>
    >> If you use Firefox you can use NoScript addon and block java content on
    >> all websites

    >
    > NoScript blocks javascript _only_.....which has nothing at all to do
    > with the security threat posed by Java..
    >


    And what is that security threat? with my limited internet I haven't
    read anything yet.

    (argh... I don't even have a spell checker in th now)

    --
    Cheers/Saludos
    Carlos E. R. (12.1 test at Minas-Anor)

  6. #6
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    4,654

    Default Re: Java plugin threat to OpenSuse 12.1?

    Am 13.01.2013 05:16, schrieb vazhavandan:
    > i don't know the exact component but some of the functionality of
    > Libreoffice Java is required
    >

    Java desktop programs (or where it is part of desktop or cli programs)
    has nothing and really absolutely nothing to do with security flaws when
    used in browsers where it is supposed to run sandboxed.

    Please don't mix that, outside the browser plugins java is just another
    programming language running on top of a small virtual machine like many
    other programming languages (clang/llvm, clisp, python, ocaml ...) and
    has not more and no less security flaws than anything else (for most of
    these the operating system and its helper programs will take care).

    --
    PC: oS 12.2 x86_64 | i7-2600@3.40GHz | 16GB | KDE 4.8.5 | GTX 650 Ti
    ThinkPad E320: oS 12.2 x86_64 | i3@2.30GHz | 8GB | KDE 4.9.4 | HD 3000
    eCAFE 800: oS 11.4 i586 | AMD Geode LX 800@500MHz | 512MB | lamp server

  7. #7
    Join Date
    Sep 2012
    Posts
    5,235

    Default Re: Java plugin threat to OpenSuse 12.1?

    Quote Originally Posted by robin_listas View Post
    And what is that security threat?
    Actually, it was not that simple to find reference. Everyone talks about threats and nobody gives any reference.
    This is CVE-2013-0422 (National Vulnerability Database (NVD) National Vulnerability Database (CVE-2013-0422)):
    The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related to unspecified classes that allow access to the class loader, as exploited in the wild in January 2013
    and in CERT TA13-010A:
    A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack).

  8. #8
    dd NNTP User

    Default Re: Java plugin threat to OpenSuse 12.1?

    On 01/13/2013 12:46 PM, Carlos E. R. wrote:
    > And what is that security threat? with my limited internet I haven't
    > read anything yet.


    there is a posting in nntp://opensuse.org.news.tech-news from Malcolm
    yesterday giving a URL (below) which is an image heavy "TV news site" so
    i'll give some TEXT highlights first:

    The U.S. Department of Homeland Security is advising people to
    temporarily disable the Java software on their computers to avoid
    potential hacking attacks. . . Experts believe hackers have found a flaw
    in Java's coding that creates an opening for criminal activity and other
    high-tech mischief . . .The malware has currently been seen attacking
    Windows, Linux and Unix systems . . . Apple has taken steps to block it
    by issuing an update to its built-in XProtect system to block the
    current version of the Java 7 runtime. . .
    © 2013 CBS Interactive Inc. All Rights Reserved. This material may not
    be published, broadcast, rewritten, or redistributed. The Associated
    Press contributed to this report.
    http://www.cbsnews.com/8301-205_162-...java-software/

    --
    dd

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Java plugin threat to OpenSuse 12.1?

    On 2013-01-13 13:35, dd wrote:
    > On 01/13/2013 12:46 PM, Carlos E. R. wrote:
    >> And what is that security threat? with my limited internet I haven't
    >> read anything yet.

    >
    > there is a posting in nntp://opensuse.org.news.tech-news from Malcolm
    > yesterday giving a URL (below) which is an image heavy "TV news site" so
    > i'll give some TEXT highlights first:


    Thanks, and also to arvidjaar.

    It seems serious.

    Well, it seems that it affects jave 7 only, I'm using the previous version.

    --
    Cheers/Saludos
    Carlos E. R. (12.1 test at Minas-Anor)

  10. #10
    Join Date
    May 2010
    Location
    Space Colony Lagrange Point 22° à, 77° Ƅ, 56° ɤ, 99° ɜ
    Posts
    3,166

    Default Re: Java plugin threat to OpenSuse 12.1?

    Quote Originally Posted by dd View Post
    NoScript blocks javascript _only_.....which has nothing at all to do
    with the security threat posed by Java..
    I have not investigated in detail but does seem to have facility to block various plugins
    Refer:- Screenshot SUSE Paste
    GNOME Version 3.20.2
    openSUSE Leap 42.3 64-bit

    www.vazhavandan.blogspot.com

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •