OpenJDK7 update 7 with IcedTea 2.3.2 fixes more flaws
It took a day for the developers to release a new version of IcedTea, fixing another three CVE’s (critical security bugs) in OpenJDK 7. New on the fix list are these security fixes:
- CVE-2012-1682: XMLDecoder security issue via ClassFinder
- CVE-2012-3136: Improve long term persistence of java.beans objects
- CVE-2012-0547: Simplify toolkit internals references
Get my packages (Slackware 13,37 and newer) for OpenJDK 7u7_b30 here:
- http://slackware.com/~alien/slackbuilds/openjdk/ , the primary location (but slow)
- http://taper.alienbase.nl/mirrors/people/alien/slackbuilds/openjdk/ , my own fast mirror
- Note that the slackware.org.uk mirror is no longer being updated with my stuff after verbal abuse from its operator. Remove that server from any of your scripts and use another mirror like taper.
I will repeat these notes:
- You need to install either the JRE or the JDK package. Not both of them! If you are not a Java developer and never compile Java code, then you do not need the openjdk package and it will be sufficient to install the (much smaller) openjre package instead.
- If you are migrating to OpenJDK after having used Oracle’s Java binaries, make sure that you have removed both “jre” and “jdk” packages. Run a command like “removepkg /var/log/packages/jdk-* ; removepkg /var/log/packages/jre-*” to get rid of both. Then install the openjdk or openjre package. Logout and log back in after this package removal/installation so that you will get the proper Java environment.
- Test your java browser plugin online: http://javatester.org/version.html or http://www.java.com/en/download/testjava.jsp .
Good luck! Eric