Educause Security Discussion mailing list archives
Re: Java problems
From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Mon, 14 Jan 2013 09:27:09 -0600
It looks like there were some early conflicting reports on the issue, and this report (https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf) seems to indicate that the fundamental code vulnerability also exists in Java 6.
However the latest consensus seems to be that this particular exploit requires both the code vulnerability and a new feature that only exists in Java 7 to successfully exploit a system.
At the moment, Java 6 seems to be unaffected. Oracle is still saying they'll end support and updates for Java 6 at the end of February, though.
Kevin On 1/14/2013 9:03 AM, Shalla, Kevin wrote:
Here's a Chicago Tribune story on Java security problems: http://www.chicagotribune.com/business/technology/chi-java-update-oracle-updates-java-security-experts-say-bugs-remain-20130114,0,7822126.storyWe use Java 6 in order to run Banner. This article seems to suggest that Java 6 doesn't have the problem. People in my department have started to ask me what to do. What do you all think?Kevin
Attachment:
kevin_halgren.vcf
Description:
Current thread:
- Re: Java problems, (continued)
- Re: Java problems Roger A Safian (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems Ludwig, David C. (Feb 01)
- Re: Java problems Dave Koontz (Feb 01)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Roger A Safian (Jan 14)
- Re: Java problems Chuck Braden (Jan 14)