Educause Security Discussion mailing list archives
Re: Java problems
From: Louis APONTE <louisaponte () WEBER EDU>
Date: Mon, 14 Jan 2013 08:38:07 -0700
On the SE download page Oracle advises all version 6 users to move to update 38, not really a stand down as your not affected. The latest updates to that page (as of Sept. 19, 2012) state (emphasis added): Java SE 6 End of Public Updates Notice After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive ( http://www.oracle.com/technetwork/java/javase/archive-139210.html ) on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support ( http://www.oracle.com/us/technologies/java/java-se-support-393643.html?ssSourceSiteId=otnen ) . What does this mean for Oracle E-Business Suite users? EBS users fall under the category of "enterprise users" above. Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates after February 2013. In other words, nothing will change for EBS users after February 2013. The eBusiness and normal users support has created added additional confusion about Java 6.
On 1/14/2013 at 08:21 AM, in message
<5220D448876FCD43ABAD3F71AC8184483BA24083E6 () EXCHANGE2007 oneonta edu>, "McClenon, Brady" <Brady.McClenon () ONEONTA EDU> wrote: From http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html Affected product releases and versions: Java SE Patch Availability JDK and JRE 7 Update 10 and earlier Java SE ( http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html#PatchTable ) Note: JDK and JRE 6, 5.0 and 1.4.2, and Java SE Embedded JRE releases are not affected. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Roger A Safian Sent: Monday, January 14, 2013 10:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Java problems I’m not sure if they’re correct or not, but, even assuming they are. Since Java 6 is basically not supported any more, how long do you think you can safely continue to use it? Seems like at best you have just kicked the can down the road a little. FWIW, I’d like to be wrong on this, since we use Kronos, and it has the same issue. We’re recommending the non-java version right now. Hopefully Oracle will put out some news today* From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shalla, Kevin Sent: Monday, January 14, 2013 9:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Java problems Here’s a Chicago Tribune story on Java security problems: http://www.chicagotribune.com/business/technology/chi-java-update-oracle-updates-java-security-experts-say-bugs-remain-20130114,0,7822126.story We use Java 6 in order to run Banner. This article seems to suggest that Java 6 doesn’t have the problem. People in my department have started to ask me what to do. What do you all think? Kevin
Current thread:
- Java problems Shalla, Kevin (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Roger A Safian (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems Ludwig, David C. (Feb 01)
- Re: Java problems Dave Koontz (Feb 01)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Chuck Braden (Jan 14)