Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index

Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability


I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that's exploited using Rhino Javascript. So the
context has to be a browser for there to be an issue even if OpenJDK is
affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for
lots of data...

S.


On Tue, Jan 15, 2013 at 6:58 PM, Dennis E. Hamilton <dennis.hamilton@acm.org
wrote:

Again, thanks to Simon Phipps for retweeting the information.

It appears that one should *not* assume that OpenJDK does not share
vulnerabilities with the Oracle Java SE and JDK:

The log of changes to OpenJDK for the recent vulnerability (just as
indication of the Oracle updating of OpenJDK):
<http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html


The CVE:
<
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html


There is still reporting that this update is not a complete fix.  I have
not found a reliable technical source that makes clear what the remaining
concern is, or if it is simply a lag in reports that have not recognized
the latest patches.

 - Dennis

-----Original Message-----
From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org]
Sent: Sunday, January 13, 2013 13:27
To: 'lj'; 'Libreoffice Discussion List'
Subject: RE: [tdf-discuss] LibreOffice and Java Security:

This just out:

<https://blogs.oracle.com/security/entry/security_alert_for_cve_2013>

(Thanks to Simon Phipps for the link.)

Note that the vulnerabilities "only affect Oracle Java 7 versions."

 - Dennis

-----Original Message-----
From: lj [mailto:ljeloudev@gmail.com]
Sent: Saturday, January 12, 2013 19:23
To: Libreoffice Discussion List
Subject: [tdf-discuss] LibreOffice and Java Security:

Hi all,
I am not sure if this is the correct list for this message.
I recently read this article about a Java 1.7 Security Problem.
Does this problem concern LibreOffice and Java???
This macrumors article post and reads that this problem effects java
versions 4-7. At the moment oracle are at java 7.


http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/


The Forbes article reveals that Mozilla, and Apple are advising users to
disable Java on there machines because of this security problem.

http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/



http://thenextweb.com/apple/2013/01/11/apple-takes-no-prisoners-immediately-blocks-java-7-on-os-x-10-6-and-up-to-protect-mac-users/


Can I use LibreOffice without Java enabled on my computer?? As I receive
annoying pop up windows when I first use libreoffice to install Java on
Apple OS X Mountain Lion.

--
Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org
Problems?
http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be
deleted


--
Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org
Problems?
http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be
deleted


--
Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org
Problems?
http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be
deleted




-- 
*Simon Phipps*  http://webmink.com
*Meshed Insights & Knowledge *
*Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027
*Mobile*:  +44 774 776 2816*
*

-- 
Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.