| Summary: | java-1.8.0-openjdk new security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb, wilcal.int |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/661763/ | ||
| Whiteboard: | has_procedure MGA5-32-OK MGA5-64-OK advisory | ||
| Source RPM: | java-1.8.0-openjdk-1.8.0.60-1.b27.1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-10-22 19:56:37 CEST
See https://bugs.mageia.org/show_bug.cgi?id=14051#c4 for useful links to test java Whiteboard:
(none) =>
has_procedure Updated packages uploaded for Mageia 5 and Cauldron. Advisory in Comment 0. Test link in Comment 1. Assignee:
bugsquad =>
qa-bugs Cisco ASDM runs fine, and a handful of Java applets I tried worked fine. However, the Oracle Java plugin test: https://www.java.com/en/download/installed.jsp fails with this error: IcedTea-Web Plugin version: 1.6.1 (mageia-1.mga5-i386) Fri Oct 23 11:58:30 EDT 2015 net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize applet. For more information click "more information button". at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:764) at net.sourceforge.jnlp.Launcher.getApplet(Launcher.java:686) at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:933) Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: The signed JNLP file did not match the launching JNLP file. Missing Resource: Signed Application did not match launching JNLP File at net.sourceforge.jnlp.runtime.JNLPClassLoader.verifySignedJNLP(JNLPClassLoader.java:1035) at net.sourceforge.jnlp.runtime.JNLPClassLoader.checkForMain(JNLPClassLoader.java:893) at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:679) at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:285) at net.sourceforge.jnlp.runtime.JNLPClassLoader.createInstance(JNLPClassLoader.java:357) at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:429) at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:403) at net.sourceforge.jnlp.Launcher.createApplet(Launcher.java:729) ... 2 more I synced a few new patches in icedtea-web from Fedora and built an update to that (icedtea-web-1.6.1-1.1.mga5) but I still get the same error on the Oracle test. I'm not sure what to make of this. In VirtualBox, M5, KDE, 32-bit Set Firefox -> Tools -> Add-ons -> IceTea-Web Plugin -> Always Active Package(s) under test: java-1.8.0 java-1.8.0-openjdk-headless icedtea-web default install of timezone-java java-1.8.0 java-1.8.0-openjdk-headless & icedtea-web [root@localhost wilcal]# urpmi timezone Package timezone-2015f-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi timezone-java Package timezone-java-2015f-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk Package java-1.8.0-openjdk-1.8.0.60-1.b27.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk-headless Package java-1.8.0-openjdk-headless-1.8.0.60-1.b27.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi icedtea-web Package icedtea-web-1.6.1-1.mga5.i586 is already installed http://www.w3.org/People/mimasa/test/object/java/ tests run http://javatester.org/version.html indicates Java version 1.8.0_60 http://www.lalena.com/games/Swarm.aspx runs install timezone-java java-1.8 java-1.8.0-openjdk-headless & icedtea-web from updates_testing [root@localhost wilcal]# urpmi timezone Package timezone-2015f-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi timezone-java Package timezone-java-2015f-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk Package java-1.8.0-openjdk-1.8.0.65-1.b17.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk-headless Package java-1.8.0-openjdk-headless-1.8.0.65-1.b17.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi icedtea-web Package icedtea-web-1.6.1-1.1.mga5.i586 is already installed http://www.w3.org/People/mimasa/test/object/java/ tests run http://javatester.org/version.html indicates Java version 1.8.0_65 http://www.lalena.com/Games/Quick21.aspx runs CC:
(none) =>
wilcal.int In VirtualBox, M5, KDE, 64-bit Set Firefox -> Tools -> Add-ons -> IceTea-Web Plugin -> Always Active Package(s) under test: java-1.8.0 java-1.8.0-openjdk-headless icedtea-web default install of timezone-java java-1.8.0 java-1.8.0-openjdk-headless & icedtea-web [root@localhost wilcal]# urpmi timezone Package timezone-2015f-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi timezone-java Package timezone-java-2015f-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk Package java-1.8.0-openjdk-1.8.0.60-1.b27.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk-headless Package java-1.8.0-openjdk-headless-1.8.0.60-1.b27.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi icedtea-web Package icedtea-web-1.6.1-1.mga5.x86_64 is already installed http://www.w3.org/People/mimasa/test/object/java/ tests run http://javatester.org/version.html indicates Java version 1.8.0_60 http://www.lalena.com/games/Swarm.aspx runs install timezone-java java-1.8 java-1.8.0-openjdk-headless & icedtea-web from updates_testing [root@localhost wilcal]# urpmi timezone Package timezone-2015f-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi timezone-java Package timezone-java-2015f-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk Package java-1.8.0-openjdk-1.8.0.65-1.b17.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi java-1.8.0-openjdk-headless Package java-1.8.0-openjdk-headless-1.8.0.65-1.b17.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi icedtea-web Package icedtea-web-1.6.1-1.1.mga5.x86_64 is already installed http://www.w3.org/People/mimasa/test/object/java/ tests run http://javatester.org/version.html indicates Java version 1.8.0_65 http://www.lalena.com/Games/Quick21.aspx runs
William Kenney
2015-10-25 16:29:48 CET
Whiteboard:
has_procedure MGA5-32-OK =>
has_procedure MGA5-32-OK MGA5-64-OK This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks Keywords:
(none) =>
validated_update William, did you ever check: https://www.java.com/en/download/installed.jsp advisory uploaded CC:
(none) =>
tmb An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0412.html Status:
NEW =>
RESOLVED (In reply to David Walser from comment #7) > William, did you ever check: > https://www.java.com/en/download/installed.jsp For some reason I'm getting an error when using that page: "We are unable to verify if Java is currently installed and enabled in your browser. If you have installed Java and there is an error with the verification, there could be a configuration issue (eg. browser, Java control panel, security settings) or the Java plug-in is blocked by the browser." And that even before I install the update. So even though it's Oracle I think Java is properly installed and running with the right version. That's kinda why I ignored it. (In reply to William Kenney from comment #10) > And that even before I install the update. So even though it's Oracle > I think Java is properly installed and running with the right version. > That's kinda why I ignored it. Thanks, I didn't think to try it before the update. I guess Oracle broke their plugin test. |