Σημαντική ανακοίνωση σχετικά με τα πακέτα sun java που υπάρχουν στα partner αποθετήρια της canonical (archive.canonical.com<http://archive.canonical.com/pool/partner/s/sun-java6/>). Για να είμαι ειλικρινής, περίμενα μια τέτοια ανακοίνωση. Υπάρχουν μερικές προειδοποιήσεις ασφαλείας για την έκδοση των πακέτων Sun Java που υπάρχει στα αποθετήρια (sun-java6).
*Αν χρησιμοποιείτε κάποιο από τα πακέτα sun java, σας συμβουλεύω να αρχίσετε να χρησιμοποιείτε το openjdk (πακέτα για ubuntu openjdk-6-jre ή default-jre default-jdk) και αφαιρέστε οποιαδήποτε sun-java πακέτα έχετε εγκαταστήσει. * Εν ολίγοις, για ubuntu 10.04 (και νεότερες εκδόσεις): sudo apt-get purge sun-java6.* sudo apt-get install default-jre default-jdk openjdk-6-jre sudo update-alternatives --config java sudo update-alternatives --config javaws (Για τις τελευταίες 2 εντολές, αν σας δοθούν περισσότερες επιλογές, διαλέξτε το openjdk αντί του sun java) Αν πραγματικά χρειάζεστε sun/oracle java, τότε εγκαταστήστε το oracle java 7: https://help.ubuntu.com/community/Java#Oracle_Java http://askubuntu.com/questions/56104/how-can-i-install-oracle-java-jre-7 http://askubuntu.com/questions/55848/how-do-i-install-oracle-java-jdk-7 Μετά τιμής, Σάββας ---------- Forwarded message ---------- From: Marc Deslauriers <marc.deslauri...@canonical.com> Date: 15 December 2011 20:28 Subject: Important notice regarding Java packages in Partner archive To: ubuntu-security-annou...@lists.ubuntu.com The Canonical partner archive currently contains Oracle's Sun Java JDK packages (sun-java6) for Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. As of August 24th 2011, we no longer have permission to redistribute new Java packages as Oracle has retired the “Operating System Distributor License for Java” [1][2]. Oracle has published an advisory about security issues in the version of Java we currently have in the partner archive [3]. Some of these issues are currently being exploited in the wild. Due to the severity of the security risk, Canonical is immediately releasing a security update for the Sun JDK browser plugin which will disable the plugin on all machines. This will mitigate users' risk from malicious websites exploiting the vulnerable version of the Sun JDK. In the near future (exact date TBD), Canonical will remove all Sun JDK packages from the Partner archive. This will be accomplished by pushing empty packages to the archive, so that the Sun JDK will be removed from all users machines when they do a software update. Users of these packages who have not migrated to an alternative solution will experience failures after the package updates have removed Oracle Java from the system. If you are currently using the Oracle Java packages from the partner archive, you have two options: 1- Install the OpenJDK packages that are provided in the main Ubuntu archive. (icedtea6-plugin for the browser plugin, openjdk-6-jdk or openjdk-6-jre for the virtual machine) 2- Manually install Oracle's Java software from their web site [4]. For more information, please consult the wiki page on the subject [5]. We apologize for any inconvenience this may cause, and thank you for your understanding. [1] - http://jdk-distros.java.net/ [2] - http://robilad.livejournal.com/90792.html [3] - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html [4] - http://www.oracle.com/technetwork/java/javase/downloads/index.html [5] - https://wiki.ubuntu.com/LucidLynx/ReleaseNotes/Java6Transition -- ubuntu-security-announce mailing list ubuntu-security-annou...@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
signature.asc
Description: PGP signature
