Aug 21, 2008 07:50  |  Skip to search

Dangerous Java flaw threatens virtually everything

Liam Tung, ZDNet Australia
Friday 13th July 04:44 PM

TALKBACK

Add your opinion

  1. java flaw? more like media needs their brains to thaw...

    Anonymous -- 14/07/2007

    Why are you guys so anxious to tell us about something that is already patched and updated?

    the AusCERT advisory
    http://www.auscert.org.au/render.html?it=7664
    say that this effects * JDK and JRE 6
    * JDK and JRE 5.0 Update 10 and earlier
    * SDK and JRE 1.4.2_14 and earlier
    * SDK and JRE 1.3.1_20 and earlier
    so checking my java version:
    $ java -version
    java version "1.5.0_08"

    Ha!
    Java has already been patched and updated by Ubuntu 6.10!
    So how come the hullabaloo over out of date stuff?
    must be SND...(slow news day).....

    Reply to: Comment | Story

    1. Dear Twit...

      Abby Normal -- 14/07/2007

      How very nice your home toy computer is current. Perhaps you should try working in a corporate environment with a couple hundred or a few thousand desktops. Your ignorance and attitude would likely be corrected to be more inline with reality.

      e.g. The SAP client wants JRE 1.4.2_12 or 1.5.X

      Also, you may wish to read your own comment for comprehension.

      "...say that this effects.. JDK and JRE 5.0 Update 10 and earlier"

      you:
      $ java -version
      java version "1.5.0_08"

      *ahem* .. that's update 8, not 10. You're vulnerable. HAND, HTH.

      Reply to: Comment | Story

  2. java - write once, vulnerable everywhere

    Anonymous -- 14/07/2007

    Awesome. Cross platform vulnerability. In language terms, java's been in steady decline in recent year (syntax bloat etc) and now the VM's joined it.
    JAVA = Just Another Vulnerable Application

    Reply to: Comment | Story

    1. re: vulnerable everywhere

      Anonymous -- 17/07/2007

      Oh please... The only reason it is cross platform is because Java is cross platform. This is not a VM problem.

      You know what happens when libjpeg on Linux has a processing vulnerability for example? Every single application on every single Linux distribution using that version of libjpeg, is vulnerable as well.

      So this is no different than when a shared library or DLL has a vulnerability.

      Reply to: Comment | Story

  3. This hole was fixed along time ago

    Anonymous -- 17/07/2007

    This hole was fixed a long time ago, and it did not affect mobile devices as far as anyone knows. It only affected image processing code in J2SE.

    Please ZDNet, try to get your facts straight before you go out reporting sensationalist "The sky is falling" headlines like this.

    No, the sky is not falling. And this is also very old news. The hole has been fixed.

    Reply to: Comment | Story

Add your opinion

Comments 1 - 5 of 5