Badmovies.org Forum

Trouble Tickets => Trouble Tickets => Topic started by: Andrew on July 14, 2007, 06:13:59 AM



Title: Java Security Hole - Update your computer!
Post by: Andrew on July 14, 2007, 06:13:59 AM
Chances are high that you have version of Sun Java on your computer, since many websites use Javascript and Java.  A serious security hole has been found that affects older versions:

http://www.zdnetasia.com/news/security/0,39044215,62028389,00.htm
http://www.auscert.org.au/render.html?it=7664

The security hole is serious, in that a malicious Java script could give itself privileges to do what it wants (read or delete files, run programs).  This includes bad websites! 

Java Runtime Environment 5, Update 10 (and earlier) and Java Runtime Environment 6 are vulnerable.

To patch your computer (Windows Update will not fix this flaw), I suggest the following:
- Open your computer's control panel and go to "Add/Remove Programs."
- Check the version(s) of Java that are installed
- If you have any of the following, remove (uninstall) them:
     * JDK and JRE 6
     * JDK and JRE 5.0 Update 10 and earlier
     * SDK and JRE 1.4.2_14 and earlier
     * SDK and JRE 1.3.1_20 and earlier
    (I always uninstall all older versions of Java before upgrading to a new version.  From experience, that works best.)
- After uninstalling, reboot your computer if it prompts you to.
- Download a new version of the Java Runtime Environment from the Sun website and install it.  I am providing links below.

CRITICAL DIRECTIONS BELOW:

I have been using Java Runtime Environment 6 and went to Java Runtime Environment 6, Update 2 without any problems.  Here are links to download the latest version of Java.  You only need one of them and, unless you know that you need version 5, I recommend using 6, which is the first link:

Java Runtime Environment 6, Update 2:  (scroll down to "Java Runtime Environment (JRE) 6u2" and download it - then install)
http://java.sun.com/javase/downloads/index.jsp

Java Runtime Environment 5:  (scroll down to "Java Runtime Environment (JRE) 5.0 Update 12" and download it - then install)
http://java.sun.com/javase/downloads/index_jdk5.jsp



Title: Re: Java Security Hole - Update your computer!
Post by: trekgeezer on July 14, 2007, 11:19:29 AM
Thanks for the heads up Andrew.


Title: Re: Java Security Hole - Update your computer!
Post by: Ash on July 14, 2007, 12:58:14 PM
I had been using Java Runtime Environment 6 (update 1) and was able to upgrade to Update 2.

In my control panel under Add, Remove Programs, there are a bunch of old updates for Java 5.0 and the Java Runtime Environment 6: update 1.

Can those be safely removed?


Title: Re: Java Security Hole - Update your computer!
Post by: Andrew on July 14, 2007, 01:02:38 PM
I had been using Java Runtime Environment 6 (update 1) and was able to upgrade to Update 2.

In my control panel under Add, Remove Programs, there are a bunch of old updates for Java 5.0 and the Java Runtime Environment 6: update 1.

Can those all be safely removed?

Yes, though I have always done the uninstall before installing the new version.  I have seen it done afterwards with no ill effects.


Title: Re: Java Security Hole - Update your computer!
Post by: asimpson2006 on July 16, 2007, 08:24:12 PM
It always good to remove old versions of JAVA before you install new ones.  Since I do tech support for a living I've seen people with 6 versions of JAVA on their computer and it causes all kinds of problems.  I've also talked to people who refuse to remove all of them since they claim that it is not a JAVA problem but a problem with the site that I do support for.  Needless to say those people sometimes drive me nuts.


Title: Re: Java Security Hole - Update your computer!
Post by: Ash on July 16, 2007, 11:18:49 PM
I still haven't removed them yet.
What kind of problems could arise by deleting them?


Title: Re: Java Security Hole - Update your computer!
Post by: CheezeFlixz on July 17, 2007, 12:37:40 AM
I still haven't removed them yet.
What kind of problems could arise by deleting them?

Well if you delete my Java, without replacing my Java; I guarantee that I'll be really cranky in the morning.


Title: Re: Java Security Hole - Update your computer!
Post by: Andrew on July 18, 2007, 09:24:45 AM
This update is very important, so I am responding to bump it up and make sure everybody notices it.

In my experience, not uninstalling older versions of Java can cause an application to use (or even request to use) the older version.  Not only could that lead to problems that are hard to figure out, but it means you could still be leaving your computer open to the security hole - though you also have the newer version installed.

Besides, Java is fair sized.  I think a full install is over 100 MB.  I'm sure that there are better things to do with that hard drive space than keep old versions floating around.


Title: Re: Java Security Hole - Update your computer!
Post by: Ash on July 18, 2007, 07:24:07 PM
Thanks for the help.
I was able to successfully uninstall all of the previous versions of Java with no problems.

And you weren't kidding about the space it freed up.
I had like six or seven previous versions and each one was over 100 MB.


Title: Re: Java Security Hole - Update your computer!
Post by: asimpson2006 on July 19, 2007, 09:19:28 PM
This update is very important, so I am responding to bump it up and make sure everybody notices it.

In my experience, not uninstalling older versions of Java can cause an application to use (or even request to use) the older version.  Not only could that lead to problems that are hard to figure out, but it means you could still be leaving your computer open to the security hole - though you also have the newer version installed.

Besides, Java is fair sized.  I think a full install is over 100 MB.  I'm sure that there are better things to do with that hard drive space than keep old versions floating around.

You got that right Andrew, if you have a bunch of JAVA versions on your computer your taking up more space that need be.  With multiple versions your browser may have problems loading JAVA applications.  If you do have multiple version of JAVA on your computer, your browser (IE, Netscape, Firefox, etc.) usually knows what version of JAVA to selection, however there are times where it goes to select a version and kinda does a WTF? and is not able to pick one, and the applets fail to load because of that.