Ubuntu – Does java security flaw affects ubuntu also


There are rumors about an actual java security problem. The BSI advises people to deactivate java plugins version 7 and prior in all kind of OS, even in linux. Does this mean, I should deactivate iced-tea plugin in ubuntu now? Or is this specific version not concerned?

Thank you very much for your answer. I looked for this information in the internet already but wasn't able to find what you found out since I don't know much about the interdependence. I have disabled icedtea plugin now. Better safe than sorry…

How can we warn all the other ubuntu users out there? According to the BSI the exploit is already excessively used in the coutries Norway, Germany and the Netherlands. Since ubuntu is also affected as you concluded this seems to be really important. Also heise security writes now, the bug concerns every kind of os and browser which is supported by java.

Btw, Oracle has finally managed to fix the bug in Ver 7 update 7

How can I tell when the problem is fixed in the icedtea version ubuntu uses?

Aditional information: http://www.kb.cert.org/vuls/id/636312

Best Answer

From here they said it was reported as CVE-2012-4681 for Oracle Java 7 Update 6, and possibly other versions ,

It seems that it has not been reported or accounted for Ubuntu yet but can be seen reported for Debian as here for packages openjdk-6 and openjdk-7 , so i guess it applies here too.

enter image description here

If i am guessing it right ,same version exists for Ubuntu here

enter image description here

So please disable it , to be assured for safer side .

Edit (1-9-2012) It is now addressed by Ubuntu Security team as can be seen here . Security update for the package will soon be provided ,i guess.

Icetea-Web package includes the Plugin , which seems to have not being affected as here.

enter image description here

You can click the Ubuntu link as above to see the packages in it .So i guess , you are safe to use it.