Re: [freenet-support] Urgent Freenet security announcement: upgrade your Java now!
On Sunday 09 August 2009 12:10:21 pm 3BUIb3S50i 3BUIb3S50i wrote: I use Ubuntu 8.10 Remove java Download java 6 update 15: 32 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33223 64 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33227 And follow these steps: sudo mv /.../jre-6u15-linux-x64.bin /opt/ cd /opt/ chmod +x jre-6u15-linux-x64.bin sudo ./jre-6u15-linux-x64.bin YES sudo update-alternatives --install /usr/bin/java java /opt/jre1.6.0_15/bin/java 1 sudo update-alternatives --config java sudo rm /usr/bin/java sudo ln -fs /opt/jre1.6.0_15/bin/java /usr/bin/java Launch Freenet I did that. Freenet seems to be running, and I have 17 connections just now But I get some warnings (here are the most important): Upgrade your java immediatelydue to a severe vulnerability in your java jvm Could not load plugin XMLLibrarian Your JVM is dangerously old ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Urgent Freenet security announcement: upgrade your Java now!
sudo ln -fs /opt/jre1.6.0_15/bin/java /usr/bin/java Launch Freenet I did that. Freenet seems to be running, and I have 17 connections just now But I get some warnings (here are the most important): Upgrade your java immediatelydue to a severe vulnerability in your java jvm Could not load plugin XMLLibrarian Your JVM is dangerously old I just checked my freenet, and now everything looks all right, the warnings have gone, and the system has been automaitcally updated to 1229. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Urgent Freenet security announcement: upgrade your Java now!
On Sunday 09 August 2009 01:22:28 am Matthew Toseland wrote: Anyone running Freenet must upgrade to at least Sun Java 6 Update 15 or Sun Java 5 Update 20. Until you are able to do this, please shut down anything that parses XML, specifically: - Do not use the search function (XMLLibrarian). - Unload the WoT and Freetalk plugins if you are using them. Likewise with Library etc. - Do not use Thaw. Shut it down if it is running. Other applications may also be vulnerable via the Python libexpat and Apache Xerces libraries, so you should update your distribution ASAP. However, not all applications that process XML are vulnerable as there are a number of XML parsers. This concerns both denial of service and remote code execution and thus is a *SEVERE* vulnerability. I will be putting out a new build ASAP, which will tell any users who haven't upgraded to upgrade and will disable XMLLibrarian until they do so. http://www.cert.fi/en/reports/2009/vulnerability2009085.html I am using ubuntu 8.04 There is an easy way in ubuntu to upgrade packages. Open a terminal and run updage-manager Then click Install Updates I just did that, but I only get sun-java6 update 14 (6-14-0ubuntu) I also checked if Freenet 1228 had been automatic updated, but it had not, so I ran: cd Freenet ./update.sh and now 1228 is running (instead of 1223) But my Freenet still complains about updating sun-java I can inform, that I also did an upgrade on another machine running ubuntu 9.04, and this also is running sun-java6 update 14 (6-14-0ubuntu) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
Re: [freenet-support] Urgent Freenet security announcement: upgrade your Java now!
I use Ubuntu 8.10 Remove java Download java 6 update 15: 32 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33223 64 bits: http://javadl.sun.com/webapps/download/AutoDL?BundleId=33227 And follow these steps: sudo mv /.../jre-6u15-linux-x64.bin /opt/ cd /opt/ chmod +x jre-6u15-linux-x64.bin sudo ./jre-6u15-linux-x64.bin YES sudo update-alternatives --install /usr/bin/java java /opt/jre1.6.0_15/bin/java 1 sudo update-alternatives --config java sudo rm /usr/bin/java sudo ln -fs /opt/jre1.6.0_15/bin/java /usr/bin/java Launch Freenet On Sun, Aug 9, 2009 at 9:49 AM, user1 bq...@telia.com wrote: On Sunday 09 August 2009 01:22:28 am Matthew Toseland wrote: Anyone running Freenet must upgrade to at least Sun Java 6 Update 15 or Sun Java 5 Update 20. Until you are able to do this, please shut down anything that parses XML, specifically: - Do not use the search function (XMLLibrarian). - Unload the WoT and Freetalk plugins if you are using them. Likewise with Library etc. - Do not use Thaw. Shut it down if it is running. Other applications may also be vulnerable via the Python libexpat and Apache Xerces libraries, so you should update your distribution ASAP. However, not all applications that process XML are vulnerable as there are a number of XML parsers. This concerns both denial of service and remote code execution and thus is a *SEVERE* vulnerability. I will be putting out a new build ASAP, which will tell any users who haven't upgraded to upgrade and will disable XMLLibrarian until they do so. http://www.cert.fi/en/reports/2009/vulnerability2009085.html I am using ubuntu 8.04 There is an easy way in ubuntu to upgrade packages. Open a terminal and run updage-manager Then click Install Updates I just did that, but I only get sun-java6 update 14 (6-14-0ubuntu) I also checked if Freenet 1228 had been automatic updated, but it had not, so I ran: cd Freenet ./update.sh and now 1228 is running (instead of 1223) But my Freenet still complains about updating sun-java I can inform, that I also did an upgrade on another machine running ubuntu 9.04, and this also is running sun-java6 update 14 (6-14-0ubuntu) ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
[freenet-support] Urgent Freenet security announcement: upgrade your Java now!
Anyone running Freenet must upgrade to at least Sun Java 6 Update 15 or Sun Java 5 Update 20. Until you are able to do this, please shut down anything that parses XML, specifically: - Do not use the search function (XMLLibrarian). - Unload the WoT and Freetalk plugins if you are using them. Likewise with Library etc. - Do not use Thaw. Shut it down if it is running. Other applications may also be vulnerable via the Python libexpat and Apache Xerces libraries, so you should update your distribution ASAP. However, not all applications that process XML are vulnerable as there are a number of XML parsers. This concerns both denial of service and remote code execution and thus is a *SEVERE* vulnerability. I will be putting out a new build ASAP, which will tell any users who haven't upgraded to upgrade and will disable XMLLibrarian until they do so. http://www.cert.fi/en/reports/2009/vulnerability2009085.html signature.asc Description: This is a digitally signed message part. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
