Clément Lefebvre: I'll try, but I'm handicapped by the fact that Oracle doesn't disclose details about security risks:
"As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Document, the readme files, and FAQs." Source: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html Enfin, I'll try.... The vulnerabilities in 6u26 allow remote exploits without authorizations. This means among other things, that an attacker can create an attack website containing malicious Java applications or Java applets. Those can enable him to hijack confidential sessions on my system with sensitive websites such as online banking, e-commerce and payment websites. I hope this is enough. About the solution: I suppose that you are also restrained by Oracle's new licensing policy, from creating a deb installer for the secure 6u29. But an installation script that pulls 6u29 from Oracle's site (comparable to the script for Adobe Flash Player) is apparently still allowed. Now I don't know how to make such an installation script, but I've written a detailed how-to for installing Oracle (Sun) Java 6u29 manually: http://sites.google.com/site/easylinuxtipsproject/java Maybe you can create an installation script from this manual? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/890278 Title: sun java outdated To manage notifications about this bug go to: https://bugs.launchpad.net/linuxmint/+bug/890278/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
