Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Java Oracle Security

Oracle Ships Java 7 Update 11 With Vulnerability Fixes 243

An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."
This discussion has been archived. No new comments can be posted.

Oracle Ships Java 7 Update 11 With Vulnerability Fixes

Comments Filter:
  • Java and Flash (Score:5, Informative)

    by tepples ( 727027 ) <> on Sunday January 13, 2013 @10:24PM (#42578503) Homepage Journal
    Browsers come with only JS. Java is a plug-in published by Oracle that plays applets written in Java, just as Flash Player is a plug-in published by Adobe that plays applets written in ActionScript.
  • by black3d ( 1648913 ) on Sunday January 13, 2013 @10:37PM (#42578567)
    It's correct that the two have virtually nothing in common. However, Java in browsers is fairly widespread simply due to the fact that so many applications are built around the Java runtime and there's a good chance that at some time many users have needed to install it. A typical install of the Java Runtime Environment includes browser interaction.

    Many websites utilize Java through in-line apps and modern browsers make the installation process fairly simple (ie, a couple of on-page redirects and a pop-up window which takes care of it all - the same way most browsers simplify Flash installation simply because it's so universal). For example, nVidia's video-card-dectection routine is in Java and if it's not installed, will helpfully let you know and give a button to click to download it. Minecraft, of course, requires Java. Many development tools and even many network management packages are written in Java.

    Java on PCs is quite widespread and thus by default, so is Java on browsers.

    Javascript, as you rightly raise, is altogether different, and prevalant on all browers by default (even though different browsers have different JS interpreters) and has nothing to do with the JRE.
  • Re:Java and Flash (Score:2, Informative)

    by Shikaku ( 1129753 ) on Sunday January 13, 2013 @10:40PM (#42578583)

    You have to manually install it or a piece of software you run needs it and installs it. No modern browser needs it nowadays.

  • by black3d ( 1648913 ) on Sunday January 13, 2013 @10:43PM (#42578605)
    Java 6 isn't vulnerable to this particular exploit. Only 7.
  • by RedHackTea ( 2779623 ) on Sunday January 13, 2013 @10:58PM (#42578677)
    I think the only popular sites are games now. Minecraft is the first you'll hear on /. It uses Java and LWJGL (Light-Weight Java Game Library) -- which essentially just uses JNI to expose native calls to OpenGL/AL/CL using C code. I believe there is both a Java Applet version and offline version (which may use Java WebStart, don't know).

    RuneScape and all of FunOrb (also made by Jagex -- the creators of Runescape) are also Java Applets.

    Other than games, you'll see sites use Java Applets for simulations, etc. -- things that are either computationally intensive or too complex. Since Java is object-oriented, has tons of built-in data structures, garbage collection, and runs off the client's (pretty fast) JVM in which there is a JVM available for the popular OSes, it's a better alternative to JavaScript or Silverlight for these tasks.
  • Re:Leftovers (Score:4, Informative)

    by bertok ( 226922 ) on Sunday January 13, 2013 @11:34PM (#42578849)

    Older versions of Java defaulted to side-by-side installation mode, which was then kept even after newer releases were installed on top.

    Newer versions default to in-place upgrade mode instead.

    It's poorly documented, and as far as I know, the only way to fix it is to completely uninstall and re-install the latest version.

  • by Billly Gates ( 198444 ) on Monday January 14, 2013 @12:02AM (#42578949) Journal

    Javascript absolutely has nothing to do with Java.

    Netscape realized for the web to take off as a platform it needed to do more than just display text and pictures so logic was needed. Netscape invented Livescript. Sun didn't like it and was in talks with making Java used instead of Livescript for dynamic web content.

    So Netscape made a deal to rename Livescript Javascript with the contract to include jre with Netscape 3. It has nothing to do with it other than pure marketing name to confuse users to spread synergy to Java instead which is what Sun hoped as Livescript aka Javascript was very limited at the time.

    It became a standard to this day.

  • by Runaway1956 ( 1322357 ) on Monday January 14, 2013 @02:23AM (#42579673) Homepage Journal

    People who read this site are mostly geeks, nerds, IT, developers, or some such who are computer literate. But, NO ONE who reads this site is ignorant of how pervasive Java is. NO ONE who reads this site is completely ignorant of the ways in which John and Jane Q. Public uses their computers.

    Like DavidClarkeHR's mother, my wife "needs" Java. Her computer may suffer any number of ills, and she'll ignore them. But, if she can't play her Pogo Games, the old broad is going to make my life miserable until the problem is fixed. To her, "the internet" pretty much means Pogo, Facebook, email, Craig's List, classified ads in the Texarkana Gazette, and a little bit of news.

    Oh, wait - how can I forget her soap operas? The woman has given up on television, and watches her daily shows on the computer now.

    THAT is the internet, for millions of people.

    Java don't work? "I WANT IT FIXED BEFORE I GET HOME FROM WORK!! You can forget about taking trash out, you can forget to pick your clothes up off the bathroom floor, you can leave the sink full of dirty dishes, BUT FIX MY INTERNET!!"

  • by ChunderDownunder ( 709234 ) on Monday January 14, 2013 @06:56AM (#42580447)

    Backporting security fixes to an old OS X release isn't feasible for Oracle because they don't own the particular codebase that targeted Snow Leopard and earlier. Apple forked the JDK under a commercial license from Sun back in the day, incorporating OS X specific implementation details, which for earlier Java releases lies in Apple HQ.

    When Apple handed over the reins to Oracle, any code they contributed back to the OpenJDK codebase would have been for the then current OS X revision (Lion) and thus likely unportable to Snow Leopard without modification. Code "Soy Latte" existed some 4 years ago as a community effort to port OpenJDK to OS X 10.5 and later but this was never the "official" port used by Apple.

    Were Apple any better during their stewardship of Java? I seem to remember JRE versions were tied to releases of OS X. Our efforts to develop a Swing application were stifled because our user base (e.g. schoolkids with iBooks) were stuck forever on Java 1.5.

    So blame Oracle but some of the blame goes back to Jobs, who in later years did much to sideline Java.

  • by Anonymous Coward on Monday January 14, 2013 @08:07AM (#42580627)

    Minecraft does not need the java browser plug-in.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling