Java seems to have some security issues affecting Linux as well as other operating systems. The issues specifically affects the Java browser plugin, not the Java installation. I haven't used a Java website for ages, and in fact when I checked, I didn't have the plugin installed in this installation (Debian Wheezy). Worth checking if you do have the vulnerable plugin installed, and either disabling it or restricting use to sites that absolutely require it. Brian Krebs has the details, but here are some useful links.
Check to see if you have the plugin installed.
How do I disable Java in my web browser?
Firefox: Protecting Users Against Java Vulnerability
Showing posts with label Sun Java. Show all posts
Showing posts with label Sun Java. Show all posts
Friday, January 18, 2013
Thursday, July 8, 2010
Sun Java in Debian
I've been using Debian on a couple of laptops for a while now, and never needed to install Sun Java, but recently a web site prompted me to install it, so I thought I'd give it a go, thus finishing the trinity of non-free multimedia installations in Linux: Flash, MP3 ripping, and Sun Java.Flash required adding a repository for Lenny backports, warnings that my system couldn't be considered stable any more, and warnings from Firefox that I was running an insecure version of Flash until I realised I had to enable automatic upgrades for backports.
MP3 ripping required adding the Debian Multimedia repository, and installing the package gstreamer0.10-lame.
The Sun Java package is in the Debian non-free repository, as is the browser plug-in. (sun-java6-jre and sun-java6-plugin were the required packages.) Marking the packages for installation resulted in a scary message:
You are about to install software that can’t be authenticated! Doing this could allow a malicious individual to damage or take control of your system.This message is scary because malware can find its way into a Linux repository, if the packages are not digitally signed, and ignoring messages like this is the last thing users should be doing. I couldn't find an answer on Google, but the Debian Forum was helpful. It seems I needed the package debian-keyring. Quite why Debian doesn't prompt you to install the debian-keyring package when you enable the non-free repository is a bit of a mystery- maybe I did something wrong or missed a message, I don't know.
All in all, installing Flash, enabling MP3 ripping, and installing Java was a lot less painful in Ubuntu.
And the site that required Java? I went back and tried it again, but nothing happened- either a broken applet, or not compatible with the Sun Java version I have installed. The site wasn't that interesting, so I couldn't be bothered to find out which. So I still haven't really come across a site yet where I really need Java, but at least it's installed now in case I ever need it. :-P
Subscribe to:
Posts (Atom)
