Network News

X My Profile
View More Activity

Sun Updates Fix Multiple Java Flaws

Sun Microsystems issued updates to fix a slew of stability and security problems with its Java software.

According to Sun, my version is vulnerable, as are any versions of JRE 1.4.2_09 and prior. Updates also are available for the same versions of the Sun Java Development Kit (JDK) and JRE versions 1.4.2_09 and prior, and JDK and JRE 1.3.1_16 and earlier.

Sun's response to this apparently confusing situation is: "The ... command only determines the default version. Other versions may also be installed on the system."

Sun's advisory notes that you must uninstall any previous versions of the software, but instead of providing or linking to instructions on how to do that, the advisory says, "Please see the installation notes on the respective java.sun.com download pages."

I couldn't find said removal instructions anywhere on Sun's site. Clicking "remove" from Java's listing in the Add/Remove panel may do the trick, but then again, maybe not.

If you check on your PC and find you have Sun's JDK or JRE 5.0 Update 5 or prior installed, the update for that version is downloadable here.

Update for SDK and JRE 1.4.x versions.

Update for SDK and JRE 1.3.x versions

The alternative, of course, is just to uninstall Java and leave it that way. While Java is used by some applications and interactive Web sites, most Windows users would probably never miss it if the software was removed from their machines.

By Brian Krebs  |  February 9, 2006; 1:35 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Anti-Virus Pricing Ripples?
Next: Microsoft to Issue Seven Patches Next Week

Comments


java updates have the bad habit of leaving old versions on the system - I have seen 3-4 version on one machine, taking up almost a GB of space..best to uninstall old versions, leaving only the latest..

Posted by: ryand | February 9, 2006 2:05 PM | Report abuse

If http://www.ssec.wisc.edu/~tomw/version.html tells me that it is using Java 1.5.0_06, am I safe, or is it possible for other web pages to use other versions of Java on my computer? (I'm using Firefox trunk.)

Posted by: Jesse Ruderman | February 9, 2006 2:07 PM | Report abuse

Just a quick add-on: Typing "java -fullversion" in a terminal window works in OS X, as well as Linux and Solaris.

Posted by: Reader | February 9, 2006 2:29 PM | Report abuse

I second ryand's comments. I found I had 6 versions of java installed, from 1.4.2 through 1.5.0_06. All of the older versions uninstalled cleanly from Add/Remove Programs. Now to get my other 30 users to do it as well....

Posted by: scottr | February 9, 2006 2:32 PM | Report abuse

in tiny print over at Sun-- it gives a header for installation help with a link going to java.com

link for installation help- Java
http://www.java.com/en/download/help/5000010400.xml#test
instructions
"# Go to java.com
# Click Manual Download under Get Java Software.
# Click Download next to Windows (Offline Installation).
The File Download dialog box appears.
# Choose the folder location.
# (Save the file to a known location on your computer, for example, to your desktop). Click Save.
The Save As dialog box appears.
If you have previously downloaded this version of JRE, you may be prompted:
File jre-1_5_0_02-windows-i586-p.exe already exists. Do you want to replace it?
# Click Yes to replace.
# Verify that the:

* Name of the file is jre-1_5_0_02-windows-i586-p.exe
* Size is approximately 15.2 MB

# Close all applications including the browser.
# Double-click on the saved file icon to start the installation process."


system overwrites old installation

Sun also does respond quickly to inquiries-- 24-32 hours if question submitted to technical staff. received explicit step-by-step instructions how to resolve an issue from them in unTechie terms.

Posted by: pogo | February 9, 2006 3:10 PM | Report abuse

I think it is very wise to suggest that users might just uninstall it. I did a long time ago as it I did not think it worth the risk, hassle and space to have this software in the system. I do very well without it and rarely find a site that needs it. Any site that cannot be naviagted or viewed I just ignore. It is their loss not mine.

Posted by: Steve | February 10, 2006 1:55 AM | Report abuse

Be careful about uninstalling prior versions of Java willy nilly. Some applications were written specifically for some of the older versions. A non-trivial financial institution requires the use of Java Web Start 1.0.x to run its application to this very day.

Posted by: NoCell | February 12, 2006 9:27 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company