Hello,
I'm having trouble looking for info for SUSIE on this CVE-2012-4681.
This is basically the newest Java hit. It is mostly a web browser issue but I would like to see if the versions on our servers are vulnerable. I already found the pages/info for Solaris and RHEL.
Any help would be great.
save the output of java -version e.g.,
> java -version
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b06)
Java HotSpot(TM) Server VM (build 17.0-b16, mixed mode)
You can subscribe to oracle for security information and updates for any of their products, which includes java. google for 'my oracle support', then register. Search for known issues for your java build (output above) and Linux Suse. You do want to be on their email list.
Thanks for your help, but I already went down this route. The version numbers for Java in Solaris and Linux are not in sync. For example latest java 6 on Solaris 10 is at 1.6.0_34. On RHEL 5.8 the latest java is at 1.6.0_22. I just updated Java before I posted this. RHEL has a page on there security site for this issue. I can't find anything on the SUSIE site.
Hmm. A comment:
Correct me where I'm wrong: but 1.6.0_22 was published just after oracle took over Sun. It had issues no matter the platform. Oracle had to punt and publish warnings, then release something with fewer problems. We encountered that and stayed at 21. And not just Solaris was affected.
Where I work we always try to keep our servers patched to the latest versions. We encountered no issues with the newer versions of Solaris.