[Tech] Fwd: Important notice regarding Java packages in Partner archive
James Howard
james at partimus.org
Thu Dec 15 14:15:54 PST 2011
We're using it almost anywhere I've set up a deployment server (CAC, KIPP,
Ascend, Beacon). But ever since it was moved to the partner repositories
(10.04?), I've deployed the packages independently. Not sure how this will
affects anyone who has the package already installed -- our machines never
update themselves.
> Hi everyone,
>
> Due to changes in Oracle's java licensing strategy, Ubuntu can no
> longer distribute the sun-java6 packages and due to security concerns
> they will be issuing an update which will disable the plugins, details
> below (including "what to do now" to continue to support java).
>
> Are we using the actual "sun-java6" packages anywhere?
>
> ---------- Forwarded message ----------
> From: Marc Deslauriers <marc.deslauriers at canonical.com>
> Date: Thu, Dec 15, 2011 at 11:28 AM
> Subject: Important notice regarding Java packages in Partner archive
> To: ubuntu-security-announce at lists.ubuntu.com
>
>
> The Canonical partner archive currently contains Oracle's Sun Java JDK
> packages (sun-java6) for Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
>
> As of August 24th 2011, we no longer have permission to redistribute new
> Java packages as Oracle has retired the “Operating System Distributor
> License for Java” [1][2].
>
> Oracle has published an advisory about security issues in the version of
> Java we currently have in the partner archive [3]. Some of these issues
> are
> currently being exploited in the wild.
>
> Due to the severity of the security risk, Canonical is immediately
> releasing a security update for the Sun JDK browser plugin which will
> disable the plugin on all machines. This will mitigate users' risk from
> malicious websites exploiting the vulnerable version of the Sun JDK.
>
> In the near future (exact date TBD), Canonical will remove all Sun JDK
> packages from the Partner archive. This will be accomplished by pushing
> empty packages to the archive, so that the Sun JDK will be removed from
> all
> users machines when they do a software update. Users of these packages who
> have not migrated to an alternative solution will experience failures
> after
> the package updates have removed Oracle Java from the system.
>
> If you are currently using the Oracle Java packages from the partner
> archive, you have two options:
>
> 1- Install the OpenJDK packages that are provided in the main Ubuntu
> archive. (icedtea6-plugin for the browser plugin, openjdk-6-jdk or
> openjdk-6-jre for the virtual machine)
> 2- Manually install Oracle's Java software from their web site [4].
>
> For more information, please consult the wiki page on the subject [5].
>
> We apologize for any inconvenience this may cause, and thank you for your
> understanding.
>
> [1] - http://jdk-distros.java.net/
> [2] - http://robilad.livejournal.com/90792.html
> [3] -
> http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
> [4] - http://www.oracle.com/technetwork/java/javase/downloads/index.html
> [5] - https://wiki.ubuntu.com/LucidLynx/ReleaseNotes/Java6Transition
>
> --
> ubuntu-security-announce mailing list
> ubuntu-security-announce at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
>
>
> --
> Elizabeth Krumbach // Lyz // pleia2
> http://www.princessleia.com
> _______________________________________________
> Tech mailing list
> Tech at lists.partimus.org
> http://lists.partimus.org/listinfo.cgi/tech-partimus.org
>
More information about the Tech
mailing list