Saturday, June 18, 2011

Important Java Update

As you probably know, Oracle has released an update for Java 6 SE (JDK/JRE) Update 26 which contains a security fixes according to the release notes and more detail information can be seen on Oracle's website here and here. You might ask, why Slackware hasn't release any update for this packages on -Stable and also on -Current?

Actually there's someone who asked me this question few days ago via email. At first, i didn't see the security fixes mentioned at the release note, so i said to him that Slackware's policy is not to update any packages in -Stable unless there's a security vulnerabilities (moreover when they have CVE entries). He sent me another page (which was those two URL in Oracle's website above) that described the cumulative update for for JDK/JRE package and it affects previous Java 6 Update 25 and it has 17 CVEs Big Eyes. Yes, 17 CVEs, but some (or most) of it only exists on Windows platform, so i don't mind about it too much.

Later on, i found out that Slackware's policy is not to update blob packages (like those JDK/JRE) in -Stable releases (Thanks to Pat for the info). It will be updated on -Current only. Users of -Stable releases will have to work on their own to fix this problem. Actually, it's super duper easy to do that. As you know, users can always get the SlackBuild script on the source/ directory and get the source for the new JDK/JRE package and edit the VERSION line to build the new package for their own need. It's that simple Rolling

Since it contains quite a lot of security fixes, it's recommended to upgrade to the latest version if you happened to use Java applications or often browsing to websites which uses Java applet frequently.