According to the article "Critical Java hole being exploited on a large scale" there is a hole which is heavily exploited. http://www.h-online.com/open/news/item/Critical-Java-hole-being-exploited-on-a-large-scale-1485681.html
(quote) The hole that was patched by Oracle in mid-February allows malicious code to breach the Java sandbox and permanently anchor itself in a system. Varying types of malware have been injected; for example, it is believed that the hole has been exploited to deploy the ZeuS trojan. (unquote) The page gives a link to a test routine at java.com where you can test which version is installed on your machine. For my Mageia 1 installation with firefox the test shows "Your Java version: Version 6 Update 26" - which matches the installed package (java-1.6.0-sun-plugin-1.6.0.26-0.2.mga1.nonfree). Recommended is "version 6 update 31". But this is not available yet at Mageia. - will there be a security related update for Mageia 1? - if not, should we use the recommended newer version from java.com (rpm packages available for 32 and 64 bit) -- wobo
