On Jan 17, 2013, at 18:15 , Connie Sieh wrote: > On Thu, 17 Jan 2013, Ken Teh wrote: > >> What's the status of the java package that's installed on SL6x? >> java-1.6.0-openjdk. Is it vulnerable to this java security flaw that made >> the national news this week? Cyber is advising us to remove it but a lot of >> packages depend on it. The biggie is LibreOffice. > > I thought that the biggest issue was with Java 7 and not Java 6.
That's what I thought. In any case, removing the browser plugin (icedtea-web with openjdk) seems to be the most important step, and advisable wherever feasible. LibreOffice shouldn't depend on that. A related question: Does anyone know whether openjdk6 will continue to be supported after the Oracle JDK6 end of service life? -- Stephan Wiesand DESY -DV- Platanenenallee 6 15738 Zeuthen, Germany