On Sunday 09 August 2009 01:22:28 am Matthew Toseland wrote: > Anyone running Freenet must upgrade to at least Sun Java 6 Update 15 or Sun > Java 5 Update 20. > > Until you are able to do this, please shut down anything that parses XML, > specifically: - Do not use the search function (XMLLibrarian). > - Unload the WoT and Freetalk plugins if you are using them. Likewise with > Library etc. - Do not use Thaw. Shut it down if it is running. > > Other applications may also be vulnerable via the Python libexpat and > Apache Xerces libraries, so you should update your distribution ASAP. > However, not all applications that process XML are vulnerable as there are > a number of XML parsers. > > This concerns both denial of service and remote code execution and thus is > a *SEVERE* vulnerability. > > I will be putting out a new build ASAP, which will tell any users who > haven't upgraded to upgrade and will disable XMLLibrarian until they do so. > > http://www.cert.fi/en/reports/2009/vulnerability2009085.html
I am using ubuntu 8.04 There is an easy way in ubuntu to upgrade packages. Open a terminal and run updage-manager Then click Install Updates I just did that, but I only get sun-java6 update 14 (6-14-0ubuntu) I also checked if Freenet 1228 had been automatic updated, but it had not, so I ran: cd Freenet ./update.sh and now 1228 is running (instead of 1223) But my Freenet still complains about updating sun-java I can inform, that I also did an upgrade on another machine running ubuntu 9.04, and this also is running sun-java6 update 14 (6-14-0ubuntu) _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
