ubuntu-us-ohio team mailing list archive

Thread
Date

Re: Fwd: Important notice regarding Java packages in Partner archive

To: Stephen Michael Kellat <skellat@xxxxxxxxxxxx>
From: Jordan McCollum <grymtooth@xxxxxxxxx>
Date: Fri, 16 Dec 2011 00:36:25 -0500
Cc: Ubuntu Ohio LoCo Team <ubuntu-us-ohio@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <1323994191.11371.140661012241257@webmail.messagingengine.com>

Well, looks like I'll be grabbing their version off their website. Kinda
sucks though...
On Dec 15, 2011 7:59 PM, "Stephen Michael Kellat" <skellat@xxxxxxxxxxxx>
wrote:

> If you need to take action, please do so ASAP.
>
> SMK
>
>
> ----- Original message -----
> From: "Marc Deslauriers" <marc.deslauriers@xxxxxxxxxxxxx>
> To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
> Date: Thu, 15 Dec 2011 14:28:10 -0500
> Subject: Important notice regarding Java packages in Partner archive
>
> The Canonical partner archive currently contains Oracle's Sun Java JDK
> packages (sun-java6) for Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu
> 11.04.
>
> As of August 24th 2011, we no longer have permission to redistribute new
> Java packages as Oracle has retired the “Operating System Distributor
> License for Java” [1][2].
>
> Oracle has published an advisory about security issues in the version of
> Java we currently have in the partner archive [3]. Some of these issues
> are
> currently being exploited in the wild.
>
> Due to the severity of the security risk, Canonical is immediately
> releasing a security update for the Sun JDK browser plugin which will
> disable the plugin on all machines. This will mitigate users' risk from
> malicious websites exploiting the vulnerable version of the Sun JDK.
>
> In the near future (exact date TBD), Canonical will remove all Sun JDK
> packages from the Partner archive. This will be accomplished by pushing
> empty packages to the archive, so that the Sun JDK will be removed from
> all
> users machines when they do a software update. Users of these packages
> who
> have not migrated to an alternative solution will experience failures
> after
> the package updates have removed Oracle Java from the system.
>
> If you are currently using the Oracle Java packages from the partner
> archive, you have two options:
>
> 1- Install the OpenJDK packages that are provided in the main Ubuntu
>   archive. (icedtea6-plugin for the browser plugin, openjdk-6-jdk or
>   openjdk-6-jre for the virtual machine)
> 2- Manually install Oracle's Java software from their web site [4].
>
> For more information, please consult the wiki page on the subject [5].
>
> We apologize for any inconvenience this may cause, and thank you for
> your
> understanding.
>
> [1] - http://jdk-distros.java.net/
> [2] - http://robilad.livejournal.com/90792.html
> [3] -
>
> http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
> [4] - http://www.oracle.com/technetwork/java/javase/downloads/index.html
> [5] - https://wiki.ubuntu.com/LucidLynx/ReleaseNotes/Java6Transition
>
> --
> ubuntu-security-announce mailing list
> ubuntu-security-announce@xxxxxxxxxxxxxxxx
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ubuntu-us-ohio
> Post to     : ubuntu-us-ohio@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-us-ohio
> More help   : https://help.launchpad.net/ListHelp
>
>

References

Fwd: Important notice regarding Java packages in Partner archive
From: Stephen Michael Kellat, 2011-12-16