From: Aldridge, Robert E. (REAldridge@mcdermott.com)
Date: Mon Jun 03 2002 - 15:35:22 EDT
Tru64 Managers,
On our TruCluster 5.1 system, we are trying to understand what the
appropriate course of action is, in regards to SECURITY BULLETIN, (SSRT0822)
Java Runtime Environment - Proxy and JVM, Potential Security
Vulnerabilities, May 14th 2002 (reference:
http://archives.neohapsis.com/archives/tru64/2002-q2/0021.html)
We want to maintain functionality of the Tru64 SysMan tools, that seem to be
built on Java.
On Tru64 5.1, it looks like the system comes with JRE 1.1.8-7
> java -version
java version "1.1.8-7"
Do we just need to just download and install JRE 1.1.8-13 to close the holes
left by JRE? (reference:
http://www.compaq.com/java/download/jre_du/1.1.8/index.html)
Or -- do we download the latest JRE (1.3.1) and expect that that will work
with SysMan?
Also - It looks like the system might also have other versions of Java,
because I see these directories:
/usr/opt/java118 (default linked to /usr/bin)
/usr/opt/JAV117
/usr/opt/java122
Should we go ahead and delete these other installations (using SETLD)? If
we try to delete these other packages, we get some severe warning messages:
---------
# setld -d JAVJRE117
The following subsets need "Java 1.1.7B-5 Standalone Runtime Environment"
(JAVJRE117) to operate correctly:
Visual Threads V2.0-036 (DVTBASE200)
Java 1.1.7B-5 JRE Optional Components (JAVJREOPT117)
# setld -d OSFJAVA510
The following subsets need "Java 1.1.8-7 Environment" (OSFJAVA510)
to operate correctly:
Visual Threads V2.0-036 (DVTBASE200)
Compaq Management Agents Version 2.0 (System Administration)
(OSFIMXE510)
Base System Management Applications and Utilities (OSFSYSMAN510)
Are you sure you wish to delete "Java 1.1.8-7 Environment" (OSFJAVA510)?
---------
Thanks,
Robert Aldridge
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:43 EDT