icedtea-web installed and enabled by default in Fedora 19
Eric Smith
brouhaha at fedoraproject.org
Wed Jun 19 16:03:49 UTC 2013
On Tue, Jun 18, 2013 at 11:29 PM, Dhiru Kholia <dhiru.kholia at gmail.com> wrote:
> Some recent news,
>
> http://www.theregister.co.uk/2013/06/14/java_june_critical_patch_update/
>
> "The majority are vulnerable through browser plugins, 11 of which are
> exploitable for complete control of the underlying operating system,"
> said Ross Barrett, senior manager of security engineering at Rapid7.
I can see how a vulnerability in Java running in user space can cause
all sorts of problems for the user, but unless someone is running a
browser as superuser, how can it possibly take "complete control of
the underlying operating system"? Surely that would require a
privilege escalation vulnerability in the kernel or a setuid program,
and such a vulnerability is the fault of that package, not of Java.
Eric
More information about the devel
mailing list