java/jdk16 vulnerability?

cpghost cpghost at
Sun Sep 20 20:36:44 UTC 2009

Hi Greg,

Freenet ( on my FreeBSD/amd64 system
complains about an old and vulnerable Java version:

  Your installed version of Java is vulnerable to a severe remote
  exploit (remote code execution!). You must upgrade to at least Java
  5 update 20 or Java 6 update 15 as soon as possible. Freenet has
  disabled any plugins handling XML for the time being, but this
  includes searching and chat so you should upgrade ASAP!

  See for

  Also, please do not use Thaw or Freetalk. The UPnP plugin is
  enabled, it might present a risk if you have bad guys on your LAN,
  but without it Freenet will not be able to port forward and will
  have severe problems.

I'm running java/jdk16:

phenom# java -version
java version "1.6.0_03-p4"
Java(TM) SE Runtime Environment (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_03-p4-root_08_sep_2009_17_05-b00, mixed mode)

On 7.2-STABLE:

phenom# uname -a
FreeBSD 7.2-STABLE FreeBSD 7.2-STABLE #0: Tue Sep  8 10:43:26 CEST 2009     root at  amd64

Is that version of Java really vulnerable? If yes, why doesn't
  # portaudit -Fda
report it as such, and could you please update the java/jdk16 port?


Cordula's Web.

More information about the freebsd-questions mailing list