java/jdk16 vulnerability?

Robert Huff roberthuff at
Tue Sep 29 04:32:03 UTC 2009

Greg Lewis writes:

>  >   Your installed version of Java is vulnerable to a severe remote
>  >   exploit (remote code execution!). You must upgrade to at least Java
>  >   5 update 20 or Java 6 update 15 as soon as possible. Freenet has
>  >   disabled any plugins handling XML for the time being, but this
>  >   includes searching and chat so you should upgrade ASAP!
>  We're almost certainly vulnerable.  The jdk16 port is at Update 3.

>  We need an entry in the VUXML database I guess.
>  Updating java/jdk16 is going to be a slow process.  There are
>  lots of changes between Update 3 and Update 15.  I've partially
>  merged Update 4, but obviously that still leaves many to go...

	As someone with zero knowledge of Java internals: what is the
recommended version at the moment? 

				Robert Huff

More information about the freebsd-questions mailing list