This release of Java 2 Standard Edition contains:
J2SE 5.0 for SCO UNIX is a full implementation of the Sun MicrosystemsTM Java 2 Platform - the technology and environment described in the SunTM specifications of the Java 2 Platform, Standard Edition, 5.0, update 17. (The "update 17" indicates the patch level of the Sun J2SE that J2SE 5.0 for SCO UNIX corresponds to.)
J2SE 5.0, update 17
J2SE 5.0, update 17 for SCO UNIX is the latest and cumulative update to J2SE 5.0 and contains the latest fixes from Sun.The J2SE 5.0, update 17 release supercedes all previous versions of J2SE 5.0 released by SCO.
J2SE 5.0, update 17, contains the following security issue resolutions from Sun:
Sun Alert ID Description 246266 A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to determine the name of files on the home directory of the user who is running the applet or application. 246286 A vulnerability in how the Java Runtime Environment (JRE) handles certain RSA public keys may cause the JRE to consume an excessive amount of CPU resources. This may lead to a Denial of Service (DoS) condition on affected systems. Such keys could be provided by a remote client of an application. 246386 A vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. 244988 A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.
A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.244987 Multiple buffer overflow vulnerabilities in the Java Runtime Environment (JRE) image processing code , its handling of GIF images as well as its font processing may allow an untrusted applet or Java Web Start application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. 246346 A vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may be exploited to create a denial-of-service condition on the system that is authenticating users. 246387 The Java Runtime Environment allows code loaded from the local filesystem to access localhost. This allows code that are maliciously placed on the local filesystem and then subsequently run to have network access to localhost which would not otherwise be allowed if the code were loaded from a remote host.This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). 245246 The UTF-8 decoder in the Java Runtime Environment accepts non-shortest form sequences. While it is not a vulnerability in Java SE per se, it may be leveraged to attack systems running software that relies on the UTF-8 decoder to reject non-shortest form sequences. For example, sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding. CR 6721753 The Java Runtime Environment creates temporary files that have guessable file names. 244991 A vulnerability in the Java Runtime Environment (JRE) with deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. 244990 A buffer vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application.
This vulnerability cannot be exploited by an applet or Java Web Start application.244992 A buffer overflow vulnerability in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
J2SE 5.0, update 16b
J2SE 5.0, update 16b for SCO UNIX is simply a plugin packaging change to install the Java plugin for the Mozilla® Firefox® browser available with OpenServer 6.0.0 MP4.
J2SE 5.0, update 16
J2SE 5.0, update 16 for SCO UNIX is the latest and cumulative update to J2SE 5.0 and contains the latest fixes from Sun.Automatic update of the
/usr/javaand/usr/java2symbolic links to the installation of this J2SE release has changed. Please see the "Installations Location and Multiple Java Versions" subsection of these J2SE 5.0, update 16 Release Notes for complete details.The J2SE 5.0, update 16 release supercedes all previous versions of J2SE 5.0 released by SCO.
J2SE 5.0, update 16, contains the following security issue resolutions from Sun:
Sun Alert ID Description 238967 A vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. 238666 A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. 238966 Secure Static Versioning was introduced in JDK and JRE 5.0 Update 6. With this feature, after the installation of a JRE 5.0 Update 6 or later release, applets are not allowed to run on an older release of the JRE. Due to a defect in the implementation, if an older release is subsequently installed, applets may run on that older release. 238965 A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled. 238628 A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages). 238968 Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.
See the "Changes in This Release" section of the Release Notes for
details on the contents and fixes contained in earlier updates to
J2SE 5.0.
System Requirements and Supported Platforms
Supported SCO UNIX platforms:
J2SE 5.0 for SCO UNIX is not supported on older versions of the supported operating systems, such as SCO OpenServer Release 5.0.x or UnixWare 7 Release 7.1.3 or earlier, nor is it available for older operating systems, such as the SCO UnixWare 2 operating system.
The J2SE 5.0 is identical for all supported platforms, and everything in these release notes applies to all supported platforms.
| Approx. Size | |||
j2jre150 |
UW 7.1.4 | 72 MB |
Runtime Support:
java, the Java virtual machine interpreter (JVM);
the "client" and "server" dynamic compilers;
Java Foundation Classes (JFC) & Swing Package; and
basic API libraries:
language support,
I/O,
AWT,
networking,
utilities,
images,
media,
math,
compression,
and
security.
Distributed applications and database access:
|
j2sdk150 |
j2jre150 | 41 MB |
Development Tools:
appletviewer, the Java Applet Viewer;
javac, the Java Compiler;
jdb, the command-line Java debugger;
javah, the C Header and Stub File Generator
for native methods;
javap, the Java Class File Disassembler;
javadoc, the JAVA API Documentation Generator;
jar, the Java Archive (JAR) tool;
and assorted other commands used in Java development;
class libraries used in Java development;
header files used in native code development.
Also Java demo applets and applications;
demos of Swing functionality;
Java Plugin demos;
native method demos.
|
j2plg150 |
j2jre150 | 0.5 MB | Java 2 Plugin for Mozilla® browser 1.7.x on UnixWare 7.1.4 and OpenServer 6.0.0 and Firefox® 2 on OpenServer 6.0.0. |
j2se150 |
OSR 6.0.0 | 116 MB |
In additional to the Runtime Support, Development Tools and
Java Plugin software in the UnixWare packages above, the
OpenServer 6.0.0 product contains the additional
|
Note: Where one J2SE 5.0 package requires another J2SE 5.0 package, the version numbers of the packages must be the same. The Java 2 SDK package, version 1.5.0.17 requires the Java 2 Runtime, version 1.5.0.17.
/opt.
J2SE 1.3.1 ==>Updates to each major version of J2SE install in the same base directory./opt/java2-1.3.1
J2SE 1.4.2 ==>/opt/java2-1.4.2
J2SE 5.0 ==>/opt/java2-1.5.0
Prior to the synchronized release of J2SE 1.3.1_22, 1.4.2_17 and 5.0 update 15,
the installation of the JRE piece for each of these major point releases
would automatically symbolicly link /usr/java and
/usr/java2 to point to the "newly" installed JRE
directory.
Starting with these synchronized J2SE releases, the symbolic links will
only be updated if the JRE being installed is a later J2SE version than
the current symbolic links.
For example, if prior to installation of J2SE 1.4.2_17, the symbolic links were:
Following the installation of J2SE 1.4.2_17, the links would be:/usr/java==>/opt/java2-1.3.1
/usr/java2==>/opt/java2-1.5.0
/usr/java==>/opt/java2-1.4.2
/usr/java2==>/opt/java2-1.5.0
Removal of the J2SE 1.4.7_17, will attempt to restore the pre-installation links, if and only if an executable /opt/java2-1.3.1/bin/java still exists on the system.
System administrators can and should readjust these symbolic links as needed by their specific system and software requirements.
Other software released by SCO for your SCO UNIX platform as well as third party applications that use Java, may require a specifc J2SE major version. That software may either reference the J2SE of interest through:
JAVA_HOME that points to
/usr/java or directly to the installation directory
/opt/java2-1.x.x.
/usr/java/bin/command
or /opt/java2-1.x.x/bin/command.
Caution: Before removing earlier/other major versions of J2SE on your system, be certain that other installed software does not require that version. For example, the Apache-Tomcat product released on UnixWare 7.1.4 and OpenServer 6.0.0 have been configured, tested and certified with J2SE 1.4.2. Removal of that JRE will result in Tomcat failing to start.
The J2SE 5.0 product is distributed in one of two packaging formats for the different supported SCO UNIX systems.
pkgadd datastream format.
File Package Version j2jre150.ds.Z j2jre1501.5.0.17 j2sdk150.ds j2sdk1501.5.0.17 j2plg150.ds j2plg1501.5.0.17
File Custom Package Custom Version UW Package UW Pkg. Version OSR6_Java2_150.VOLS.tar j2se150 1.5.0.Qa j2jre1501.5.0.17 j2sdk1501.5.0.17 j2plg1501.5.0.17 javaxcomm2.0
Change directory into the directory containing the downloaded package datastreams
cd <download-dir>
On UnixWare 7.1.4:
Install the J2SE 5.0 packages in the following order.
If the package datastreams have been downloaded in compressed format:zcat j2jre150.ds.Z | pkgadd -d - allIf the package datastreams have been uncompressed when downloaded with your browser:
pkgadd -d `pwd`/j2sdk150.ds all
pkgadd -d `pwd`/j2plg150.ds all
pkgadd -d `pwd`/j2jre150.ds all
pkgadd -d `pwd`/j2sdk150.ds all
pkgadd -d `pwd`/j2plg150.ds all
On OpenServer 6.0.0, having downloaded the single custom format file:
Make a subdirectory and unwind the tar file into that subdirectory.mkdir JAVA150Run the Software Manager with the command:
cd JAVA150; tar -xf ../OSR6_Java2_150.VOLS.tar
scoadmin softwareor double-click on the Software Manager icon in the desktop.
or
custom
- Pull down the "Software" menu and select "Install New".
- When prompted for the host from which to install, choose the local machine and then "Continue".
- In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".
- When prompted for the "Image Directory", enter the directory where you unwound the tar file of the package to be installed and choose "OK".
- When prompted to select the software to install, the single software package in the directory will by highlighted. You can deselect any of the optional packages that you do not wish to install at this time. Click on "Install".
Document version 405-000-144-Qa
04 December 2008
Copyright © 2006-2008 The SCO Group, Inc. All rights reserved.