Operating System - HP-UX
1823920 Members
3220 Online
109667 Solutions
New Discussion юеВ

Java 1.3 and Java 1.4 add on and Netscape

 
Jack Howland
Occasional Contributor

Java 1.3 and Java 1.4 add on and Netscape

security_patch_check shows that Java 1.3 and 1.4 are not compliant due to the Netscape Plugin and the addons as shown below. These products do not appear to have updates for 1.3.1.20.00 and 1.4.2.12.00 and the only way I see to become compliant per the tool is to uninstall the addon and the Netscape tools. Is Java really unsecure at these versions or is the security catalog not reporting correctly for this? Thanks in advance.

swlist | grep -i java
1.3.1.20.00 Java2 1.3 SDK for HP-UX
B9789AA 1.3.1.20.00 Java2 1.3 RTE for HP-UX
T1455AA 1.3.1.13.01 Java2 1.3 Netscape Plugin for HP-UX
T1456AA 1.4.2.12.00 Java2 1.4 SDK for HP-UX
T1456AAaddon 1.4.2.02.01 Java2 1.4 SDK -AA addon for HP-UX
T1457AA 1.4.2.12.00 Java2 1.4 RTE for HP-UX
T1457AAaddon 1.4.2.02.01 Java2 1.4 RTE -AA addon for HP-UX
T1458AA 1.4.2.02.01 Java2 1.4 Netscape Plugin for HP-UX

Security Patch Check Output:

45 Jpi13 1100 5th upd ? ? Install revision 1.3.1.14.00 or subsequent
48 Jdk14 2196r2 11th upd ? ? Install revision 1.4.2.12.00 or subsequent
49 Jpi14 2196r2 10th upd ? ? Install revision 1.4.2.12.00 or subsequent
50 Jre14 2196r2 11th upd ? ? Install revision 1.4.2.12.00 or subsequent
2 REPLIES 2
Steven E. Protter
Exalted Contributor

Re: Java 1.3 and Java 1.4 add on and Netscape

Shalom,

There are security flaws and apparently clock shift flaws in older versions of JAVA.

They have been found and closed in 1.4 and 1.5 Java. 1.3 is pretty much obsolete and you can probably live without it.

Patch and update and watch for security bullitens.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jack Howland
Occasional Contributor

Re: Java 1.3 and Java 1.4 add on and Netscape

I should have been more clear. I have upgraded the Java 1.3 and 1.4 versions to the most recent revisions, but I can't find updates for the Netscape Plugins (T1458AA) and the addons (eg. T1457AAaddon).

Since there doesn't appear to be an update for these products, are these versions of Java still vulnerable from a security stand point? Is the solution to remove the addon and the Netscape Plugins?

Thanks in advance.