[Building Sakai] Java 7 applet security alert and impact to Sakai CLE
Neal Caidin
nealcaidin at sakaifoundation.org
Fri Jan 18 10:24:30 PST 2013
Summary
--------------------------
US-CERT issued the following warning concerning a serious flaw with known exploits in the Java 7 runtime environment on multiple operating systems.
http://www.kb.cert.org/vuls/id/625617
Sakai CLE does not cause this exploit.
US-CERT is unaware of a solution other than to disable or remove Java on your desktop PC.
Samigo Test and Quizzes uses a Java applet with the audio recording question type.
Recommendation and Actions
------------------------------------------------
* If you have courses with tests and quizzes (Samigo) with the audio recording question type you should recommend to users to leave it installed and disabled, and enable it while taking assessments. It's likely that Oracle will patch this with a updated version of Java in the near future.
* Please notify the CLE Community Coordinator if you are making use of the Audio Recorder in Samigo Test & Quizzes. Please let me know if you have any plans to rework the code to eliminate the dependency on Java (for example by using HTML 5 API's). Email nealcaidin at sakaifoundation.org
More details
----------------------------
Oracle Java 6 is not affected.
Oracle Java 7 update 10 and earlier Java 7 versions are affected.
Oracle Corporation has released updates to Oracle 7 update 11, but this has not completely resolved the issue.
Thanks for your attention.
Neal Caidin
Sakai CLE Community Coordinator
nealcaidin at sakaifoundation.org
Skype: nealkdin
AIM: ncaidin at aol.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130118/a7410a3e/attachment.html
More information about the sakai-dev
mailing list