[Building Sakai] Java 7 applet security alert and impact to Sakai CLE

Neal Caidin nealcaidin at sakaifoundation.org
Fri Jan 18 10:24:30 PST 2013


Summary
--------------------------
US-CERT issued the following warning concerning a serious flaw with known exploits in the Java 7 runtime environment on multiple operating systems.
http://www.kb.cert.org/vuls/id/625617 

Sakai CLE does not cause this exploit.
US-CERT is unaware of a solution other than to disable or remove Java on your desktop PC. 
Samigo Test and Quizzes uses a Java applet with the audio recording question type.


Recommendation and Actions
------------------------------------------------
* If you have courses with tests and quizzes (Samigo) with the audio recording question type you should recommend to users to leave it installed and disabled, and enable it while taking assessments. It's likely that Oracle will patch this with a updated version of Java in the near future. 

* Please notify the CLE Community Coordinator if you are making use of the Audio Recorder in Samigo Test & Quizzes. Please let me know if you have any plans to rework the code to eliminate the dependency on Java (for example by using HTML 5 API's). Email nealcaidin at sakaifoundation.org


More details
----------------------------
Oracle Java 6 is not affected.
Oracle Java 7 update 10 and earlier Java 7 versions are affected.
Oracle Corporation has released updates to Oracle 7 update 11, but this has not completely resolved the issue.


Thanks for your attention.


Neal Caidin

Sakai CLE Community Coordinator
nealcaidin at sakaifoundation.org
Skype: nealkdin
AIM: ncaidin at aol.com





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130118/a7410a3e/attachment.html 


More information about the sakai-dev mailing list