The H Roundup - critical Java 0day, Firefox 15 and HP security holes

Welcome to The H Roundup, your rapid review of the week with the most read news on The H: the security alerts and open source releases, and the essential feature articles – all in one quick-to-scan news item.

Top News

The week kicked off with the news that the then current version of Java contained a highly critical security hole which allowed untrusted Java applets to completely disable Java's sandbox security. As the vulnerability was already actively being exploited in the wild, all users were advised to disable Java applets to protect themselves. It took until Thursday evening for Oracle to fix the vulnerability with the release of Java 7 Update 7 despite the company having known about the flaw since April.

• Warning on critical Java hole
• Java 0Day: Turn off Java applets now
• Oracle releases emergency fixes for Java 0day

Mozilla published Firefox 15 for the desktop with better add-on memory management and a new debugger, and for Android with a new tablet UI. The Thunderbird 15 email client was also released, introducing its instant messaging capabilities. The Raspberry Pi received improved media playback with MPEG-2 and VC-1 codec licences available to buy.

• Firefox 15 for desktop and Android released
• Thunderbird 15 activates instant messaging
• Raspberry Pi: MPEG-2 and VC-1 licences available

The HP-owned Zero Day Initiative revealed information on five security holes in various HP enterprise and networking products that it has yet to fix after more than six months.

• Five 0days: HP in the security dock

The GNOME project released GNOME 3.6 Beta for users and developers to test the latest revision of the Linux desktop environment, Canonical planned to drop the alternate installer for Ubuntu 12.10 and Linus gave an insight into when and how we might see Linux 4.0.

• GNOME 3.6 beta arrives with redesigned message tray
• Ubuntu to drop alternate installer
• Linux kernel to reach 4.0 in three to four years

Featured Articles

This week, The H examined the publicly available exploit code for the new critical Java 0day vulnerability, while Kai Wähner took a look at free integration frameworks on the Java platform. In the Kernel Log, Thorsten Leemhuis looked at recent kernel developments, including Linux graphics support, and in a new Kernel Comment he asked why some open source developers contribute to the reputation that Linux has bad support for current hardware.

• The new Java 0day examined
• Free integration frameworks on the Java platform
• Kernel Log: NVIDIA updates graphics drivers
• Kernel Comment: Release early, release often!

Open Source Releases

• GIMP 2.8.2 fixes bugs in preparation for official Mac app
• GNOME 3.6 beta arrives with redesigned message tray
• Tiny Core 4.6 makes finding fast mirrors easier
• FLOW3 faster, more stable, leaner
• Firefox 15 for desktop and Android released
• Thunderbird 15 activates instant messaging
• Open Recall: FreedomBox, SANE, Stellarium and Audacity
• LibreOffice 3.6 maintenance update arrives
• Firefox and Thunderbird 15 fix several security vulnerabilities
• SUSE releases OpenStack-powered cloud distribution
• HTML5 Boilerplate 4.0 released under MIT licence
• QT 5 beta belatedly breaks cover
• Lazarus 1.0: free cross-platform Pascal IDE
• Chrome 21 update closes high-risk security holes
• Mozilla previews "command line" in Firefox 16 Beta
• jQuery 1.8.1 has compatibility workaround for custom pseudo-selectors

Security Alerts

• Warning on critical Java hole
• Oracle releases emergency fixes for Java 0day
• Adobe fixes critical vulnerability in Photoshop CS6

For everything The H has published in the last week, check out the last seven days of news. To keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(crve)