In association with heise online

05 February 2009, 13:38

OpenOffice installs insecure version of Java

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In a report by the Washington Post, Brian Krebs points out that the current version of Open Office 3.0.1 installs an outdated and insecure version of Java. OpenOffice, a free open source office suite, by default installs Java 6 Update 7, during suite installation. Update 7, originally released last spring, still contains several un-patched security vulnerabilities that could be exploited by an attacker and was released prior to Sun's inclusion of a feature known as "secure static versioning." The feature is intended to prevent Web sites from invoking even older versions of Java that may be present on the user's system.

It is unknown why OpenOffice still ships with the outdated version of Java 6, considering the current release, Java 6 Update 12, appears to work fine in the office suite. Krebs notes that he has contacted the OpenOffice security team about the issue and is waiting to hear back from them. According to Simon Phipps, chief open source officer at Sun Microsystems, there have been 35 million downloads of OpenOffice since October 2008.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit