Getting Started

    JavaTM 2, Standard Edition, v. 1.4.2_19
    for SCO® UNIX® Operating Systems

This release of Java 2 Standard Edition contains:

J2SE 1.4.2 for SCO UNIX is a full implementation of the Sun MicrosystemsTM Java 2 Platform - the technology and environment described in the SunTM specifications of the Java 2 Platform, Standard Edition, v. 1.4.2. (The _19 suffix on the version number indicates the patch level of the Sun J2SE that J2SE 1.4.2 for SCO UNIX corresponds to.)

Changes in This Release

J2SE 1.4.2_19

J2SE 1.4.2_19 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun.

J2SE 1.4.2_19 supercedes all previous releases of J2SE 1.4.2

J2SE 1.4.2_19 contains the following security issue fixes from Sun.

Sun Alert ID        Description
246266 A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to determine the name of files on the home directory of the user who is running the applet or application.
246386 A vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in.
244988 A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.
A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.
244987 Multiple buffer overflow vulnerabilities in the Java Runtime Environment (JRE) image processing code , its handling of GIF images as well as its font processing may allow an untrusted applet or Java Web Start application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
246346 A vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may be exploited to create a denial-of-service condition on the system that is authenticating users.
246387 The Java Runtime Environment allows code loaded from the local filesystem to access localhost. This allows code that are maliciously placed on the local filesystem and then subsequently run to have network access to localhost which would not otherwise be allowed if the code were loaded from a remote host.This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).
245246 The UTF-8 decoder in the Java Runtime Environment accepts non-shortest form sequences. While it is not a vulnerability in Java SE per se, it may be leveraged to attack systems running software that relies on the UTF-8 decoder to reject non-shortest form sequences. For example, sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.
CR 6721753 The Java Runtime Environment creates temporary files that have guessable file names.
244991 A vulnerability in the Java Runtime Environment (JRE) with deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244990 A buffer vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application.
 
This vulnerability cannot be exploited by an applet or Java Web Start application.

J2SE 1.4.2_18b

J2SE 1.4.2_18b for SCO UNIX is simply a plugin packaging change to install the Java plugin for the Mozilla® Firefox® browser available with OpenServer 6.0.0 MP4.

J2SE 1.4.2_18

J2SE 1.4.2_18 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun.

Automatic update of the /usr/java and /usr/java2 symbolic links to the installation of this J2SE release has changed. Please see the "Installations Location and Multiple Java Versions" subsection of these J2SE 1.4.2_18 Release Notes and the "Multiple Java 2 SE Releases" section of this Getting Started document for complete details.

J2SE 1.4.2_18 supercedes all previous releases of J2SE 1.4.2.

J2SE 1.4.2_18 contains the following security issue fixes from Sun.

Sun Alert ID        Description
238967 A vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet.
238666 A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
238968 Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.

J2SE 1.4.2_17

J2SE 1.4.2_17 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun.

Automatic update of the /usr/java and /usr/java2 symbolic links to the installation of this J2SE release has changed. Please see the "Installations Location and Multiple Java Versions" subsection of these J2SE 1.4.2_17 Release Notes and the "Multiple Java 2 SE Releases" section of this Getting Started document for complete details.

J2SE 1.4.2_17 supercedes all previous releases of J2SE 1.4.2.

Sun Alert ID        Description
233321 Two vulnerabilities in the Java Runtime Environment Virtual Machine may independently allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
233322 A security vulnerability in the Java Runtime Environment (JRE) with the processing of XSLT transformations may allow an untrusted applet or application that is downloaded from a website to elevate its privileges. For example, an applet may read certain unauthorized URL resources (such as some files and web pages) or potentially execute arbitrary code. This vulnerability may also be exploited to create a Denial-of-Service (DoS) condition by causing the JRE to crash.
233323 A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet
233324 A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.
233326 A vulnerability in the Java Runtime Environment may allow JavaScript code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs. This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

J2SE 1.4.2_16

J2SE 1.4.2_16 for SCO UNIX is the latest and cumulative update to J2SE 1.4.2 and contains the latest fixes from Sun.

J2SE 1.4.2_16 supercedes all previous releases of J2SE 1.4.2.

See the "Changes in This Release" section of the Release Notes for details on the contents of earlier updates to J2SE 1.4.2

System Requirements and Supported Platforms

Supported SCO UNIX platforms:

J2SE 1.4.2 for SCO UNIX is not supported on older versions of the supported operating systems, such as SCO OpenServer Release 5.0.6 or UnixWare 7 Release 7.1.1, nor is it available for older operating systems, such as the SCO UnixWare 2 operating system.

J2SE 1.4.2 for SCO UNIX cannot be used with the older OSRcompat packages that were released together with older versions of UnixWare 7 and OpenServer.

For the most part the J2SE 1.4.2 is identical for all supported platforms, and everything in these release notes applies to all supported platforms unless otherwise noted.

[*] Package urwfonts is available as part of the UnixWare 7.1.3 and 7.1.4 and OpenServer 5.0.7 media kits and is automatically installed as part of Initial System Load if Java is installed. It is also available in the UnixWare 7.1.3 Update Pack 4 media or in the UnixWare and OpenServer Development Kit 7.1.3 or 7.1.4 and is downloadable from this web page.

[**] The required runtime on OpenServer 5.0.7 are the libraries contained in the package set OSRcompat version 8.0.2 provided in the SCO OpenServer Release 5.0.7 Maintenance Pack 3 as the "UDK Compatibility Libraries".

Package Name
Required Software
 Approx. Size
Contains
    urwfonts
      3 MB (URW)++ Free X11 Fonts
    j2jre142
  urwfonts

 runtime
  (above)		   52 MB Runtime Support:
java, the Java virtual machine interpreter (JVM); the "client" and "server" dynamic compilers; Java Foundation Classes (JFC) & Swing Package; and basic API libraries: language support, I/O, AWT, networking, utilities, images, media, math, compression, and security.

Distributed applications and database access:
Remote Method Invocation (RMI); JavaBeansTM (component object model); JDBCTM (database access); Internationalization tools; Security tools; Java IDL tools.

    j2sdk142
  j2jre142   24 MB Development Tools:
appletviewer, the Java Applet Viewer; javac, the Java Compiler; jdb, the command-line Java debugger; javah, the C Header and Stub File Generator for native methods; javap, the Java Class File Disassembler; javadoc, the JAVA API Documentation Generator; jar, the Java Archive (JAR) tool; and assorted other commands used in Java development; class libraries used in Java development; header files used in native code development. Also Java demo applets and applications; demos of Swing functionality; Java Plug-in demos; native method demos.
    j2plg142
  j2jre142   2.3 MB Java 2 Plug-in for Mozilla browser, 1.2.1 through 1.7.x on UnixWare 7.1.4, OpenServer 5.0.7 and OpenServer 6.0.0.

Note: Where one J2SE 1.4.2 package requires another J2SE 1.4.2 package, the version numbers of the packages must be the same. The Java 2 SDK package, version 1.4.2.1.19 requires the Java 2 Runtime, version 1.4.2.19.

Multiple Java 2 SE Releases

Multiple major versions of J2SE can co-exist on your SCO UNIX platform. The installation is to a version specific directory in /opt.
J2SE 1.3.1 ==> /opt/java2-1.3.1
J2SE 1.4.2 ==> /opt/java2-1.4.2
J2SE 5.0    ==> /opt/java2-1.5.0
Updates to each major version of J2SE install in the same base directory.

Prior to the synchronized release of J2SE 1.3.1_22, 1.4.2_17 and 5.0 update 15, the installation of the JRE piece for each of these major point releases would automatically symbolicly link /usr/java and /usr/java2 to point to the "newly" installed JRE directory.   Starting with these synchronized J2SE releases, the symbolic links will only be updated if the JRE being installed is a later J2SE version than the current symbolic links.

For example, if prior to installation of J2SE 1.4.2_17, the symbolic links were:

/usr/java ==> /opt/java2-1.3.1
/usr/java2 ==> /opt/java2-1.5.0
Following the installation of J2SE 1.4.2_17, the links would be:
/usr/java ==> /opt/java2-1.4.2
/usr/java2 ==> /opt/java2-1.5.0

Removal of the J2SE 1.4.7_17, will attempt to restore the pre-installation links, if and only if an executable /opt/java2-1.3.1/bin/java still exists on the system.

System administrators can and should readjust these symbolic links as needed by their specific system and software requirements.

Other software released by SCO for your SCO UNIX platform as well as third party applications that use Java, may require a specifc J2SE major version. That software may either reference the J2SE of interest through:

Caution: Before removing earlier/other major versions of J2SE on your system, be certain that other installed software does not require that version. For example, the Apache-Tomcat product released on UnixWare 7.1.4 and OpenServer 6.0.0 have been configured, tested and certified with J2SE 1.4.2. Removal of that JRE will result in Tomcat failing to start.

Download and Installation

The J2SE 1.4.2 product is distributed as two separate installable Java packages plus a urwfonts package, if needed.

Installation with the UnixWare package tools on UnixWare, Open UNIX or OpenServer

  1. Print or save a copy of this "Getting Started" page for later reference.

  2. Download a copy of the current J2SE 1.4.2_19 Release Notes (ReleaseNotes.html)and save, also for later reference.

  3. Select and download the packages you wish to install. Note that the packages are available in two formats:

  4. For OpenServer 6.0.0: custom format package
    File Custom Package Custom Version UW Package UW Pkg. Version
      OSR6_Java2_142.VOLS.tar j2se142 1.4.2Sa   j2jre142   1.4.2.19
      urwfonts   2.0Bq
      j2sdk142   1.4.2.19
      j2plg142   1.4.2.19
      javaxcomm   2.0

  5. Download an install any prerequisite packages, runtime, maintenance packs, maintenance supplements, support level supplements as required in the System Requirements and Supported Platforms of this document.

  6. As root, installed the J2SE packages that you have downloaded.

    Change directory into the directory containing the downloaded package datastreams

    cd  <download-dir>

    On UnixWare 7.1.4:

    Install the J2SE 1.4.2 packages in the following order.
    If the package datastreams have been downloaded in compressed format:
    zcat   urwfonts.ds.Z   |   pkgadd -d -
    zcat   j2jre142.ds.Z   |   pkgadd -d -

    pkgadd   -d  `pwd`/j2sdk142.ds
    pkgadd   -d  `pwd`/j2plg142.ds
    If the package datastreams have been uncompressed when downloaded with your browser:
    pkgadd   -d  `pwd`/urwfonts.ds
    pkgadd   -d  `pwd`/j2jre142.ds
    pkgadd   -d  `pwd`/j2sdk142.ds
    pkgadd   -d  `pwd`/j2plg142.ds

    On OpenServer 5.0.7, having downloaded the custom format files:

    Make a subdirectory for each custom tar file that you downloaded.
    mkdir JRE SDK PLUGIN
    Unwind each tar file into the corresponding subdirectory.
    cd JRE; tar -xf ../OSR5_Java2_JRE_142.VOLS.tar
    cd ../SDK; tar -xf ../OSR5_Java2_SDK_142.VOLS.tar
    cd ../PLUGIN; tar -xf ../OSR5_Java2_PLUGIN_142.VOLS.tar
    To avoid possible compilications or problems installing a new release of J2SE 1.4.2 on your OpenServer 5.0.7 system, any previously installed J2SE 1.4.2 releases should be removed prior to installing this release. Because of packaging dependencies, the components should be removed in the following order:

    • Java 2 1.4.2 Plug-in
    • Java 2 1.4.2 Software Development Kit
    • Java 2 1.4.2 Runtime Environment

    Software should be installed in the following order:

    • Java 2 1.4.2 Runtime Environment
    • Java 2 1.4.2 Software Development Kit
    • Java 2 1.4.2 Plug-in

    Run the Software Manager with the command:
    scoadmin software
                or
    custom
    or double-click on the Software Manager icon in the desktop.

    1. Remove any previously installed Java 2 1.4.2 components, one at a time, in the removal order indicated above.
      1. Select the single Java 2 1.4.2 component to be removed.
      2. Pull down the "Software" menu and select "Remove Software"
      3. Click the "Remove" button.
    2. Repeat step 1 for each remaining Java 2 1.4.2 component to be removed.

    3. Install each of the new Java 2 1.4.2 components, one at a time , in the installation order indicted above.
      1. Pull down the "Software" menu and select "Install New".
      2. When prompted for the host from which to install, choose the local machine and then "Continue".
      3. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".
      4. When prompted for the "Image Directory", enter the directory where you unwound the tar file of the package to be installed and choose "OK".
      5. When prompted to select the software to install, the single software package in the directory will by highlighted. Choose "Install".
    4. Repeat step 3 for each remaining software download file to be installed.

    On OpenServer 6.0.0, having downloaded the single custom format file:

    Make a subdirectory and unwind the tar file into that subdirectory.
    mkdir JAVA142
    cd JAVA142; tar -xf ../OSR6_Java2_142.VOLS.tar
    Run the Software Manager with the command:
    scoadmin software
                or
    custom
    or double-click on the Software Manager icon in the desktop.

    1. Pull down the "Software" menu and select "Install New".
    2. When prompted for the host from which to install, choose the local machine and then "Continue".
    3. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".
    4. When prompted for the "Image Directory", enter the directory where you unwound the tar file of the package to be installed and choose "OK".
    5. When prompted to select the software to install, the single software package in the directory will by highlighted. You can deselect any of the optional packages that you do not wish to install at this time. Click on "Install".

Important Notes

Documentation

Essential information about this product is contained in the Java 2 Standard Edition,v. 1.4.2_14c, for SCO UNIX Operating Systems Release Notes which are distributed with the j2jre142 package and installed in /usr/java2. A copy of the Release Notes is available on this download page.

Be sure to read these notes thoroughly before attempting to use the J2SE 1.4.2. We recommend that you print out or bookmark these notes for later reference.

Licensing

The J2SE 1.4.2 for SCO UNIX is licensed under the same terms as the host SCO operating system upon which it is installed.


Document version 405-000-044-sa
04 December 2008
Copyright © 2004-2008 The SCO Group, Inc. All rights reserved.