Getting Started

    JavaTM 2, Standard Edition 5.0 update 17
    for SCO® UNIX® Operating Systems


This release of Java 2 Standard Edition contains:

J2SE 5.0 for SCO UNIX is a full implementation of the Sun MicrosystemsTM Java 2 Platform - the technology and environment described in the SunTM specifications of the Java 2 Platform, Standard Edition, 5.0, update 17. (The "update 17" indicates the patch level of the Sun J2SE that J2SE 5.0 for SCO UNIX corresponds to.)

Changes in This Release

J2SE 5.0, update 17

J2SE 5.0, update 17 for SCO UNIX is the latest and cumulative update to J2SE 5.0 and contains the latest fixes from Sun.

The J2SE 5.0, update 17 release supercedes all previous versions of J2SE 5.0 released by SCO.

J2SE 5.0, update 17, contains the following security issue resolutions from Sun:

Sun Alert ID        Description
246266 A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to determine the name of files on the home directory of the user who is running the applet or application.
246286 A vulnerability in how the Java Runtime Environment (JRE) handles certain RSA public keys may cause the JRE to consume an excessive amount of CPU resources. This may lead to a Denial of Service (DoS) condition on affected systems. Such keys could be provided by a remote client of an application.
246386 A vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in.
244988 A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.
A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.
244987 Multiple buffer overflow vulnerabilities in the Java Runtime Environment (JRE) image processing code , its handling of GIF images as well as its font processing may allow an untrusted applet or Java Web Start application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
246346 A vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may be exploited to create a denial-of-service condition on the system that is authenticating users.
246387 The Java Runtime Environment allows code loaded from the local filesystem to access localhost. This allows code that are maliciously placed on the local filesystem and then subsequently run to have network access to localhost which would not otherwise be allowed if the code were loaded from a remote host.This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).
245246 The UTF-8 decoder in the Java Runtime Environment accepts non-shortest form sequences. While it is not a vulnerability in Java SE per se, it may be leveraged to attack systems running software that relies on the UTF-8 decoder to reject non-shortest form sequences. For example, sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.
CR 6721753 The Java Runtime Environment creates temporary files that have guessable file names.
244991 A vulnerability in the Java Runtime Environment (JRE) with deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244990 A buffer vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application.
 
This vulnerability cannot be exploited by an applet or Java Web Start application.
244992 A buffer overflow vulnerability in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the "unpack200" JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

J2SE 5.0, update 16b

J2SE 5.0, update 16b for SCO UNIX is simply a plugin packaging change to install the Java plugin for the Mozilla® Firefox® browser available with OpenServer 6.0.0 MP4.

J2SE 5.0, update 16

J2SE 5.0, update 16 for SCO UNIX is the latest and cumulative update to J2SE 5.0 and contains the latest fixes from Sun.

Automatic update of the /usr/java and /usr/java2 symbolic links to the installation of this J2SE release has changed. Please see the "Installations Location and Multiple Java Versions" subsection of these J2SE 5.0, update 16 Release Notes for complete details.

The J2SE 5.0, update 16 release supercedes all previous versions of J2SE 5.0 released by SCO.

J2SE 5.0, update 16, contains the following security issue resolutions from Sun:

Sun Alert ID        Description
238967 A vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet.
238666 A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
238966 Secure Static Versioning was introduced in JDK and JRE 5.0 Update 6. With this feature, after the installation of a JRE 5.0 Update 6 or later release, applets are not allowed to run on an older release of the JRE. Due to a defect in the implementation, if an older release is subsequently installed, applets may run on that older release.
238965 A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.
238628 A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).
238968 Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.

See the "Changes in This Release" section of the Release Notes for details on the contents and fixes contained in earlier updates to J2SE 5.0.

System Requirements and Supported Platforms

Supported SCO UNIX platforms:

J2SE 5.0 for SCO UNIX is not supported on older versions of the supported operating systems, such as SCO OpenServer Release 5.0.x or UnixWare 7 Release 7.1.3 or earlier, nor is it available for older operating systems, such as the SCO UnixWare 2 operating system.

The J2SE 5.0 is identical for all supported platforms, and everything in these release notes applies to all supported platforms.

Pkg/Cmpnt Name
Required Software
Approx. Size
Contains
 j2jre150   UW 7.1.4   72 MB Runtime Support:
java, the Java virtual machine interpreter (JVM); the "client" and "server" dynamic compilers; Java Foundation Classes (JFC) & Swing Package; and basic API libraries: language support, I/O, AWT, networking, utilities, images, media, math, compression, and security.

Distributed applications and database access:
Remote Method Invocation (RMI); JavaBeansTM (component object model); JDBCTM (database access); Internationalization tools; Security tools; Java IDL tools.

j2sdk150  j2jre150   41 MB Development Tools:
appletviewer, the Java Applet Viewer; javac, the Java Compiler; jdb, the command-line Java debugger; javah, the C Header and Stub File Generator for native methods; javap, the Java Class File Disassembler; javadoc, the JAVA API Documentation Generator; jar, the Java Archive (JAR) tool; and assorted other commands used in Java development; class libraries used in Java development; header files used in native code development. Also Java demo applets and applications; demos of Swing functionality; Java Plugin demos; native method demos.
j2plg150  j2jre150   0.5 MB Java 2 Plugin for Mozilla® browser 1.7.x on UnixWare 7.1.4 and OpenServer 6.0.0 and Firefox® 2 on OpenServer 6.0.0.
j2se150  OSR 6.0.0   116 MB In additional to the Runtime Support, Development Tools and Java Plugin software in the UnixWare packages above, the OpenServer 6.0.0 product contains the additional
  • Java Communications API (javaxcomm)
software whose JNI runtime or JAR files must be installed in the J2SE 5.0 product repository.

Note: Where one J2SE 5.0 package requires another J2SE 5.0 package, the version numbers of the packages must be the same. The Java 2 SDK package, version 1.5.0.17 requires the Java 2 Runtime, version 1.5.0.17.

Multiple Java 2 SE Releases

Multiple major versions of J2SE can co-exist on your SCO UNIX platform. The installation is to a version specific directory in /opt.
J2SE 1.3.1 ==> /opt/java2-1.3.1
J2SE 1.4.2 ==> /opt/java2-1.4.2
J2SE 5.0    ==> /opt/java2-1.5.0
Updates to each major version of J2SE install in the same base directory.

Prior to the synchronized release of J2SE 1.3.1_22, 1.4.2_17 and 5.0 update 15, the installation of the JRE piece for each of these major point releases would automatically symbolicly link /usr/java and /usr/java2 to point to the "newly" installed JRE directory.   Starting with these synchronized J2SE releases, the symbolic links will only be updated if the JRE being installed is a later J2SE version than the current symbolic links.

For example, if prior to installation of J2SE 1.4.2_17, the symbolic links were:

/usr/java ==> /opt/java2-1.3.1
/usr/java2 ==> /opt/java2-1.5.0
Following the installation of J2SE 1.4.2_17, the links would be:
/usr/java ==> /opt/java2-1.4.2
/usr/java2 ==> /opt/java2-1.5.0

Removal of the J2SE 1.4.7_17, will attempt to restore the pre-installation links, if and only if an executable /opt/java2-1.3.1/bin/java still exists on the system.

System administrators can and should readjust these symbolic links as needed by their specific system and software requirements.

Other software released by SCO for your SCO UNIX platform as well as third party applications that use Java, may require a specifc J2SE major version. That software may either reference the J2SE of interest through:

Caution: Before removing earlier/other major versions of J2SE on your system, be certain that other installed software does not require that version. For example, the Apache-Tomcat product released on UnixWare 7.1.4 and OpenServer 6.0.0 have been configured, tested and certified with J2SE 1.4.2. Removal of that JRE will result in Tomcat failing to start.

Download and Installation

The J2SE 5.0 product is distributed in one of two packaging formats for the different supported SCO UNIX systems.

  1. Print or save a copy of this "Getting Started" page for later reference.

  2. Download a copy of the current J2SE 5.0 update 17 Release Notes (ReleaseNotes.html)and save, also for later reference.

  3. Select and download the packages you wish to install. Note that the packages are available in two formats:

  4. Download an install any prerequisite packages, runtime, maintenance packs, maintenance supplements, support level supplements as required in the System Requirements and Supported Platforms of this document.

  5. As root, installed the J2SE 5.0 packages that you have downloaded.

    Change directory into the directory containing the downloaded package datastreams

    cd  <download-dir>

    On UnixWare 7.1.4:

    Install the J2SE 5.0 packages in the following order.
    If the package datastreams have been downloaded in compressed format:
    zcat   j2jre150.ds.Z   |   pkgadd -d - all

    pkgadd   -d  `pwd`/j2sdk150.ds all
    pkgadd   -d  `pwd`/j2plg150.ds all
    If the package datastreams have been uncompressed when downloaded with your browser:
    pkgadd   -d  `pwd`/j2jre150.ds all
    pkgadd   -d  `pwd`/j2sdk150.ds all
    pkgadd   -d  `pwd`/j2plg150.ds all

    On OpenServer 6.0.0, having downloaded the single custom format file:

    Make a subdirectory and unwind the tar file into that subdirectory.
    mkdir JAVA150
    cd JAVA150; tar -xf ../OSR6_Java2_150.VOLS.tar
    Run the Software Manager with the command:
    scoadmin software
                or
    custom
    or double-click on the Software Manager icon in the desktop.

    1. Pull down the "Software" menu and select "Install New".
    2. When prompted for the host from which to install, choose the local machine and then "Continue".
    3. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".
    4. When prompted for the "Image Directory", enter the directory where you unwound the tar file of the package to be installed and choose "OK".
    5. When prompted to select the software to install, the single software package in the directory will by highlighted. You can deselect any of the optional packages that you do not wish to install at this time. Click on "Install".

Important Notes

Documentation

Essential information about this product is contained in the Java 2 Standard Edition 5.0, update 17 for SCO UNIX Operating Systems Release Notes which are distributed with the j2jre150 package on UnixWare 7.1.4 and the j2se150 component on Openserver 6.0.0 and installed in /usr/java2. A copy of the Release Notes is available on this download page.

Be sure to read these notes thoroughly before attempting to use the J2SE 5.0. We recommend that you print out or bookmark these notes for later reference.

Licensing

The J2SE 5.0 for SCO UNIX is licensed under the same terms as the host SCO operating system upon which it is installed.


Document version 405-000-144-Qa
04 December 2008
Copyright © 2006-2008 The SCO Group, Inc. All rights reserved.