Wednesday, July 09, 2008 10:34 PM sandi

The Sun Java installer still sucks....

I was prompted to install the latest update to Sun Java a short while ago, and the installer still sucks.

  1. The installer still triggers a UAC prompt.
  2. The installer still does NOT remove old versions of Java - old versions that take 136 megabytes per version.
    image
  3. The option to install Open Office is still enabled by default, and the English language skills of whoever it was that coded the text on the installer screen need attention. 

    I swear, if I see a press releases trumpeting an increase in "users" of OpenOffice...
    image
  4. There is still no cancel button, and the openoffice.org graphic sucks ... look how pixelated the text and graphics are.
    image
Filed under: ,

# re: The Sun Java installer still sucks....

Wednesday, July 09, 2008 9:20 AM by Calvin

It's so pixelated because your DPI is too high. If it were normal, It wouldn't look so darned ugly.

# re: The Sun Java installer still sucks....

Wednesday, July 09, 2008 11:24 AM by Rod Trent

Why are you using Sun's Java?

# re: The Sun Java installer still sucks....

Thursday, July 10, 2008 2:01 AM by sandi

Because part of what I do is go looking for trouble ;o)

Sandi

# re: The Sun Java installer still sucks....

Thursday, July 10, 2008 1:50 PM by Bill

Um, installs OK fo me, I just uninstall the old version first. Not a big deal. Can't understand why you have such a downer on Open Office, great suite and it's free, unlike MS Office which costs a fortune.

# re: The Sun Java installer still sucks....

Thursday, July 10, 2008 7:48 PM by sandi

I hope you're running the latest version...

I quote:

Severity: Normal

    Title: OpenOffice.org: User-assisted execution of arbitrary code

     Date: July 09, 2008

     Bugs: #225723

       ID: 200807-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis

========

An integer overflow vulnerability has been reported in OpenOffice.org.

Background

==========

OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities.

Affected packages

=================

   -------------------------------------------------------------------

    Package                    /  Vulnerable  /            Unaffected

   -------------------------------------------------------------------

 1  app-office/openoffice           < 2.4.1                  >= 2.4.1

 2  app-office/openoffice-bin       < 2.4.1                  >= 2.4.1

   -------------------------------------------------------------------

    2 affected packages on all of their supported architectures.

   -------------------------------------------------------------------

Description

===========

Sean Larsson (iDefense Labs) reported an integer overflow in the function rtl_allocateMemory() in the file sal/rtl/source/alloc_global.c.

Impact

======

A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.

Workaround

==========

There is no known workaround at this time.

Resolution

==========

All OpenOffice.org users should upgrade to the latest version:

 # emerge --sync

 # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.1"

All OpenOffice.org binary users should upgrade to the latest version:

 # emerge --sync

 # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.1"

References

==========

 [ 1 ] CVE-2008-2152

       cve.mitre.org/.../cvename.cgi

Availability

============

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

 security.gentoo.org/.../glsa-200807-05.xml

# re: The Sun Java installer still sucks....

Friday, July 11, 2008 5:08 AM by Chris

Pre-checked Install boxes are evil - full stop.

I already have OpenOffice installed, so it gave me a pre-checked option to install an Ask tool bar on Firefox.

On my other box with IE7 it gave me a pre-checked option to install the Google toolbar.

The issue is not whether the software being promoted is good, bad or indifferent - why when I want to upgrade Java should I have to actively exclude stuff I don't want? And will my 75 year old Mother know to uncheck it too?

# re: The Sun Java installer still sucks....

Saturday, July 12, 2008 2:49 PM by Bill

Yes, find Secunia PSI works quite well and there's also other ways of finding out what's been updated and why, but thanks for the news.

# re: The Sun Java installer still sucks....

Saturday, July 12, 2008 6:43 PM by Jeff

The ones I've seen make you opt out of installing the

Yahoo toolbar.

# re: The Sun Java installer still sucks....

Tuesday, July 15, 2008 3:30 AM by Alex van Herwijnen

This sucks indeed, but UAC isn't that strange as it's installed system-wide. The OOo-default option is just evil.

Leave a Comment

(required) 
(required) 
(optional)
(required)