Forum Thread: PSI offers 32-bit solution for 64-bit JRE

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Oracle Corporation
And, this specific program:
Oracle Java JRE 1.6.x / 6.x

This thread has been marked as locked.
mentin PSI offers 32-bit solution for 64-bit JRE
Member 13th Oct, 2010 20:20
Ranking: 4
Posts: 4
User Since: 13th Oct, 2010
System Score: N/A
Location: US
Last edited on 13th Oct, 2010 20:22

It looks like PSI is confused between 32-bit and 64-bit versions.

I had both 32-bit and 64-bit JRE. Both were 1.6.21 versions.
PSI showed the vulnerability, I clicked "Download solution" and installed it.
PSI noticed the update, but still complained I've unpatched vulnerability.
I tried to click "Download solution" and run it again, but it did not change anything.
This moment I started paying attention to the bitness.
Turned out my 32-bit Java is fully patched, but 64-bit is not.
PSI keeps offering me 32-bit patch as a solution.

So I went to Oracle site and downloaded 64-bit update manually.

This may explain why so many people complain PSI solution does not fix the problem.

And by suggesting people to uninstall Java, you are leading them to remove 64-bit version, which might not be what they actually want.

fourstone RE: PSI offers 32-bit solution for 64-bit JRE
Member 14th Oct, 2010 08:24
Score: -11
Posts: 12
User Since: 13th Feb 2008
System Score: N/A
Location: N/A
Last edited on 14th Oct, 2010 08:38
I just experienced the same, for Browsing I have the 32bit version installed but also the 64bit version for native applications, and for both I am given the i586 download, which is plain wrong. please adjust so that under the entry JRE / x64 actually the x64 version is being downloaded.

On a Sidenote I am wondering why Secunia ignores the fact that JRE is installed as part of the jdk and does not even show the jdk on the patched pane.
Was this reply relevant?
+1
-0
This user no longer exists RE: PSI offers 32-bit solution for 64-bit JRE
Member 14th Oct, 2010 10:30
Hi,

Having tested this thoroughly, I am afraid I have been unable to reproduce the issues you described.

If the PSI is detecting a 64-bit version of Sun Java JRE 1.6.x / 6.x, this entry will in the Results tab be shown with "(64-bit)" at the end of the program's name. Any runtime marked as 64-bit will get the proper x64 downloads from the PSI.

The 32-bit version (x86) should simply be shown as "Sun Java JRE 1.6.x / 6.x" (Without "(64-bit)" at the end), and this version also appears to get the proper download it's version.

Please post the troubleshoot report for all the JRE instances you were trying to update. To obtain this report, double-click the entry for the JRE entries, and click 'Troubleshoot Report'. Follow the instructions and post the details here.

As for JDK; While JRE should not be detected seperately when bundled (it only counts as one "Program"), JDK, on it's own, should be detected. Could I ask you to submit a software suggestion for the JDK not being suggested? To do so, click teh "Are you missing a program?" button on the Results tab and fill out the form with a relevant executable.

hope this helps.
Was this reply relevant?
+0
-0
fourstone RE: PSI offers 32-bit solution for 64-bit JRE
Member 14th Oct, 2010 12:23
Score: -11
Posts: 12
User Since: 13th Feb 2008
System Score: N/A
Location: N/A
Last edited on 14th Oct, 2010 12:24
Hello,

I sent a request concerning JDK, I picked a javac.exe which is not included in the JRE, maybe a better proposition is possible.

About the JRE fix:
I agree on what you state about the detection, i.e. detection appears to be correct, concerning the headings in the insecure tab.

However I uninstalled JRE64 22 and reinstalled JRE64 21 to reproduce the issue:
Funnily enough the "Download Solution" Button is now greyed out.

Then uninstalling JDK64 22, rescanning:
The Button reappears, pressing the button, My firefoxx starts downloading jre-6u21-windows-i586-s.exe

However I cannot make out any troubleshoot report function, only thing that might shed some light is technical details:
Technical details


Technical details about this installation of Sun Java JRE 1.6.x / 6.x (64-bit), you can use this information to determine why the Secunia PSI detected the program and the security state of it.

Version Detected:
6.0.210.6

Installation Path:
C:\Program Files\Java\jre1.6.0_21\bin\java.exe

Last Inspection of Program:
14th Oct. 2010, 12:16 CET

=====

Another thing worth noticing is this remark:
64bit Java download: (only use with 64bit browsers)
http://javadl.sun.com/webapps/download/AutoDL?Bund...

My Firefox is 32bit, however this link works, the link in download solution however does not(also utilizing the same 32bit firefox instance).

Hope this helps.

Kind regards, Martin

Was this reply relevant?
+0
-0
This user no longer exists RE: PSI offers 32-bit solution for 64-bit JRE
Member 14th Oct, 2010 12:37
Hi,

If you run a full rescan, your JDK should be detected.

As for the Troubleshoot Report, if you double-click the relevant entry, a pop-up screen will appear. On this screen, in the Toolbox, there is an icon for "Troubleshoot Report'. Click this item and follow the instructions.

The information contained in the troubleshoot report is very helpful when... well, troubeshooting. ;)

hope this helps.
Was this reply relevant?
+0
-0
fourstone RE: PSI offers 32-bit solution for 64-bit JRE
Member 14th Oct, 2010 12:53
Score: -11
Posts: 12
User Since: 13th Feb 2008
System Score: N/A
Location: N/A
Last edited on 14th Oct, 2010 13:00
Is that troubleshoot report available in 1.5.02? Doubleclicking only expands and there are only the normal icons... ?

Obviously it was, and the problem is gone there also. Now as 1.5.0.2 is still the stable version, please fix it there to reduce irritation with other normal users.

kind regards, martin
Was this reply relevant?
+0
-0

This thread has been marked as locked.