Java 6u30 released

Published: 2011-12-12
Last Updated: 2011-12-12 20:59:11 UTC
by Daniel Wesemann (Version: 1)
2 comment(s)

Oracle have released Java 6 Update 30 (6u30) today. The fixes are mostly of functional nature. As far as we can tell from the release notes, no gaping security craters had to be leveled out this time .. for a change. Two security related fixes are still noteworthy for developers, one affects the use of SSL (TLS_DH_anon_WITH_AES_128_CBC_SHA), the other is about the use of secure cookies in HTTPS when the applet gets invoked via JavaScript. The full release information and list of fixes are available on Oracle's web site.

 

Keywords: java
2 comment(s)

Comments

- http://www.oracle.com/technetwork/java/javase/6u30-relnotes-1394870.html
Dec. 12, 2011 - "... a notable bug fix for Java SE 6u30: Area: JSSE: Runtime Synopsis: REGRESSION - 6u29 -breaks- ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA . It is strongly encouraged that applications using JSSE (SSL/TLS) be upgraded to this release to have access to the latest changes that address this recent vulnerability: Under certain circumstances, Java SE 6u29 will incorrectly throw an IndexOutOfBoundsException or send an extra SSL/TLS packet..."
.
Brian Krebs identified at least 5 exploitable bugs: http://krebsonsecurity.com/wp-content/uploads/2011/12/java6update30notes.txt
http://krebsonsecurity.com/2011/12/security-updates-for-microsoft-windows-java/

Diary Archives