Java 7u5 and 6u33 released

Published: 2012-06-12
Last Updated: 2012-06-12 21:21:27 UTC
by Swa Frantzen (Version: 3)
4 comment(s)

Toby reminded us that Oracle is releasing Java 7 update 5 and Java 6 update 33 today.

Updated after Oracle released the vulnerability details.

Unfortunately it's all still made to be useless to determine what the problems are with the software and perform your own risk assessments.

Just note there are CVSS scores of 10 in there, and in the past months we saw what slacking on patching Java can do (Ref: the recent Apple Mac OS X malware), so just patch this on a rather urgent time schedule due to lack of detailed descriptions.

Update:

My words above were barely written or I got the notification of Apple that they are releasing Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 today as well. This brings them in line with the updates to 1.6.0_33 above as well as implementing the deactivation of the Java browser plugin and Java Web Start if they remain unused for 35 days to Snow Leopard and deactivating the Java browser plugin and Java Web Start if they do not meet the criteria for minimum safe versions (on Both Lion and Snow Leopard.

--
Swa Frantzen -- Section 66

Keywords: java Patch Tuesday
4 comment(s)

Comments

Security info now up:

http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html#AppendixJAVA

Looks bad ...
It seems like Sun are now pushing JRE7 to JRE6 installs. Does anyone have any thoughts or comments around compatibility between the 2 releases? We were of the mind to hold off JRE7 until updates to JRE6 had stopped.
We had immediate problems with 7u5 and applets from major vendors, and had to downgrade. If you don't normally do extensive testing before deploying this type of update, this might be a case where it would be a good idea to do extra testing before pushing it out.
Looks like updates to Java 6 updates will no longer be produced after November 2012: http://www.oracle.com/technetwork/java/eol-135779.html

Diary Archives