SANS ISC: InfoSec Handlers Diary Blog

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

InfoSec Handlers Diary Blog

Oracle released a collection of patches for multiple security vulnerabilities in the Java SE and Java for Business which includes security and non-security fixes. This update contains 27 new security fixes across all products. The security bulletin is posted here.

Note: Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.

Affected product releases and versions:

Java SE:

JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux
JDK 5.0 Update 23 and earlier for Solaris
SDK 1.4.2_25 and earlier for Solaris

The Java SE update is available here.

Java for Business:

JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux
JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux
SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux

The Java for Business update is available here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org