Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Oracle Releases Java Security Updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle Releases Java Security Updates

A short while ago, Oracle released updates for both Java 6 and Java 7 in response to the critical 0-Day vulnerabilities discussed earlier this week, as well as two other security issues.

US-CERT has reported that applying Java 7 update 7 will solve the security issues as discussed at http://www.kb.cert.org/vuls/id/636312

More information is available at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

Scott Fendley ISC Handler

ScottF

188 Posts
ISC Handler
Rapid7's test site showed Java 1.6 update 33 was vulnerable, but update 34 said it didn't have any security updates. Then today Oracle releases patches for JRE 1.6. Nice. The only thing more aggravating than that is Oracle's description of the 1.6 fix released today:

"CVE-2012-0547 represents a security -in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited."
Anonymous
fix came through in fedora as follows:

http://koji.fedoraproject.org/koji/buildinfo?buildID=351286

"Information for build java-1.7.0-openjdk-1.7.0.6-2.3.1.fc16.1"

"... Changelog * Thu Aug 30 2012 jiri Vanek <jvanek@redhat.com> - 1.7.0.6-2.3.1.fc16.1 - Updated to IcedTea-Forest 2.3.1 - Resolves rhbz#RH852051, CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531. ..."
joco

8 Posts

Sign Up for Free or Log In to start participating in the conversation!