Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Oracle Releases Java Security Updates SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle Releases Java Security Updates

A short while ago, Oracle released updates for both Java 6 and Java 7 in response to the critical 0-Day vulnerabilities discussed earlier this week, as well as two other security issues.

US-CERT has reported that applying Java 7 update 7 will solve the security issues as discussed at

More information is available at

Scott Fendley ISC Handler


190 Posts
ISC Handler
Aug 30th 2012
Rapid7's test site showed Java 1.6 update 33 was vulnerable, but update 34 said it didn't have any security updates. Then today Oracle releases patches for JRE 1.6. Nice. The only thing more aggravating than that is Oracle's description of the 1.6 fix released today:

"CVE-2012-0547 represents a security -in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited."
fix came through in fedora as follows:

"Information for build java-1.7.0-openjdk-"

"... Changelog * Thu Aug 30 2012 jiri Vanek <> - - Updated to IcedTea-Forest 2.3.1 - Resolves rhbz#RH852051, CVE-2012-4681: Reintroduce PackageAccessible checks removed in 6788531. ..."

8 Posts

Sign Up for Free or Log In to start participating in the conversation!