Java 8 Update 101 released
FYI...
Java 8 Update 101 released
- https://www.java.com/en/download/manual.jsp
Recommended Version 8 Update 101
July 19, 2016
Release Notes
- http://www.oracle.com/technetwork/ja...s-3021761.html
Risk Matrix
- http://www.oracle.com/technetwork/to...1721.html#JAVA
- http://www.securitytracker.com/id/1036365
CVE Reference: CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
Jul 19 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6u115, 7u101, 8u92 ...
Impact: A remote user can obtain and modify data on the target system.
A remote user can cause denial of service conditions.
A remote or local user can obtain elevated privileges on the target system.
A local user can modify data on the target system.
Solution: The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update (8 Update 101)...
___
- https://blog.qualys.com/laws-of-vuln...l-patch-update
July 19, 2016 - "... patches for Java SE fix 13 security issues out of which 9 can be compromised remotely over the network..."
... -if- you still need to use Java at all. If not - uninstall it!
:fear::fear:
Java 8 Update 111 released
FYI...
Java 8 Update 111 released
- https://www.java.com/en/download/manual.jsp
Oct 18, 2016
- https://www.java.com/en/download/faq...erversions.xml
"... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk..."
___
- http://www.oracle.com/technetwork/se...l#AppendixJAVA
- http://www.securitytracker.com/id/1037040
CVE Reference: CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
Oct 18 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101 ...
Impact: A remote user can obtain data on the target system.
A remote user can partially modify data on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix as part of the October 2016 Oracle Critical Patch Update.
The vendor's advisory is available at:
- http://www.oracle.com/technetwork/se...l#AppendixJAVA
... -if- you still need to use Java at all. If not - uninstall it!
:fear::fear:
Java 8 Update 121 released
FYI...
Java 8 Update 121 released
- https://www.java.com/en/download/manual.jsp
Jan 17, 2017
8u121 Update Release Notes
- http://www.oracle.com/technetwork/ja...s-3315208.html
Jan 17, 2017
- https://www.java.com/en/download/faq...erversions.xml
"... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk..."
___
- http://www.securitytracker.com/id/1037637
CVE Reference: CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289
Jan 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6u131, 7u121, 8u112 ...
Impact: A remote user can obtain data on the target system.
A remote user can modify data on the target system.
A remote user can cause denial of service conditions.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix as part of the January 2017 Oracle Critical Patch Update (8 Update 121)...
___
- https://blog.qualys.com/laws-of-vuln...ulnerabilities
Jan 17, 2017 - "... Java: This Critical Patch Update contains -17- new security fixes for Oracle Java SE. Sixteen (16) of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network -without- requiring user credentials. We recommend that organizations patch as soon as possible..."
Java SE Risk Matrix
- http://www.oracle.com/technetwork/se...l#AppendixJAVA
... -if- you still need to use Java at all. If not - uninstall it!
:fear::fear:
Java 8 Update 131 released
FYI...
Java 8 Update 131 released
- https://www.java.com/en/download/manual.jsp
April 18, 2017
Text Form - Risk Matrix for Oracle Java SE
- http://www.oracle.com/technetwork/se...6619.html#JAVA
- https://www.java.com/en/download/faq...erversions.xml
"... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk. Uninstalling older versions of Java from your system ensures that Java applications will run with the latest security and performance improvements on your system..."
... -if- you still need to use Java at all. If not - uninstall it!
___
- http://www.securitytracker.com/id/1038286
CVE Reference: CVE-2017-3509, CVE-2017-3511, CVE-2017-3512, CVE-2017-3514, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
Apr 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6u141, 7u131, 8u121 ...
Impact: A remote user can obtain data on the target system.
A remote user can modify data on the target system.
A remote user can cause denial of service conditions.
A local user can obtain elevated privileges on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (8 Update 131) as part of the April 2017 Oracle Critical Patch Update.
:fear::fear: