Java JRE 6 Update 27 released
FYI...
- https://isc.sans.edu/diary.html?storyid=11506
Last Updated: 2011-09-05 13:44:59 UTC ...(Version: 2)
___
Java JRE 6 Update 27 released
- http://www.oracle.com/technetwork/ja...ad-440425.html
August 17, 2011
Windows x86 ... jre-6u27-windows-i586.exe
Windows x64 ... jre-6u27-windows-x64.exe
Release Notes
- http://www.oracle.com/technetwork/ja...es-444147.html
Bug Fixes
- http://www.oracle.com/technetwork/ja...es-444150.html
NOTE:
• https://www.java.com/en/download/faq/java7.xml
Java7: "... The new release of Java is first made available to the developers to ensure no major problems are found before we make it available on the java.com website for end users to download the latest version..."
:fear:
IBM Java - multiple vulns - update available
FYI...
IBM Java - multiple vulns - update available
- https://secunia.com/advisories/46977/
Release Date: 2011-11-23
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Software: IBM Java 5.x ...
CVE Reference(s): CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556
Solution: Update to version SR13.
Original Advisory: http://www.ibm.com/developerworks/java/jdk/alerts/
> https://www.ibm.com/developerworks/java/jdk/
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3547
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3552
CVSS v2 Base Score: 2.6 (LOW)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3545
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3548
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3549
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3554
Last revised: 10/30/2011
CVSS v2 Base Score: 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3556
CVSS v2 Base Score: 7.5 (HIGH)
:fear::fear:
Java v.6u31/v.7u3 released ...
FYI...
Java update advisory - Feb 2012
- http://www.oracle.com/technetwork/to...12-366318.html
2012-February-17 Rev 2. Replaced CVE-2011-3571 with CVE-2012-0507
2012-February-14 Rev 1. Initial Release
2012-February-14 - "... Affected product releases and versions:
JDK and JRE 7 Update 2 and earlier, JDK and JRE 6 Update 30 and earlier, JDK and JRE 5.0 Update 33 and earlier, SDK and JRE 1.4.2_35 and earlier, JavaFX 2.0.2 and earlier, JavaFX...
>> http://www.oracle.com/technetwork/ja...ads/index.html
"... Java SE 7u3 - This release includes security fixes... Java SE 6 Update 31 - This release includes security fixes..."
Java JRE 7u3:
- http://www.oracle.com/technetwork/ja...d-1501631.html
Release Notes:
- http://www.oracle.com/technetwork/ja...s-1481928.html
"... version number for this update release is 1.7.0_03-b04 (b05 in Windows, where "b" means "build"). The external version number is 7u3..."
Java JRE 6u31:
- http://www.oracle.com/technetwork/ja...d-1501637.html
Release Notes:
- http://www.oracle.com/technetwork/ja...s-1482342.html
"... version number for this update release is 1.6.0_31-b04 (b05 in Windows, where "b" means "build")..."
___
- http://www.securitytracker.com/id/1026687
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3563 - 6.4
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0497 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0498 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0499 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0500 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0501 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0502 - 6.4
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0503 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0504 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0505 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0506 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0508 - 10.0 (HIGH)
Date: Feb 14 2012
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior...
The vendor's advisory is available at:
- http://www.oracle.com/technetwork/to...12-366318.html
- https://secunia.com/advisories/48009/
Release Date: 2012-02-15
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory:
- http://www.oracle.com/technetwork/to...12-366318.html
:fear::fear:
Java v.6u32/v.7u4 released ...
FYI...
Java v.6u32/v.7u4 released
> http://www.oracle.com/technetwork/ja...ads/index.html
___
Java SE Runtime Environment 7u4 - Download
- http://www.oracle.com/technetwork/ja...d-1591157.html
April 26, 2012
Release notes
- http://www.oracle.com/technetwork/ja...s-1575007.html
"... Bug Fixes: Java SE 7u4 does -not- add any fixes for security vulnerabilities beyond those in Java SE 7u3..."
Bug Fixes - Java SE 7u4
- http://www.oracle.com/technetwork/ja...s-1579555.html
- http://h-online.com/-1562140
27 April 2012 - "The new Java Standard Edition 7 Update 4 is the first Oracle-sponsored Java release that has been made available for Mac OS X (Lion)... Java SE 7 Update 4 can be downloaded for Macs, as well as Windows and Linux..."
- http://www.oracle.com/technetwork/ja...s-1591156.html
___
Java SE Runtime Environment 6 Update 32 - Download
- http://www.oracle.com/technetwork/ja...s-1594646.html
April 26, 2012
Release notes
- http://www.oracle.com/technetwork/ja...s-1578471.html
Bug Fixes - Java SE 6u32
- http://www.oracle.com/technetwork/ja...s-1579554.html
Java 6 End of Life (EOL) Notice
- http://www.oracle.com/technetwork/java/eol-135779.html
After November 2012, Oracle will no longer post updates of Java SE 6 to its public download sites...
___
Oracle to bring Java security fixes directly to Mac user ...
- http://atlas.arbor.net/briefs/index#-1272909644
Severity: Elevated Severity
Published: Monday, April 30, 2012 16:24
Oracle is now providing a direct version of Java to OSX users.
Analysis: This is a positive development that will hopefully reduce OSX malware. The lag in patch time between Oracle and Apple has been a thorn in the side of security for some time and the pain of the recent Flashback trojan, the SabPub trojan, and now another OSX malware using the same Java security hole has been significant enough that users should migrate towards Oracle Java as soon as possible. Cyber criminals are aware that OSX is a viable platform for malware, and will have their eyes open for other gaps in coverage.
Source: http://arstechnica.com/apple/news/20...dk-support.ars
.
Oracle Java - Pre-Release Announcement - June 2012
FYI...
- http://www.oracle.com/technetwork/to...2-1515912.html
"This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for June 2012, which will be released on Tuesday, June 12, 2012...
Security vulnerabilities addressed by this Critical Patch Update affect the following products:
JDK and JRE 7 Update 4 and earlier
JDK and JRE 6 Update 32 and earlier
JDK and JRE 5.0 Update 35 and earlier
SDK and JRE 1.4.2_37 and earlier
JavaFX 2.1 and earlier...
This Critical Patch Update contains 14 new security fixes for Oracle Java SE. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0. The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
Java Runtime Environment."
.