Page 8 of 8 FirstFirst ... 45678
Results 71 to 78 of 78

Thread: Old Sun Java JRE updates

  1. #71
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Java JRE v7 released

    FYI...

    Java JRE v7 released
    - http://www.oracle.com/technetwork/ja...ad-432155.html
    July 28 2011

    JDK 7 and JRE 7 Supported System Configurations
    - http://www.oracle.com/technetwork/ja...ig-417990.html

    Security Enhancements
    - http://download.oracle.com/javase/7/...ncements7.html

    Release Notes
    - http://www.oracle.com/technetwork/ja...es-429209.html

    Changes in Java SE 7
    - http://www.oracle.com/technetwork/ja...9.html#changes

    Known Issues
    - http://www.oracle.com/technetwork/ja...ml#knownissues
    ___

    - http://h-online.com/-1288208
    29 July 2011 - "9494 bug fixes, 1966 enhancements, 9018 updates, 147 builds and four specification requests have gone into developing the latest Java Platform 7 and Oracle has now released JDK 7 as a general availability release. It is the first major release of the Java development environment since Oracle's takeover of Sun Microsystems..."

    Last edited by AplusWebMaster; 2011-07-30 at 20:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #72
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java JRE 6 Update 27 released

    FYI...

    - https://isc.sans.edu/diary.html?storyid=11506
    Last Updated: 2011-09-05 13:44:59 UTC ...(Version: 2)
    ___

    Java JRE 6 Update 27 released
    - http://www.oracle.com/technetwork/ja...ad-440425.html
    August 17, 2011
    Windows x86 ... jre-6u27-windows-i586.exe
    Windows x64 ... jre-6u27-windows-x64.exe

    Release Notes
    - http://www.oracle.com/technetwork/ja...es-444147.html

    Bug Fixes
    - http://www.oracle.com/technetwork/ja...es-444150.html

    NOTE:
    https://www.java.com/en/download/faq/java7.xml
    Java7: "... The new release of Java is first made available to the developers to ensure no major problems are found before we make it available on the java.com website for end users to download the latest version..."

    Last edited by AplusWebMaster; 2011-09-05 at 19:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #73
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java updates released

    FYI...

    Java 7 Update 1 released
    Release Notes / Bug Fixes
    - http://www.oracle.com/technetwork/ja...es-507962.html
    October 18, 2011 - "... version number for this update release is 1.7.0_1-b08 (where "b" means "build"). The external version number is 7u1..."

    Downloads
    - http://www.oracle.com/technetwork/ja...ad-513652.html
    Windows x86 jre-7u1-windows-i586.exe
    Windows x64 jre-7u1-windows-x64.exe
    ___

    Java 6 Update 29 released
    Release Notes / Bug Fixes
    - http://www.oracle.com/technetwork/ja...es-507960.html
    October 18, 2011 - "... version number for this update release is 1.6.0_29-b11 (where "b" means "build"). The external version number is 6u29..."

    Downloads
    - http://www.oracle.com/technetwork/ja...ad-513650.html
    Windows x86 jre-6u29-windows-i586.exe
    Windows x64 jre-6u29-windows-x64.exe
    ___

    Oracle Java SE Critical Patch Update Advisory - October 2011
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA
    "... contains 20 new security fixes for Oracle Java SE. 19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...
    ... Supported Versions Affected: JDK and JRE 7, 6 Update 27 and before..."
    ___

    JRE Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service
    - http://www.securitytracker.com/id/1026215
    CVE Reference: CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561
    Date: Oct 19 2011
    Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network.
    Version(s): JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior.
    ... vendor has issued a fix... advisory is available at:
    http://www.oracle.com/technetwork/to...11-443431.html

    - https://secunia.com/advisories/46512/
    Release Date: 2011-10-19
    Criticality level: Highly critical
    Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Oracle Java JDK/JRE SE 1.7.x / 7.x, JDK/JRE 1.6.x / 6.x, JDK/JRE 1.5.x, JDK/JRE 1.4.x
    Description: Multiple vulnerabilities have been reported in Oracle Java SE, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
    ... see the vendor's advisory for details...
    http://www.oracle.com/technetwork/to...11-443431.html

    Last edited by AplusWebMaster; 2011-10-19 at 15:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #74
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IBM Java - multiple vulns - update available

    FYI...

    IBM Java - multiple vulns - update available
    - https://secunia.com/advisories/46977/
    Release Date: 2011-11-23
    Criticality level: Highly critical
    Impact: Exposure of sensitive information, DoS, System access
    Where: From remote
    Software: IBM Java 5.x ...
    CVE Reference(s): CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556
    Solution: Update to version SR13.
    Original Advisory: http://www.ibm.com/developerworks/java/jdk/alerts/

    > https://www.ibm.com/developerworks/java/jdk/
    ___

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3547
    CVSS v2 Base Score: 5.0 (MEDIUM)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3552
    CVSS v2 Base Score: 2.6 (LOW)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3545
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3548
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3549
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3554
    Last revised: 10/30/2011
    CVSS v2 Base Score: 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3556
    CVSS v2 Base Score: 7.5 (HIGH)

    Last edited by AplusWebMaster; 2011-11-24 at 05:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #75
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 6u30 / 7u2 released

    FYI...

    Java 6u30 / 7u2 released
    - http://www.oracle.com/technetwork/ja...s-1394870.html
    Dec. 12, 2011 - "... a notable bug fix for Java SE 6u30:
    Area: JSSE: Runtime Synopsis: REGRESSION - 6u29 -breaks- ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA . It is strongly encouraged that applications using JSSE (SSL/TLS) be upgraded to this release to have access to the latest changes that address this recent vulnerability: Under certain circumstances, Java SE 6u29* will incorrectly throw an IndexOutOfBoundsException or send an extra SSL/TLS packet..."
    * http://bugs.sun.com/bugdatabase/view...bug_id=7103725
    Related: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3389
    Last revised: 12/13/2011

    - http://www.oracle.com/technetwork/ja...s-1394228.html
    Dec. 12, 2011 - "... 7u2 does -not- add any fixes for security vulnerabilities beyond those in Java SE 7u1. Users who have Java SE 7u1 have the latest security fixes and do not need to upgrade to this release to be current on security fixes..."

    Bug Fixes... in Java SE 6u30:
    - http://www.oracle.com/technetwork/ja...s-1394936.html
    Bug Fixes... in Java SE 7u2:
    - http://www.oracle.com/technetwork/ja...s-1394661.html

    Downloads: http://www.oracle.com/technetwork/ja...ads/index.html

    JRE 6u30: http://www.oracle.com/technetwork/ja...d-1377142.html

    JRE 7u2: http://www.oracle.com/technetwork/ja...d-1377135.html
    ___

    - https://krebsonsecurity.com/2011/12/...-windows-java/
    December 13, 2011 - "... specific details of the flaws* fixed in this update..."

    * Exploitable bugs fixed in update 30
    - https://krebsonsecurity.com/wp-conte...ate30notes.txt
    http://bugs.sun.com/bugdatabase/view...bug_id=6761678
    http://bugs.sun.com/bugdatabase/view...bug_id=6670868
    http://bugs.sun.com/bugdatabase/view...bug_id=7041800
    http://bugs.sun.com/bugdatabase/view...bug_id=6682380
    http://bugs.sun.com/bugdatabase/view...bug_id=7103725

    Last edited by AplusWebMaster; 2011-12-13 at 22:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #76
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java v.6u31/v.7u3 released ...

    FYI...

    Java update advisory - Feb 2012
    - http://www.oracle.com/technetwork/to...12-366318.html
    2012-February-17 Rev 2. Replaced CVE-2011-3571 with CVE-2012-0507
    2012-February-14 Rev 1. Initial Release
    2012-February-14 - "... Affected product releases and versions:
    JDK and JRE 7 Update 2 and earlier, JDK and JRE 6 Update 30 and earlier, JDK and JRE 5.0 Update 33 and earlier, SDK and JRE 1.4.2_35 and earlier, JavaFX 2.0.2 and earlier, JavaFX...
    >> http://www.oracle.com/technetwork/ja...ads/index.html
    "... Java SE 7u3 - This release includes security fixes... Java SE 6 Update 31 - This release includes security fixes..."

    Java JRE 7u3:
    - http://www.oracle.com/technetwork/ja...d-1501631.html
    Release Notes:
    - http://www.oracle.com/technetwork/ja...s-1481928.html
    "... version number for this update release is 1.7.0_03-b04 (b05 in Windows, where "b" means "build"). The external version number is 7u3..."

    Java JRE 6u31:
    - http://www.oracle.com/technetwork/ja...d-1501637.html
    Release Notes:
    - http://www.oracle.com/technetwork/ja...s-1482342.html
    "... version number for this update release is 1.6.0_31-b04 (b05 in Windows, where "b" means "build")..."
    ___

    - http://www.securitytracker.com/id/1026687
    CVE Reference:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3563 - 6.4
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0497 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0498 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0499 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0500 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0501 - 5.0
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0502 - 6.4
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0503 - 7.5 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0504 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0505 - 7.5 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0506 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0508 - 10.0 (HIGH)
    Date: Feb 14 2012
    Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Version(s): 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior...
    The vendor's advisory is available at:
    - http://www.oracle.com/technetwork/to...12-366318.html

    - https://secunia.com/advisories/48009/
    Release Date: 2012-02-15
    Criticality level: Highly critical
    Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
    Where: From remote...
    Original Advisory:
    - http://www.oracle.com/technetwork/to...12-366318.html

    Last edited by AplusWebMaster; 2012-04-03 at 22:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #77
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Java v.6u32/v.7u4 released ...

    FYI...

    Java v.6u32/v.7u4 released
    > http://www.oracle.com/technetwork/ja...ads/index.html
    ___

    Java SE Runtime Environment 7u4 - Download
    - http://www.oracle.com/technetwork/ja...d-1591157.html
    April 26, 2012

    Release notes
    - http://www.oracle.com/technetwork/ja...s-1575007.html
    "... Bug Fixes: Java SE 7u4 does -not- add any fixes for security vulnerabilities beyond those in Java SE 7u3..."

    Bug Fixes - Java SE 7u4
    - http://www.oracle.com/technetwork/ja...s-1579555.html

    - http://h-online.com/-1562140
    27 April 2012 - "The new Java Standard Edition 7 Update 4 is the first Oracle-sponsored Java release that has been made available for Mac OS X (Lion)... Java SE 7 Update 4 can be downloaded for Macs, as well as Windows and Linux..."
    - http://www.oracle.com/technetwork/ja...s-1591156.html
    ___

    Java SE Runtime Environment 6 Update 32 - Download
    - http://www.oracle.com/technetwork/ja...s-1594646.html
    April 26, 2012

    Release notes
    - http://www.oracle.com/technetwork/ja...s-1578471.html

    Bug Fixes - Java SE 6u32
    - http://www.oracle.com/technetwork/ja...s-1579554.html

    Java 6 End of Life (EOL) Notice
    - http://www.oracle.com/technetwork/java/eol-135779.html
    After November 2012, Oracle will no longer post updates of Java SE 6 to its public download sites...
    ___

    Oracle to bring Java security fixes directly to Mac user ...
    - http://atlas.arbor.net/briefs/index#-1272909644
    Severity: Elevated Severity
    Published: Monday, April 30, 2012 16:24
    Oracle is now providing a direct version of Java to OSX users.
    Analysis: This is a positive development that will hopefully reduce OSX malware. The lag in patch time between Oracle and Apple has been a thorn in the side of security for some time and the pain of the recent Flashback trojan, the SabPub trojan, and now another OSX malware using the same Java security hole has been significant enough that users should migrate towards Oracle Java as soon as possible. Cyber criminals are aware that OSX is a viable platform for malware, and will have their eyes open for other gaps in coverage.
    Source: http://arstechnica.com/apple/news/20...dk-support.ars

    .
    Last edited by AplusWebMaster; 2012-05-01 at 21:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #78
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Oracle Java - Pre-Release Announcement - June 2012

    FYI...

    - http://www.oracle.com/technetwork/to...2-1515912.html
    "This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for June 2012, which will be released on Tuesday, June 12, 2012...
    Security vulnerabilities addressed by this Critical Patch Update affect the following products:
    JDK and JRE 7 Update 4 and earlier
    JDK and JRE 6 Update 32 and earlier
    JDK and JRE 5.0 Update 35 and earlier
    SDK and JRE 1.4.2_37 and earlier
    JavaFX 2.1 and earlier...
    This Critical Patch Update contains 14 new security fixes for Oracle Java SE. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0. The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
    Java Runtime Environment."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •