Page 5 of 5 FirstFirst 12345
Results 41 to 47 of 47

Thread: Java JRE updates/advisories

  1. #41
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u77 released

    FYI...

    Java 8u77 released
    - https://www.java.com/en/download/manual.jsp
    Recommended Version 8 Update 77
    March 23, 2016

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-2944725.html
    "... This JRE (version 8u77) will expire with the release of the next critical patch update scheduled for April 19, 2016..."

    > http://www.oracle.com/technetwork/ja...ads/index.html

    - https://blogs.oracle.com/security/en..._cve_2016_0636
    Mar 23, 2016 - "Oracle released Security Alert CVE-2016-0636* to address a vulnerability affecting Java SE in web browsers on desktops. This vulnerability has received a CVSS Base Score of 9.3 and is remotely exploitable without authentication. A successful exploitation of this vulnerability would typically require an unsuspecting user running an affected version of Java SE to visit a malicious web site. Oracle recommends customers apply this Security Alert as soon as possible..."
    > https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-0636

    * http://www.oracle.com/technetwork/to...l#AppendixJAVA

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2016-03-25 at 20:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #42
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u91 released

    FYI...

    Java 8u91 released
    - https://www.java.com/en/download/manual.jsp
    April 19, 2016

    Bug Fixes
    - http://www.oracle.com/technetwork/ja...s-2949464.html

    Risk Matrix for Oracle Java SE
    - http://www.oracle.com/technetwork/to...1709.html#JAVA

    Oracle Security Alert for CVE-2016-0636
    - http://www.oracle.com/technetwork/to...6-2949497.html
    "This Security Alert addresses CVE-2016-0636, a vulnerability affecting Java SE running in web browsers on desktops... This vulnerability may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible..."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-0636
    Last revised: 04/12/2016
    9.3 HIGH

    - http://www.securitytracker.com/id/1035596
    CVE Reference: CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
    Apr 19 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u113, 7u99, 8u77...
    Impact: A remote user can obtain data on the target system.
    A remote user can gain elevated privileges on the target system.
    Solution: Oracle has issued a fix as part of the April 2016 Oracle Critical Patch Update...

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2016-04-20 at 21:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #43
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8 Update 101 released

    FYI...

    Java 8 Update 101 released
    - https://www.java.com/en/download/manual.jsp
    Recommended Version 8 Update 101
    July 19, 2016

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-3021761.html

    Risk Matrix
    - http://www.oracle.com/technetwork/to...1721.html#JAVA

    - http://www.securitytracker.com/id/1036365
    CVE Reference: CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
    Jul 19 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u115, 7u101, 8u92 ...
    Impact: A remote user can obtain and modify data on the target system.
    A remote user can cause denial of service conditions.
    A remote or local user can obtain elevated privileges on the target system.
    A local user can modify data on the target system.
    Solution: The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update (8 Update 101)...
    ___

    - https://blog.qualys.com/laws-of-vuln...l-patch-update
    July 19, 2016 - "... patches for Java SE fix 13 security issues out of which 9 can be compromised remotely over the network..."

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2016-07-20 at 20:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #44
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8 Update 111 released

    FYI...

    Java 8 Update 111 released
    - https://www.java.com/en/download/manual.jsp
    Oct 18, 2016

    - https://www.java.com/en/download/faq...erversions.xml
    "... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk..."
    ___

    - http://www.oracle.com/technetwork/se...l#AppendixJAVA

    - http://www.securitytracker.com/id/1037040
    CVE Reference: CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
    Oct 18 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101 ...
    Impact: A remote user can obtain data on the target system.
    A remote user can partially modify data on the target system.
    A remote user can gain elevated privileges on the target system.
    Solution: The vendor has issued a fix as part of the October 2016 Oracle Critical Patch Update.
    The vendor's advisory is available at:
    - http://www.oracle.com/technetwork/se...l#AppendixJAVA

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2016-10-20 at 16:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #45
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8 Update 121 released

    FYI...

    Java 8 Update 121 released
    - https://www.java.com/en/download/manual.jsp
    Jan 17, 2017

    8u121 Update Release Notes
    - http://www.oracle.com/technetwork/ja...s-3315208.html
    Jan 17, 2017

    - https://www.java.com/en/download/faq...erversions.xml
    "... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk..."
    ___

    - http://www.securitytracker.com/id/1037637
    CVE Reference: CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3260, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289
    Jan 19 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u131, 7u121, 8u112 ...
    Impact: A remote user can obtain data on the target system.
    A remote user can modify data on the target system.
    A remote user can cause denial of service conditions.
    A remote user can gain elevated privileges on the target system.
    Solution: The vendor has issued a fix as part of the January 2017 Oracle Critical Patch Update (8 Update 121)...
    ___

    - https://blog.qualys.com/laws-of-vuln...ulnerabilities
    Jan 17, 2017 - "... Java: This Critical Patch Update contains -17- new security fixes for Oracle Java SE. Sixteen (16) of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network -without- requiring user credentials. We recommend that organizations patch as soon as possible..."

    Java SE Risk Matrix
    - http://www.oracle.com/technetwork/se...l#AppendixJAVA

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2017-01-21 at 15:02.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #46
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8 Update 131 released

    FYI...

    Java 8 Update 131 released
    - https://www.java.com/en/download/manual.jsp
    April 18, 2017

    Text Form - Risk Matrix for Oracle Java SE
    - http://www.oracle.com/technetwork/se...6619.html#JAVA

    - https://www.java.com/en/download/faq...erversions.xml
    "... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk. Uninstalling older versions of Java from your system ensures that Java applications will run with the latest security and performance improvements on your system..."

    ... -if- you still need to use Java at all. If not - uninstall it!
    ___

    - http://www.securitytracker.com/id/1038286
    CVE Reference: CVE-2017-3509, CVE-2017-3511, CVE-2017-3512, CVE-2017-3514, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
    Apr 19 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u141, 7u131, 8u121 ...
    Impact: A remote user can obtain data on the target system.
    A remote user can modify data on the target system.
    A remote user can cause denial of service conditions.
    A local user can obtain elevated privileges on the target system.
    A remote user can gain elevated privileges on the target system.
    Solution: The vendor has issued a fix (8 Update 131) as part of the April 2017 Oracle Critical Patch Update.

    Last edited by AplusWebMaster; 2017-04-19 at 12:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #47
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8 u144 released

    FYI...

    End of Public Updates for Oracle JDK 8
    > http://www.oracle.com/technetwork/java/eol-135779.html
    Sep 12, 2017 - "... Oracle will not post further updates of Java SE 8 to its public download sites for commercial use after September 2018. Customers who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions can get long term support through Oracle Java SE Advanced, Oracle Java SE Advanced Desktop, or Oracle Java SE Suite. All other users are recommended to upgrade to the latest major releases of the Oracle JDK or OpenJDK.
    Oracle does -not- plan to migrate desktops from Java 8 to Java 9 through the auto update feature. Instead of relying on a pre-installed standalone JRE, we will begin encouraging application developers to deliver JREs with their applications. More details will be made available through early 2018...
    Long Term Support...
    ** Java SE 9 will be a short term release, and users should immediately transition to the next release (18.3) when available.
    *** Oracle has proposed a new version scheme (YY.M) starting in March, 2018. Java SE 18.3 will be a short term release and users should transition to the next release when available."
    ___

    Java 8 u144 released
    - https://www.java.com/en/download/manual.jsp
    July 26, 2017

    Blog: https://blogs.oracle.com/thejavatuto...8u144-released
    July 26, 2017 - "... This is an out-of-cycle patch release to address a -regression- reported in Java WebStart. You can download the latest JDK releases from the Java SE Downloads page*. Oracle strongly recommends that all Java SE users upgrade to these releases..."
    * http://www.oracle.com/technetwork/ja...ads/index.html

    Remove Older Versions: Java Uninstall tool:
    - https://www.java.com/en/download/uninstalltool.jsp
    "Out-of-date versions of Java on your computer may present a serious security risk. If out-of-date versions are found, this tool will help you remove them..."

    Release notes: http://www.oracle.com/technetwork/ja...s-3838694.html

    Bug Fixes: http://www.oracle.com/technetwork/ja...s-3839149.html
    ____

    Java 8 Update 141 released
    - https://www.java.com/en/download/manual.jsp
    July 18, 2017

    Text Form of Risk Matrix for Oracle Java SE
    - http://www.oracle.com/technetwork/se...6625.html#JAVA

    - http://www.oracle.com/technetwork/se...l#AppendixJAVA
    "This Critical Patch Update contains -32- new security fixes for Oracle Java SE. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials..."

    - http://www.securitytracker.com/id/1038931
    CVE Reference: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10104, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10145, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
    Jul 18 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6 Update 151, 7 Update 141, 8 Update 131 ...
    Impact: A remote user can obtain data on the target system.
    A remote user can modify data on the target system.
    A remote user can cause denial of service conditions.
    A local user can obtain elevated privileges on the target system.
    A remote user can gain elevated privileges on the target system.
    Solution: The vendor has issued a fix as part of the July 2017 Oracle Critical Patch Update (8 Update 141)...

    - https://java.com/en/download/help/firefox_java.xml
    Browser(s) Firefox
    Java version(s): 7.0, 8.0
    "Mozilla offers an Extended Support Release (ESR) version of Firefox specifically for use by organizations who need extended support for mass deployments. Only Mozilla Firefox 52 ESR 32-bit release will continue offering support for the standards-based plugin support technology required to launch Java Applets. To see if you are using an ESR release, check the Firefox menu item (Help -> About) and looking for the "ESR" identifier."
    ___

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2017-09-23 at 17:24.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •