FYI...
Java v7u5 / v6u33 released
- http://www.oracle.com/technetwork/ja...ads/index.html
June 12, 2012
- http://www.oracle.com/technetwork/to...2-1515912.html
"... contains 14 new security fixes for Oracle Java SE. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password..."
Risk Matrix
- http://www.oracle.com/technetwork/to...l#AppendixJAVA
7 Update 4 and before, 6 Update 32 and before, 5 Update 35 and before, 1.4.2_37 and before. JavaFX 2.1 and before...
Verify:
>> https://www.java.com/en/download/ins...tect=jre&try=1
Java SE 7u5 JRE
- http://www.oracle.com/technetwork/ja...s-1637588.html
Changes in 1.7.0_5
- http://www.oracle.com/technetwork/ja...s-1653274.html
Java SE 6 Update 33 JRE
- http://www.oracle.com/technetwork/ja...s-1637595.html
Changes in 1.6.0_33
- http://www.oracle.com/technetwork/ja...s-1653258.html
___
URGENT BULLETIN: All E-Business Suite End-Users...
- https://blogs.oracle.com/stevenChan/...re_auto_update
Update: June 14, 2012 - "To ensure that Java Users remain on a secure version, Windows systems that rely on auto-update will be auto-updated from JRE 6 to JRE 7. Until EBS is certified with JRE 7, EBS users should -not- rely on the windows auto-update mechanism for their client machines and should -manually- keep the JRE up to date with the latest versions of 6 on an ongoing basis..."
- http://h-online.com/-1618753
15 June 2012
___
- http://www.securitytracker.com/id/1027153
CVE Reference: CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
Jun 12 2012
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Version(s): 1.4.2_37 and prior, 5.0 Update 35 and prior, 6 Update 32 and prior, 7 Update 4 and prior...
- https://secunia.com/advisories/49472/
Release Date: 2012-06-13
Criticality level: Highly critical
Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
Original Advisory: Oracle:
http://www.oracle.com/technetwork/to...e-1515971.html