Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 47

Thread: Java JRE updates/advisories

  1. #31
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 7u67 patch released

    FYI...

    Java 7u67 patch released
    - https://blogs.oracle.com/java-platfo...pdate_67_patch
    Aug 04, 2014 - "The recent Java 7 update 65 contained an issue that prevents some Applet and Web Start applications from launching. As a result, we have released Java 7 update 67 to restore the functionality for affected users..."

    Recommended Version 7 Update 67
    - https://www.java.com/en/download/manual.jsp

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #32
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u20 released

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #33
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u25 released

    FYI...

    Java 8u25 released
    - http://www.oracle.com/technetwork/ja...ads/index.html
    Oct 14, 2014 - "This release includes important security fixes. Oracle strongly recommends that all Java SE 8 users upgrade to this release."

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-2296185.html

    Java JRE 8u25 downloads
    - http://www.oracle.com/technetwork/ja...s-2133155.html

    Java JDK 8u25 downloads
    - http://www.oracle.com/technetwork/ja...s-2133151.html

    Recommended Version 8 Update 25
    - https://www.java.com/en/download/manual.jsp

    ... if you still need to use Java at all. If not - uninstall it!
    ___

    - http://www.securitytracker.com/id/1031035
    CVE Reference: CVE-2014-0050, CVE-2014-2478, CVE-2014-4289, CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4294, CVE-2014-4295, CVE-2014-4296, CVE-2014-4297, CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-4301, CVE-2014-4310, CVE-2014-6452, CVE-2014-6453, CVE-2014-6454, CVE-2014-6455, CVE-2014-6467, CVE-2014-6483, CVE-2014-6537, CVE-2014-6538, CVE-2014-6542, CVE-2014-6544, CVE-2014-6545, CVE-2014-6546, CVE-2014-6547, CVE-2014-6560, CVE-2014-6563, CVE-2014-6513, CVE-2014-6532, CVE-2014-6503, CVE-2014-6456, CVE-2014-6562, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-4288, CVE-2014-6466, CVE-2014-6458, CVE-2014-6468, CVE-2014-6506, CVE-2014-6511, CVE-2014-6476, CVE-2014-6515, CVE-2014-6504, CVE-2014-6519, CVE-2014-6517, CVE-2014-6531, CVE-2014-6512, CVE-2014-6457, CVE-2014-6527, CVE-2014-6502, CVE-2014-6558
    Oct 15 2014
    Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system
    Fix Available: Yes Vendor Confirmed: Yes
    Description: Multiple vulnerabilities were reported in Oracle Java. A remote or local user can obtain elevated privileges on the target system. A remote user can partially access and modify data...
    Solution: The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2014.
    The vendor's advisory is available at:
    - http://www.oracle.com/technetwork/to...4-1972960.html

    >> http://www.oracle.com/technetwork/to...2962.html#JAVA

    Last edited by AplusWebMaster; 2014-10-15 at 15:23.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u31 released

    FYI...

    Java 8u31 released
    - http://www.oracle.com/technetwork/ja...s-2133151.html
    Jan 20, 2015

    Release notes
    - http://www.oracle.com/technetwork/ja...s-2389094.html

    Bug Fixes
    - http://www.oracle.com/technetwork/ja...s-2389095.html

    JRE Downloads
    - http://www.oracle.com/technetwork/ja...s-2133155.html

    Oracle Java SE Risk Matrix
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA
    Jan 20, 2015

    Recommended Version 8 Update 31
    - https://www.java.com/en/download/manual.jsp
    Jan 20, 2015

    ... -if- you still need to use Java at all. If not - uninstall it!

    - https://blogs.oracle.com/security/en...l_patch_update
    Jan 20, 2015 - "... Organizations should disable the use of all versions of SSL as they can no longer rely on SSL to ensure secure communications between systems. Customers should update their custom code to switch to a more resilient protocol (e.g., TLS 1.2). They should also expect that all versions of SSL be disabled in all Oracle software moving forward. A manual configuration change can allow Java SE clients and server endpoints, which have been updated with this Critical Patch Update, to continue to temporarily use SSL v3.0. However, Oracle strongly recommends organizations to phase out their use of SSL v3.0 as soon as possible..."

    >> https://www.ssllabs.com/ssltest/viewMyClient.html
    ___

    - http://www.securitytracker.com/id/1031580
    CVE Reference: CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437
    Jan 20 2015
    Impact: Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 5.0u75, 6u85, 7u72, 8u25 ...
    Solution: The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - January 2015.
    > http://www.oracle.com/technetwork/to...l#AppendixJAVA

    Last edited by AplusWebMaster; 2015-01-21 at 16:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #35
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u40 released

    FYI...

    Java 8u40 released
    - http://www.oracle.com/technetwork/ja...s-2133151.html
    Mar 4, 2015

    Release notes
    - http://www.oracle.com/technetwork/ja...s-2389089.html

    Downloads / JRE
    - http://www.oracle.com/technetwork/ja...s-2133155.html

    Recommended Version 8 Update 40
    - https://www.java.com/en/download/manual.jsp
    Mar 4, 2015

    ... -if- you still need to use Java at all. If not - uninstall it!
    ___

    - http://www.engadget.com/2015/03/06/java-adware-mac/
    March 6 2015 - "... For Java 8 Update 40 on Mac, the update instructions now confirm that "Oracle has partnered with companies that offer various products," including Ask .com (McAfee products have also been bundled on the PC)... the parent company of Ask .com - which also owns Tinder, OKCupid, the Daily Beast and others - paid out $883 million to partners like Oracle to distribute its toolbar and other wares..."
    > https://www.java.com/ga/images/en/mac_sponsors.jpg

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #36
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u45 released

    FYI...

    Java 8u45 released
    - http://www.oracle.com/technetwork/ja...s-2133151.html
    Apr 14, 2015

    Release notes
    - http://www.oracle.com/technetwork/ja...s-2494160.html

    Downloads / JRE
    - http://www.oracle.com/technetwork/ja...s-2133155.html

    Recommended Version 8 Update 45
    - https://www.java.com/en/download/manual.jsp
    Apr 14, 2015

    ... -if- you still need to use Java at all. If not - uninstall it!
    ___

    - http://www.securitytracker.com/id/1032120
    CVE Reference: CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492
    Apr 14 2015
    Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): Java SE 5.0u81, 6u91, 7u76, 8u40; Java FX 2.2.76...
    Solution: The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - April 2015.

    > http://www.oracle.com/technetwork/to...l#AppendixJAVA
    "... contains 14 new security fixes for Oracle Java... All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password..."
    > http://www.oracle.com/technetwork/to...5613.html#JAVA

    Last edited by AplusWebMaster; 2015-04-15 at 20:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #37
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u51 released

    FYI...

    Java 8u51 released

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-2587590.html

    Downloads / JRE
    - http://www.oracle.com/technetwork/ja...s-2133155.html

    Recommended Version 8 Update 51
    - https://www.java.com/en/download/manual.jsp
    July 14, 2015

    ... -if- you still need to use Java at all. If not - uninstall it!
    ___

    Patch Availability Table
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA
    "... contains 25 new security fixes for Oracle Java SE. 23 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password..."

    - https://blogs.oracle.com/security/en...l_patch_update
    Jul 14, 2015 - "... 25 fixes Oracle Java SE. 23 of these Java SE vulnerabilities are remotely exploitable without authentication. 16 of these Java SE fixes are for Java client-only, including one fix for the client installation of Java SE. 5 of the Java fixes are for client and server deployment. One fix is specific to the Mac platform. And 4 fixes are for JSSE client and server deployments. Please note that this Critical Patch Update also addresses a recently announced 0-day vulnerability (CVE-2015-2590), which was being reported as actively exploited in the wild..."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-2590
    Last revised: 07/16/2015
    10.0 (HIGH)
    ___

    - http://www.securitytracker.com/id/1032910
    CVE Reference: CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
    Jul 15 2015
    Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes ...
    Solution: The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - July 2015.

    Last edited by AplusWebMaster; 2015-07-17 at 21:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #38
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u65 released

    FYI...

    Java 8u65 released
    Oct 20, 2015

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-2687063.html

    Downloads / JRE
    - http://www.oracle.com/technetwork/ja...s-2133155.html

    Recommended Version 8 Update 65
    - https://www.java.com/en/download/manual.jsp

    ... -if- you still need to use Java at all. If not - uninstall it!
    ___

    Patch Availability Table
    > http://www.oracle.com/technetwork/to...l#AppendixJAVA

    - https://blogs.oracle.com/security/en...l_patch_update
    "... Oracle Java SE receives -25- new security fixes, -24- of which are remotely exploitable without authentication. The highest reported CVSS Base Score for these Java SE vulnerabilities is 10.0. -20- of the Java SE vulnerabilities only affect client deployment of Java SE (e.g., Java in the browser). The remaining 5 vulnerabilities affect client and server deployments of Java SE... remove obsolete JAVA SE versions from their desktop if they are not needed..."
    ___

    - http://www.securitytracker.com/id/1033884
    CVE Reference: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916
    Oct 20 2015
    Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u101, 7u85, 8u60; Embedded 8u51 ...
    Solution: The vendor has issued a fix as part of the October 2105 Oracle Critical Patch Update.

    Last edited by AplusWebMaster; 2015-10-22 at 14:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #39
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u71 released

    FYI...

    Java 8u71 Update Release Notes
    - http://www.oracle.com/technetwork/ja...s-2773756.html
    Jan 19, 2016

    Java SE Risk Matrix
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA

    > http://www.oracle.com/technetwork/to...7956.html#JAVA

    Recommended Version 8 Update 71
    - https://www.java.com/en/download/manual.jsp
    Jan 19, 2016

    ... -if- you still need to use Java at all. If not - uninstall it!
    ___

    - http://www.securitytracker.com/id/1034713
    CVE Reference: CVE-2015-8126, CVE-2015-8472
    Jan 19 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u105, 7u91, 8u66
    Impact: A remote user can create content that, when loaded by the target application, will execute arbitrary code on the target user's system.
    Solution: Oracle has issued a fix for Oracle Java SE as part of the January 2016 Oracle Critical Patch Update.

    - http://www.securitytracker.com/id/1034714
    CVE Reference: CVE-2015-7575
    Jan 19 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6u105, 7u91, 8u66
    Impact: A remote user can conduct hash collision forgery attacks.
    Solution: Sun has issued a fix for CVE-2015-7575 for Oracle Java SE as part of the January 2016 Oracle Critical Patch Update.

    - http://www.securitytracker.com/id/1034715
    CVE Reference: CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
    Jan 20 2016
    Impact: A remote user can obtain data on the target system.
    A remote user can modify data on the target system.
    A remote user can cause partial denial of service conditions.
    A remote user can gain elevated privileges on the target system.
    Solution: The vendor has issued a fix as part of the January 2016 Oracle Critical Patch Update.

    Last edited by AplusWebMaster; 2016-01-21 at 16:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #40
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 8u73 released

    FYI...

    Java 8u73 released
    - https://www.java.com/en/download/manual.jsp
    Recommended Version 8 Update 73
    Feb 5, 2016

    Java 8u73 Update Release Notes
    - http://www.oracle.com/technetwork/ja...s-2874654.html

    - http://www.oracle.com/technetwork/ja...ads/index.html

    - http://www.oracle.com/technetwork/to...l#AppendixJAVA
    Notes: Applies to installation of Java SE on Windows only.
    > https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-0603

    - https://blogs.oracle.com/security/en..._cve_2016_0603
    Feb 05, 2016 - "... unsuspecting user (can) be tricked into visiting a malicious web site and download files to the user's system before installing Java 6, 7 or 8... vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system..."

    - https://www.us-cert.gov/ncas/current...y-Updates-Java
    February 08, 2016

    > http://www.securitytracker.com/id/1034969
    Feb 9 2016

    ... -if- you still need to use Java at all. If not - uninstall it!

    Last edited by AplusWebMaster; 2016-02-10 at 13:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •