Oracle Java SE Critical Patch Update Pre-Release Announcement - October 2011
Description
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for October 2011, which will be released on Tuesday, October 18, 2011. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 20 new security vulnerability fixes, of which 6 are applicable to JRockit. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
Vulnerabilities fixed by Critical Patch Updates are scored using the standard CVSS 2.0 scoring (see Oracle's Use of CVSS Scoring). The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0.
Affected Products and Components
Security vulnerabilities addressed by this Critical Patch Update affect the following products:
Java SE
JDK and JRE 7
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
JavaFX 2.0
JRockit R28.1.4 and earlier(JDK and JRE 6 and 5.0)
Oracle Java SE Executive Summary
This Critical Patch Update contains 20 new security fixes for Oracle Java SE, of which 6 are applicable to JRockit. 19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0
http://www.oracle.co...011-443431.html
Java SE Critical Patch Update
Started by
Chachazz
, Oct 18 2011 01:42 PM
2 replies to this topic
#2
Chachazz
-
- General Admin
-
- 31,461 posts
GSF's HoneyBee
#3
Chachazz
-
- General Admin
-
- 31,461 posts
GSF's HoneyBee
Posted 19 October 2011 - 05:10 AM
Attack against TLS-protected communications
UPDATE 10.18.11:
Today, Oracle is releasing a patch update to Java SE to address this vulnerability. We recommend that users update their Java plugin to ensure that they have the latest and most secure fixes.
Windows users on auto update should start seeing the updates as early as this week. Users can also manually download the update here: http://java.com.
Apple distributes Java updates directly for OS X.
We will not be blocking vulnerable versions of Java at this time, though we will continue to monitor for incidents of this vulnerability being exploited in the wild.
Mozilla Security Blog:
https://blog.mozilla...communications/
UPDATE 10.18.11:
Today, Oracle is releasing a patch update to Java SE to address this vulnerability. We recommend that users update their Java plugin to ensure that they have the latest and most secure fixes.
Windows users on auto update should start seeing the updates as early as this week. Users can also manually download the update here: http://java.com.
Apple distributes Java updates directly for OS X.
We will not be blocking vulnerable versions of Java at this time, though we will continue to monitor for incidents of this vulnerability being exploited in the wild.
Mozilla Security Blog:
https://blog.mozilla...communications/
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
