Date: 08 June 2011
References: ESB-2011.0608 ESB-2011.0611 ESB-2011.0640 ESB-2011.0679 ESB-2011.0729 ESB-2011.0733 ESB-2011.0740 ASB-2011.0059 ESB-2011.0762 ESB-2011.0805
ESB-2011.0849 ESB-2011.0884 ESB-2011.0912 ESB-2011.0977 ESB-2011.1090.4 ESB-2011.1270.2 ESB-2012.0423 ESB-2012.0474 ESB-2012.0682
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0047
A number of vulnerabilities have been identified in Java
8 June 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Java
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2011-0873 CVE-2011-0872 CVE-2011-0871
CVE-2011-0869 CVE-2011-0868 CVE-2011-0867
CVE-2011-0866 CVE-2011-0865 CVE-2011-0864
CVE-2011-0863 CVE-2011-0862 CVE-2011-0817
CVE-2011-0815 CVE-2011-0814 CVE-2011-0802
CVE-2011-0788 CVE-2011-0786
Member content until: Friday, July 8 2011
OVERVIEW
A number of vulnerabilities have been identified in Java prior to
version 1.6.0.26.
IMPACT
The vendor has provided the following information regarding these
vulnerabilities, which have been assigned CVE-2011-0862, CVE-2011-0873,
CVE-2011-0815, CVE-2011-0817, CVE-2011-0863, CVE-2011-0864,
CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0786,
CVE-2011-0788, CVE-2011-0866, CVE-2011-0868, CVE-2011-0872,
CVE-2011-0867, CVE-2011-0869, CVE-2011-0865:
"All of these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without the need
for a username and password." [1]
MITIGATION
The vendor recommends upgrading to the latest version of Java. [2]
REFERENCES
[1] Oracle Java SE Critical Patch Update Advisory - June 2011
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
[2] Java Downloads for All Operating Systems
http://java.com/en/download/manual.jsp
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFN7s7q/iFOrG6YcBERAkw5AJ9d3uY3bV50OcHE5Ou8MoJkNyglsACcCWxf
wPuIlCsSQHOmVnI4DTZslIY=
=9eMB
-----END PGP SIGNATURE-----
|