copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » UNIX (all) » IRIX » ASB-2011.0092 - [Win][UNIX/Linux] Java: Reduced secu...
 

ASB-2011.0092 - [Win][UNIX/Linux] Java: Reduced security - Unknown/unspecified
Date: 19 October 2011
References: ASB-2011.0071.2  ESB-2011.0979  ESB-2011.1033  ESB-2011.1032  ESB-2011.1041  ESB-2011.1052  ESB-2011.1055  ESB-2011.1126  ESB-2011.1180  ESB-2011.1186  
ESB-2011.1194  ESB-2011.1196  ASB-2011.0120  ESB-2011.1273  ASB-2012.0003  ESB-2012.0035  ESB-2012.0044  ESB-2012.0069  ESB-2012.0081  ESB-2012.0097.2  ESB-2012.0114  
ASB-2012.0016  ESB-2012.0179  ESB-2012.0218  ESB-2012.0231  ESB-2012.0265.2  ESB-2012.0343  ESB-2012.0414  ESB-2012.0423  ESB-2012.0458  ESB-2012.0474  ESB-2012.0684  
ESB-2012.0707  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2011.0092
          Oracle has released critical security fixes for Java SE
                              19 October 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              JDK and JRE 7
                      JDK and JRE 6 Update 27 and earlier
                      JDK and JRE 5.0 Update 31 and earlier
                      SDK and JRE 1.4.2_33 and earlier
                      JavaFX 2.0
                      JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0)
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Reduced Security -- Unknown/Unspecified
Resolution:           Patch/Upgrade
CVE Names:            CVE-2011-3561 CVE-2011-3560 CVE-2011-3558
                      CVE-2011-3557 CVE-2011-3556 CVE-2011-3555
                      CVE-2011-3554 CVE-2011-3553 CVE-2011-3552
                      CVE-2011-3551 CVE-2011-3550 CVE-2011-3549
                      CVE-2011-3548 CVE-2011-3547 CVE-2011-3546
                      CVE-2011-3545 CVE-2011-3544 CVE-2011-3521
                      CVE-2011-3516 CVE-2011-3389 
Member content until: Friday, November 18 2011
Reference:            ESB-2011.1052
                      ESB-2011.1041
                      ESB-2011.1033
                      ESB-2011.1032
                      ESB-2011.0979
                      ASB-2011.0071.2

OVERVIEW

        Oracle has released critical security fixes for Java SE correcting 
        numerous vulnerabilities. [1]


IMPACT

        Specific impacts have not been published by Oracle at this time 
        however the following information regarding CVSS 2.0 scoring and 
        affected products is available from the Oracle site [1].
        
        Oracle states, "This Critical Patch Update contains 20 new security 
        fixes across Java SE, of which 6 are applicable to JRockit." [1]
        
        The following products are affected:
        
        JDK and JRE 7
        JDK and JRE 6 Update 27 and earlier
        JDK and JRE 5.0 Update 31 and earlier
        SDK and JRE 1.4.2_33 and earlier
        JavaFX 2.0
        JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0)


MITIGATION

        Links to the appropriate patches are available at the Oracle 
        website. [1]


REFERENCES

        [1] Oracle Java SE Critical Patch Update Advisory - October 2011
            http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTp5DC+4yVqjM2NGpAQKSqA//fbNrpc5wKVfZJI9hLUhl9fTYrXRls8g8
0RhRlkJ89v86btK745Xed8g3jgAmqIUbTZOS3jLUOWiBH9XUSESEHgem+7J34Rxb
MEGDsHZ3nnB1c2xz+dVZyNfbIC0bxioK3wA5RUUjkFokC654H+PxZ/6+w5kihjpC
8C4weIMAIDM9k0I9+ulJTOP8nB6Lgh8IJy+LRJh0D1BgZQLOvbacg8Np0DHx4nqm
CqSUjIphi+sl5y2SoIsx/dRuNWZyV9fQ+yh1MNnmBUxgIz2FEbMDjHMtbZlp2Nwc
iLmEYCMCndLLueaN9SE2lZcf/TyJoC+57D5dQT/6CxkfVF/JUwNENYJ0V7wkQxPa
PCit9gwskGeuq73djFcUIVdgyCM9tbCj40hN6J20Ek/3HlNwmKnonmqd5WDmbcnN
piaJukUQmE4ppfoDtrJ+pGQozLBHnsVhfO34NiuxjnEPLKVy4poAsSqB8OFHix70
HVg6NLOFT4/J7MM9l2bJYH4NK2oKKXwRzyd1SfH5DGmOlH1DqrrVd3wRt2PGxgKa
Pk91id8FZ8Rge6dOG2QuVEiYUJpyYiJpzZLLAJzQ2uxv3Y56gY58zvsQYh3RqscB
LpCGPH3nCG7Nd75IGWkeMVBZpSVIKDdR5tuKT/wGR2wdZ5kuA0OUEEfER86MznK0
OUOWTE2VA3Q=
=IoLf
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/14986