Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0092
Oracle has released critical security fixes for Java SE
19 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: JDK and JRE 7
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
JavaFX 2.0
JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0)
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3561 CVE-2011-3560 CVE-2011-3558
CVE-2011-3557 CVE-2011-3556 CVE-2011-3555
CVE-2011-3554 CVE-2011-3553 CVE-2011-3552
CVE-2011-3551 CVE-2011-3550 CVE-2011-3549
CVE-2011-3548 CVE-2011-3547 CVE-2011-3546
CVE-2011-3545 CVE-2011-3544 CVE-2011-3521
CVE-2011-3516 CVE-2011-3389
Member content until: Friday, November 18 2011
Reference: ESB-2011.1052
ESB-2011.1041
ESB-2011.1033
ESB-2011.1032
ESB-2011.0979
ASB-2011.0071.2
OVERVIEW
Oracle has released critical security fixes for Java SE correcting
numerous vulnerabilities. [1]
IMPACT
Specific impacts have not been published by Oracle at this time
however the following information regarding CVSS 2.0 scoring and
affected products is available from the Oracle site [1].
Oracle states, "This Critical Patch Update contains 20 new security
fixes across Java SE, of which 6 are applicable to JRockit." [1]
The following products are affected:
JDK and JRE 7
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
JavaFX 2.0
JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0)
MITIGATION
Links to the appropriate patches are available at the Oracle
website. [1]
REFERENCES
[1] Oracle Java SE Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTp5DC+4yVqjM2NGpAQKSqA//fbNrpc5wKVfZJI9hLUhl9fTYrXRls8g8
0RhRlkJ89v86btK745Xed8g3jgAmqIUbTZOS3jLUOWiBH9XUSESEHgem+7J34Rxb
MEGDsHZ3nnB1c2xz+dVZyNfbIC0bxioK3wA5RUUjkFokC654H+PxZ/6+w5kihjpC
8C4weIMAIDM9k0I9+ulJTOP8nB6Lgh8IJy+LRJh0D1BgZQLOvbacg8Np0DHx4nqm
CqSUjIphi+sl5y2SoIsx/dRuNWZyV9fQ+yh1MNnmBUxgIz2FEbMDjHMtbZlp2Nwc
iLmEYCMCndLLueaN9SE2lZcf/TyJoC+57D5dQT/6CxkfVF/JUwNENYJ0V7wkQxPa
PCit9gwskGeuq73djFcUIVdgyCM9tbCj40hN6J20Ek/3HlNwmKnonmqd5WDmbcnN
piaJukUQmE4ppfoDtrJ+pGQozLBHnsVhfO34NiuxjnEPLKVy4poAsSqB8OFHix70
HVg6NLOFT4/J7MM9l2bJYH4NK2oKKXwRzyd1SfH5DGmOlH1DqrrVd3wRt2PGxgKa
Pk91id8FZ8Rge6dOG2QuVEiYUJpyYiJpzZLLAJzQ2uxv3Y56gY58zvsQYh3RqscB
LpCGPH3nCG7Nd75IGWkeMVBZpSVIKDdR5tuKT/wGR2wdZ5kuA0OUEEfER86MznK0
OUOWTE2VA3Q=
=IoLf
-----END PGP SIGNATURE-----