Saturday, April 19, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
HTC Hired Ex-Samsung Marketing Officer
Xbox One Wolrdwide Sales Cross 5 million
Samsung Works With GLOBALFOUNDRIES On 14 nm FinFET Offering
Facebook To Find Nearby Friends
Console Sales Lift AMD's First Quarter Results
LG Expands 'Second Screen' TV Ecosystem With Open-Source SDK
Amazon Announces Kindle Service For Samsung Devices
Nokia Halts Sales Of Lumia 2520 Tablet
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > New Cri...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 20, 2013
New Critical Patch For Java SE Released


Oracle has released a new update for its Java SE to deliver 5 additional fixes which could not be included when Oracle accelerated the release of its previous security update, by publishing it on February 1st instead of February 19th.

Note that since Critical Patch Updates for Java SE are cumulative, this Critical Patch Update release also includes all previously-released Java SE security fixes.

All but one of the vulnerabilities fixed today apply to client deployment of Java. This means that these 4 vulnerabilities can be exploited through Java Web Start applications on desktops and Java applets in Internet browsers.

Three of these vulnerabilities received a CVSS Base Score of 10.0 (Common Vulnerability Scoring System). These CVSS 10.0s assume that the user running the malicious Java Applet or Java Web Start application has administrator privileges (as is typical on Windows XP). However, when the user does not run with administrator privileges (as is typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", typically lowering the CVSS Base Score to 7.5 denoting that the compromise does not extend to the underlying Operating System.

The last security fix added by this updated Critical Patch Update release applies to server deployments of the Java Secure Socket Extension (JSSE). This fix is for a vulnerability commonly referred as the "Lucky Thirteen" vulnerability in SSL/TLS (CVE-2013-0169). This vulnerability has received a CVSS Base Score of 4.3.

Due to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible. IT professionals should refer to the advisory located at http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html and desktop users can install this new version from java.com or through the Java autoupdate.

Finally, Oracle plans to to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers. As a result, the company will be issuing a Critical Patch Update for Java SE on April 16, 2013 at the same time as the normally scheduled Critical Patch Update for all non-Java products. The next scheduled release dates for the Critical Patch Update for Java SE are therefore: April 16, 2013; June 18, 2013; October 15, 2013; and January 14, 2014.

Oracle has been on fire lately after vulnerabilities found on its Java software has been identified as responsible for many cyber attacks.


Previous
Next
AMD To Showcase Turbo Dock Technology For Hybrids at Mobile World Congress 2013        All News        Ubisoft, EA To Offer Their Games Through Both ORIGIN, Uplay Shop
A New Homepage For Yahoo     General Computing News      GLOBALFOUNDRIES Offers 55nm CMOS Logic Process with ARM Memory and Logic IP Support for Low Voltage

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft Retains No. 1 Spot; Oracle Moves Into No. 2 In Global Software Market
Oracle Buys Responsys For $1.5 billion
GPU Acceleration Coming to Java
IBM, Oracle, EMC To Face China Probe Over Security Concerns: report
ARM and Oracle to Optimize Java SE for Enterprise and Embedded Markets
Microsoft and Oracle Team Up On Cloud Computing
Oracle Unveils Faster Servers
New Emergency Fix Releaseed For Java zero-day Exploit Released
Oracle Buys Acme Packet
Oracle Releases Critical Patch Update for Java SE
Researcher Finds New Bug In Java
Oracle Patches Java Bugs

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .