Tuesday, October 21, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Google Play Music App To Follow Your Mood
Login To Google Using A USB Security Key
Toshiba Debuts New 2-in-1 Convertible PC with a 360-Degree Design
Acer Leads The Growing Chromebook Market
China Denies Apple's iCloud Hack Allegations
Samsung Galaxy KNOX Devices Approved for U.S. Government Classified Use
iPhone 6 Demand Help ARM's Growth
SK Hynix Develops High Density 16GB NVDIMM
Active Discussions
Copied dvd's say blank in computer only
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
 Home > News > General Computing > New Cri...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 20, 2013
New Critical Patch For Java SE Released


Oracle has released a new update for its Java SE to deliver 5 additional fixes which could not be included when Oracle accelerated the release of its previous security update, by publishing it on February 1st instead of February 19th.

Note that since Critical Patch Updates for Java SE are cumulative, this Critical Patch Update release also includes all previously-released Java SE security fixes.

All but one of the vulnerabilities fixed today apply to client deployment of Java. This means that these 4 vulnerabilities can be exploited through Java Web Start applications on desktops and Java applets in Internet browsers.

Three of these vulnerabilities received a CVSS Base Score of 10.0 (Common Vulnerability Scoring System). These CVSS 10.0s assume that the user running the malicious Java Applet or Java Web Start application has administrator privileges (as is typical on Windows XP). However, when the user does not run with administrator privileges (as is typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", typically lowering the CVSS Base Score to 7.5 denoting that the compromise does not extend to the underlying Operating System.

The last security fix added by this updated Critical Patch Update release applies to server deployments of the Java Secure Socket Extension (JSSE). This fix is for a vulnerability commonly referred as the "Lucky Thirteen" vulnerability in SSL/TLS (CVE-2013-0169). This vulnerability has received a CVSS Base Score of 4.3.

Due to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible. IT professionals should refer to the advisory located at http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html and desktop users can install this new version from java.com or through the Java autoupdate.

Finally, Oracle plans to to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers. As a result, the company will be issuing a Critical Patch Update for Java SE on April 16, 2013 at the same time as the normally scheduled Critical Patch Update for all non-Java products. The next scheduled release dates for the Critical Patch Update for Java SE are therefore: April 16, 2013; June 18, 2013; October 15, 2013; and January 14, 2014.

Oracle has been on fire lately after vulnerabilities found on its Java software has been identified as responsible for many cyber attacks.


Previous
Next
AMD To Showcase Turbo Dock Technology For Hybrids at Mobile World Congress 2013        All News        Ubisoft, EA To Offer Their Games Through Both ORIGIN, Uplay Shop
A New Homepage For Yahoo     General Computing News      GLOBALFOUNDRIES Offers 55nm CMOS Logic Process with ARM Memory and Logic IP Support for Low Voltage

Get RSS feed Easy Print E-Mail this Message

Related News
Oracle's Ellison Steps Down
Oracle To Buy Micros Systems
Oracle Accelerates Its Databases
Oracle Wins Appeal In Legal Battle With Google
Microsoft Retains No. 1 Spot; Oracle Moves Into No. 2 In Global Software Market
Oracle Buys Responsys For $1.5 billion
GPU Acceleration Coming to Java
IBM, Oracle, EMC To Face China Probe Over Security Concerns: report
ARM and Oracle to Optimize Java SE for Enterprise and Embedded Markets
Microsoft and Oracle Team Up On Cloud Computing
Oracle Unveils Faster Servers
New Emergency Fix Releaseed For Java zero-day Exploit Released

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .