Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0092 Oracle has released critical security fixes for Java SE 19 October 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: JDK and JRE 7 JDK and JRE 6 Update 27 and earlier JDK and JRE 5.0 Update 31 and earlier SDK and JRE 1.4.2_33 and earlier JavaFX 2.0 JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0) Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2011-3561 CVE-2011-3560 CVE-2011-3558 CVE-2011-3557 CVE-2011-3556 CVE-2011-3555 CVE-2011-3554 CVE-2011-3553 CVE-2011-3552 CVE-2011-3551 CVE-2011-3550 CVE-2011-3549 CVE-2011-3548 CVE-2011-3547 CVE-2011-3546 CVE-2011-3545 CVE-2011-3544 CVE-2011-3521 CVE-2011-3516 CVE-2011-3389 Member content until: Friday, November 18 2011 Reference: ESB-2011.1052 ESB-2011.1041 ESB-2011.1033 ESB-2011.1032 ESB-2011.0979 ASB-2011.0071.2 OVERVIEW Oracle has released critical security fixes for Java SE correcting numerous vulnerabilities. [1] IMPACT Specific impacts have not been published by Oracle at this time however the following information regarding CVSS 2.0 scoring and affected products is available from the Oracle site [1]. Oracle states, "This Critical Patch Update contains 20 new security fixes across Java SE, of which 6 are applicable to JRockit." [1] The following products are affected: JDK and JRE 7 JDK and JRE 6 Update 27 and earlier JDK and JRE 5.0 Update 31 and earlier SDK and JRE 1.4.2_33 and earlier JavaFX 2.0 JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0) MITIGATION Links to the appropriate patches are available at the Oracle website. [1] REFERENCES [1] Oracle Java SE Critical Patch Update Advisory - October 2011 http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTp5DC+4yVqjM2NGpAQKSqA//fbNrpc5wKVfZJI9hLUhl9fTYrXRls8g8 0RhRlkJ89v86btK745Xed8g3jgAmqIUbTZOS3jLUOWiBH9XUSESEHgem+7J34Rxb MEGDsHZ3nnB1c2xz+dVZyNfbIC0bxioK3wA5RUUjkFokC654H+PxZ/6+w5kihjpC 8C4weIMAIDM9k0I9+ulJTOP8nB6Lgh8IJy+LRJh0D1BgZQLOvbacg8Np0DHx4nqm CqSUjIphi+sl5y2SoIsx/dRuNWZyV9fQ+yh1MNnmBUxgIz2FEbMDjHMtbZlp2Nwc iLmEYCMCndLLueaN9SE2lZcf/TyJoC+57D5dQT/6CxkfVF/JUwNENYJ0V7wkQxPa PCit9gwskGeuq73djFcUIVdgyCM9tbCj40hN6J20Ek/3HlNwmKnonmqd5WDmbcnN piaJukUQmE4ppfoDtrJ+pGQozLBHnsVhfO34NiuxjnEPLKVy4poAsSqB8OFHix70 HVg6NLOFT4/J7MM9l2bJYH4NK2oKKXwRzyd1SfH5DGmOlH1DqrrVd3wRt2PGxgKa Pk91id8FZ8Rge6dOG2QuVEiYUJpyYiJpzZLLAJzQ2uxv3Y56gY58zvsQYh3RqscB LpCGPH3nCG7Nd75IGWkeMVBZpSVIKDdR5tuKT/wGR2wdZ5kuA0OUEEfER86MznK0 OUOWTE2VA3Q= =IoLf -----END PGP SIGNATURE-----