+ Post New Thread
Results 1 to 1 of 1
Downloads Thread, Oracle Java 7 Update 25 Released - 40 vulnerabilities fixed in Links, Downloads and Scripts; ...
  1. #1

    Join Date
    Feb 2007
    51.403651, -0.515458
    Thank Post
    Thanked 2,666 Times in 1,965 Posts
    Rep Power

    Oracle Java 7 Update 25 Released - 40 vulnerabilities fixed

    Update time!

    Java SE 7 Update 25
    Download (Windows: 32-bit, 64-bit / OS X: 64-bit) / Release Notes / Security Advisory

    Note. According to the release notes, this update will expire on 15th November 2013.

    Due to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible.
    Oracle today released the June 2013 Critical Patch Update for Java SE. This Critical Patch Update provides 40 new security fixes. 37 of these vulnerabilities are remotely exploitable without authentication.

    34 of the fixes brought with this Critical Patch Update address vulnerabilities that only affect client deployments. The highest CVSS Base Score for these client-only fixes is 10.0.

    4 of the vulnerabilities fixed in this Critical Patch Update can affect client and server deployments. The most severe of these vulnerabilities has received a CVSS Base Score of 7.5.

    One of the vulnerabilities fixed in this Critical patch Update affects the Java installer and can only be exploited locally.

    Finally, one of the fixes included in this Critical Patch Update affects the Javadoc tool and the documents it creates. Some HTML pages that were created by any 1.5 or later versions of the Javadoc tool are vulnerable to frame injection. This means that this vulnerability (CVE-2013-1571, also known as CERT/CC VU#225657) can only be exploited through Javadoc-generated HTML files hosted on a web server. If exploited, this vulnerability can result in granting a malicious attacker the ability to inject frames into a vulnerable web page, thus allowing the attacker to direct unsuspecting users to malicious web pages through their web browsers. This vulnerability has received a CVSS Base Score of 4.3. With the release of this Critical Patch Update, Oracle has fixed the Javadoc tool so that it doesn't produce vulnerable pages anymore, and additionally produced a utility, the “Java API Documentation Updater Tool,” to fix previously produced (and vulnerable) HTML files. More information about this vulnerability is available on the CERT/CC web site at http://www.kb.cert.org/vuls/id/225657.

    Oracle recommends that this Critical Patch Update be applied as soon as possible because it includes fixes for a number of severe vulnerabilities. Note that the vulnerabilities fixed in this Critical Patch Update affect various components and, as a result, may not affect the security posture of all Java users in the same way. (Source)

  2. 2 Thanks to Arthur:

    speckytecky (19th June 2013), ZeroHour (19th June 2013)

+ Post New Thread

Similar Threads

  1. Java Update 1.6.10 - Beware jqs.exe
    By Mr.Ben in forum Educational Software
    Replies: 2
    Last Post: 9th December 2008, 11:16 AM
  2. PyKota v1.25 Released
    By Geoff in forum *nix
    Replies: 5
    Last Post: 28th January 2007, 06:00 PM
  3. Java released under the GPL
    By CyberNerd in forum IT News
    Replies: 1
    Last Post: 13th November 2006, 09:50 AM
  4. Updating Java Runtime
    By ITWombat in forum Windows
    Replies: 3
    Last Post: 18th May 2006, 12:44 PM
  5. MS release update rollup for W2k SP4
    By Geoff in forum Windows
    Replies: 0
    Last Post: 29th June 2005, 09:23 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts