Oracle Java SE Critical Patch Update Advisory - February 2013

Note: The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.


Description


A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update and Security Alert. Thus, prior Critical Patch Update and Security Alert advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to:

Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 50 new security fixes across Java SE products.

Supported Products Affected


Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.

Affected product releases and versions:

Java SE Patch Availability
JDK and JRE 7 Update 11 and earlier Java SE
JDK and JRE 6 Update 38 and earlier Java SE
JDK and JRE 5.0 Update 38 and earlier Java SE
SDK and JRE 1.4.2_40 and earlier Java SE
JavaFX 2.2.4 and earlier JavaFX


Patch Availability Table and Risk Matrix


Java SE fixes in this Update are cumulative; the latest Critical Patch Update includes all fixes from the previous Critical Patch Updates and Security Alerts (including Security Alert CVE-2013-0422).

Source and read more:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html#AppendixJAVA

0 yorum: