CERT mailing list archives
Current Activity - US-CERT Releases Oracle Java JRE 1.7 Security Advisory
From: Current Activity <us-cert () us-cert gov>
Date: Fri, 31 Aug 2012 09:34:25 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Current Activity US-CERT Releases Oracle Java JRE 1.7 Security Advisory Original release date: Tuesday, August 28, 2012 at 4:25 pm Last revised: Tuesday, August 28, 2012 at 4:25 pm US-CERT has released Vulnerability Note VU#636312 to address a vulnerability in Oracle Java Runtime Environment (JRE) 1.7. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. US-CERT encourages users and administrators to review Vulnerability Note VU#636312. This advisory includes possible workarounds that help mitigate the risk against known attack vectors by disabling the Java plug-in. Update: Oracle has released an out-of-band patch to address this vulnerability. US-CERT encourages users and administrators to review the Oracle Security Alert for CVE-2012-4681 and apply any necessary updates to help mitigate the risk. Relevant URL(s): <http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html> <http://www.kb.cert.org/vuls/id/636312> ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/current/#oracle_java_jre_1_7 For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUEC9WXdnhE8Qi3ZhAQIEDgf+N23ScMdB/kYGcEO/0QEJqVDPbEHQyQ3L y7+Sl/l9ROzFcK0pbuIFN05sq3fPLXhtDdGSDuJT1AMyCZ4cLZFNFWCATtGj0K7a XkubYk/LuIHkR7PDlOdQVVWvuyMXIyPhNc3vHYQC6GVxpO1D6dHtAxOamERZdq0/ o7Nr0UJPRYoRrWvh1dynYdFIruRtpBeIjSq+ICJFCxuGt1dIdqqFSRgNlBC17oZG y/57yiHr76Hig6LNHVfpLCi/bRuVLLrfZPVCQ3XESgyLGI9DfdL1ObVMLl2Yu1M6 pzjowPVfY/vqaTy6uSu49o4n7m299QJf1jWN0Axy7YK4cqpr1Hd3Lg== =GCxL -----END PGP SIGNATURE-----
Current thread:
- Current Activity - US-CERT Releases Oracle Java JRE 1.7 Security Advisory Current Activity (Aug 28)
- <Possible follow-ups>
- Current Activity - US-CERT Releases Oracle Java JRE 1.7 Security Advisory Current Activity (Aug 31)