CERT mailing list archives

Current Activity - US-CERT Releases Oracle Java JRE 1.7 Security Advisory

From: Current Activity <us-cert () us-cert gov>
Date: Fri, 31 Aug 2012 09:34:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Awareness System

US-CERT Current Activity
US-CERT Releases Oracle Java JRE 1.7 Security Advisory

Original release date: Tuesday, August 28, 2012 at 4:25 pm
Last revised: Tuesday, August 28, 2012 at 4:25 pm

US-CERT has released Vulnerability Note VU#636312 to address a
vulnerability in Oracle Java Runtime Environment (JRE) 1.7. This
vulnerability may allow an attacker to execute arbitrary code on a
vulnerable system.

US-CERT encourages users and administrators to review Vulnerability Note
VU#636312. This advisory includes possible workarounds that help
mitigate the risk against known attack vectors by disabling the Java
plug-in.

Update: Oracle has released an out-of-band patch to address this
vulnerability. US-CERT encourages users and administrators to review the
Oracle Security Alert for CVE-2012-4681 and apply any necessary updates
to help mitigate the risk.

Relevant URL(s):
<http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html>

<http://www.kb.cert.org/vuls/id/636312>


____________________________________________________________________

   Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/current/#oracle_java_jre_1_7

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUEC9WXdnhE8Qi3ZhAQIEDgf+N23ScMdB/kYGcEO/0QEJqVDPbEHQyQ3L
y7+Sl/l9ROzFcK0pbuIFN05sq3fPLXhtDdGSDuJT1AMyCZ4cLZFNFWCATtGj0K7a
XkubYk/LuIHkR7PDlOdQVVWvuyMXIyPhNc3vHYQC6GVxpO1D6dHtAxOamERZdq0/
o7Nr0UJPRYoRrWvh1dynYdFIruRtpBeIjSq+ICJFCxuGt1dIdqqFSRgNlBC17oZG
y/57yiHr76Hig6LNHVfpLCi/bRuVLLrfZPVCQ3XESgyLGI9DfdL1ObVMLl2Yu1M6
pzjowPVfY/vqaTy6uSu49o4n7m299QJf1jWN0Axy7YK4cqpr1Hd3Lg==
=GCxL
-----END PGP SIGNATURE-----

Current thread:

Current Activity - US-CERT Releases Oracle Java JRE 1.7 Security Advisory Current Activity (Aug 28)
- <Possible follow-ups>
- Current Activity - US-CERT Releases Oracle Java JRE 1.7 Security Advisory Current Activity (Aug 31)