Educause Security Discussion mailing list archives
Re: Java problems
From: Chuck Braden <j-braden () TAMU EDU>
Date: Mon, 14 Jan 2013 15:24:40 +0000
Everything I am reading says the most current version of 1.6 is not vulnerable to the zero day currently being exploited. However, you got all of 1 month before 1.6 goes End-of-life. The initial announcement about 1.7.11 seems to indicate the vulnerabilities identified in the last week are addressed with 1.7.11 http://nakedsecurity.sophos.com/2013/01/13/oracle-releases-cve-2013-0422-pat ch-for-java/ So here's some good news: Oracle has been on the ball and has already come out with a patch. Java 7 Update 11 <http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html> fixes both CVE-2013-0422 and a second vulnerability. I also saw a couple of links that says 1.7.11 is still vulnerable - but it seems the existing code implemented a work around. http://www.zdnet.com/security-experts-on-java-fixing-zero-day-exploit-could- take-two-years-7000009756/ http://www.stuff.co.nz/technology/digital-living/8175388/Java-update-still-h as-bugs-says-expert Jimmy C Braden Information Security Officer AgriLife Information Technology 979-862-7254 j-braden () tamu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shalla, Kevin Sent: Monday, January 14, 2013 9:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Java problems Here's a Chicago Tribune story on Java security problems: http://www.chicagotribune.com/business/technology/chi-java-update-oracle-upd ates-java-security-experts-say-bugs-remain-20130114,0,7822126.story We use Java 6 in order to run Banner. This article seems to suggest that Java 6 doesn't have the problem. People in my department have started to ask me what to do. What do you all think? Kevin
Attachment:
smime.p7s
Description:
Current thread:
- Java problems Shalla, Kevin (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Roger A Safian (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems Ludwig, David C. (Feb 01)
- Re: Java problems Dave Koontz (Feb 01)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Chuck Braden (Jan 14)