Educause Security Discussion mailing list archives

Re: Java problems

From: "Ludwig, David C." <dludwig () MIDDLEBURY EDU>
Date: Mon, 14 Jan 2013 15:18:32 +0000

This issues does impact only Java 7, so you should be ok with Java 6.  Also this only impacts the JRE and JDK for Java 
7 so your server are safe.

A patch was released last night.  See the attached email from Oracle.

David


David Ludwig
Manager of Administrative Systems
Library & Information Systems Middlebury College
14 Old Chapel Road
Middlebury, VT 05753
Office: (802) 443-5692
Skype: Davidcludwig

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shalla, 
Kevin
Sent: Monday, January 14, 2013 10:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Java problems

Here's a Chicago Tribune story on Java security problems:
http://www.chicagotribune.com/business/technology/chi-java-update-oracle-updates-java-security-experts-say-bugs-remain-20130114,0,7822126.story

We use Java 6 in order to run Banner.  This article seems to suggest that Java 6 doesn't have the problem.  People in 
my department have started to ask me what to do.  What do you all think?

Kevin

--- Begin Message --- From: Oracle Security Alerts <reply () oracle-mail com>
Date: Sun, 13 Jan 2013 20:42:21 +0000

View<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2fdm%2f139188-wwmk10067711mpp001-oem-1896785.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3bView%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL>
 this message in a Web browser
Oracle Corporation<http://www.oracle.com/>
 <http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif>            
<http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif>
        January 13, 2013

Oracle Security Alert for CVE-2013-0422

Dear Oracle Customer,

Oracle Security Alert for CVE-2013-0422 was released on January 13, 2013.

This Security Alert addresses security issue CVE-2013-0422 (US-CERT Alert TA13-010A) affecting Java running in web 
browsers on desktops.
The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications 
directly installed and running on servers, desktops, laptops, and other devices.

Oracle strongly recommends applying Security Alert fixes as soon as possible.

The Security Alert Advisory is the starting point for relevant information. It includes the list of products affected, 
a summary of security vulnerabilities, and a pointer to obtain the latest patches. Supported products that are not 
listed in the "Affected Products and Versions" section of the advisory do not require new patches to be applied.

Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying 
patches, as this is where you can find important pertinent information.

The Advisory is available at the following location:

Oracle Critical Patch Updates and Security Alerts:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falerts-086861.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3bhttp%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falerts-086861.html%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL>

Oracle Security Alert CVE-2013-0422:
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falert-cve-2013-0422-1896849.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3bhttp%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falert-cve-2013-0422-1896849.html%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL>


Thank you,
Customer Support of Oracle Corporation




 <http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif>  Hardware and Software 
Engineered to Work Together<http://www.oracle.com/us/corporate/index.html>          
<http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif>
Copyright © 2013, Oracle. All rights reserved.   Contact 
Us<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2fcorporate%2fcontact%2findex.htm&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3b%26lt%3bu%26gt%3bContact+Us%26lt%3b%2fu%26gt%3b%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL>
 | Legal Notices and Terms of 
Use<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2flegal%2findex.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3b%26lt%3bu%26gt%3bLegal+Notices+and+Terms+of+Use%26lt%3b%2fu%26gt%3b%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL>
 | Privacy 
Statement<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=!%20%203-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2flegal%2fprivacy%2findex.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3b%26lt%3bu%26gt%3bPrivacy+Statement%26lt%3b%2fu%26gt%3b%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL>
SEV100139188_LRT100138825

Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, 
United States

You are receiving this communication as a result of your current relationship with Oracle Support. General marketing 
e-mail opt-out preferences may have been over-ridden to ensure you receive this program information. Designated Support 
contacts may not opt-out of receiving Oracle Critical Patch Update, System and Contract communications. However, if you 
believe you have received these messages in error, please contact: MOS-Privacy_US () oracle com<mailto:MOS-Privacy_US 
() oracle com>.

Please note that opting-out of Marketing communications will not affect your receipt of this communication. You will 
continue to receive important business communications related to your current relationship with Oracle such as Security 
Updates, Event Confirmation, and Support and Service communications.

 <https://gcmprm.oracle.com/ctd/tmo?RID=3-3K1FHLM>

--- End Message ---

Current thread:

Re: Java problems, (continued)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Roger A Safian (Jan 14)
  - Re: Java problems McClenon, Brady (Jan 14)
    - Re: Java problems Louis APONTE (Jan 14)
    - Re: Java problems McClenon, Brady (Jan 14)
    - Re: Java problems Louis APONTE (Jan 14)
    - Re: Java problems Ludwig, David C. (Feb 01)
    - Re: Java problems Dave Koontz (Feb 01)
- Re: Java problems Chuck Braden (Jan 14)
  - Re: Java problems Chuck Braden (Jan 14)
- Re: Java problems Ludwig, David C. (Jan 14)
- Re: Java problems Kevin Halgren (Jan 14)