Educause Security Discussion mailing list archives
Re: Java problems
From: "Ludwig, David C." <dludwig () MIDDLEBURY EDU>
Date: Mon, 14 Jan 2013 15:18:32 +0000
This issues does impact only Java 7, so you should be ok with Java 6. Also this only impacts the JRE and JDK for Java 7 so your server are safe. A patch was released last night. See the attached email from Oracle. David David Ludwig Manager of Administrative Systems Library & Information Systems Middlebury College 14 Old Chapel Road Middlebury, VT 05753 Office: (802) 443-5692 Skype: Davidcludwig From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shalla, Kevin Sent: Monday, January 14, 2013 10:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Java problems Here's a Chicago Tribune story on Java security problems: http://www.chicagotribune.com/business/technology/chi-java-update-oracle-updates-java-security-experts-say-bugs-remain-20130114,0,7822126.story We use Java 6 in order to run Banner. This article seems to suggest that Java 6 doesn't have the problem. People in my department have started to ask me what to do. What do you all think? Kevin
--- Begin Message --- From: Oracle Security Alerts <reply () oracle-mail com>
Date: Sun, 13 Jan 2013 20:42:21 +0000
View<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2fdm%2f139188-wwmk10067711mpp001-oem-1896785.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3bView%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL> this message in a Web browser Oracle Corporation<http://www.oracle.com/> <http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif> <http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif> January 13, 2013 Oracle Security Alert for CVE-2013-0422 Dear Oracle Customer, Oracle Security Alert for CVE-2013-0422 was released on January 13, 2013. This Security Alert addresses security issue CVE-2013-0422 (US-CERT Alert TA13-010A) affecting Java running in web browsers on desktops. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. Oracle strongly recommends applying Security Alert fixes as soon as possible. The Security Alert Advisory is the starting point for relevant information. It includes the list of products affected, a summary of security vulnerabilities, and a pointer to obtain the latest patches. Supported products that are not listed in the "Affected Products and Versions" section of the advisory do not require new patches to be applied. Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information. The Advisory is available at the following location: Oracle Critical Patch Updates and Security Alerts: http://www.oracle.com/technetwork/topics/security/alerts-086861.html<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falerts-086861.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3bhttp%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falerts-086861.html%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL> Oracle Security Alert CVE-2013-0422: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falert-cve-2013-0422-1896849.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3bhttp%3a%2f%2fwww.oracle.com%2ftechnetwork%2ftopics%2fsecurity%2falert-cve-2013-0422-1896849.html%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL> Thank you, Customer Support of Oracle Corporation <http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif> Hardware and Software Engineered to Work Together<http://www.oracle.com/us/corporate/index.html> <http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/189995.gif> Copyright © 2013, Oracle. All rights reserved. Contact Us<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2fcorporate%2fcontact%2findex.htm&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3b%26lt%3bu%26gt%3bContact+Us%26lt%3b%2fu%26gt%3b%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL> | Legal Notices and Terms of Use<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=3-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2flegal%2findex.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3b%26lt%3bu%26gt%3bLegal+Notices+and+Terms+of+Use%26lt%3b%2fu%26gt%3b%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL> | Privacy Statement<https://gcmprm.oracle.com/ctd/lu?RID=3-3K1FHLM&CON=&PRO=3-3JZ92ES&AID=&OID=3-3JWZJCO&CID=3-3JWTU1I&COID=!%20%203-3JWZJCM&T=http%3a%2f%2fwww.oracle.com%2fus%2flegal%2fprivacy%2findex.html&TN=%26lt%3bfont+color%3d%22%23FF0000%22%26gt%3b%26lt%3bu%26gt%3bPrivacy+Statement%26lt%3b%2fu%26gt%3b%26lt%3b%2ffont%26gt%3b&RT=Clicked+On+URL> SEV100139188_LRT100138825 Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States You are receiving this communication as a result of your current relationship with Oracle Support. General marketing e-mail opt-out preferences may have been over-ridden to ensure you receive this program information. Designated Support contacts may not opt-out of receiving Oracle Critical Patch Update, System and Contract communications. However, if you believe you have received these messages in error, please contact: MOS-Privacy_US () oracle com<mailto:MOS-Privacy_US () oracle com>. Please note that opting-out of Marketing communications will not affect your receipt of this communication. You will continue to receive important business communications related to your current relationship with Oracle such as Security Updates, Event Confirmation, and Support and Service communications. <https://gcmprm.oracle.com/ctd/tmo?RID=3-3K1FHLM>
--- End Message ---
Current thread:
- Re: Java problems, (continued)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Roger A Safian (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Louis APONTE (Jan 14)
- Re: Java problems Ludwig, David C. (Feb 01)
- Re: Java problems Dave Koontz (Feb 01)
- Re: Java problems McClenon, Brady (Jan 14)
- Re: Java problems Chuck Braden (Jan 14)