Re: Java problems

[Chuck Braden <j-braden () TAMU EDU>]

Everything I am reading says the most current version of 1.6  is not
vulnerable to the zero day currently being exploited. However, you got all
of 1 month before 1.6 goes End-of-life.  The initial announcement about
1.7.11 seems to indicate the vulnerabilities identified in the last week are
addressed with 1.7.11

 

http://nakedsecurity.sophos.com/2013/01/13/oracle-releases-cve-2013-0422-pat
ch-for-java/ 

So here's some good news: Oracle has been on the ball and has already come
out with a patch. Java 7 Update 11
<http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html>
fixes both CVE-2013-0422 and a second vulnerability.

 

 

I also saw a couple of links that says 1.7.11 is still vulnerable - but it
seems the existing code implemented a work around.

 

http://www.zdnet.com/security-experts-on-java-fixing-zero-day-exploit-could-
take-two-years-7000009756/

http://www.stuff.co.nz/technology/digital-living/8175388/Java-update-still-h
as-bugs-says-expert

 

 

Jimmy C Braden

Information Security Officer

AgriLife Information Technology

979-862-7254

j-braden () tamu edu

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shalla, Kevin
Sent: Monday, January 14, 2013 9:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Java problems

 

Here's a Chicago Tribune story on Java security problems:

http://www.chicagotribune.com/business/technology/chi-java-update-oracle-upd
ates-java-security-experts-say-bugs-remain-20130114,0,7822126.story

 

We use Java 6 in order to run Banner.  This article seems to suggest that
Java 6 doesn't have the problem.  People in my department have started to
ask me what to do.  What do you all think?

 

Kevin

Attachment: smime.p7s
Description: