You are here

Oracle Java SE Critical Patch Update Advisory - June 2013

CB-K13/0418, CVE-2013-2457, CVE-2013-1571, CVE-2013-2467, CVE-2013-2461, CVE-2013-2407, CVE-2013-2451
Oracle Critical Patch Update

Oracle Java SE CPU (Critical Patch Update) contains various top-rated security fixes. Most of them are affecting client deployments of Java only. Airlock is not affected by them.

The following vulnerabilities may affect server-side installations. Airlock is not affected because the related components/libraries are not in use and therefore not installed or deactivated in Airlock.

JMX : CVE-2013-2457
Javadoc tool :  CVE-2013-1571
Java installer : CVE-2013-2467
XMLsec : CVE-2013-2461
Integrate Apache Santuario: CVE-2013-2407

The following vulnerability is only local exploitable and therefore not relevant for Airlock because there are no interactive local users other than root on the system.

Networking: CVE-2013-2451


for Airlock: no action required

We strongly recommend to update all client installations of Java - or even better un-installing Java from clients where it is not needed. Further, we recommend to update Java on back-end systems if you are using one of the affected components/libraries.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution