You are here

Home › Oracle Critical Patch Update Advisory October 2013 - Java SE 7 Update 45

Oracle Critical Patch Update Advisory October 2013 - Java SE 7 Update 45

Submitted on 18. October 2013 - 10:09 by erwin.
Last update on 18. October 2013 - 14:33.
IDs: 
CB-K13/0803, CVE-2013-5830, CVE-2013-5780, CVE-2013-5823, CVE-2013-5802,CVE-2013-5825, CVE-2013-4002
Keywords: 
Java
Description: 

The vast majority of fixed vulnerabilities affects client installations only or tools/libraries that are either not installed (javadoc) or not used (jhat, JGSS, 2D) on Airlock.

Two other vulnerabilities (CVE-2013-5830, CVE-2013-5780) are not exploitable on Airlock since Airlock does not offer interfaces to use the vulnerable functionality. All other vulnerabilities (CVE-2013-5823, CVE-2013-5802,CVE-2013-5825, CVE-2013-4002) are related to missing security checks/limitations to mitigate denial of service in XML processing. Airlock does not depend on these security checks.

Resolution: 

for Airlock: no action required

We strongly recommend to update all client installations of Java - or even better uninstalling Java from clients where it is not needed. Further, we recommend to update Java on back-end systems if you are using one of the affected components/libraries.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution
Reference: 
Oracle Critical Patch Update Advisory - October 2013
© Ergon Informatik AG