You are here
Oracle Critical Patch Update Advisory - January 2014 - Java, Solaris
Last update on 16. January 2014 - 6:54.
The Oracle Critical Patch Update for January 2014 includes updates for several Oracle products including Solaris and Java.
Airlock is not affected by any of the listened vulnerabilities.
Java Details
The following Java vulnerabilities affect server installations of Java.
| CVE Number | Java Component | Description |
| CVE-2013-5907 | 2D | Does not affect Airlock, since Airlock is not using the Java 2D API |
| CVE-2014-0423 | Beans | Missing XML external entities restriction in the Beans component could lead to XXE attacks. Does not affect Airlock, since untrusted clients are not able to modify the XML definitions of Java Beans |
| CVE-2014-0411 | JSSE | Does not affect Airlock, since Java is not handling SSL/TLS communication on Airlock |
All other Java vulnerabilities affect Java client installations, Java deployments or Java installations in GNOME environment and are therefore not relevant for Airlock.
Solaris Details
The following vulnerabilities affect Solaris version 10
| CVE Number | Solaris Component | Description |
| CVE-2013-5876 | Kernel | Can only be exploited by having local access (shell) on Airlock. Airlock is not affected by these vulnerabilities because there are no interactive local users other than root on the system. |
| CVE-2013-5821 | RPC | |
| CVE-2013-5872 | NSCD | |
| CVE-2014-0390 | Java Web Console | Java Web Console is not installed on Airlock |
All other Solaris vulnerabilities affect Solaris version 8,9 or 11. These Solaris versions are not in use by any currently supported Airlock release.
No action required for Airlock.
It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients.