You are here
Oracle Critical Patch Update Advisory - October 2014 - Java, Solaris
Last update on 17. October 2014 - 13:50.
The Oracle Critical Patch Update for Oracle 2014 includes updates for several Oracle products including Solaris and Java.
Airlock is not affected by any of the listed vulnerabilities.
Most of the Java vulnerabilities affect client deployments only. The remaining vulnerabilities are not relevant for Airlock because they either can only be exploited locally (CVE-2014-6468), Components/Classes are not used by Airlock (CVE-2014-6457, CVE-2014-6558) or a theoretical exploitation of the vulnerability does not affect the security of Airlock (CVE-2014-6517, CVE-2014-6512).
Most of the Solaris vulnerabilities affect Solaris 11, which is not used by Airlock. The remaining two Solaris 10 vulnerabilities are not relevant for Airlock because CVE-2014-6508 affects iSCSI/IDM which is not used/supported by Airlock and CVE-2014-6473 affects Solaris 8/9 branded zones in Solaris 10 which are also not used by Airlock.
It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients.