You are here
Oracle Critical Patch Update Advisory - April 2013
Last update on 22. April 2013 - 8:50.
The Oracle Critical Patch Update for April 2013 includes updates for several Oracle products, including Java and Solaris.
Java Vulnerabilities
Most of the vulnerabilities affect only client-side installations of Java, e.g. Java in web browsers. The following two vulnerabilities affect server-side installations:
- CVE-2013-1537: Java RMI is used Airlock internally only and is not accessible for remote users.
- CVE-2013-2415: The JAX-WS Java API is used by Airlock. The API may create temporary files with insecure file permissions. The vulnerability does not affect Airlock, since the file system of Airlock is not accessible for untrusted users.
Solaris Vulnerabilities
Most of the vulnerabilities can only be exploited by having local access (Shell) on Airlock. Airlock is not affected by these vulnerabilities because there are no interactive local users other than root on the system. The following two vulnerabilities are potentially remotely exploitable but do also not affect Airlock because the affected service is not used on Airlock:
- CVE-2013-0405: NFS is not used by Airlock.
- CVE-2013-0406: IPSec is not used by Airlock.
No action required for Airlock.
It is strongly recommended to apply the Java update to all client installations, or better to disable or even un-install Java from clients.