Oracle Java SE Critical Patch Update Advisory - June 2013

Submitted on 20. June 2013 - 11:29 by rischi.
Last update on 20. June 2013 - 15:55.

IDs:

CB-K13/0418, CVE-2013-2457, CVE-2013-1571, CVE-2013-2467, CVE-2013-2461, CVE-2013-2407, CVE-2013-2451

Keywords:

Oracle Critical Patch Update

Description:

Oracle Java SE CPU (Critical Patch Update) contains various top-rated security fixes. Most of them are affecting client deployments of Java only. Airlock is not affected by them.

The following vulnerabilities may affect server-side installations. Airlock is not affected because the related components/libraries are not in use and therefore not installed or deactivated in Airlock.

JMX : CVE-2013-2457
Javadoc tool : CVE-2013-1571
Java installer : CVE-2013-2467
XMLsec : CVE-2013-2461
Integrate Apache Santuario: CVE-2013-2407

The following vulnerability is only local exploitable and therefore not relevant for Airlock because there are no interactive local users other than root on the system.

Networking: CVE-2013-2451

Resolution:

for Airlock: no action required

We strongly recommend to update all client installations of Java - or even better un-installing Java from clients where it is not needed. Further, we recommend to update Java on back-end systems if you are using one of the affected components/libraries.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Back-ends may be vulnerable, see resolution

Reference:

Oracle Java SE Critical Patch Update Advisory - June 2013

Main menu

Navigation

User menu

You are here

Oracle Java SE Critical Patch Update Advisory - June 2013

Main menu

Search form

Navigation

User menu

You are here

Oracle Java SE Critical Patch Update Advisory - June 2013