You are here

Oracle Critical Patch Update Advisory October 2013 - Java SE 7 Update 45

CB-K13/0803, CVE-2013-5830, CVE-2013-5780, CVE-2013-5823, CVE-2013-5802,CVE-2013-5825, CVE-2013-4002

The vast majority of fixed vulnerabilities affects client installations only or tools/libraries that are either not installed (javadoc) or not used (jhat, JGSS, 2D) on Airlock.

Two other vulnerabilities (CVE-2013-5830, CVE-2013-5780) are not exploitable on Airlock since Airlock does not offer interfaces to use the vulnerable functionality. All other vulnerabilities (CVE-2013-5823, CVE-2013-5802,CVE-2013-5825, CVE-2013-4002) are related to missing security checks/limitations to mitigate denial of service in XML processing. Airlock does not depend on these security checks.


for Airlock: no action required

We strongly recommend to update all client installations of Java - or even better uninstalling Java from clients where it is not needed. Further, we recommend to update Java on back-end systems if you are using one of the affected components/libraries.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution