You are here

Oracle Critical Patch Update Advisory - April 2014 - Java, Solaris

IDs: 
CVE-2014-0457, CVE-2014-0453, CVE-2014-0447, CVE-2014-0442, CVE-2014-0421
Keywords: 
Oracle Critical Patch Update, CPU, Java, Solaris
Description: 

The Oracle Critical Patch Update for April 2014 includes updates for several Oracle products including Solaris and Java.

Airlock is not affected by any of the listened vulnerabilities.

The 3 Solaris vulnerabilities (CVE-2014-0447, CVE-2014-0442, CVE-2014-0421) can only be exploited by having local access (shell) on Airlock. Airlock is not affected by these vulnerabilities because there are no interactive local users other than root on the system.
Airlock is further not affected by any of the Java vulnerabilities because they affect either only client installations or Java components/classes not used by Airlock.
Resolution: 

No action required for Airlock.

It is strongly recommended to apply the Critical Patch Update for Java to all Java client installations or to disable or even un-install Java from clients.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required