Jump to content


Photo

Java JRE updates/advisories


  • Please log in to reply
56 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 14 July 2015 - 05:23 PM

FYI...

Java 8u51 released

Release Notes
- http://www.oracle.co...es-2587590.html

Downloads / JRE
- http://www.oracle.co...ds-2133155.html

Recommended Version 8 Update 51
- https://www.java.com...load/manual.jsp
July 14, 2015

... -if- you still need to use Java at all. If not - uninstall it!
___

Patch Availability Table
- http://www.oracle.co...ml#AppendixJAVA
"... contains 25 new security fixes for Oracle Java SE.  23 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password..."

https://blogs.oracle...al_patch_update
Jul 14, 2015 - "... 25 fixes Oracle Java SE. 23 of these Java SE vulnerabilities are remotely exploitable without authentication. 16 of these Java SE fixes are for Java client-only, including one fix for the client installation of Java SE. 5 of the Java fixes are for client and server deployment. One fix is specific to the Mac platform. And 4 fixes are for JSSE client and server deployments. Please note that this Critical Patch Update also addresses a recently announced 0-day vulnerability (CVE-2015-2590), which was being reported as actively exploited in the wild..."

 

- https://web.nvd.nist...d=CVE-2015-2590
Last revised: 07/16/2015
10.0 (HIGH)
___

- http://www.securityt....com/id/1032910
CVE Reference: CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
Jul 15 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - July 2015.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 17 July 2015 - 01:55 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 20 October 2015 - 03:56 PM

FYI...

Java 8u65 released
Oct 20, 2015

Release Notes
- http://www.oracle.co...es-2687063.html

Downloads / JRE
- http://www.oracle.co...ds-2133155.html

Recommended Version 8 Update 65
- https://www.java.com...load/manual.jsp

... -if- you still need to use Java at all. If not - uninstall it!
___

Patch Availability Table
> http://www.oracle.co...ml#AppendixJAVA

- https://blogs.oracle...al_patch_update
"... Oracle Java SE receives -25- new security fixes, -24- of which are remotely exploitable without authentication. The highest reported CVSS Base Score for these Java SE vulnerabilities is 10.0. -20- of the Java SE vulnerabilities only affect client deployment of Java SE (e.g., Java in the browser). The remaining 5 vulnerabilities affect client and server deployments of Java SE... remove obsolete JAVA SE versions from their desktop if they are not needed..."
___

- http://www.securityt....com/id/1033884
CVE Reference: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916
Oct 20 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u101, 7u85, 8u60; Embedded 8u51 ...
Solution: The vendor has issued a fix as part of the October 2105 Oracle Critical Patch Update.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 22 October 2015 - 06:49 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 19 January 2016 - 08:08 PM

FYI...

Java 8u71 Update Release Notes
- http://www.oracle.co...es-2773756.html
Jan 19, 2016

Java SE Risk Matrix
- http://www.oracle.co...ml#AppendixJAVA

> http://www.oracle.co...67956.html#JAVA

Recommended Version 8 Update 71
- https://www.java.com...load/manual.jsp
Jan 19, 2016

... -if- you still need to use Java at all. If not - uninstall it!
___

- http://www.securityt....com/id/1034713
CVE Reference: CVE-2015-8126, CVE-2015-8472
Jan 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u105, 7u91, 8u66
Impact: A remote user can create content that, when loaded by the target application, will execute arbitrary code on the target user's system.
Solution: Oracle has issued a fix for Oracle Java SE as part of the January 2016 Oracle Critical Patch Update.

- http://www.securityt....com/id/1034714
CVE Reference: CVE-2015-7575
Jan 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u105, 7u91, 8u66
Impact: A remote user can conduct hash collision forgery attacks.
Solution: Sun has issued a fix for CVE-2015-7575 for Oracle Java SE as part of the January 2016 Oracle Critical Patch Update.

- http://www.securityt....com/id/1034715
CVE Reference: CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
Jan 20 2016
Impact: A remote user can obtain data on the target system.
A remote user can modify data on the target system.
A remote user can cause partial denial of service conditions.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix as part of the January 2016 Oracle Critical Patch Update.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 January 2016 - 09:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 07 February 2016 - 07:33 AM

FYI...

Java 8u73 released
- https://www.java.com...load/manual.jsp
Recommended Version 8 Update 73
Feb 5, 2016

Java 8u73 Update Release Notes
- http://www.oracle.co...es-2874654.html

- http://www.oracle.co...oads/index.html

- http://www.oracle.co...ml#AppendixJAVA
Notes: Applies to installation of Java SE on Windows only.
> https://web.nvd.nist...d=CVE-2016-0603

- https://blogs.oracle...t_cve_2016_0603
Feb 05, 2016 - "... unsuspecting user (can) be tricked into visiting a malicious web site and download files to the user's system before installing Java 6, 7 or 8... vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system..."

- https://www.us-cert....ty-Updates-Java
February 08, 2016

> http://www.securityt....com/id/1034969
Feb 9 2016

... -if- you still need to use Java at all. If not - uninstall it!
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 10 February 2016 - 06:51 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 23 March 2016 - 06:41 PM

FYI...

Java 8u77 released
- https://www.java.com...load/manual.jsp
Recommended Version 8 Update 77
March 23, 2016

Release Notes
- http://www.oracle.co...es-2944725.html
"... This JRE (version 8u77) will expire with the release of the next critical patch update scheduled for April 19, 2016..."

> http://www.oracle.co...oads/index.html

- https://blogs.oracle...t_cve_2016_0636
Mar 23, 2016 - "Oracle released Security Alert CVE-2016-0636* to address a vulnerability affecting Java SE in web browsers on desktops. This vulnerability has received a CVSS Base Score of 9.3 and is remotely exploitable without authentication. A successful exploitation of this vulnerability would typically require an unsuspecting user running an affected version of Java SE to visit a malicious web site. Oracle recommends customers apply this Security Alert as soon as possible..."
> https://web.nvd.nist...d=CVE-2016-0636

* http://www.oracle.co...ml#AppendixJAVA

... -if- you still need to use Java at all. If not - uninstall it!
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 25 March 2016 - 01:17 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 19 April 2016 - 04:14 PM

FYI...

Java 8u91 released
- https://www.java.com...load/manual.jsp
April 19, 2016

Bug Fixes
- http://www.oracle.co...es-2949464.html

Risk Matrix for Oracle Java SE
- http://www.oracle.co...81709.html#JAVA

Oracle Security Alert for CVE-2016-0636
- http://www.oracle.co...36-2949497.html
"This Security Alert addresses CVE-2016-0636, a vulnerability affecting Java SE running in web browsers on desktops... This vulnerability may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible..."

- https://web.nvd.nist...d=CVE-2016-0636
Last revised: 04/12/2016
9.3 HIGH

- http://www.securityt....com/id/1035596
CVE Reference: CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
Apr 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u113, 7u99, 8u77...
Impact: A remote user can obtain data on the target system.
A remote user can gain elevated privileges on the target system.
Solution: Oracle has issued a fix as part of the April 2016 Oracle Critical Patch Update...

... -if- you still need to use Java at all. If not - uninstall it!
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 April 2016 - 01:44 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,391 posts

Posted 20 July 2016 - 05:51 AM

FYI...

Java 8 Update 101 released
- https://www.java.com...load/manual.jsp
Recommended Version 8 Update 101
July 19, 2016

Release Notes
- http://www.oracle.co...es-3021761.html

Risk Matrix
- http://www.oracle.co...81721.html#JAVA

- http://www.securityt....com/id/1036365
CVE Reference: CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
Jul 19 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u115, 7u101, 8u92 ...
Impact: A remote user can obtain and modify data on the target system.
A remote user can cause denial of service conditions.
A remote or local user can obtain elevated privileges on the target system.
A local user can modify data on the target system.
Solution: The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update (8 Update 101)...
___

- https://blog.qualys....al-patch-update
July 19, 2016 - "... patches for Java SE fix 13 security issues out of which 9 can be compromised remotely over the network..."

... -if- you still need to use Java at all. If not - uninstall it!
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 July 2016 - 12:41 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button