Oracle Java 7 update 13

Door Bart van Klaveren, maandag 4 februari 2013 16:01, views: 10.344 • Feedback
Bron: Oracle, submitter: terje7601

Oracle heeft eerder dan oorspronkelijk bedoeld een update voor versie 7.0 voor zowel de developmentkit als de runtime-environment van Java Standard Edition uitgebracht. Deze update stond voor 19 februari op de planning, maar enkele van de beveiligingsproblemen die hiermee worden gedicht worden al actief misbruikt. Meer informatie over de beveiligingsproblemen kunnen op onze eigen voorpagina en in onderstaand security-bulletin worden gevonden.

February 2013 Critical Patch Update for Java SE Released

Oracle just released the February 2013 Critical Patch Update for Java SE. The original Critical Patch Update for Java SE was scheduled on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.

In addition to a number of security in-depth fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities. 44 of these vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers). In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets. In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422.

For more information:

• The advisory for the February 2013 Critical Patch Update is located here.
• More information about setting the security level in the Java client is available here.
• More information about Oracle Software Security Assurance is located here.