Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java SE 7 u11 released


  • Please log in to reply
3 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:02 AM

Posted 13 January 2013 - 05:21 PM

Java 7 update 11 has been released

rel notes for Java SE 7 u 11: http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

D/l link: http://www.oracle.com/technetwork/java/javase/downloads/index.html

Oracle Security Alert for CVE-2013-0422 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

"The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system."


Dunno if this fully patches the zero-day or not, waiting for the BC "cavalry"

Edited by Union_Thug, 13 January 2013 - 11:05 PM.


BC AdBot (Login to Remove)

 


#2 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 13 January 2013 - 07:26 PM

Here's a quote from Reuters about the "fix"..."Java security expert Adam Gowdiak, who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.

"We don't dare to tell users that it's safe to enable Java again," said Gowdiak, a researcher with Poland's Security Explorations."

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#3 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:02 AM

Posted 13 January 2013 - 08:07 PM

thanks jburd, I just saw that Reuter's article: LINK

Self-deleted content,

Edited by Union_Thug, 13 January 2013 - 11:05 PM.


#4 Union_Thug

Union_Thug

    Bleeps with the fishes...

  • Topic Starter

  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:02 AM

Posted 14 January 2013 - 09:59 AM

Confirmed Zero-Day fully patched as per Grinler,:)

Instructions/ info/links here: http://www.bleepingcomputer.com/forums/topic481702.html

Edited by Union_Thug, 14 January 2013 - 10:12 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users