Alert GCSA-13039 - Oracle Java SE Critical Patch Update Advisory - June 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-13039
Data: 20 giugno 2013
Titolo: Oracle Java SE Critical Patch Update Advisory - June 2013
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Java SE Critical Patch Update Advisory (June 2013)
che risolve 40 nuovi bug di sicurezza nei prodotti Java SE
e contiene anche un fix per il Javadoc Tool.
Un aggressore puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target,
potra' accedere o modificare dati od eseguire codice arbitrario.
:: Piattaforme e Software interessati
Java SE JDK e JRE 7 Update 21 e precedenti
Java SE JDK e JRE 6 Update 45 e precedenti
Java SE JDK e JRE 5.0 Update 45 e precedenti
Java SE JavaFX 2.2.21 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Esposizione di informazioni sensibili
Modifica di informazioni utente e di sistema
Accesso in locale come utente root
Accesso via rete come utente
:: Soluzioni
Aggiornare all'ultima versione
Java SE JDK e JRE 7 Update 25
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
Java API Documentation Updater Tool
http://www.oracle.com/technetwork/java/javase/documentation/index-jsp-135444.html
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - June 2013
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html
Apple - Java for OS X 2013-004 and Mac OS X v10.6 Update 16
http://support.apple.com/kb/HT5797
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2013-0957.html
http://rhn.redhat.com/errata/RHSA-2013-0958.html
US-CERT
http://www.us-cert.gov/ncas/alerts/TA13-169A
CERT.org Vulnerability Note
http://www.kb.cert.org/vuls/id/225657
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE_2013-2445
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRwsw3wZxMk2USYEIRAiEYAJ9LvwmjwMnzLWjwDc2PwOKkL35KGACgmdUk
4zgaB1z5kFk3ppxpObRsRmQ=
=/+jO
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-13039
Data: 20 giugno 2013
Titolo: Oracle Java SE Critical Patch Update Advisory - June 2013
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Java SE Critical Patch Update Advisory (June 2013)
che risolve 40 nuovi bug di sicurezza nei prodotti Java SE
e contiene anche un fix per il Javadoc Tool.
Un aggressore puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target,
potra' accedere o modificare dati od eseguire codice arbitrario.
:: Piattaforme e Software interessati
Java SE JDK e JRE 7 Update 21 e precedenti
Java SE JDK e JRE 6 Update 45 e precedenti
Java SE JDK e JRE 5.0 Update 45 e precedenti
Java SE JavaFX 2.2.21 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Esposizione di informazioni sensibili
Modifica di informazioni utente e di sistema
Accesso in locale come utente root
Accesso via rete come utente
:: Soluzioni
Aggiornare all'ultima versione
Java SE JDK e JRE 7 Update 25
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
Java API Documentation Updater Tool
http://www.oracle.com/technetwork/java/javase/documentation/index-jsp-135444.html
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - June 2013
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html
Apple - Java for OS X 2013-004 and Mac OS X v10.6 Update 16
http://support.apple.com/kb/HT5797
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2013-0957.html
http://rhn.redhat.com/errata/RHSA-2013-0958.html
US-CERT
http://www.us-cert.gov/ncas/alerts/TA13-169A
CERT.org Vulnerability Note
http://www.kb.cert.org/vuls/id/225657
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE_2013-2445
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFRwsw3wZxMk2USYEIRAiEYAJ9LvwmjwMnzLWjwDc2PwOKkL35KGACgmdUk
4zgaB1z5kFk3ppxpObRsRmQ=
=/+jO
-----END PGP SIGNATURE-----