Alert GCSA-11075 - Oracle Java SE Critical Patch Update Advisory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11075
Data : 19 ottobre 2011
Titolo : Oracle Java SE Critical Patch Update Advisory (October 2011)
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Critical Patch Update Advisory (October 2011)
relativo a varie vulnerabilita' presenti nelle componenti del
Java JDK (Java Development Kit) e del JRE (Java Runtime Environment).
Un aggressore remoto puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target,
potra' accedere o modificare dati od eseguire codice arbitrario.
:: Piattaforme e Software interessati
Versione per Windows, Solaris e Linux
JDK and JRE 7
JDK and JRE 6 Update 27 e precedenti
JDK and JRE 5.0 Update 31 e precedenti
SDK and JRE 1.4.2_33 e precedenti
JavaFX 2.0
JRockit R28.1.4 e precedenti (JDK and JRE 6 and 5.0)
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Manipulazione di dati
Esposizione di informazioni sensibili
Security Bypass
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
Java SE 6 Update 29
Java SE 7u1
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Oracle Java SE Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Java SE 6 Update 29 Release Notes
http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561
Secunia
http://secunia.com/advisories/46512/
Securityfocus BID
http://www.securityfocus.com/bid/50248
http://www.securityfocus.com/bid/50246
http://www.securityfocus.com/bid/50243
http://www.securityfocus.com/bid/50242
US DOE JC3-CIRC bulletin
http://circ.jc3.doe.gov/bulletins/u-014.shtml
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2011-1380.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTp7ek/OB+SpikaiRAQIkrwP8DZw/60cfIjCLBUxJ3WRv9+kQm8JTvgpD
X17rKKwV+bBg2Gv10NK+w/Dx+GjszCDPLb+haolGsu37lF6+/oqLCvyRJKHqlaZB
+MjGZ5Z9K5fozlPoEfLZ5GaSBouD2LViGqOF62UIaPQxCsuqOGNrAKW3U3bg3vlq
LQy+fUgcdwo=
=YcVw
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11075
Data : 19 ottobre 2011
Titolo : Oracle Java SE Critical Patch Update Advisory (October 2011)
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Critical Patch Update Advisory (October 2011)
relativo a varie vulnerabilita' presenti nelle componenti del
Java JDK (Java Development Kit) e del JRE (Java Runtime Environment).
Un aggressore remoto puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target,
potra' accedere o modificare dati od eseguire codice arbitrario.
:: Piattaforme e Software interessati
Versione per Windows, Solaris e Linux
JDK and JRE 7
JDK and JRE 6 Update 27 e precedenti
JDK and JRE 5.0 Update 31 e precedenti
SDK and JRE 1.4.2_33 e precedenti
JavaFX 2.0
JRockit R28.1.4 e precedenti (JDK and JRE 6 and 5.0)
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Manipulazione di dati
Esposizione di informazioni sensibili
Security Bypass
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
Java SE 6 Update 29
Java SE 7u1
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Oracle Java SE Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Java SE 6 Update 29 Release Notes
http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3561
Secunia
http://secunia.com/advisories/46512/
Securityfocus BID
http://www.securityfocus.com/bid/50248
http://www.securityfocus.com/bid/50246
http://www.securityfocus.com/bid/50243
http://www.securityfocus.com/bid/50242
US DOE JC3-CIRC bulletin
http://circ.jc3.doe.gov/bulletins/u-014.shtml
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2011-1380.html
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTp7ek/OB+SpikaiRAQIkrwP8DZw/60cfIjCLBUxJ3WRv9+kQm8JTvgpD
X17rKKwV+bBg2Gv10NK+w/Dx+GjszCDPLb+haolGsu37lF6+/oqLCvyRJKHqlaZB
+MjGZ5Z9K5fozlPoEfLZ5GaSBouD2LViGqOF62UIaPQxCsuqOGNrAKW3U3bg3vlq
LQy+fUgcdwo=
=YcVw
-----END PGP SIGNATURE-----