Alert GCSA-12033 - Oracle Java Critical Patch Update for June 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12033
Data : 13 giugno 2012
Titolo : Oracle Java Critical Patch Update for June 2012
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabiilta' multiple in Oracle Java
che potrebbero essere sfruttate da malintenzionati per rivelare
informazioni potenzialmente sensibili, manipolare dati, provocare un DoS
e compromettere un sistema vulnerabile.
:: Piattaforme e Software interessati
JDK e JRE versione 7 Update 4 e precedenti
JDK e JRE versione 6 Update 32 e precedenti
JDK e JRE versione 5.0 Update 35 e precedenti
SDK e JRE versione 1.4.2_37 e precedenti
JavaFX 2.x
:: Impatto
Cross Site Scripting
Esecuzione remota di codice arbitrario
Denial of service
Manipolazione di dati
Esposizione di informazioni sensibili
Accesso al sistema
:: Soluzioni
Applicare gli aggiornamenti tramite la funzione 'Aggiornamento'
in Pannello di controllo -> Java, oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle:
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
http://www.oracle.com/technetwork/topics/security/javacpujun2012verbose-1515971.html
Secunia:
http://secunia.com/advisories/49472/
http://secunia.com/advisories/49475/
Mitre CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1726
-----BEGIN PGP SIGNATURE-----
iD8DBQFP2KU0wZxMk2USYEIRAklOAKC97S8/A/IWI/LSBTLdrccZn5z+JwCfQ0lm
hlTD6nTlSIi/fsBalxWckmc=
=T5c8
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12033
Data : 13 giugno 2012
Titolo : Oracle Java Critical Patch Update for June 2012
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabiilta' multiple in Oracle Java
che potrebbero essere sfruttate da malintenzionati per rivelare
informazioni potenzialmente sensibili, manipolare dati, provocare un DoS
e compromettere un sistema vulnerabile.
:: Piattaforme e Software interessati
JDK e JRE versione 7 Update 4 e precedenti
JDK e JRE versione 6 Update 32 e precedenti
JDK e JRE versione 5.0 Update 35 e precedenti
SDK e JRE versione 1.4.2_37 e precedenti
JavaFX 2.x
:: Impatto
Cross Site Scripting
Esecuzione remota di codice arbitrario
Denial of service
Manipolazione di dati
Esposizione di informazioni sensibili
Accesso al sistema
:: Soluzioni
Applicare gli aggiornamenti tramite la funzione 'Aggiornamento'
in Pannello di controllo -> Java, oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle:
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
http://www.oracle.com/technetwork/topics/security/javacpujun2012verbose-1515971.html
Secunia:
http://secunia.com/advisories/49472/
http://secunia.com/advisories/49475/
Mitre CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1726
-----BEGIN PGP SIGNATURE-----
iD8DBQFP2KU0wZxMk2USYEIRAklOAKC97S8/A/IWI/LSBTLdrccZn5z+JwCfQ0lm
hlTD6nTlSIi/fsBalxWckmc=
=T5c8
-----END PGP SIGNATURE-----