Alert GCSA-13010 - Oracle Java SE Critical Patch Update Advisory -
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-13010
Data: 04 febbraio 2013
Titolo: Oracle Java SE Critical Patch Update Advisory - February 2013
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Java SE Critical Patch Update Advisory (February 2013)
che risolve 50 nuovi bug di sicurezza nei prodotti Java SE.
Questo Critical Patch Update era programmato per il 19 di febbraio,
ma Oracle ha deciso di accelerarne il rilascio in seguito
a numerosi attacchi a browser internet che utilizzano Java.
Un utente remoto puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target,
potra' accedere o modificare dati od eseguire codice arbitrario.
:: Piattaforme e Software interessati
Versioni per Windows, Solaris e Linux
JDK e JRE 7 Update 11 e precedenti
JDK e JRE 6 Update 38 e precedenti
JDK e JRE 5.0 Update 38 e precedenti
SDK e JRE 1.4.2_40 e precedenti
JavaFX 2.2.4 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare alle ultime versioni
JDK e JRE 7 Update 13
JDK e JRE 6 Update 39
JavaFX 2.2.5
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - February 2013
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489
ISC SANS Diary
http://isc.sans.edu/diary.html?storyid=15061
US-CERT
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
-----BEGIN PGP SIGNATURE-----
iD8DBQFRD94BwZxMk2USYEIRAkhhAJ0a54A3jMDq3gvn033YL0tYUgvtrwCgu9qR
Xe361J5O3TDejZ9WaJY3G3Q=
=02bA
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-13010
Data: 04 febbraio 2013
Titolo: Oracle Java SE Critical Patch Update Advisory - February 2013
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Java SE Critical Patch Update Advisory (February 2013)
che risolve 50 nuovi bug di sicurezza nei prodotti Java SE.
Questo Critical Patch Update era programmato per il 19 di febbraio,
ma Oracle ha deciso di accelerarne il rilascio in seguito
a numerosi attacchi a browser internet che utilizzano Java.
Un utente remoto puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target,
potra' accedere o modificare dati od eseguire codice arbitrario.
:: Piattaforme e Software interessati
Versioni per Windows, Solaris e Linux
JDK e JRE 7 Update 11 e precedenti
JDK e JRE 6 Update 38 e precedenti
JDK e JRE 5.0 Update 38 e precedenti
SDK e JRE 1.4.2_40 e precedenti
JavaFX 2.2.4 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare alle ultime versioni
JDK e JRE 7 Update 13
JDK e JRE 6 Update 39
JavaFX 2.2.5
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - February 2013
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489
ISC SANS Diary
http://isc.sans.edu/diary.html?storyid=15061
US-CERT
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
-----BEGIN PGP SIGNATURE-----
iD8DBQFRD94BwZxMk2USYEIRAkhhAJ0a54A3jMDq3gvn033YL0tYUgvtrwCgu9qR
Xe361J5O3TDejZ9WaJY3G3Q=
=02bA
-----END PGP SIGNATURE-----