Alert GCSA-12065 - Oracle Java SE Critical Patch Update Advisory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12065
Data : 18 ottobre 2012
Titolo : Oracle Java SE Critical Patch Update Advisory (October 2012)
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Java Se Critical Patch Update Advisory (October 2012)
relativo a varie vulnerabilita' presenti nelle componenti del
Java JDK (Java Development Kit) e JRE (Java Runtime Environment).
Un utente remoto puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target
potra' accedere o modificare dati od eseguire codice arbitrario.
Sono in corso attacchi che sfruttano con successo
alcune delle vulnerabilita' in questione.
:: Piattaforme e Software interessati
Versione per Windows, Solaris e Linux
JDK e JRE 7 Update 7 e precedenti
JDK e JRE 6 Update 35 e precedenti
JDK e JRE 5.0 Update 36 e precedenti
SDK e JRE 1.4.2_38 e precedenti
JavaFX 2.2 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Manipulazione di dati
Esposizione di informazioni sensibili
Security Bypass
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
JDK e JRE 7 Update 9
JDK e JRE 6 Update 37
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Oracle Java SE Critical Patch Update Advisory - October 2012
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Java SE Development Kit 7 Update 9 Release Notes
http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html
Java SE Development Kit 6 Update 37 Release Notes
http://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
Securityfocus BID
http://www.securityfocus.com/bid/55501
http://www.securityfocus.com/bid/56039
http://www.securityfocus.com/bid/56043
http://www.securityfocus.com/bid/56054
http://www.securityfocus.com/bid/56057
http://www.securityfocus.com/bid/56063
http://www.securityfocus.com/bid/56076
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1384.html
https://rhn.redhat.com/errata/RHSA-2012-1385.html
https://rhn.redhat.com/errata/RHSA-2012-1386.html
-----BEGIN PGP SIGNATURE-----
iD8DBQFQgAgXwZxMk2USYEIRAh7/AJ9qX0ykpOHa1lZRYlWgxxzg/HMoVACgxCa0
F4duNDAL/hHAse9g+umY0gI=
=pu0U
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12065
Data : 18 ottobre 2012
Titolo : Oracle Java SE Critical Patch Update Advisory (October 2012)
******************************************************************
:: Descrizione del problema
Oracle ha pubblicato il Java Se Critical Patch Update Advisory (October 2012)
relativo a varie vulnerabilita' presenti nelle componenti del
Java JDK (Java Development Kit) e JRE (Java Runtime Environment).
Un utente remoto puo' creare un'applet Java artefatta o
un'applicazione Java Web Start che, una volta caricata dall'utente target
potra' accedere o modificare dati od eseguire codice arbitrario.
Sono in corso attacchi che sfruttano con successo
alcune delle vulnerabilita' in questione.
:: Piattaforme e Software interessati
Versione per Windows, Solaris e Linux
JDK e JRE 7 Update 7 e precedenti
JDK e JRE 6 Update 35 e precedenti
JDK e JRE 5.0 Update 36 e precedenti
SDK e JRE 1.4.2_38 e precedenti
JavaFX 2.2 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Manipulazione di dati
Esposizione di informazioni sensibili
Security Bypass
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
JDK e JRE 7 Update 9
JDK e JRE 6 Update 37
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Critical Patch Updates and Security Alerts
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Oracle Java SE Critical Patch Update Advisory - October 2012
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Java SE Development Kit 7 Update 9 Release Notes
http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html
Java SE Development Kit 6 Update 37 Release Notes
http://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
Securityfocus BID
http://www.securityfocus.com/bid/55501
http://www.securityfocus.com/bid/56039
http://www.securityfocus.com/bid/56043
http://www.securityfocus.com/bid/56054
http://www.securityfocus.com/bid/56057
http://www.securityfocus.com/bid/56063
http://www.securityfocus.com/bid/56076
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2012-1384.html
https://rhn.redhat.com/errata/RHSA-2012-1385.html
https://rhn.redhat.com/errata/RHSA-2012-1386.html
-----BEGIN PGP SIGNATURE-----
iD8DBQFQgAgXwZxMk2USYEIRAh7/AJ9qX0ykpOHa1lZRYlWgxxzg/HMoVACgxCa0
F4duNDAL/hHAse9g+umY0gI=
=pu0U
-----END PGP SIGNATURE-----