DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,158
Thanked 182 Times in 149 Posts
Default Oracle blocks security hole with quick, hot 'n' premature Java update

Oracle issues Java security update two weeks earlier than planned. From http://www.theregister.co.uk/2013/02...e_java_update/ :

Quote:
Oracle has brought forward the timetable of an upcoming Java security update by two weeks in order to block off an in-the-wild security hole.

The update, originally scheduled for 19 February, was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers".

The update covers 50 flaws, 49 of which are remotely exploitable. More than half (26) of the bunch carry the maximum Common Vulnerability Scoring System (CVSS) risk score of 10.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 5th February 2013
Ninguem Ninguem is offline
Shell Scout
 
Join Date: Jun 2011
Posts: 138
Thanked 0 Times in 0 Posts
Default

1. Even if used on a second browser, wouldn't there still be a chance of compromising a system unless Java is run from a virtual machine or space?
2. Does anyone actually test the code for vulnerabilities or do they just wait until the shit hits the fan?
3. Considering that there may be many more holes, will they look through the entire code and fix it?
__________________
No signature
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Oracle's new Java defences already bypassed J65nko News 0 29th January 2013 06:34 PM
Security Critical Java hole being exploited on a large scale J65nko News 0 29th March 2012 01:58 AM
Security Apache Traffic Server update closes important security hole J65nko News 0 27th March 2012 12:02 AM
Oracle gives 21 (new) reasons to uninstall Java J65nko News 0 18th February 2011 09:57 PM
Java 6 Update 19 closes 26 security holes J65nko News 1 31st March 2010 10:27 PM


All times are GMT. The time now is 01:02 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick