dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6236
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 edit

8 recommendations

Java SE 7 update 13 / Java SE 6 update 39

Java SE 7 Update 13 Released
The full version string for this update release is 1.7.0_13-b20 (where "b" means "build") and the version number is 7u13.

Note: The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.

This release includes important security fixes. Oracle strongly recommends that all Java SE 7 users upgrade to this release.

Release notes: »www.oracle.com/technetwork/java/···884.html

For more information, see Oracle Java SE Critical Patch Update Advisory.

Download: »www.oracle.com/technetwork/java/···261.html

Also available at Java.com.



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

2 recommendations

Re: Java SE 7 Update 13 Released -

Java SE 6 Update 39

Release Notes: »www.oracle.com/technetwork/java/···886.html

This is the final update for Java 6 which has now reached End-of-life. Oracle strongly recommends that all Java SE 6 users upgrade to this release or to Java SE 7 Update 13.

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory. Oracle strongly recommends that all Java SE 6 users upgrade to this release or to Java SE 7 Update 13.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 edit

2 recommendations

reply to chachazz

Re: Java SE 7 update 13 / Java SE 6 update 39

Another one so soon?
A little surprising coming from Oracle.
Thanks!

said by Oracle.com :

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 50 new security fixes across Java SE products.

»www.oracle.com/technetwork/topic···061.html


lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2

1 recommendation

reply to chachazz

Thanks chachazz.



Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth

1 recommendation

reply to chachazz

thanks chachazz


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to chachazz

Click for full size
Click for full size
Click for full size
Now you may not be able to check at java.com to see if the installation went correctly. Oracle has a warning now when you use Fx to check.

Java Panel "About" claims I have an older version of Java 7. ???

Opera 12.13 hangs on the Java check page.

IE 10 reports successful installation of 32bit version but Microsoft says I should also install the 64bit update and that will break Java on IE 10 (at least it did for the last two updates). Microsoft says IE 10 desktop version on Win 8 is MOSTLY 64bit but not fully (whatever the heck that means) so you must install both versions of Java. That gives me a Java Panel with no way to auto check for new versions. The installations have to be done off line.

Plus, while java.com reports successful installation of the latest 32bit version on IE 10, and Win Patrol asked me about allowing it, IE 10 itself reports that I have an OLD version 7 from Jan 1 2013 when I look at IE Addons. I haven't tried to install the 64bit version yet.

I would just uninstall Java from IE but that can't be done fully.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

2 recommendations

I always use the offline installer as the offline installer never has the optional toolbar, and uninstall fully before installing the new versions (both X86 and 64-bit updates).
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to Dustyn

said by Dustyn:

Another one so soon?
A little surprising coming from Oracle.
Thanks!

said by Oracle.com :

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 50 new security fixes across Java SE products.

»www.oracle.com/technetwork/topic···061.html

Probably pressured by the media these days. :/
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to TheJoker

said by TheJoker:

I always use the offline installer as the offline installer never has the optional toolbar, and uninstall fully before installing the new versions (both X86 and 64-bit updates).

Ditto.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

2 recommendations

reply to chachazz

Updated, but Java stilled disabled. Ran JavaRa for cleanup just in case.



lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2
Reviews:
·CableOne

1 recommendation

reply to Dustyn

said by Dustyn:

said by TheJoker:

I always use the offline installer as the offline installer never has the optional toolbar, and uninstall fully before installing the new versions (both X86 and 64-bit updates).

Ditto.

Ditto +2 on the offline installer.


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

And I can't download it. Akamai is being stupid.



Madness
Like a flea circus at a dog show

join:2000-01-05
Quincy, MA
kudos:1
reply to chachazz

Should I be worried about that 13?



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

If you *must* run Java some precautions to take when updating and using Java every day.



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

A very practical work-around to the ongoing Java 'safety' dilema from our own Wildcatboy See Profile

A safer alternative to installing Java on your PC



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

Yep, read it, everyone's entitled their technical POV, as there are many others

No Java on me *sniff ...

--
Advancing Security and Transparency in Online Advertising ...


redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 recommendation

reply to chachazz

i am looking forward to seeing what the "researchers" have to say about the new version of "java".. my guess is that, while 50 security-holes supposedly were patched, with the new version, "java" still has many security-holes that weren't patched..

in one article that i read, at "h-online", it was said that oracle said that they were going to be more diligent in patching java's security-holes, however i won't believe that until i see it..



Littlem129
Premium
join:2007-05-13
White Pine, TN

1 recommendation

reply to chachazz

Thanks chachazz See Profile for the info.

I'm going to update, but I'm going to keep it disabled. Also going to check out the "safer alternative" you posted.



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

Oracle Software Security Assurance Blog
Eric P. Maurice - Director Oracle Software Security Assurance

quote:
In addition to a number of security in-depth fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities.

44 of these vulnerabilities only affect client deployment of Java (e.g., Java in Internet browsers). In other words, these vulnerabilities can only be exploited on desktops through Java Web Start applications or Java applets.

In addition, one vulnerability affects the installation process of client deployment of Java (i.e. installation of the Java Runtime Environment on desktops). Note also that this Critical Patch Update includes the fixes that were previously released through Security Alert CVE-2013-0422.

3 of the vulnerabilities fixed in this Critical Patch Update apply to client and server deployment of Java; that means that these vulnerabilities can be exploited on desktops through Java Web Start and Java applets in Browser, or in servers, by supplying malicious input to APIs in the vulnerable server components. In some instances, the exploitation scenario of this kind of bugs on servers is very improbable; for example, one of these vulnerabilities can only be exploited against a server in the unlikely scenario that the server was allowed to process image files from an untrusted source.

Finally, 2 of the vulnerabilities fixed in this Critical Patch Update only apply to server deployment of the Java Secure Socket Extension (JSSE).

Furthermore, to help mitigate the threat of malicious applets (Java exploits in internet browsers), Oracle has switched the Java security settings to high by default.

...continue reading.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by chachazz:

Oracle Software Security Assurance Blog
Eric P. Maurice - Director Oracle Software Security Assurance

quote:
In addition to a number of security in-depth fixes, the February 2013 Critical Patch Update for Java SE contains fixes for 50 security vulnerabilities.
...
Furthermore, to help mitigate the threat of malicious applets (Java exploits in internet browsers), Oracle has switched the Java security settings to high by default.

...continue reading.

I wonder how all these fixes play against the vulnerability in Java 7 update 11 revealed be security researcher Adam Gowdiak in his web posting on 27 Jan 2013, which indicated a significant vulnerability existed in Java allowing the Java Control Panel security setting to be bypassed for unsigned Java apps in a web browser. His disclosure is here: (SE-2012-01) An issue with new Java SE 7 security features...
quote:
... What we found out and what is a subject of a new security vulnerability (Issue 53) is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings described above. Our Proof of Concept code that illustrates Issue 53 has been successfully executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

Gowdisk seems to think Java can be disabled in the browser. That is not true for IE.

»Re: Feds warn PC users to disable Java
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson