chachazz Premium Member join:2003-12-14 kudos:10 ·TELUS
2 edits |
chachazz
Premium Member
2013-Oct-15 2:36 am
Java SE 7u45 Security Update - Oct 15, 2013This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for October 2013, which will be released on Tuesday, October 15, 2013. Oracle Java SE Executive SummaryThis Critical Patch Update contains 51 new security fixes for Oracle Java SE. 50 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0 The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are: Java SE Java SE Embedded JavaFX JRockit Update via Control Panel > Java Java 7 Update 45 at Java.comMore information, read the Release Notes. -- Gladiator Security Forum |
|
| chachazz |
chachazz
Premium Member
2013-Oct-15 3:09 pm
|
|
| |
to chachazz
Ah, I was wondering where that Mcafee folder in Programdata was coming from. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN kudos:13 ·TekSavvy Cable
·Rogers Hi-Speed
1 edit |
to chachazz
My favorite security update.  Thanks chachazz ! Notice it placed a Start Menu item in the Programs menu. First time I've noticed this. Did this happen in previous versions? |
|
| |
to chachazz
Thank you. |
|
rfharThe World Sport, Played In Every Country Premium Member join:2001-03-26 Buicktown,Mi |
to chachazz
I have more trouble updating java than anything else. Next time I will go to the add/remove and remove all java then download the new version. Today I fumbled around at the site to do so and... Today I had Java in both the Program Files and Program Files(x86) somehow. |
|
andyross MVM join:2003-05-04 Schaumburg, IL |
to chachazz
Is there any info as to when or what version Java will refuse to run unsigned apps? I normally keep Java disabled in the browser and only enable as needed, but there are some speed test sites that require Java, and they usually are not signed (I often use myspeed.visualware.com). |
|
antdudeA Ninja Ant VIP join:2001-03-25 United State kudos:5 |
to chachazz
|
|
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8 |
to andyross
I'd like to know also. I only use Java for speed tests and they are all UNsigned. Visualware's MySpeed is one of them and the other is NDT Web100 tests. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC kudos:18 |
to antdude
Updating the software reinstates MSCONFIG item jusched.exe which sets your Java Control Panel to ping the update servers automatically - (not needed) - |
|
chachazz Premium Member join:2003-12-14 kudos:10 ·TELUS
2 edits |
to andyross
said by andyross:Is there any info as to when or what version Java will refuse to run unsigned apps? I normally keep Java disabled in the browser and only enable as needed, but there are some speed test sites that require Java, and they usually are not signed (I often use myspeed.visualware.com).
Edit: Java 7 update 25 was release where apps were required to be signed. An interesting read: Don't Sign that Applet! » www.cert.org/blogs/certc ··· let.html-- Gladiator Security Forum |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8 |
Mele20
Premium Member
2013-Oct-16 4:25 am
update 25? Is that a typo? We just got update 45 so how can update 25 be the one that will refuse to run unsigned apps? -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Phoenix22Death From Above Premium Member join:2001-12-11 SOG C&C Nrth |
to chachazz
thanks bud |
|
| |
to rfhar
said by rfhar:Today I had Java in both the Program Files and Program Files(x86) somehow. You have installed both the 32bit and 64bit versions. |
|
angussf Premium Member join:2002-01-11 Tucson, AZ kudos:4 |
to chachazz
I find it interesting that the Java SE Development Kit 7 Update 45 Release Notes mention the security baseline for Java 6 (no longer supported) is now at " 1.6.0_65" but the latest downloadable version is 1.6.0_45 (6u45). |
|
ZZZZZZZ Premium Member join:2001-05-27 PARADISE kudos:1 ·Vonage
|
to chachazz
Oracle fixes 127 vulnerabilities» feedproxy.google.com/~r/ ··· orld.phpWhy is anyone even using software from this incompetent company?-- Sarcasm is the body's natural defense against stupidity. |
|
Oregonian Premium Member join:2000-12-21 West Linn, OR ·Xfinity
|
to Dustyn
Re: Java SE 7u45 Security Update - Oct 15, 2013said by Dustyn:Notice it placed a Start Menu item in the Programs menu. First time I've noticed this. Did this happen in previous versions? Yep, got it here too. First time I have seen it. Good catch. |
|
SpHeRe31459 Premium Member join:2002-10-09 Sacramento, CA kudos:2 |
said by Oregonian:said by Dustyn:Notice it placed a Start Menu item in the Programs menu. First time I've noticed this. Did this happen in previous versions? Yep, got it here too. First time I have seen it. Good catch. FYI: They first did the Start Menu group the last version (7u40). |
|
andyross MVM join:2003-05-04 Schaumburg, IL 1 edit |
to chachazz
I just noticed that Mozilla has blacklisted 7u45 in Firefox. Anyone know what is going on? Edit: Checked the link on Mozilla, and it's deliberate. Java will ALWAYS be marked as such, even if new: » bugzilla.mozilla.org/sho ··· d=914690 |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8 |
Mele20
Premium Member
2013-Oct-20 3:09 am
Thanks for the link. The only person in the bug thread who had anything SENSIBLE say was Dave Dyer who pointed out that blocking is totally redundant (thus absurd and makes you wonder about the sanity of the Mozilla devs) because Oracle already provides a big red box warning if you try to run an unsigned applet. Plus, Oracle will be blocking unsigned applets in the future and, since I have never seen a signed applet, I can't fathom why Mozilla thought it necessary to DUPLICATE what Oracle has already done.
What I got from the bug thread was that the Mozilla devs don't even know what Oracle is doing currently. That's scary and sad.
The last post in the bug thread is from someone who says that Java cannot not now be enabled for Pogo. That's going to upset a lot of users. As for me, I am now afraid to upgrade to Fx 24 ESR as what if Mozilla's idiocy has made it impossible for me to do my speed tests? Mozilla is going to lose users with this heavy handed, completely unnecessary tactic. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
·WOW Internet and..
|
To add to what Mele says above, there's a certain irony at play here. Mozilla is all worried about Java security, while a number of us feel the same way about Mozilla with their social integration and other recent changes. Perhaps they need to get out in the real world more ... |
|
| |
to angussf
said by angussf: I find it interesting that the Java SE Development Kit 7 Update 45 Release Notes mention the security baseline for Java 6 (no longer supported) is now at "1.6.0_65" but the latest downloadable version is 1.6.0_45 (6u45). That's because 6u45 is the last public (i.e. free) release for Java 6. While Java 6 is no longer publicly supported, Java 6 updates are still available via a support contract. So that's why the newer security version for Java 6. See the Java SE Support Roadmap (» www.oracle.com/technetwo ··· 779.html) for more details. |
|