Oracle Security Update: US-CERT (Java etc)

Topic

New Reply

Oracle Releases Security Bulletin
https://www.us-cert.gov/ncas/current-activity/2017/07/18/Oracle-Releases-Security-Bulletin

Original release date: July 18, 2017

 
Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update (link is external) and apply the necessary updates.

 
Offline Java installers available here
Java 8u141 Checksums

1 user thanked author for this post.

ch100

Reply | Quote

Replies

Thank you.

Reply | Quote

Oracle Releases Security Bulletin
https://www.us-cert.gov/ncas/current-activity/2017/10/17/Oracle-Releases-Security-Bulletin

Original release date: October 17, 2017

 
Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the Oracle October 2017 Critical Patch Update (link is external) and apply the necessary updates.

 
Java Downloads for All Operating Systems
Recommended Version 8 Update 151
Release date October 17, 2017
 
Checksum for Java SE 8u151 binaries

1 user thanked author for this post.

Elly

Reply | Quote

An update from Oracle, a critical issue with Oracle Identity Manager:

Oracle Security Alert Advisory – CVE-2017-10151
Modification History
Date 2017-October-27
Note Rev 1. Initial Release

Description
This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability, and will be updated when patches in addition to the workaround are available.

Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert without delay.

Reply | Quote

Oracle Releases January 2018 Security Bulletin
https://www.us-cert.gov/ncas/current-activity/2018/01/16/Oracle-Releases-January-2018-Security-Bulletin

Original release date: January 16, 2018

 
Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

NCCIC/US-CERT encourages users and administrators to review the Oracle January 2018 Critical Patch Update (link is external) and apply the necessary updates.

 
Offline Java installers available here
Java 8u161 Checksums

Oracle blog: January 2018 Critical Patch Update Released

2 users thanked author for this post.

Lori, MrBrian

Reply | Quote

Some nasty vulnerabilities were fixed in VirtualBox. There a purported proof-of-concept virtual machine escape to host using CVE-2018-2698 mentioned at https://twitter.com/_niklasb/status/953604276726718465.

1 user thanked author for this post.

Kirsty

Reply | Quote

First time poster, but does this update concern the Java JDK 9 system?  I only have that installed since Minecraft needed it to do some finetuning to how it runs.  Doesn’t seem to be any updates for it when using the built in auto updater.

Reply | Quote

This is the download page for Java SE Development Kit (JDK) – the latest version is 9.0.4 (the page includes a link to the Checksum page):
http://www.oracle.com/technetwork/java/javase/downloads/jdk9-downloads-3848520.html

The January 2018 Security Advisory (linked above) shows that 9.0.1 is vulnerable.

Reply | Quote

Minecraft Doesn’t Need Java Installed Anymore; It’s Time to Uninstall Java

Reply | Quote

Thanks for the heads up, I’ll get rid of it right away.  I am on 9.0.4 as well so I was fine, can always reinstall if something I use suddenly stops working.

Reply | Quote

Java 32-bit came installed on my pc. I disabled it in my browser a while back due to security concerns. I didn’t uninstall it, as I didn’t know if it was needed for something. I haven’t noticed any problems since disabled. Is it ok to uninstall it? I’ve never used it on Windows 8.1 laptop.

Windows 7 Home Premium 64-bit SP1

Reply | Quote

Uninstalling it will do no harm. If something doesn’t work and needs it, it is free on the Java website.

1 user thanked author for this post.

Lori

Reply | Quote

Java can be used by programs other than browsers. If you uninstall it, and a program doesn’t work properly anymore, you can install it again.

1 user thanked author for this post.

Lori

Reply | Quote

Just updating a machine’s Java to jre-8u171 (released in April 17th), and was given this notice on completion:

Oracle Java SE 8 Release Updates

Public updates for Oracle Java SE 8 will remain available for individual, personal use through at least the end of 2020.

Public updates for Oracle Java SE 8 released after January 2019 will not be available for business, commercial or production use without a commercial license.

If you are a CONSUMER using Java for individual, personal use, you will continue to have the same access to Oracle Java SE 8 updates as you do today through at least the end of 2020. In most instances, the Java-based applications you run are licensed separately by a company other than Oracle (for example, games you play on your PC are likely developed by a gaming company). These applications may run on the Java platform and be dependent on Oracle Java SE 8 updates beyond 2020. Accordingly, Oracle recommends you contact your application provider for details on how they plan to continue to provide application support to you.

If you are a DEVELOPER, Oracle recommends…

 
Read the full release here

Reply | Quote

Oracle Releases July 2018 Security Bulletin
https://www.us-cert.gov/ncas/current-activity/2018/07/17/Oracle-Releases-July-2018-Security-Bulletin

Original release date: July 17, 2018

 
Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle July 2018 Critical Patch Update (link is external) and apply the necessary updates.

 
Offline Java installers available here
Java 8u181 Checksums

Reply | Quote

Oracle Releases January 2019 Security Bulletin
https://www.us-cert.gov/ncas/current-activity/2019/01/15/Oracle-Releases-January-2019-Security-Bulletin

Original release date January 15, 2019

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.

Offline Java installers available here
Java 8u201 Checksums

2 users thanked author for this post.

Kirsty, columbia2011

Reply | Quote