-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0019 Title: Oracle Java SE Critical Patch Update Advisory - February 2013 [1] Version history: 05.02.2013 Initial publication Summary ======= The original Critical Patch Update for Java SE - February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update. Several vulnerabilities addressed in this Critical Patch Update affect multiple products. Each vulnerability is identified by a CVE# which is a unique identifier for a vulnerability The most critical include: CVE-2013-0437, CVE-2013-1478, CVE-2013-0442, CVE-2013-0445, CVE-2013-1480, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2012-1541, CVE-2013-0446, CVE-2012-3342, CVE-2013-0450, CVE-2013-1479, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2012-3213, CVE-2013-1481, CVE-2013-0436, CVE-2013-0439, CVE-2013-0447, CVE-2013-1472, CVE-2012-4301, CVE-2013-1477, CVE-2013-1482, CVE-2013-1483 [2] CVSS Base Score (of the most critical ones) CVSS v2 Base Score: 10.0 (CRITICAL) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [3] Affected Products and Versions: ============================== Oracle Java SE Critical Patch Update Advisory - February 2013 ============================================================ JDK and JRE 7 Update 11 and earlier JDK and JRE 6 Update 38 and earlier JDK and JRE 5.0 Update 38 and earlier SDK and JRE 1.4.2_40 and earlier JavaFX 2.2.4 and earlier What can you do? ================ Deploy the updated versions of the software [1]. What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html [2] http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html#AppendixJAVA [3] http://www.first.org/cvss/cvss-guide.html Best regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJREPHcAAoJEPpzpNLI8SVomf0P/RdOPgKdvVXTXH9VBfXdftDG Vc4gSVVei++mMjVIk+Uh8jxI8Aib/f97pHZgFw/TZQJY3nrd0c50Nb8Gj1cKaN/J gA8bHoFFxoAOjrWF8VmBLkROFvrZ66xTMnDWIDlAcTuDP3L8THBX5w6lRhx8z06n DqFxQSE+lQrPGVSzTUI2cMVuyVfYjULtGeHk/nJ4QaBMROFE6x2Mzlxg5dYSCJzh hxDiEVO0nsAMscUAzIKltxjfObj/lneeEk01Z2wTEj4+94p4IpXg1POSyzhjo3g1 qAgrtiQKLupHhLH6gV8QpsZgu6423pubpGY8bGpvklW64cxeQYZm6dWVnnwn5ci0 XM76LjOq6xPUFfsz1LTnmRYmeqk9fSMWvYW6B+ulGj417b7J5rZd8Cws+KnumKEb eCiORwTowhFxAddBSha1qlzkKBe2xUXTjwzZrgFGZ8M+Ctlrfc8fnyxOOghx0J01 4I4aemIG0vHTS2z0g59Z9G0hywx6+F/vBCBhGILQMDwPzYWhxWLZmDIS7Jv83v1H 61z81hb3EokM7/0AZiFbf9jfnM/QhcZdG29bUxB4Gen2FAc8E+j7wrhzs6hd/Wqd UJ3bkieGrfydkRC9UGVGw6FxFju8HalNvNelcfoSMuvyat4dQMG1kEGV+J6okY22 FxJ6JBeoJ0gKKKK7hbuv =+kNI -----END PGP SIGNATURE-----