-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0024 Title: Updated Release of the February 2013 Oracle Java SE Critical Patch Update [1] Version history: 22.02.2013 Initial publication Summary ======= This Critical Patch Update includes all fixes provided in the Oracle Java SE Critical Patch Update February 2013 (CERT-EU Security Advisory 2013-0019), plus an additional five fixes which had been previously planned for delivery. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013. Note also that Oracle has scheduled a Java SE Critical Patch Update for April 16, 2013, in addition to those previously scheduled in June and October of 2013 and in January of 2014. This additional distribution will be used to further accelerate Java security fixes to Java users. This updated Critical Patch Update contains 5 additional security fixes for Oracle Java SE. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. CVE-2013-1487, CVE-2013-1487, CVE-2013-1484, CVE-2013-1485, CVE-2013-0169 CVSS Base Score (of the most critical ones) CVSS v2 Base Score: 10.0 (CRITICAL) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [3] Vulnerable systems ================== JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier What can you do? ================ Patch available [1] What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRJ3uyAAoJEPpzpNLI8SVofRoP/31Fpuzg7TvX5bRWanaOKTtX 0isvy/RFRpUmmduHvBfdQWoOTdt+ani6EtRsVMDE3fRqBolpujDMNNIf+Y9BCuOp Rf3j4q36KN5vfqQKrpdF3bbt6IqW8p992eaopt5xQXAPsVjCCTfWEV+/N3bSMC4R XbEsf0YJNPueW7h+0nbgbHor+wFQC2XJgdEQKx9l/y5PJGKxcFa8LGtSvAt6ml/u uF0JXv+tuyXtb31RjJt8cvMicIvl0OKE6afWDwYnBSoMktUj35t8nOYh9tpfyPoA /dGRIcUXS2X2Rb3B55e7+2C6HpebSEtNCkc0fVPPHQgEOuv01/AiZyjP7zxfUXIn 5MVIX/cbHwXlEoxQqSrAhK3eIRc6EFwi1MTBnbzw3XQLcxrUmXn1TO1ol8vnhlQ/ lxh5Tp72zLQazBu/V7hyVHdzEhUVke3yc7sp25Go6ezt8kXFVWxF4L8AeNr3BSkK kQ490LlPZpvEN+rqDAehCan1YIrrACCOAopC0pwVS2+d3t1m2BGb5suxYzgmbSXe 8bCvHLhMq+qctTwQge6UKwxOl2p0W5hi6o+rxIf+Z4tZQpDq0blefQ54/oScU4YK /W3SUBvFJUW/+Y6waraXmwZYWGY15z6xFmfCvS51vaAIUCa5n0R+C1HaOtgN1zAS SjCgvPqSAg80nLjMCWOY =ONjG -----END PGP SIGNATURE-----