Jump to content

Critical Oracle Java Security Update


Corrine

Recommended Posts

Oracle released the schedules critical security updates for its Java SE Runtime Environment software.

 

Download Information

Download link: Java Version 7 Update 21

Verify your version: http://www.java.com/en/download/testjava.jsp

 

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

 

For information about the change to certificates in this update, see my blog post at Critical Oracle Java Security Update Released and the accompanying references.

  • Like 2
Link to comment
Share on other sites

  • 1 month later...
Guest LilBambi

Critical Java SE update due Tuesday fixes 40 flaws - The Reg

 

And yes, most are remotely exploitable

 

Update coming June 18, 2013!

 

Watch for it and install it if you have Java installed on your system.

 

As always: If you are sure you don’t need Java for anything, it would be best to uninstall it or disable it until the update, or at least disable Java in your browsers.

Edited by LilBambi
Link to comment
Share on other sites

  • 2 months later...

Oracle released the Java SE 7u40 today. In addition to bug fixes and enhancements, the update includes the following:

  • advanced monitoring and diagnostic capabilities that enable developers to gather detailed runtime information and perform efficient data analysis without impacting system performance;
  • a new security policy that gives system administrators greater control over Java running on desktops;
  • improved performance and efficiencies for Java on ARM servers and support for Mac OS X retina displays.

 

If Java is still installed on your computer, it is recommended that this update be installed.

 

Download link: Java SE 7 Update 40

  • Like 2
Link to comment
Share on other sites

  • 4 months later...

If you still have Java installed, it is time to update!

 

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.

 

This is a Critical Patch Update that contains 36 fixes for Java, 34 of which Oracle indicated can be exploited by an attacker without the need for authentication. Additional details about the update are available in my blog post here.

 

Download Link: Java Version 7 Update 51

 

Warning: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

  • Like 1
Link to comment
Share on other sites

Guest LilBambi

One thing that REALLY annoys me about Oracle and the Java.com download site is that although you have links to other versions of Java, they don't allow you to download the 64-bit version for another computer. REALLY ANNOYING!

 

Adobe has a link that allows you to download Windows versions from the Mac or Linux where you can click on the link that says Need Flash Player for a different computer? and it will allow you to download versions for a different computer than the one you are downloading from.

Link to comment
Share on other sites

  • 2 months later...

I'm assuming Java would show under "Control Panel | Programs and Features" in Win 7? I don't think it was installed on new laptop I'm maintaining for mother. Hope not, one less thing to have to update.

Link to comment
Share on other sites

Guest LilBambi

Yep, if you don't need it, don't install it! :yes:

 

BTW: It used to be needed for my Citrix GoToAssist but they have coded it out of it now! Yea!

Link to comment
Share on other sites

Java would have to be installed; it is not installed in Win 7. None of our Win 7 computers have it. One less thing I need to run around to patch and disable so I don't install it unless I absolutely need it.

Link to comment
Share on other sites

  • 4 weeks later...

If you still have Java installed, it is time to update!

 

Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. Oracle reported that Java SE does not include OpenSSL and, therefore is not affected by HeartBleed and CVE-2014-0160. For Oracle products that are affected, see OpenSSL Heartbleed Vulnerability CVE-2014-0160.

 

This is a Critical Patch Update that contains 37 fixes for Java, 35 of which Oracle indicated can be exploited by an attacker without the need for authentication. Additional details about the update are available in my blog post here.

 

Download Link: Java Version 7 Update 55

 

Warning: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

Yeah, I got rid of all Java on my systems a few months back. I was surprised how needless it was to have it. I haven't missed it not once since removing it.

  • Like 2
Link to comment
Share on other sites

Guest LilBambi

Well, we couldn't until the Citrix product I use changed how it works. Thankfully they have changed and so we can too. So now, I and my clients no longer need Java for that product in Windows.

 

I have to keep testing each system though since some printers were still using Java for scanner apps, etc. But so far, all good on all I have removed it on.

 

Sad because there will be less and less users that can play with NASA's JPL Java apps for location mapping for asteroids, and other cool apps. Sigh...

 

If Oracle would have changed their security updates to monthly with out of band patches for emergencies as Microsoft and Adobe have done, things would be different.

Link to comment
Share on other sites

V.T. Eric Layton

It's sad, actually, that Java is such a security risk and PITA because it really is a pretty cool programming language.

Link to comment
Share on other sites

  • 2 months later...

Oracle released critical security updates for Java that contains 20 fixes for Java, the most severe having a rating of 10.0. There has been a lot of recent controversy regarding Java updates for Windows XP. While Windows XP has reached end of life, Java 7 will continue to be updated until April, 2015.

 

Thus, organizations and individuals who continue using Windows XP and have Java installed can also continue getting updates for Java 7. It is noted, however, that if an issue arises that is specific to Windows XP, Oracle is not required to and also may not be able to create a patch. For additional information, refer to the Oracle blog post, The future of Java on Windows XP (Henrik on Java).

 

Although most people do not need Java, if Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

 

Download link: Java SE 7u65

 

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

 

Verify your version: http://www.java.com/en/download/testjava.jsp

 

If you must keep Java installed, see my blog post at Oracle Java Critical Security Update for Java Security Recommendations.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...