-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE


Original release date: April 17, 2013

Systems Affected

 * JDK and JRE 7 Update 17 and earlier
 * JDK and JRE 6 Update 43 and earlier
 * JDK and JRE 5.0 Update 41 and earlier
 * JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible.

Description

Oracle Java SE Critical Patch Update Advisory - April 2013 describes the
update as:

A Critical Patch Update is a collection of patches for multiple security
vulnerabilities. The Critical Patch Update for Java SE also includes
non-security fixes. Critical Patch Updates are cumulative and each
advisory describes only the security fixes added since the previous
Critical Patch Update and Security Alert. Thus, prior Critical Patch
Update and Security Alert advisories should be reviewed for information
regarding earlier accumulated security fixes.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a
denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Oracle Java SE Critical Patch Update Advisory - April 2013 includes the
following information:

Developers can download the latest release from
http://www.oracle.com/technetwork/java/javase/downloads/index.html.

Users running Java SE with a browser can download the latest release
from http://java.com. Users on the Windows and Mac OS X platforms can
also use automatic updates to get the latest release.

The latest JavaFX release is included with the latest update of JDK and
JRE 7. For JDK and JRE 6 users, the latest Java FX release is available
from http://www.oracle.com/technetwork/java/javafx/

References

 * Oracle Java SE Critical Patch Update Advisory - April 2013

Revision History

 * April 17, 2013: Initial release

Relevant URL(s):
<http://www.oracle.com/technetwork/java/javafx/>

<http://java.com>

<http://www.oracle.com/technetwork/java/javase/downloads/index.html>

<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html>

____________________________________________________________________

   Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification: 
http://www.us-cert.gov/privacy/notification/

Privacy & Use policy: 
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/ncas/alerts/TA13-107A

For instructions on subscribing to or unsubscribing from this 
mailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUW8AvHdnhE8Qi3ZhAQJtNwf/e8HGDCUSsZZJ5wYV9yq/bZ3g1fiI9vaB
ByuxmTs2x3IRw9OHARudj6t53MlMcYTwH4ctpz0vf4hIOSaXSW4Yqq3Pxozpck03
+N6nXr5Jk8rX6y8qi8MQd2R3HD9jeKieIpmMpo8TvbMRXLbuACAmb1fqAYN6GZzZ
oBc3Dj0dGA2nolMju6KLyCCm40qnMrl6VO0h2S1psyO50vo1GmbtrGK1KIydkE6W
JRzbsyrilHcoclXTD4f9f/KDAaukJ0cAEflVdh6gT4Qpx2oUSoNSRSolHqAoE+lH
xYB/b0omDN2HGYtvQQo58kfinE+PjNXbfUv/CxKSyzIZnrN7hXoa4Q==
=cUuj
-----END PGP SIGNATURE-----