US-CERT Current Activity
Updated Release of the February 2013 Oracle Java SE Critical Patch Update
Original release date: February 21, 2013
Last revised: --
Oracle has released an updated February 2013 Critical Patch Update for
Oracle Java SE to address a vulnerability. This vulnerability could
allow a remote unauthenticated attacker to execute arbitrary code on
vulnerable systems or to provide unauthorized disclosure of information.
The following versions of Oracle Java SE are affected:
* JDK and JRE 7 Update 13 and earlier
* JDK and JRE 6 Update 39 and earlier
* JDK and JRE 5.0 Update 39 and earlier
* SDK and JRE 1.4.2_41 and earlier
US-CERT encourages users and administrators to review the bulletin and
follow best-practice security policies to determine which updates should
be applied. Additional information regarding this vulnerability can be
found in Vulnerability Notes VU#636312.
Relevant URL(s):
<http://www.kb.cert.org/vuls/id/636312#solution>
<http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html>