Thursday Mar 25, 2010

Advance notification of Security Updates for Java SE

On March 30, 2010, Oracle will release the following security updates:
  • JDK and JRE 6 Update 19
  • JDK and JRE 5.0 Update 24
  • SDK and JRE 1.4.2_26
An Oracle Java SE and Java for Business Critical Patch Update advisory will published in place of Sun Alerts. Pre-Release announcements for future security updates will be published at the Oracle Critical Patch Updates and Security Alerts website.

Thursday Oct 29, 2009

Advance notification of Security Updates for Java SE

On November 3, 2009, Sun will release the following security updates:
  • JDK and JRE 6 Update 17
  • JDK and JRE 5.0 Update 22
  • SDK and JRE 1.4.2_24
  • SDK and JRE 1.3.1_27
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Friday Jul 31, 2009

Advance notification of Security Updates for Java SE

On August 4, 2009, Sun will release the following security updates:
  • JDK and JRE 6 Update 15
  • JDK and JRE 5.0 Update 20
  • SDK and JRE 1.4.2_22
  • SDK and JRE 1.3.1_26
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Tuesday Jul 14, 2009

US-CERT Vulnerability Note VU#466161 - XML signature HMAC truncation authentication bypass

US-CERT Vulnerability Note VU#466161 describes a security vulnerability with verifying HMAC-based XML digital signatures.

The XML Digital Signature implementation included with the Java Runtime Environment is affected and may allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures may be vulnerable to this type of attack. This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

This issue can occur in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:
  • JDK and JRE 6 Update 14 and earlier
Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected.

This issue will be addressed with our upcoming Java SE security updates which are targeted to be released in late July 2009.

Monday Mar 23, 2009

Advance notification of Security Updates for Java SE

On March 24, 2009, Sun will release the following security updates:
  • JDK and JRE 6 Update 13
  • JDK and JRE 5.0 Update 18
  • SDK and JRE 1.4.2_20
  • SDK and JRE 1.3.1_25
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Monday Dec 01, 2008

Advance notification of Security Updates for Java SE

On December 2, 2008, Sun will release the following security updates:
  • JDK and JRE 6 Update 11
  • JDK and JRE 5.0 Update 17
  • SDK and JRE 1.4.2_19
  • SDK and JRE 1.3.1_24
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Monday Jul 07, 2008

Advance Notification of Security Updates for Java SE

On July 8, 2008, Sun will release the following security updates:
  • JDK and JRE 6 Update 7
  • JDK and JRE 5.0 Update 16
  • SDK and JRE 1.4.2_18
  • SDK and JRE 1.3.1_23
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

Monday Mar 03, 2008

Advance notification of Security Updates for Java SE

On March 4, 2008, Sun will release the following security updates:
  • JDK and JRE 6 Update 5
  • JDK and JRE 5.0 Update 15
  • SDK and JRE 1.4.2_17
  • SDK and JRE 1.3.1_22
The following Sun Alerts corresponding to these updates will be released following the availability of these updates.
As we had announced in September 2007, this is the first set of synchronized releases for Java SE. We need to note though that prior to our announcement last year, we had already fixed a few vulnerabilities in certain release families. These issues will be addressed in a synchronized fashion for all remaining release families through our synchronized security updates and will be noted accordingly in our Sun Alerts.

Friday Sep 28, 2007

Advance Notification of Security Updates for Java SE

Sun recently announced two new security response enhancements for Java SE. They include our plans for the synchronized release of Java SE security fixes, and advance customer notification of security updates. These new features are designed to complement Sun's existing Sun Alert notifications, as well as the built-in Java Auto Update tool for Microsoft Windows users. Details are available here.

The following is our first advance notification of security updates for Java SE.

On the week of October 1, 2007, Sun will be releasing security updates with JDK and JRE 6 Update 3, JDK and JRE 5.0 Update 13, and SDK and JRE 1.4.2_16. This will be followed by the release of SDK and JRE 1.3.1_21 on the second week of October 2007.

This is Sun's first step towards the simultaneous release of security fixes across all supported Java SE release families. Sun expects to fully synchronize the release of security fixes across all supported releases, including J2SE 1.3.1 in 2008. Note that J2SE 1.3.1 has completed the Sun "End of Life" (EOL) process and is only supported for the Solaris Operating Environment and customers on Sun's Vintage Support Offering.
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today