4 Replies Latest reply on May 24, 2012 6:31 PM by Rogerl-Oracle

    Critical patch question

    939585
      Can someone tell me if the advisory below is on all versions of 7? All of the security sites and Oracle do not list a version for 7 but the have versions listed on 6 and 5.



      http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
        • 1. Re: Critical patch question
          Rogerl-Oracle
          The advisory is for all versions of Java prior to 7u2.

          The latest release of Java 7 is 7u4. The release notes http://www.oracle.com/technetwork/java/javase/7u4-relnotes-1575007.html
          which states that the security baseline is 7u3. This means that the 7u3 is the most secure version of 7 and that 7u4 does not contain additional security fixes.


          Family Security Baseline
          7     | 1.7.0_03
          6     | 1.6.0_31
          5.0     | 1.5.0_34
          1.4.2     | 1.4.2_36

          -Roger

          Edited by: RogerL (Oracle) on May 24, 2012 10:16 AM
          Change the "..all versions of Java prior to 7u3. " to "all versions of Java prior to 7u2."
          • 2. Re: Critical patch question
            Rogerl-Oracle
            Ahhh, I figured out why that table did not list the versions, the URL was for a prior Oracle Java SE Critical Patch Update Advisory!

            The correct URL, for the most recent Oracle Java SE Critical Patch Update Advisory is
            http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

            Which says 7u2 and below.

            -Roger
            • 3. Re: Critical patch question
              939585
              We just need the security sites to update their information. I use IBM Endpoint Manager (BigFix) it it still shows all of 7 being bad.

              Thanks for your reply.
              • 4. Re: Critical patch question
                Rogerl-Oracle
                For future reference the top level list of Critical Patch Updates should be the place to start:
                http://www.oracle.com/technetwork/topics/security/alerts-086861.html

                The page has an rss feed: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/rss-otn-sec.xml
                You can use your favorite RSS reader or use a service to send you a mail when there is an update to the feed.


                That page also lists the next three Java SE Critical Patch Updates. Here is the current list:
                12 June 2012
                16 October 2012
                19 February 2013

                -Roger