본문 바로가기
취약점소식

[Oracle Java] 오라클 자바 JRE 신규취약점 0-Day(CVE-2013-0422) 보안 업데이트 공개!!

by 잡다한 처리 2013. 1. 15.
반응형


오라클사에서는 2013년 1월 2일에 확인 된 Java 0-Day Exploit(CVE-2013-0422)의 취약점을 수정한 보안 업데이트를 발표하였다.

Java 0-Day Exploit(CVE-2013-0422)의 내용은 아래의 사이트에서 확인 할 수 있다.


이번 업데이트 Java SE Runtime Environment 7 Update 11 는  CVE-2013-0422 뿐만 아니라 CVE-2012-3174 에 대한 취약점을
해결 한 것으로 Java를 사용하는 컴퓨터라면 반드시 업데이트하길 바란다.

[영향을 받는 소프트웨어 및 업데이트 버전]

 

□ JDK & JRE 7 Update 10 버전 및 하위 버전 → Oracle Java SE Runtime Environment 7 Update 11 버전

 

※ JDK & JRE 6, 5.0, 1.4.2 버전대 프로그램에서는 영향을 받지 않는다.



- 업데이트 관련 내용 : http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

Java™ SE Development Kit 7, Update 11 (JDK 7u11)
The full version string for this update release is 1.7.0_11-b21 (where "b" means "build") and the version number is 7u11.

Olson Data 2012i
JDK 7u11 contains Olson time zone data version 2012i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u11 are specified in the following table:

  JRE Family Version JRE Security Baseline(Full Version String)
7        1.7.0_11
6         1.6.0_37
5.0         1.5.0_38
1.4.2         1.4.2_40

Reminder
If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release.
You can find the check box in the Security tab of the Java Control Panel.

If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.

Bug Fixes
This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422.
In addition, the following change has been made:

Area: deploy
Synopsis: Default Security Level Setting Changed to High
The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation.

Known Issues
Area: deploy/jcp
Synopsis: The Java Control Panel Doesn't Show Security Level Slider

In the 7u10 release of the JRE, a slider was added to the Security tab of the Java Control Panel (JCP). This slider allows you to set the level of security of apps that run in the browser (by using Java Plugin) to Very High, High, Medium, or Low. In some cases, when a standalone copy of JavaFX 2.x has also been installed, the Security tab of the JCP does not display the security level slider.

Workaround: Uninstall the standalone JavaFX 2.x.

Area: deploy
Synopsis: Problems with Registration of Plugin on Systems with Stand-alone Version of JavaFX Installed

Problems with Registration of Plugin on Systems with Stand-alone Version of JavaFX Installed Users that have a JRE 6 release, Java FX 2.x release and JRE 7 all installed will have problems upgrading to the latest JRE 7 release due to a bug in version comparison logic.

Workaround: Uninstall the standalone JavaFX 2.x.

For more information, see 8005410 (will be fixed in the next update release).



업데이트 방법은 자바의 자동 업데이트를 실행하던가,
[제어판]에 가서 [JAVA] 를 실행시킨 후 [지금 업데이트] 하면 된다.

 

댓글