Towards a safer cyber space without incidents

JPCERT Coordination Center

Powered by Yahoo! JAPAN

  • Search this site
  • Search the web

Critical Patch Update for Oracle Java SE, January 2017

last update: 2017-01-18 
                                                   JPCERT-AT-2017-0005
                                                             JPCERT/CC
                                                            2017-01-18

                  <<< JPCERT/CC Alert 2017-01-18 >>>

        Critical Patch Update for Oracle Java SE, January 2017

       https://www.jpcert.or.jp/english/at/2017/at170005.html


I. Overview

  Java SE JDK and JRE provided by Oracle contain multiple
vulnerabilities. A remote attacker may cause Java to crash or execute
arbitrary code by leveraging these vulnerabilities. For more
information on the vulnerabilities, please refer to the information
provided by Oracle.

  It is recommended to update the software to the latest version
provided by Oracle: 

    Oracle Critical Patch Update Advisory - January 2017
    http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html


II. Affected Products

  The following products and versions are affected by these vulnerabilities:

  - Java SE JDK/JRE 8 Update 112 and earlier

  * According to Oracle, Java SE JDK / JRE 6 and 7, which are no
    longer supported, are also affected by these vulnerabilities.

  * PCs provided by some certain manufacturers may have JRE pre-installed.
    Please check the PC that you are using for any installed versions
    of JRE.


III. Solution

  Oracle has released an update. Please update the software to the
latest version.

  - Java SE JDK/JRE 8 Update 121

    Java SE Downloads
    http://www.oracle.com/technetwork/java/javase/downloads/index.html

    Free Java Download
    https://java.com/en/download/

  Users of 64-bit Windows may have 32-bit and/or 64-bit versions of
JDK/JRE installed. Please check the versions installed on your system
and apply the appropriate updates.

  Users can check the version of Java that they are using at the page
below. If both 32-bit and 64-bit versions of Java are installed,
please check the versions installed, using a 32-bit and 64-bit browser
respectively. (In environments where Java is not installed, there may
be a request to install Java. If you do not require Java, please do
not install.)

    Verify Java and Find Out-of-Date Versions
    https://www.java.com/en/download/installed.jsp

  * Some applications that use Java may not run properly after updating
    Java to the latest version. Please update to the latest version
    after considering any possible impacts to applications that you
    may use.


IV. References

    Oracle
    Oracle Critical Patch Update Advisory - January 2017
    http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

    Oracle
    Release Notes for JDK 8 and JDK 8 Update Releases
    http://www.oracle.com/technetwork/java/javase/8all-relnotes-2226344.html

    Oracle
    January 2017 Critical Patch Update Released
    https://blogs.oracle.com/security/entry/january_2017_critical_patch_update

    Oracle
    Oracle Java SE Support Roadmap
    http://www.oracle.com/technetwork/java/eol-135779.html


  If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/

Alerts&Advisories

What's new