Published on: 18 October 2017
Tweet
Published on: 18 October 2017
Oracle has released Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products.
There are 22 vulnerabilities identified in Java affecting multiple sub-components including 2D, Deployment, Hotspot, Javadoc, JAXP, JAX-WS, Libraries, Networking, RMI, Security, Serialization, Server, Smart Card IO and Util(zlib). 20 of them could be remotely exploited without authentication and 4 of them could affect deployment of Java and Java Advanced Management Console.
For vulnerabilities identified in other Oracle products, they can be exploited by physical access or remotely through various protocols including HTTP, HTTPS, Kerberos, MySQL Protocol, NTP and Oracle Net over a network.
There are multiple attack vectors. For Java, an attacker could entice a user to open a specially crafted web page containing un-trusted Java applet or Java Web Start application with malicious content, or to launch executables using the Java launcher. For other Oracle products, a remote attacker could send specially crafted network packets to the affected system to exploit the vulnerabilities.
A complete list of the affected products can be found at:
Depending on the vulnerability exploited, a successful attack could lead to denial of services, data tampering, information disclosure or compromise of a vulnerable system.
Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
For Oracle Java SE products, please refer to the following link:
For other Oracle products, please refer to the section "Patch Availability Table and Risk Matrices" of corresponding security advisory at the vendor’s website:
Users may contact their product support vendors for the fixes and assistance.
This link will open in a new windowhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
This link will open in a new windowhttp://www.oracle.com/technetwork/java/javase/documentation/8u-relnotes-2225394.html
This link will open in a new windowhttps://www.hkcert.org/my_url/en/alert/17101801
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2017/10/17/Oracle-Releases-Security-Bulletin
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5254
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7501
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0635
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6814
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3588
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3733
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5662
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10026
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10033
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10034
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10037
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10051
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10055
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10060
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10099
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10152
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10154
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10155
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10163
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10165
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10166
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10167
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10190
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10194
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10203
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10227
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10259
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10260
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10261
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10265
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10270
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10274 (to CVE-2017-10277)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10279
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10281
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10283 (to CVE-2017-10286)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10292 (to CVE-2017-10296)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10309
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10311
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10313
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10314
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10320
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10321
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10334
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10336
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10341
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10342
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10345 (to CVE-2017-10350)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10352
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10355
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10356
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10357
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10360
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10365
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10369
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378 (to CVE-2017-10380)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10384 (to CVE-2017-10386)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10388
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10391 (to CVE-2017-10393)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10400
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10407
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10408
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10424
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10428