The installed version of Java update has potential exploits in the shipping version of the console
|Article:TECH189934|||||Created: 2012-05-29|||||Updated: 2012-07-28|||||Article URL http://www.symantec.com/docs/TECH189934|
This communication is regarding five NEW Oracle Java SE Remote Java Runtime Environment Vulnerabilities.
[BID-52009] Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
[BID-52015] Oracle Java SE CVE-2012-0500 Remote Java Runtime Environment Vulnerability
[BID-52016] Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
[BID-52019] Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
These four vulnerabilities have a Base Score 10.0 and Temporal Score 7.4.
[BID-52020] Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability
The vulnerability has a Base Score 9.3 and Temporal Score 6.9.
Shipping version is current to the time of software development which was update 29 for JRE 1.6
Code change required to have installer that uses the latest shipping Oracle Java update.
REFERENCE: This fix is posted to these cases.
https://www4.symantec.com/Vrt/offer?a_id=89446 redirected upon acceptance to https://www4.symantec.com/Vrt/vrtcontroller for the Veritas Cluster Server Java Console and Veritas Enterprise Administrator (VEA) Console listed below.
Veritas Enterprise Administrator 3.4.29
VCS Cluster Manager Java Console 6.0 SP1
https://www4.symantec.com/Vrt/offer?a_id=61387 for Veritas Cluster Server Management Console for versions 5.5.1 and 5.5
You will require your Symaccount userID and password to download the binaries.
Article URL http://www.symantec.com/docs/TECH189934