The installed version of Java update has potential exploits in the shipping version of the console

Article:TECH189934  |  Created: 2012-05-29  |  Updated: 2012-07-28  |  Article URL http://www.symantec.com/docs/TECH189934
Article Type
Technical Solution


Environment

Issue



This communication is regarding five NEW Oracle Java SE Remote Java Runtime Environment Vulnerabilities. 
 
[BID-52009] Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability 
[BID-52015] Oracle Java SE CVE-2012-0500 Remote Java Runtime Environment Vulnerability
[BID-52016] Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
[BID-52019] Oracle Java SE CVE-2012-0498 Remote Java Runtime Environment Vulnerability
These four vulnerabilities have a Base Score 10.0 and Temporal Score 7.4.

[BID-52020] Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability
The vulnerability has a Base Score 9.3 and Temporal Score 6.9.



Cause



Shipping version is current to the time of software development which was update 29 for JRE 1.6
 


Solution



Code change required to have installer that uses the latest shipping Oracle Java update.
REFERENCE:  This fix is posted to these cases.
https://www4.symantec.com/Vrt/offer?a_id=89446  redirected upon acceptance to https://www4.symantec.com/Vrt/vrtcontroller   for the Veritas Cluster Server Java Console and Veritas Enterprise Administrator (VEA) Console listed below.
File                          
                               
Veritas Enterprise Administrator 3.4.29 

VCS Cluster Manager Java Console 6.0 SP1
https://www4.symantec.com/Vrt/offer?a_id=61387   for Veritas Cluster Server Management Console for versions 5.5.1 and 5.5

You will require your Symaccount userID and password to download the binaries.
 




Article URL http://www.symantec.com/docs/TECH189934


Terms of use for this information are found in Legal Notices