Spyware, Viruses, & Security forum

Alert

Java SE 7u7 and SE 6u35 Released

by Carol~ Forum moderator / August 30, 2012 5:57 AM PDT

According to F-Secure and Oracle Java SE 7u7 AND SE 6u35 have been released:

From the F-Secure Weblog:

Oracle has released an update for Java, version 1.7.0_07. Also of note, there's a version 1.6.0_35 that also patches vulnerabilities. You can download the installers from here.

[Screenshot: Updates]

From Oracle:

"This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2012-4681."

Emphasis ours. The information page is currently blank for us. Hopefully it will replicate soon.

http://www.f-secure.com/weblog/archives/00002415.html

Note from me:

I have yet to install the update, but contrary to what F-Secure posted, the page is not blank for me.

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Post a reply
Discussion is locked
You are posting a reply to: Java SE 7u7 and SE 6u35 Released
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Java SE 7u7 and SE 6u35 Released
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Oracle Security Alert for CVE-2012-4681
by Carol~ Forum moderator / August 30, 2012 7:46 AM PDT
Description:

This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.

These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.

In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Supported Products Affected:

Security vulnerabilities addressed by this Security Alert affect the products listed in the categories below. Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.

Affected product releases and versions:

Java SE:
JDK and JRE 7 Update 6 and before - Patch Availability: Java SE
JDK and JRE 6 Update 34 and before - Patch Availability: Java SE

Patch Availability Table and Risk Matrix:

Java SE fixes in this Security Alert are cumulative; this latest update includes all fixes from previous Critical Patch Updates and Security Alerts.

For additional details see: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
Collapse -
Security Fix for Critical Java Flaw
by Carol~ Forum moderator / August 30, 2012 8:21 AM PDT

Posted by Brian Krebs @ his "Krebs on Security" Blog:

Security Fix for Critical Java Flaw Released

Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.

The patch fixes a critical flaw in the latest version of Java 7 that is now being widely exploited. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious Web site.

The update brings Java 7 to Update 7, and appears to fix the flaw being exploited and several other security holes. Oracle also released a security update for systems running Java 6, which brings that version to Java 6 Update 35.

Today's patches are emergency, out-of-schedule updates for Oracle, which previously was not planning to release security updates for Java until October. Although it may appear that Oracle responded swiftly to the discovery of extremely dangerous flaws in its software, Security Explorations — a research firm from Poland — says it alerted Oracle about this vulnerability and 30 others back in April. It's not yet clear how many of those vulnerabilities were patched in this release.

"We ... expected that the most serious of them would be fixed by June 2012 Java CPU," said Security Explorations CEO and founder Adam Gowdiak told The Register's Neil McAllister. "But it didn't happen and Oracle left many issues unpatched with plans to address them in the next Java [updates]."

Continued : http://krebsonsecurity.com/2012/08/security-fix-for-critical-java-flaw-released/

Collapse -
The download site(s) can be found here
by Harv / August 30, 2012 9:03 AM PDT
Collapse -
Both Java SE 7u7 and SE 6u35
by Carol~ Forum moderator / August 30, 2012 9:17 AM PDT
Collapse -
Glad to help whenever I can...
by Harv / August 31, 2012 1:06 AM PDT

I had trouble finding the download site, so I listed it here to make it easier for others to find. Seems like we're updating Java almost every month now. I'm using Firefox as my main browser and hardly ever use IE, because it loads so slow. Therefore, every time there's an update I have to install two Java versions.

Collapse -
Can't seem to get new one
by zeebell / September 4, 2012 12:12 PM PDT

When I go to Java and download the Update 7, I can get the file fine. It's when installing I run into problems. I do have Java 7 Update 5 now. Here's what I get when installing --

The feature you are trying to use is on a network resource that is unavailable.
Click OK to try again, or enter an alternate path to a folder containing the installation package jre1.7.0_05c.msi" in the box below.
Use source:
C:\Users\Julea\AppData\LocalLow\Sun\Java\jre1.7.0_05\
------------------
Error 1714. The older version of Java& Update 7 cannot be removed.

When doing a search on my computer for jre1.7.0_05c.msi, I do not find it.

How important is it to have Java? Is Adobe Flash Player similar? I get that with no problems.

Julea

Collapse -
Julea, Try This...
by Grif Thomas Forum moderator / September 5, 2012 3:34 AM PDT

First, please uninstall any versions of Java on your computer from the Control Panel.. Next, visit the link below, then download and run the JavaRa program and let it find and remove any remnants it can find.

http://singularlabs.com/software/javara/

Once that's done, download and run the free-ware version of the Revo Uninstaller to see if it can find any remnants of Java still remaining.. If found, remove them.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Next, if you still can't install the newest version of Java, AND...if you're good at registry editing, you'll need to search the registry for any remaining Java keys that can be removed. BE SURE to make a backup of the registry before deleting such. The link below will give you good information about which keys are used by Java and need to be removed..

http://mindprod.com/jgloss/registry.html

After using both of the above tools to clean Java from the computer, reinstall the latest version of Java using the Java 7 Up7 OFFLINE installer from the link below. (If you've got a 64 bit version of Windows, install BOTH the x86 and the x64 versions of Java. You'll need it for both versions of your browsers.):

http://www.oracle.com/technetwork/java/javase/downloads/jre7u7-downloads-1836441.html

Hope this helps.

Grif

Collapse -
Griff -- must have more problems than what I knew about!
by zeebell / September 5, 2012 12:22 PM PDT
In reply to: Julea, Try This...

I tried to unstall my java installs from the control panel and cannot do it. I wish I knew how to attach a screen shot here and I could show you what I get. It says "The feature you are trying to use is on a network source that is unavailable." It says something about the installer but it'd sure be better if I could give you a screen shot.

The java listings are:
Java FX 2.1.1 installed 7/10/12
Java (TM) 7 Update 5 - 7/10/12
Java (TM) 6 Update 31 - 4/12/12
Java (TM) 6 Update 25 - 8/13/12
Java (TM) 6 Update 14 (64 bit) 11/11/09
Java SE Development Kit 7 Update 7 - 9/4/12

All but the 64 bit one show Oracle. The FX entry shows Oracle Corporation. The 64 bit one shows Sun Microsystems, Inc.

Collapse -
If You Can't Uninstall From The Control Panel
by Grif Thomas Forum moderator / September 6, 2012 9:46 AM PDT

...then continue on with the other steps mentioned.. JavaRa, RevoUninstaller, and the registry edits should allow you to remove all things Java from the system.

Hope this helps.

Grif

Collapse -
Hey Grif -- I did it
by zeebell / September 11, 2012 2:50 PM PDT

I finally figured out how the revouninstaller works. I was closing it out to soon because it gave me some messages that I didn't realize I could get past them -- something about uninstalling only program that are on pc. When I click the OK in the box rather than the red x, it continued on to where it would let me work with the registry items. I found out last evening at our local computer club meeting that I needed to click on the ADVANCED part. Maybe that was mentioned in here someplace, and I just plain ole missed it if it was. Anyway, that was the trick and I got all the old versions of Java off of my pc without the error messages, etc. I was also able to go to the links you provided and got both the 64 bit and 32 bit latest updates and got them installed fine. So, I'm finally a happy camper. This has been bugging the heck outta me and glad it's finally resolved.

Thanks again to you and Carol for all your help. You all are the bestest!

Julea

Collapse -
(NT) Yipee! Good Job...
by Grif Thomas Forum moderator / September 12, 2012 4:08 AM PDT
In reply to: Hey Grif -- I did it
Collapse -
And a YAY!! from me! :)
by Carol~ Forum moderator / September 12, 2012 4:35 AM PDT
In reply to: Hey Grif -- I did it

I knew you weren't going to give up on it. Happy

Carol

Collapse -
ROFLMAO -- You know me too well
by zeebell / September 12, 2012 7:14 AM PDT

and we've not even met in real life. Sure seems like I know some of you all here though. Let's see, how many years have I been coming here now -- I think I started about 2002 or 2003. What would the world do without cnet forums!!

Julea

Collapse -
Javara Worked for me
by NKirkp / November 16, 2012 10:35 AM PST
In reply to: Julea, Try This...

I followed Griff's suggestions and it worked perfectly.
Thanks

Collapse -
There's A New Java 7 Update 9 Available
by Grif Thomas Forum moderator / November 18, 2012 2:35 AM PST
In reply to: Javara Worked for me

If you installed Java 7 Update 7 from the link I provided earlier, and didn't install the newest Java 7 Update 9, you should consider uninstalling the older Update 7 and installing Update 9. (Assuming things are working correctly now, you should be able to uninstall Update 7 from the Control Panel.) The newer version contains a number of security fixes and is the correct version to use at this time.. A link to the new version is below:

http://www.oracle.com/technetwork/java/javase/downloads/jre7u9-downloads-1859586.html

Hope this helps.

Grif

Collapse -
Julea.. FWIW
by Carol~ Forum moderator / September 6, 2012 6:17 AM PDT

Julea...

I'd rather you wait until Grif returns. We both have different setups. And we both had different errors. But I thought I'd share this with you.

I've never had a problem installing or removing any software. Or not until recently.

I noticed not long after installing Java 7, the latest Java 6 was still installed. When I tried to uninstall it, I received an error message indicating I couldn't install it. Keep in mind, I was trying to UNinstall it.

As always, I ran JavaRa. It didn't (or couldn't) uninstall it. I've used it in the past, only to remove leftover files. I created a restore point and made a back up of the registry. ( A bit excessive!! )

I then ran the Revo Uninstaller. As an added precaution, just prior to letting Revo remove any registry entries, I checked the reg location/s to make sure the entries it wanted to remove were correct and safe to remove. They were.

All this to say, the Revo Uninstaller removed the prior version of Java, with the exception of a couple registry entries.

Lastly and unrelated. You asked in your OP how important it was to have Java. It's only important if you use applications which rely on it. If you don't need it, why keep it? Another option would be to disable the plugin in your most often used browser. You can use the least often used browser to access the sites which need it.

For example, if you use Firefox as your default browser, disable the plugin. Say you use Secunia's Software Inspector which makes use of Java. Access Secunia's site using IE with Java enabled. Make any sense? Or is it.. clear as mud? It's just an option to consider, if you want (or need) to keep it. Also "less risky".

Grif can also address the question. But do wait for him. As mentioned above, we have differing situations. I only wanted you to know, the Revo Uninstaller was able to remove Java in my case.

Best of luck with it..
Carol

Collapse -
This sounds great; however --
by zeebell / September 6, 2012 10:44 AM PDT
In reply to: Julea.. FWIW

I can't seem to get the Revo pro to stay up long enough to get anything accomplished before the darn buy now dialogue box comes up. It says I must have a serial #. Well, I really don't want to buy it. So -- any other ideas. I'm about ready to take my chances and forget this mess as it's becoming pretty frustrating.

Julea

Collapse -
Seems Like You Didn't Download The Freeware Version?
by Grif Thomas Forum moderator / September 6, 2012 1:19 PM PDT

After downloading the freeware version, run it to install the program, then allow it to open.. The program will open AND a browser window will also open asking your to pay.. Simply close the browser window and run the uninstaller program which is open.

Hope this helps.

Grif

Collapse -
Oops - but have it now
by zeebell / September 7, 2012 9:53 AM PDT

I also ran it and darn if I don't get the same message for any of the Java entries I try to uninstall -- which is --

The feature you are trying to use is on a network resrouce that is unavailable. Clock OK to try again or enter an alternate path to a folder containing the installation package jre1.7.0_05-c.msi' in the box below.

Further down it shows this: Source - c:Users/Julea/AppData/LocalLow/Sun/Java/jre1.7

Guess I'm hopeless as if I do a search for jre1.7 nothing comes up.

Perhaps I should leave well enough alone and just go with the flow. I'm not having any issues but sure am with trying to uninstall the dang things.

Julea

Collapse -
You Get That Message With Revo Uninstaller?
by Grif Thomas Forum moderator / September 7, 2012 10:21 AM PDT
In reply to: Oops - but have it now

And if push comes to shove, you can simply do the registry search to remove all things Java.

Hope this helps.

Grif

Collapse -
Registry
by zeebell / September 7, 2012 3:56 PM PDT

Hi Grif -- I did try Carol's suggestion below your post and it was to no avail -- sameo sameo. I get the same error message(s) no matter what I try to do.

As for the registry -- I did go into regedit and did a search for Java -- only 1 item came up. Must I search each of the categories in the left pane?

At this point, I'm tempted just to take my chances and hope I don't get hit. Guess I can disable Java as not sure how much I even use it. I'm kind of at a loss at this point.

Thanks for all your help.

Julea

Collapse -
After Opening "regedit"....
by Grif Thomas Forum moderator / September 8, 2012 9:20 AM PDT
In reply to: Registry

...first be sure to create a backup of the registry....in Windows 7 (I assume you're using Win7), after opening 'regedit', click once on "Computer" in the left window, then click "File" in the upper left, choose "Export" and create a backup registry file named "backup.reg" to your desktop. Next, click on "Edit" in the upper left, then select "Find".. Type "java" in the "Find What" line, making sure that CHECK marks are in all the boxes next to "keys", "value", and "data", then click on the "Find next" button.

Now press the "F3" key to find the next java listing in the registry. Below is a Java.com link of their method for removing such keys:

http://www.java.com/en/download/help/manual_regedit.xml#java6

By the way, performing a complete search and removal of all java items is a little daunting.. There are a bunch.

So, if you're not feeling up to it, I understand entirely.

Hope this helps.

Grif

Collapse -
Glad you understand - I'm basically chicken on this one
by zeebell / September 8, 2012 12:49 PM PDT

I think this is definitely more than I want to take on - however, I do appreciate all the info. I'm going to wait until our next computer club open house -- I usually work the 2-3 monthly that we have, and will get some help from the instructor there. I've always been intrigued with the registry anyway and have looked around alot and even made a change when only 1 little line was involved; but I peeked and I'm really not sure in all this what to leave and not to leave (LOL).

So, until then, I'm stuck with the old and hope I'll be ok. I'll go ahead and disable and see if I need it at the sites I visit.

Thanks again to all.

Julea

Collapse -
Sorry for butting in, but at this point..
by Carol~ Forum moderator / September 7, 2012 10:52 AM PDT
Collapse -
Sameo sameo
by zeebell / September 7, 2012 3:57 PM PDT

Thanks for your help Carol -- nothing seems to work re: this situation. I just get the same error messages and I'm about ready to quit messin' with it.

Julea

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.