I see there's a release today or so from Oracle of a new zero-day
vulnerability. Any idea how soon we'll have an update?
<https://threatpost.com/en_us/blogs/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413>
mark
On 03/05/2013 11:51 AM, m.roth at 5-cent.us wrote:> I see there's a release today or so from Oracle of a new zero-day > vulnerability. Any idea how soon we'll have an update? > > <https://threatpost.com/en_us/blogs/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413> >As soon as redhat releases one? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130305/11e48024/attachment-0002.sig>
Johnny Hughes wrote:> On 03/05/2013 11:51 AM, m.roth at 5-cent.us wrote: >> I see there's a release today or so from Oracle of a new zero-day >> vulnerability. Any idea how soon we'll have an update? >> >> <https://threatpost.com/en_us/blogs/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413> >> > > As soon as redhat releases one?Figured that - just wondered if y'all had heard anything. For that matter, I tried following the CSV, and can't find more info on the NIST site - trying to figure out if it *only* affects Oracle's java, or openjdk also. mark
On 03/05/2013 08:13 PM, Les Mikesell wrote:> On Tue, Mar 5, 2013 at 1:01 PM, Johnny Hughes <johnny at centos.org> wrote: >>> >> When will CentOS-6.4 be released ... soon :) >> >> When is soon ... I would expect sometime before Friday, March 8th (or >> very close to that date). > > Thanks for posting a projected date. I promise not to rant if you miss it... >we never miss dates! -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc
Karanbir Singh wrote:> On 03/05/2013 08:13 PM, Les Mikesell wrote: >> On Tue, Mar 5, 2013 at 1:01 PM, Johnny Hughes <johnny at centos.org> wrote: >>>> >>> When will CentOS-6.4 be released ... soon :) >>> >>> When is soon ... I would expect sometime before Friday, March 8th (or >>> very close to that date). >> >> Thanks for posting a projected date. I promise not to rant if you miss >> it... >> > we never miss dates!Neither do I! mark "ask my wife"
Am 05.03.2013 um 18:51 schrieb m.roth at 5-cent.us:> I see there's a release todayThe question is rather: are there days without new "emergency patches" for Java? And at what point does an "emergency" become a permanent condition?.
On Tue, Mar 5, 2013 at 6:08 PM, Rainer Duffner <rainer at ultra-secure.de> wrote:> The question is rather: are there days without new "emergency patches" for Java?Yeah, right, like there are no 0day patches periodically for a multitude of software, including Apache, PHP, and the like. And what are Microsoft?s "Patch Tuesday" Windows updates for, after all?. Adobe Rolls out emergency patch for Flash plug-in http://www.itworldcanada.com/news/adobe-rolls-out-emergency-flash-patch/146804 Critical PHP vulnerability exposes web sites to data theft http://www.infoworld.com/t/application-security/critical-php-vulnerability-exposes-servers-data-theft-or-worse-192428 Top ten PHP security vulnerabilities (Oct 2012) http://phpmaster.com/top-10-php-security-vulnerabilities/ PHP patches actively exploited CGI vulnerability http://www.pcworld.com/article/255289/php_patches_actively_exploited_cgi_vulnerability.html Security is a process. There is no "permanently secure" software. Not even OpenBSD with its "memory randomization". http://pages.citebite.com/h9a3a5k5umdw FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante ?pocas de Enga?o Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell