漏洞类别:Local
漏洞等级: 
漏洞信息
Java Runtime Environment (JRE) is a platform that supports the execution of programs that are developed using the Java programming language. The JRE platform also supports Java Applets, which can be loaded from Web pages.
JRE and JDK are exposed to multiple vulnerabilities that affect various components. Oracle's Java Critical Patch Update for January 2017 contains 16 new security fixes across multiple Java SE products and sub-products.
Affected Versions:
Oracle Java JDK and JRE, versions 6u131 and earlier, 7u121 and earlier, 8u112 and earlier.
漏洞危害
Exploitation could allow an attacker to take complete control of an affected system.
解决方案
The vendor released updates (Java SE JDK and JRE 8 Update 121 or later, Java SE JDK and JRE 7 Update 131, Java SE JDK and JRE 6 Update 141) to resolve these issues.
Refer to vendor advisory Oracle Java SE CPU January 2017 and Oracle Doc ID 2219954.1 to obtain more details.
Updates for Java 5, Java 6 and Java 7 are no longer available to the public. Oracle offers updates to Java 5 and Java 6 only for customers who have purchased Java support or have Oracle products that require Java 5, Java 6 and Java 7.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论