Updated Release of the February 2013 Oracle Java SE Critical Patch Update

Original release date: February 21, 2013 | Last revised: February 25, 2013

Oracle has released an updated February 2013 Critical Patch Update for Oracle Java SE to address a vulnerability. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on vulnerable systems or to provide unauthorized disclosure of information.

The following versions of Oracle Java SE are affected:

  • JDK and JRE 7 Update 13 and earlier
  • JDK and JRE 6 Update 39 and earlier
  • JDK and JRE 5.0 Update 39 and earlier
  • SDK and JRE 1.4.2_41 and earlier

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. Additional information regarding this vulnerability can be found in Vulnerability Notes VU#636312.

This product is provided subject to this Notification and this Privacy & Use policy.