Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2012

Description

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for June 2012, which will be released on Tuesday, June 12, 2012.  While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 14 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

• JDK and JRE 7 Update 4 and earlier
• JDK and JRE 6 Update 32 and earlier
• JDK and JRE 5.0 Update 35 and earlier
• SDK and JRE 1.4.2_37 and earlier
• JavaFX 2.1 and earlier

Oracle Java SE Executive Summary

This Critical Patch Update contains 14 new security fixes for Oracle Java SE.  12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  

The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0.

The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:

• Java Runtime Environment