Updated Release of the February 2013 Oracle Java SE Critical Patch Update

Oracle has released an updated February 2013 Critical Patch Update for Oracle Java SE to address a vulnerability. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on vulnerable systems or to provide unauthorized disclosure of information.

The following versions of Oracle Java SE are affected:

• JDK and JRE 7 Update 13 and earlier
• JDK and JRE 6 Update 39 and earlier
• JDK and JRE 5.0 Update 39 and earlier
• SDK and JRE 1.4.2_41 and earlier

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. Additional information regarding this vulnerability can be found in Vulnerability Notes VU#636312.