VMware product updates address critical information disclosure issue in JRE

2015-04-02T00:00:00
ID VMSA-2015-0003
Type vmware
Reporter VMware
Modified 2015-12-18T00:00:00

Description

a. Oracle JRE Update

Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.

VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015.

This advisory also includes the other security issues that are addressed in JRE 1.7 Update 75 and JRE 1.6 Update 91. The References section provides a link to the JRE advisory.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-6593 to this issue. This issue is also known as "SKIP" or "SKIP-TLS".

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.