In association with heise online

19 October 2011, 16:13

Oracle fixes 77 vulnerabilities, including Java and database holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Oracle logo As expected, Oracle has released two Critical Patch Update (CPU) advisories. One of the advisories describes 20 security holes in the Java Runtime Environment. The other deals with a collection of 57 holes in such traditional Oracle products as the company's database and middleware solutions, and in Oracle Linux 5.

As some of the security holes have been rated as critical, Oracle recommends that users install the updates as soon as possible. Five of the Java holes alone have been given the maximum CVSSv2 score of 10.0. Things aren't quite as dramatic with the classical Oracle products, where only one Solaris hole in the LDAP service is in the top range at 9.3. Tools to help with assessing individual holes include a risk matrix that lists the exact products that are affected and provides their respective CVSSv2 ratings.

Oracle's next major update waves are scheduled for 17 January 2012 and, for Java, for 14 February 2012.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit