Oracle fixes 77 vulnerabilities, including Java and database holes
As expected, Oracle has released two Critical Patch Update (CPU) advisories. One of the advisories describes 20 security holes in the Java Runtime Environment. The other deals with a collection of 57 holes in such traditional Oracle products as the company's database and middleware solutions, and in Oracle Linux 5.
As some of the security holes have been rated as critical, Oracle recommends that users install the updates as soon as possible. Five of the Java holes alone have been given the maximum CVSSv2 score of 10.0. Things aren't quite as dramatic with the classical Oracle products, where only one Solaris hole in the LDAP service is in the top range at 9.3. Tools to help with assessing individual holes include a risk matrix that lists the exact products that are affected and provides their respective CVSSv2 ratings.
Oracle's next major update waves are scheduled for 17 January 2012 and, for Java, for 14 February 2012.
- Oracle Java SE Critical Patch Update Advisory - October 2011, security advisory from Oracle.
- Oracle Critical Patch Update Advisory - October 2011, security advisory from Oracle.