In association with heise online

13 October 2010, 11:29

Oracle patches Java and enterprise products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Oracle Logo As part of its October patch day, Oracle has released updates for Java and many of its enterprise products. The Java updates fix a total of 29 vulnerabilities spread across versions 6.0, 5.0 and 1.4.2 on all supported platforms. Oracle gives 15 of the vulnerabilities a Common Vulnerability Scoring System (CVSS) score of 10.0, the highest possible level of severity. Users should therefore waste no time in installing JDK, JRE 6 Update 22 or updates for older Java branches.

The updates for enterprise products fix 85 security-related bugs in Oracle's database products, Oracle Application Server, Oracle E-Business Suite, StarOffice, PeopleSoft and other products. One of the vulnerabilities in the database can be remotely exploited by unauthenticated attackers. The updates also fix vulnerabilities in (formerly Sun) Solaris, with one bug in the RPC service scoring 10.0 on CVSS.

Updates for Java are not usually released together with other Oracle products. Oracle has announced that it does not intend to synchronise its Critical Patch Updates (CPU), citing commitments made to customers prior to purchasing Sun. Dates for forthcoming Java CPUs in 2011 have already been fixed – 5th February, 7th June and 18th October.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit