Oracle patches Java and enterprise products
As part of its October patch day, Oracle has released updates for Java and many of its enterprise products. The Java updates fix a total of 29 vulnerabilities spread across versions 6.0, 5.0 and 1.4.2 on all supported platforms. Oracle gives 15 of the vulnerabilities a Common Vulnerability Scoring System (CVSS) score of 10.0, the highest possible level of severity. Users should therefore waste no time in installing JDK, JRE 6 Update 22 or updates for older Java branches.
The updates for enterprise products fix 85 security-related bugs in Oracle's database products, Oracle Application Server, Oracle E-Business Suite, StarOffice, PeopleSoft and other products. One of the vulnerabilities in the database can be remotely exploited by unauthenticated attackers. The updates also fix vulnerabilities in (formerly Sun) Solaris, with one bug in the RPC service scoring 10.0 on CVSS.
Updates for Java are not usually released together with other Oracle products. Oracle has announced that it does not intend to synchronise its Critical Patch Updates (CPU), citing commitments made to customers prior to purchasing Sun. Dates for forthcoming Java CPUs in 2011 have already been fixed – 5th February, 7th June and 18th October.
- Oracle plans comprehensive patch day, a report from The H.