UK Oracle User Group


Oracle to issue critical patches for Java SE in 14-batch fix

Oracle to issue critical patches for Java SE in 14-batch fix

11 June 2012

A number of the vulnerabilities have a CVSS base score of 10.0 Oracle is planning to ship 14 patches related to Java SE tomorrow, including a number with the highest level of severity under the CVSS (common vulnerability scoring system) framework.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," Oracle said.

The patch batch is aimed at security weaknesses in a number of products, including JDK and JRE 7 Update 4 and earlier; JDK and JRE 6 Update 32 and earlier; and JavaFX version 2.1 and earlier, according to a company announcement

A dozen of the 14 fixes can be exploited by an attacker remotely, with no username or password required, Oracle said. A number of the weaknesses have a CVSS base score of 10.0, the highest possible, but Oracle didn't provide further specifics.

Oracle delivers Java SE patches on a quarterly basis, but on a different schedule than fixes for its other applications and middleware products.

The last Java SE patch release, which was delivered in February, also included 14 fixes.

  

By Chris Kanaracus Via IDG News Service 

Send this page to your friend

Your details

Your friend's details

Submit

Top