BT

Oracle Releases 144 Security Fixes, 36 for Java SE

by Kaushik Pal on Feb 14, 2014 |

Oracle released their latest Critical Patch Update (CPU), containing 144 security fixes across all product families, including 36 for Java SE. Oracle stated that 34 of these vulnerabilities may be exploited over a network without authentication, and they recommend applying CPU fixes as soon as possible. Other products patched in this CPU include Peoplesoft, Fusion Middleware, and their flagship relational database.

Oracle stated that a successful attack of these vulnerabilities may result in unauthorized update, insert or delete access to some Java SE accessible data and read access to a subset. An attack may also cause a partial denial of service (DOS) of Java SE.

The Risk Matrix for Oracle Java SE has Common Vulnerabilities and Exposure (CVE) identifiers along with the description.

Oracle introduced the CPU program, a designation indicating a set of patches for security flaws, in January 2005. Separate Java SE security fixes are released under the normal CPU schedule starting from October 2013. The next four release dates are 15 April 2014, 15 July 2014, 14 October 2014 and 20 January 2015.

The list of patches contains both cumulative and non-cumulative CPUs. (Cumulative CPUs have all fixes for that product including previous updates.) The patch availability table provides more information about cumulative and non-cumulative patches, and an installation guide.

Patches released through the CPU program are available for products covered under Premier Support or Extended Support phases of the Lifetime Support Policy. In the CPU Advisory Oracle cautions:

Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.

Hello stranger!

You need to Register an InfoQ account or to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2013 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT