Oracle Releases 144 Security Fixes, 36 for Java SE

| by Kaushik Pal Follow 0 Followers on Feb 14, 2014. Estimated reading time: 1 minute |

A note to our readers: You asked so we have developed a set of features that allow you to reduce the noise: you can get email and web notifications for topics you are interested in. Learn more about our new features.

Oracle released their latest Critical Patch Update (CPU), containing 144 security fixes across all product families, including 36 for Java SE. Oracle stated that 34 of these vulnerabilities may be exploited over a network without authentication, and they recommend applying CPU fixes as soon as possible. Other products patched in this CPU include Peoplesoft, Fusion Middleware, and their flagship relational database.

Oracle stated that a successful attack of these vulnerabilities may result in unauthorized update, insert or delete access to some Java SE accessible data and read access to a subset. An attack may also cause a partial denial of service (DOS) of Java SE.

The Risk Matrix for Oracle Java SE has Common Vulnerabilities and Exposure (CVE) identifiers along with the description.

Oracle introduced the CPU program, a designation indicating a set of patches for security flaws, in January 2005. Separate Java SE security fixes are released under the normal CPU schedule starting from October 2013. The next four release dates are 15 April 2014, 15 July 2014, 14 October 2014 and 20 January 2015.

The list of patches contains both cumulative and non-cumulative CPUs. (Cumulative CPUs have all fixes for that product including previous updates.) The patch availability table provides more information about cumulative and non-cumulative patches, and an installation guide.

Patches released through the CPU program are available for products covered under Premier Support or Extended Support phases of the Lifetime Support Policy. In the CPU Advisory Oracle cautions:

Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you