Oracle to issue 14 patches for Java SE
A number of the vulnerabilities are severe
IDG News Service - Oracle is planning to ship 14 patches related to Java SE on Tuesday, including a number with the highest level of severity under the CVSS (common vulnerability scoring system) framework, according to a pre-release announcement on the company's website.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," Oracle said.
The patch batch is aimed at security weaknesses in a number of products, including JDK and JRE 7 Update 4 and earlier; JDK and JRE 6 Update 32 and earlier; and JavaFX version 2.1 and earlier, according to the announcement.
A dozen of the 14 fixes can be exploited by an attacker remotely, with no username or password required, Oracle said. A number of the weaknesses have a CVSS base score of 10.0, the highest possible, but Oracle didn't provide further specifics.
Oracle delivers Java SE patches on a quarterly basis, but on a different schedule than fixes for its other applications and middleware products.
The last Java SE patch release, which was delivered in February, also included 14 fixes.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts