Make do and mend
Mammoth batch of Oracle patches released today
Oracle may have already accrued some red on their security ledger this year, but that doesn’t mean the Java stewards are slacking. In fact, they’re pushing out one of the biggest batches of patch updates in recent memory today.
The latest incident, which saw thousands of visitors served up Java-based malware thanks to an exploit in Yahoo.com’s advertising network, will still be fresh in the minds of many IT heads, means department honchos will likely be particularly swift in applying these updates.
In total, the Critical Patch Update addresses 144 issues across a host of Oracle offerings. Of these patches, 36 will be targeting vulnerabilities in Java SE, including 34 that are bugs that can be exploited remotely by an attacker without requiring authentication. Of these 144 flaws, 82 are considered by Oracle to be critical.
The super huge patch update also comes packed with updates for JavaFX, versions 2.2.45 and earlier, Java JDK and JRE, versions 5.0u55, 6u65, 7u45 and earlier, and Java SE Embedded, versions 7u45 and earlier.
Also included in the release are 18 new security fixes for MySQL. Oracle writes that three of these vulnerabilities may be remotely exploitable without authentication. MySQL components affected by vulnerabilities that are fixed in this Critical Patch Update are MySQL Enterprise Monitor and MySQL Server.
Although the sheer number of urgent fixer-uppers Oracle has identified - especially when you consider that Microsoft is releasing a whole 140 fewer than its rival today - it’s worth remembering that the San Francisco giant issues its patches on a quarterly scale. In contrast, Microsoft has standard monthly ‘Patch Tuesdays’, making for much smaller releases - albeit far more frequent reboot irritation for hapless users.