Quarter Quell

Oracle urges users to adhere 113 patches pronto

Lucy Carey

Java overlords issue 113 critical patches for Oracle Fusion Middleware, Java SE, MySQL Server, Hyperion products and Oracle database and E-Business Suite.


It’s been over two months since Java 8
officially launched – and now the platform can ‘celebrate’ its
first ever patches – though fortunately, this is all routine.
Oracle have just released the latest in its quarterly

Critical Patch Update (CPU)
totalling 113 fixes, for a range of products across the software
giant’s ecosystem.

Compared to January’s mammoth drop – 144 fixes,
36 of these to address malware capable of targeting vulnerabilities
in Java SE, including 34 that are bugs that can be exploited
remotely by an attacker without requiring authentication, this is a
fairly light load. Thanks to the San Franciscan oligarch’s April
emergency Heartbleed surgery, there’s not a huge emphasis on
addressing the mega-bug in this big push.

For Java, there are 20 vulnerabilities to be
tended to, all of them on client side Java, i.e. on workstations
that execute applets (could have seen that one coming) and Java web
start applications. As

Wolfgang Kandek
notes, the most most
pressing issue is CVE-2014-4227 with a CVSS score of 10.0 (the
highest possible under the current rating system) which affects
Java 6, 7 and also youthful version 8. On top of this, there are a
further seven vulnerabilities that have a CVSS score of 9.3 that
are considered critical.

There are also ten plugs for Oracle MySQL, and
patches for the  Oracle RDBMS, 15 fixes for Oracle’s
virtualization related wares (seven of these in VirtualBox), and
remedies for Oracle Fusion Middleware, which mainly groups all of
the Oracle application servers: Glassfish, Weblogic, iPlanet and
HTTP. 29 vulnerabilities all-in-all, with the highest severity of
7.5 found in CVE-2013-1741.

With Java’s well publicized
security issues
, cyber criminals have honed
in on the platform, even managing to penetrate Java 7’s native
layer in the past year. With hacks for the software bundled in many
popular ExploitKits, we don’t have to tell you that it should be a
top priority to get these patches in place as soon as

comments powered by Disqus