Java Updates 29 Critical Flaws
Wow, it seems as though Microsoft isn’t the only one releasing massive patches this month.
The Java released yesterday by Oracle covers at least 29 security holes.
Here’s the versions that are affected by this:
- Java SE
- JDK and JRE 6 Update 21 and earlier for Windows, Solaris, and Linux
- JDK 5.0 Update 25 and earlier for Solaris
- SDK 1.4.2_27 and earlier for Solaris
- Java for Business
- JDK and JRE 6 Update 21 and earlier for Windows, Solaris and Linux
- JDK and JRE 5.0 Update 25 and earlier for Windows, Solaris and Linux
- SDK and JRE 1.4.2_27 and earlier for Windows, Solaris and Linux
They have released Windows Solaris and Linux versions and as you may or may not know, Apple will cover it’s own version of Java for the OS X system.
If you don’t know what version of Java you have installed (or don’t even know if you have Java installed), head on over to to the Java verification page and take a look.
If you’re not up to date, I HIGHLY reccomend updating. If not, keep the older versions at your own risk.
If you don’t want to update your patches, Oracle suggests removing the privileges or the ability to access the packages from unprivileged users or restricting network protocols required by an attack. Both workarounds may break functionality, so…
And as a reference, here are the critical Patch Update release dates for the next calendar year off of the Oracle Site:
Critical Patch Updates
Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 15th day of January, April, July and October. Starting 2011, the scheduled dates for the release of Critical Patch Updates will be on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:
- 18 January 2011
- 19 April 2011
- 19 July 2011
- 18 October 2011
For the next calendar year, Oracle Java SE and Java for Business Critical Patch Updates will be released on the following dates:
- 15 February 2011
- 07 June 2011
- 18 October 2011
For more information on any of this, please visit the Oracle Critical Patch Updates and Security Alerts page