Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

No less than 25 security bug fixes for Java, again

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 21, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

System admins everywhere, forced either by circumstance or folly to support Java can get busy again, with no less than twenty-five security bug fixes for the software among the Scarlet Letter's regular patch notice.

If that sounds like obscure, it's because it is. But the good news is that Oracle says that none of the security vulnerabilities have been exploited as of Monday. Does that mean they will be soon?

The bug fixes to Java SE and Java SE Embedded cover security problems in the CORBA (Common Object Request Broker Architecture), Remote Method Invocation (Java RMI), Java FX, serialisation, 2D, Java API for XML Processing (JAXP), Java Generic Security Services (JGSS), security and deployment sub-components, as well as various library flaws.

So there you have it-- the complete picture. Over at Oracle's security blog, regular bearer-of-bad-news Eric Maurice lists “Oracle database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Industry Applications, including Oracle Communications Applications and Oracle Retail Applications, Oracle Java SE, Oracle Sun Systems Products Suite, Oracle Pillar Axiom, Oracle Linux & Virtualization, and Oracle MySQL” as getting fixes.

We agree: that's a lot of 'O's. The Java SE fixes, he writes, apply only to 20 Java fixes in the browser, the remaining five apply to both client and server Java SE, and 24 are remotely exploitable without authentication.

There are eight fixes for the Oracle database, one of which (CVE-2015-4863, not yet described on Mitre) has a base score of 10, because it's remotely exploitable without authentication.

There's also a perfect 10 in Oracle Sun Systems' Integrated Lights Out Manager (ILOM), and Maurice says as well as patching ILOM, system admins should block outside access to the software.

If this sounds like a lot of security patches, well it is. So the question is: why so many all of a sudden? Let's all hope that Oracle has a good handle on the situation.

Source: Oracle.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer