dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4265

chachazz
Premium Member
join:2003-12-14

7 recommendations

chachazz

Premium Member

Java Critical Patch update on Jan 14, 2014

quote:
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2014, which will be released on Tuesday, January 14, 2014. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 147 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
Affected Products and Components, including Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier

Oracle Java SE Executive Summary
This Critical Patch Update contains 36 new security fixes for Oracle Java SE. 34 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 10.0. (Critical)

The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
• Java SE
• Java SE Embedded
• JavaFX
• JRockit

Full details: Oracle Critical Patch Update Pre-Release Announcement - January 2014

Updates will be available upon release at
Java.com (consumer site)
Oracle Java SE site

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME

2 recommendations

lordpuffer

Premium Member

Thanks chachazz See Profile. Will be looking for it on the 14th.

chachazz
Premium Member
join:2003-12-14

chachazz

Premium Member

You're welcome.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

1 recommendation

antdude to lordpuffer

Premium Member

to lordpuffer
said by lordpuffer:

Thanks chachazz See Profile. Will be looking for it on the 14th.

I'm not. Adobe, MS, and Oracle. Any others? :P
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20

Premium Member

Isn't that enough?
Mele20

Mele20 to chachazz

Premium Member

to chachazz
This version of Java will force most who need it to reduce their Java security to Medium so they can run unsigned applets. How does this make users safer? Already, the Fx Enterprise list serve has posts complaining about this. I only use Java for NDT Web 100 speed tests and Visualware's MySpeed speed tests. These speed tests are far superior to the garbage Flash tests favored at this site. The Flash tests give almost no diagnostic information and are basically worthless junk.

The junk that needs to go away totally is Flash not Java. Of course, try using an HTML5 speed test...what a joke.

»www.klaus-hartnegg.de/gp ··· ity.html

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by Mele20:

This version of Java will force most who need it to reduce their Java security to Medium so they can run unsigned applets. How does this make users safer?...

It probably doesn't. But it might make Java look better... when a user gets blasted by Java exploits, they can always blame him: "What'd you expect, dummy, when you run unsigned applets and only Medium security?!"
SpHeRe31459
Premium Member
join:2002-10-09
Sacramento, CA

SpHeRe31459 to chachazz

Premium Member

to chachazz
No manual download links yet, but the Java update applet is now reporting 7u51 available.

EDIT: And now it's there on the manual download link.

kickass69
join:2002-06-03
Lake Hopatcong, NJ

1 edit

kickass69 to chachazz

Member

to chachazz
Version 7 Update 51

»java.com/en/download/manual.jsp

»www.oracle.com/technetwo ··· 261.html
SpHeRe31459
Premium Member
join:2002-10-09
Sacramento, CA

SpHeRe31459

Premium Member

said by kickass69:

Version 7 Update 51

»java.com/en/download/manual.jsp

Not showing up on the Oracle Java SE site as of the time of this posting.

It's on the Java SE page now.

kickass69
join:2002-06-03
Lake Hopatcong, NJ

kickass69

Member

Indeed...I was too quick apparently.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to Mele20

Premium Member

to Mele20
said by Mele20:

Isn't that enough?

Nope. MS, Adobe, and Oracle 3 to release updates on the second Tuesday of each month. [grin]
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by antdude:

said by Mele20:

Isn't that enough?

Nope. MS, Adobe, and Oracle to release updates on the second Tuesday of each month. [grin]

Microsoft long ago adopted a regular scheduled cadence for updates, and identified that to be the second tuesday of every month (aka Micrsoft's "patch tuesday"). This was as a result of considerable pressure and discussion with many enterprises.

Adobe publicly adopted the same schedule as Microsoft for similar reasons. This is published and known.

Oracle long ago adopted a regular quarterly cadence, targeting the second tuesday of each calendar quarter. Leaving out-of-band releases aside (which all three vendors will pursue for vulnerabilities found in the wild), Oracle brought Java into this same cadence and as I have posted in this forum before that schedule is public and actual dates are published a year in advance.

It is good to have regular notifications posted here, such as this thread, but it should not be a surprise. In fact the reason enterprises push for such a known schedule is to properly prepare and plan accordingly.

chachazz
Premium Member
join:2003-12-14

chachazz

Premium Member

The patch schedule was announced about a year ago...
quote:
Starting with the October 2013 Critical Patch Update, security fixes for Java SE will be released under the normal Critical Patch Update schedule.
15 October 2013
14 January 2014
15 April 2014
15 July 2014
See: »www.oracle.com/technetwo ··· hUpdates
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by chachazz:

The patch schedule was announced about a year ago...

Actually it was announced a bit prior to that. Originally it had a separate schedule from the larger Oracle CPU but then they eventually did bring it on the same schedule. It had been quarterly since Oracle acquired Sun (just different months)

I also had posted this detail in this thread previously (more than once) with direct links to the schedule pages as well.