Oracle Patches 77 Vulnerabilities

Friday, October 21, 2011 @ 12:10 PM gHale


Oracle released two Critical Patch Update (CPU) advisories, one of which describes 20 security holes in the Java Runtime Environment. The other deals with a collection of 57 holes in such traditional Oracle products as the company’s database and middleware solutions, and in Oracle Linux 5.

As some of the security holes fall under the critical category, Oracle recommended users install the updates as soon as possible.

RELATED STORIES
Clear Tenor: Opera has Security Hole
Appleā€™s iOS 5 Update Closes Holes
Internet Explorer Patch Coming
Chrome 14 Closes Security Holes
Chrome Update Repairs Microsoft Alert

Five of the Java holes earned the maximum CVSSv2 score of 10.

Things aren’t quite as dire with the classical Oracle products, where only one Solaris hole in the LDAP service is in the top range at 9.3.

Tools to help with assessing individual holes include a risk matrix that lists the exact products affected and provides their respective CVSSv2 ratings.

Oracle’s next major update waves are scheduled for 17 January 2012 and, for Java, for 14 February 2012.



Leave a Reply

You must be logged in to post a comment.