Forgot your password?
typodupeerror
Java Oracle Security Software Upgrades

Oracle Promises Patches Next Week For 36 Exploits In Latest Java 154

Posted by timothy
from the they-call-this-progress dept.
An anonymous reader writes "Oracle is posting patches for all its products next Tuesday, which include 36 exploits for Java alone and over 140 for all Oracle products currently supported, included over 80 that require no authentication to execute.These patches look to be critical for any administrator. Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."
This discussion has been archived. No new comments can be posted.

Oracle Promises Patches Next Week For 36 Exploits In Latest Java

Comments Filter:
  • concerning is ... (Score:3, Interesting)

    by Selur (2745445) on Saturday January 11, 2014 @05:01AM (#45925227)

    that of the 36 Java related bugs, "34 of them (are) exploitable remotely without authentication".

    "Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."
    +
    "Oracle Java JDK and JRE, versions 5.0u55 and earlier, 6u65 and earlier, 7u45 and earlier"
    -> Muhahahaha,...

  • Re:again? (Score:0, Interesting)

    by Anonymous Coward on Saturday January 11, 2014 @05:25AM (#45925299)

    *Javascript.

    Java applets are way nicer than Javascript "apps": they're easier to program, they have a decent set of libraries, they're more fluid, and they have a more consistent UI. The only problem here is that a dying Sun and then Oracle left Java to rot, while the hundreds of bugs found in DHTML+Javascript over the last decade have been fixed at a pace steady enough to please people.

    You want to know why there's a reduction in PC sales? Because Google+Apple have won the war of turning the PC into a lowest common denominator web browsing platform, even while more native platform specific software - in the form of "apps" - has been written than ever before, just not for Windows. Even Oracle doesn't seem to like the idea of Java on the desktop, hence meaningless changes to make it harder to run (e.g. requiring purchase of security certs now even though that does nothign to improve security). Because Oracle also wants you to keep everything in the "cloud", as that means someone somewhere purchasing its database engine.

    Don't be fooled by the propaganda of salesmen.

  • by Tim99 (984437) on Saturday January 11, 2014 @05:48AM (#45925337)
    Oracle and Java exploits - An anecdote:-
    A couple of weeks ago I tried to log into my superannuation account, the browser fired back an authentication error, so I notified the company (MLC) who asked me to send them as many technical details as I could. After a little bit of looking around, I noted that the Oracle Access Management system that gave me the error code was was at version (11.1.1.5.0). Oracle's currently version was 11.1.2.1.0. Not too surprising, a supplier that had not patched to the current version.

    What did surprise me was that Oracle's Identity Management Patch Set that was available for the version displayed was >2GB - A compressed Java application and framework for a database authentication application that was over 2 Gigabytes in size .

    It has been a few years since I wrote any Oracle stuff, but that is ridiculous, what the hell have web based script kiddy/Java type developers been up to. Admittedly I started with Oracle in the Stone Age (V3) and actually shipped an application that used V4. By V6 the C interface which included all the necessary external validation code was small enough to be easily understood and modifiable by a single programmer. My memory is going now, but I seem to remember that in the 1990s all of the code for an early web CGI Oracle interface, including user validation would fit on a floppy.

"You need tender loving care once a week - so that I can slap you into shape." - Ellyn Mustard

Working...