Oracle Java SE and Java for Business Critical Patch Update Advisory

Published: 2010-04-02
Last Updated: 2010-04-02 17:43:22 UTC
by Guy Bruneau (Version: 1)
3 comment(s)

Oracle released a collection of patches for multiple security vulnerabilities in the Java SE and Java for Business which includes security and non-security fixes. This update contains 27 new security fixes across all products. The security bulletin is posted here.

Note: Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.

Affected product releases and versions:

Java SE:

JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux
JDK 5.0 Update 23 and earlier for Solaris
SDK 1.4.2_25 and earlier for Solaris

The Java SE update is available here.

Java for Business:

JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux
JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux
SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux

The Java for Business update is available here.

 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

3 comment(s)

Comments

What about us schleps who just need the JRE 6 Update 19 update?

Try the ol\':
- http://java.sun.com/javase/downloads/index.jsp
.
Also note that JDK and JRE 5.0 Update 22 for Windows and Linux (the latest freely available versions) are also undoubtedly vulnerable. To get patches for 5.0 and 1.4.2 for Windows and Linux, you now have to pay for the Business version.
Apple is not immune to this either it seems -- and there is no patch that I can find.

Diary Archives