Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Releases Massive Security Update

Posted by samzenpus on Wednesday January 21, 2015 @09:45AM from the protect-ya-neck dept.

wiredmikey writes Oracle has pushed out a massive security update, including critical fixes for Java SE and the Oracle Sun Systems Products Suite. Overall, the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password.

3 of 79 comments (clear)

Min score:

Reason:

Sort:

No secure download by buchner.johannes · 2015-01-21 09:51 · Score: 5, Informative

There is still no way of authenticating Java downloads? Either a download through HTTPS or a hash fingerprint of the file, accessible via HTTPS? This used to exist up until ~2 years ago, but now it is all insecure (the download can include drive-by malware).

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
1. Re:No secure download by Wootery · 2015-01-21 10:14 · Score: 4, Insightful
  
  the download can include drive-by malware
  Can? If memory serves, you have to opt-out of McAfee, in the Java installer.
Which "those" are "these"? by jtara · 2015-01-21 10:20 · Score: 4, Funny

"Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password."
Which?
The original bugs, or the new security fixes?