Oracle set to issue 147 security patches, including 36 for Java

Many of the Java weaknesses can be exploited remotely, according to Oracle

Oracle is about to release one of its largest security patch batches in recent memory, with some 147 fixes coming Tuesday for vulnerabilities in Java SE, its flagship database, business applications and assorted other products.

Tuesday's release will contain 36 fixes for Java SE, according to a pre-release announcement posted on Oracle's website this week. Thirty-four of the weaknesses being targeted can be exploited by an attacker over a network without the need for authentication, Oracle said.

[ Think you know Java? Test your programming smarts in InfoWorld's Java IQ test. | Master the latest in Java development with our JavaWorld Enterprise Java newsletter. ]

Some 25 fixes will be released for various products in Oracle's Fusion Middleware catalog, including WebCenter and GlassFish Server. Twenty-two of them concern weaknesses that can be remotely exploited without the need for a user name and password.

Sixteen patches in Tuesday's set are aimed at Oracle's supply chain software, with six of them remotely exploitable without authentication. Another 17 fixes will be issued for PeopleSoft applications, five for Oracle's database, 11 for the Solaris OS, and nine for Oracle's virtualization software.

There will be five patches for Oracle's database, as well as 18 for MySQL, according to the announcement.

Oracle issued 127 patches in its last release, which came in October. That update included 51 fixes for Java.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies