Oracle Releases Critical Java Update - gHacks Tech News

Oracle Releases Critical Java Update

Oracle has released a critical patch update for its Java products including the Java Development Kit and the Java Runtime Environment. According to the security advisory the cumulative update fixes a total of 20 security related issues across all Java based products.

Java users can verify their computer system's Java version on this page. Affected by the security vulnerabilities are all JDK and JRE 7, and JDK and JRE Update 27 and earlier versions.

The risk matrix highlights each individual patch, the affected components, attack vectors and scores.

End users can make use of the automatic updating routine or download the new Java versions directly from the Oracle website. Windows users can check manually for updates from the Java Control Panel applet. They need to switch to the Update tab of the applet and click on the Update Now button there to run an update check and install the update on the system.

java control panel update

Users running the Java Runtime Environment 6 (who want to stay on 6 and not switch to 7) can download the JRE 6 Update 29 from this page. The new version is available for all supported operating systems. Windows users can download online or offline installers of the JRE.

Users who are already running the Java Runtime Environment 7 can download the new version that brings their version to JRE 7 Update 1 here.

java update 7

Developers can download the Java Development Kit 7 Update 1 from the Java SE Downloads page. Additional developer related downloads are provided on that page as well.

Oracle classifies the patch update as critical. Users running either the JDK or JRE on their computer system should update the systems as quickly as possible to protect their operating systems from potential attacks and exploits.

Oracle notes that 19 of the 20 vulnerabilities can be remotely exploited without the need for authentication. System administrators who need more information should start with the official patch update advisory linked above. It includes temporary workaround suggestions that may mitigate potential attacks on computer systems.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Robert Palmar said on October 19, 2011 at 5:27 pm
    Reply

    I stopped installing Java a long time ago and I do not miss it.
    It is a rare website that requires it these days and unless
    one has a specific indispensable program that
    requires this run-time I see no point in it.

    From a security standpoint Java does not
    have a stellar record to say the least.

    Martin, I recall you like RSSOwl which requires Java.
    Do you feel Java is critical for anything else?
    Maybe as a webmaster you need it
    for various testing purposes.

    1. Martin Brinkmann said on October 19, 2011 at 6:15 pm
      Reply

      I would not have Java installed if I did not use RSS Owl. Well, I sometimes need it for testing apps that I may review. As a webmaster, I do not need it at all.

      1. Robert Palmar said on October 19, 2011 at 6:52 pm
        Reply

        I see. I thought that might be the case. We agree then.
        If RSS Owl did not require JavaI would definitely try it.

  2. Paul(us) said on October 19, 2011 at 5:34 pm
    Reply

    Hoi Martin i am running Sun Java Runtime Environment 7.0.0.147 (I am running this from 2011-07-09) and I checked with the be your supplied link or there may be a newer version. But java said no/that I am up to date. So to be totaly sure I downloaded the jre-7u1-windows-x64.exe file but the file size was as big as the one i loaded a few mounths ago? Maybay the Sun update website is not up to date? Maybay later one? Can you help me out here?

    1. Martin Brinkmann said on October 19, 2011 at 6:17 pm
      Reply

      Paulus, 7u1 is the latest update. Patches do not necessarily increase the file size of a product, especially if it is compressed. You need to compare hash values to see if both are identical. The links that I put up link to the latest versions of Java.

  3. Transcontinental said on October 19, 2011 at 7:05 pm
    Reply

    What is the difference between Java 6 and 7 ?
    Java version checker site ( http://java.com/en/download/installed.jsp ) advised me to update to 6u29, why not to 7u1 ?

    I remember when Java 7 came out a few months ago, users complaining that some applications requiring Java would not recognize Java 7 as installed Java (even when setting its new path to …java\jre7\bin), and in particular OpenOffice as well as LibreOffice, and I was of the lot.

    I don’t understand why Oracle delivers no information on this confusing matter (at least for non-techies).

    1. Martin Brinkmann said on October 19, 2011 at 7:22 pm
      Reply

      Good question. I really do not know. My guess would be that it is an Enterprise thingy.

      1. Diego said on October 20, 2011 at 12:10 am
        Reply

        Here the answer…

        – Why is Java SE 7 not yet available on java.com?
        http://java.com/en/download/faq/java7.xml

        Saludos!

      2. Martin Brinkmann said on October 20, 2011 at 6:46 am
        Reply

        Thanks Diego for doing the research for us.

  4. ParisMan said on October 20, 2011 at 12:34 am
    Reply

    I experienced a similar trouble with Java some years ago when i had an application (a sip server) that ran with particular version of Java.

    Wanting to clean up a bit my system, i went along uninstalling 2 different versions of Java (that i thought were sitting and eating up resources for nothing), then upgraded to the latest version back then.

    Next thing i realized was that my clients/agents devices could not longer contact the server… too late, could not reverse the process (no OS backup) and lost the ability to keep on using the sip server as the Newer version required license fee !!

    From that day on, i curse Java for their lousy piled-up software installation, not to mention the maze one have to go through to find the right version…JDK, KDJ, LKJ…Bloody J.

  5. ilev said on October 20, 2011 at 11:40 am
    Reply

    Want to cleanup previous versions of Java including registry entries (only versions 6.x.x.x) ?
    Run the portable app JavaRa .

    1. Martin Brinkmann said on October 20, 2011 at 3:26 pm
      Reply

      Good point, JavaRa is an excellent utility for that purpose.

  6. Hy said on October 20, 2011 at 5:53 pm
    Reply

    How can one tell for sure if a website requires Java? I regularly use Secunia’s Online Software Inspector (OSI), and that seems to require Java.
    http://secunia.com/vulnerability_scanning/online/

    I didn’t like that right after I installed the Java update and opened Firefox it told me that two new extensions were installed in my FF addons: Java Console and Java Quick Starter. I can’t remember if they were there a long time ago and I took them out, but they certainly were not there before I updated Java today. I don’t like software installing add-ons to my browser without first asking my permission.

    Thanks for the consistently great, useful information on Ghacks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.