Menu
Oracle issues emergency Java patch

Oracle issues emergency Java patch

Oracle says remote attackers can make Java runtimes hang

Oracle has issued an emergency patch for a Java vulnerability that can cause systems to hang and that can be exploited by remote attackers without authentication.

The bug causes the Java runtime environment to hang when converting "2.2250738585072012e-308" to a binary floating-point number, according to the alert. "Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment," Oracle said. "Java based application and web servers are especially at risk from this vulnerability."

A number of products are affected by the bug, including Java SE and Java for Business. A full list and links to recommended patches has been posted on Oracle's website.

Oracle typically issues security patches for all affected products on a quarterly basis, although as in this case, it also releases fixes for bugs deemed too serious to wait for the next update.

The last quarterly update, which was posted in January, included more than 60 fixes. That doesn't seem like enough given the number of acquisitions Oracle has made in recent years, one security expert said at the time.

"In the past, when Oracle had far fewer products, they would patch 100 database vulnerabilities at a time. One would assume that more products require more fixes, yet we are seeing smaller patches with fewer fixes for more products," wrote Amichai Shulman, CTO of security firm Imperva, in a blog post.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Oraclesoftwareapplication developmentpatchesLanguages and standardsExploits / vulnerabilities

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments