Menu
Oracle issues emergency Java patch

Oracle issues emergency Java patch

Oracle says remote attackers can make Java runtimes hang

Oracle has issued an emergency patch for a Java vulnerability that can cause systems to hang and that can be exploited by remote attackers without authentication.

The bug causes the Java runtime environment to hang when converting "2.2250738585072012e-308" to a binary floating-point number, according to the alert. "Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment," Oracle said. "Java based application and web servers are especially at risk from this vulnerability."

A number of products are affected by the bug, including Java SE and Java for Business. A full list and links to recommended patches has been posted on Oracle's website.

Oracle typically issues security patches for all affected products on a quarterly basis, although as in this case, it also releases fixes for bugs deemed too serious to wait for the next update.

The last quarterly update, which was posted in January, included more than 60 fixes. That doesn't seem like enough given the number of acquisitions Oracle has made in recent years, one security expert said at the time.

"In the past, when Oracle had far fewer products, they would patch 100 database vulnerabilities at a time. One would assume that more products require more fixes, yet we are seeing smaller patches with fewer fixes for more products," wrote Amichai Shulman, CTO of security firm Imperva, in a blog post.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityOraclesoftwareapplication developmentpatchesLanguages and standardsExploits / vulnerabilities

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments