Oracle issues emergency Java patch

Oracle Corp. has issued an emergency patch for a Java vulnerability that can cause systems to hang and that can be exploited by remote attackers without authentication.

The bug causes the Java runtime environment to hang when converting “2.2250738585072012e-308” to a binary floating-point number, according to the alert. “Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the Java Runtime Environment,” Oracle said. “Java based application and web servers are especially at risk from this vulnerability.”

A number of products are affected by the bug, including Java SE and Java for Business. A full list and links to recommended patches has been posted on Oracle’s website.

Oracle typically issues security patches for all affected products on a quarterly basis, although as in this case, it also releases fixes for bugs deemed too serious to wait for the next update.

The last quarterly update, which was posted in January, included more than 60 fixes. That doesn’t seem like enough given the number of acquisitions Oracle has made in recent years, one security expert said at the time.

“In the past, when Oracle had far fewer products, they would patch 100 database vulnerabilities at a time. One would assume that more products require more fixes, yet we are seeing smaller patches with fewer fixes for more products,” wrote Amichai Shulman, CTO of security firm Imperva, in a blog post.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now