back to article Patch Java now, says Oracle. Leave the Easter chocolate until later

Oracle is urging Java users to upgrade, ASAP, to crimp a very nasty bug in the desktop and browser plug-in versions of the software. Labelled CVE-2016-0636, the flaw scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. That high score comes about because the flaw means attackers “can impact the …

  1. gollux

    Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.

    Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...

    1. James 29

      Ditto runnning safely inside a VM only powered on for the purpose of managing Cisco cruft (I hate you ASDM)

  2. Anonymous Coward

    The Java flaw labelled CVE-2016-0636

    Any chance of some links to actual technical information in relation to the flaw? CVE-2016-0636 just waffles on about something called a 'Risk Matrix'.

    1. pakman

      Re: The Java flaw labelled CVE-2016-0636

      The link to the CVE at MITRE is, but at the moment the details have been embargoed. Presumably more details will be available when Oracle OK's their release. Hopefully not too long now that 8u77 is out: it would also be good to know whether this problem is specific to Oracle, or if other implementations are affected.

  3. JCitizen

    What does Oracle have to do with it???

    Java is an Apache project now - right? Red Hat done bought out the coffee mug a while ago.

    1. Darryl

      Re: What does Oracle have to do with it???

      Bottom right corner of every page at has an Oracle logo on it.

  4. Bucky 2

    I blame Citrix.

    I mean, I can't remember the last time I saw an in-page java applet, so that's been disabled for ages.

    But I have at least two clients who use a Citrix VPN who only allow me to connect via Citrix "applications" (which run through a Java helper).

  5. Tom -1

    What, again?

    Too many holes in Java, it's been a farce for quite some time. It should have been named for cheese, not for coffee (Emmentaler instead of Java).

    I'm just glad I banished from my machines some time ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019