back to article Patch Java now, says Oracle. Leave the Easter chocolate until later

Oracle is urging Java users to upgrade, ASAP, to crimp a very nasty bug in the desktop and browser plug-in versions of the software. Labelled CVE-2016-0636, the flaw scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. That high score comes about because the flaw means attackers “can impact the …

  1. gollux
    Mushroom

    Thank goodness the only installation of Java I have runs on a VirtualBox VM used for the single purpose task of router management. It's been a pleasure stomping it out and not having to worry about the panicked upgrade cycle on the network for about a year now.

    Adoobie Trash, Murdersloth SliverBlight been exorcised as well. Sigh...

    1. James 29

      Ditto runnning safely inside a VM only powered on for the purpose of managing Cisco cruft (I hate you ASDM)

  2. Anonymous Coward
    Linux

    The Java flaw labelled CVE-2016-0636

    Any chance of some links to actual technical information in relation to the flaw? CVE-2016-0636 just waffles on about something called a 'Risk Matrix'.

    1. pakman

      Re: The Java flaw labelled CVE-2016-0636

      The link to the CVE at MITRE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0636, but at the moment the details have been embargoed. Presumably more details will be available when Oracle OK's their release. Hopefully not too long now that 8u77 is out: it would also be good to know whether this problem is specific to Oracle, or if other implementations are affected.

  3. JCitizen
    Coffee/keyboard

    What does Oracle have to do with it???

    Java is an Apache project now - right? Red Hat done bought out the coffee mug a while ago.

    1. Darryl

      Re: What does Oracle have to do with it???

      Bottom right corner of every page at java.com has an Oracle logo on it.

  4. Bucky 2

    I blame Citrix.

    I mean, I can't remember the last time I saw an in-page java applet, so that's been disabled for ages.

    But I have at least two clients who use a Citrix VPN who only allow me to connect via Citrix "applications" (which run through a Java helper).

  5. Tom -1
    Meh

    What, again?

    Too many holes in Java, it's been a farce for quite some time. It should have been named for cheese, not for coffee (Emmentaler instead of Java).

    I'm just glad I banished from my machines some time ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019