Daily Archives: April 20, 2016

Oracle Releases Scheduled Security Updates for April

The security updates continue apace for 2016 with Oracle yesterday releasing security updates for 46 of its products addressing 136 vulnerabilities. Full details are available within Oracle’s security advisory.

Of particular note are the updates for MySQL that addresses more security issues than any other update, 31 CVEs (defined) and Fusion Middleware with 21 of its 22 resolved issues remotely exploitable.

For business and consumers alike who use Java; the update this month (Java v8 Update 91 or Update 92 see the release notes for an explanation of the difference between Update 91 and Update 92) resolves 9 CVEs. More than half have a CVSS 3.0 base score greater than 6.0. A set of suggested practices for using Java on your computer are provided here.

A highlight coming later this year will be the deprecation (ending of support/end of life (EOL)) for Java Web Start, Oracle’s Java browser plugin. This will occur in a future Java JRE (Java Runtime Environment) update and in September 2016 for the JDK (Java Development Kit) when JDK version 9 is expected to be made available.

If you use any of the Oracle products listed here, please install the appropriate security updates as soon as possible.

As a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.