Oracle, in keeping with its usual quarterly schedule, has released a batch of critical patch updates for its software products. These are described in the Oracle Critical Patch Update Advisory, October 2012. Most of the fixes are for software that is used mainly in corporate environments, such as the Oracle database server, and its E-business Suite. There are two products, though, that individual users might have: the MySQL Server, and VM Virtual Box. (The emphasis is on “might”, since neither of these is installed by default on any system I know of; if you have them, it is almost certainly because you installed them.) Complete details of the vulnerable products and versions are in the Advisory.
Oracle has also issued a Java SE Critical Patch Update Advisory, for all platforms (Windows, Linux, Solaris, and Mac OS X). This software is installed on many user machines, particularly in the form of a browser plugin. (It’s not clear that a typical individual user needs Java; I’ve discussed that issue in an earlier post.) According to the Java Advisory, the following versions of the software are vulnerable:
- JDK and JRE 7, Update 7 and earlier
- JDK and JRE 6, Update 35 and earlier
- JDK and JRE 5.0 Update 36 and earlier
- SDK and JRE 1.4.2_38 and earlier
- JavaFX 2.2 and earlier
Java 7 Update 9 is the most recent version of the software, and is recommended unless you have a specific reason for sticking with an earlier version. Windows users can get the new release via the update mechanism built into the software. Alternatively, you can download an installation package from the Java Download Page.
If you still require version 6, the latest release is Java 6 Update 37, which is available here.
If you do have Java installed on your system(s), I recommend updating it as soon as you conveniently can.