Earlier this month, Oracle revealed that the Java Critical Patch Update (CPU) released on February 1 didn’t include all the fixes intended for this month’s CPU. Which is why it promised to update the initial CPU to address even more security holes.Oracle has kept its promise and has issued an updated release to fix 5 additional flaws that plague Java SE products.
The five bugs have been reported to Oracle by Ben Murphy via TippingPoint; Kenny Paterson of Royal Holloway, University of London; Michael Schierl; Nadhem AlFardan of Royal Holloway, University of London; and Tomasko Labuda via the iSIGHT Partners GVP Program.
On the other hand, the vulnerability dubbed “Issue 51,” discovered by experts from Security Explorations, is still unfixed.
The next Java SE CPUs are scheduled for April 16, June 18, October 15, and January 14, 2014. However, at the rate at which Java vulnerabilities are discovered these days, we shouldn’t be surprised if Oracle released out-of-band updates as well.