Included in a massive set of updates released yesterday by Oracle was a new version of Java. Version 7 Update 51 fixes a whopping thirty-four security vulnerabilities in previous versions.
If you use a web browser in which Java is enabled, you should install the new version as soon as possible.
A new version of Adobe’s Reader software was made available yesterday. Version 11.0.06 includes fixes for several security vulnerabilities. All the details are available in the new version’s release notes.
Yesterday, Adobe announced new 12-series versions of the Flash player for various environments and browsers:
You can get the new version from the main Flash download site.
Flash 12 includes some new features and enhancements, as well as fixes for several security vulnerabilities.
It’s a light month for Microsoft patches, with only four bulletins, none of which are flagged as Critical. The updates fix vulnerabilities in Office, Windows, and Server software.
Patches for the Windows XP NDProxy vulnerability and Office on Vista are among those made available today.
A post on the ISC Diary blog over at SANS has a useful overview of the vulnerabilities associated with this month’s patches.
As usual, the MSRC blog has its own spin on this month’s patches.
Not wanting to be left out of the party next Tuesday, Adobe has announced that they will issue patches for Acrobat and Reader on January 14.
According to the bulletin, “These updates address critical vulnerabilities in the software.“
Oracle will issue another massive batch of updates for its products in its next Critical Patch Update, on January 14. From the pre-release announcement:
This Critical Patch Update contains 36 new security fixes for Oracle Java SE. 34 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Microsoft has issued its usual notification of the upcoming Patch Tuesday. This month’s updates will become available around 10am PST on January 14. There will be four bulletins, addressing issues in Windows, Office and Server software. The NDProxy vulnerability affecting Windows XP will be patched via bulletin MS14-002. The MSRC blog has additional details.
In fact, two new versions of the Webkit-based Opera browser were released recently. I missed both of them because Opera moved their announcement blog to blogs.opera.com/desktop.
Version 18.0.1284.63 was released on December 6. It includes fixes for GMail compatibility issues.
Version 18.0.1284.68 was released on December 16. It fixes several crashing issues.
Windows XP computers with autoupdate enabled are taking longer and longer to boot. Microsoft has discovered a flaw in Windows Update that is slowing down the update process. As the list of available patches for Windows XP has grown over the years, the delays have increased exponentially. Microsoft tried to fix this flaw with recent updates to little effect. Ars Technica has more.
The latest version of WordPress includes a style and responsiveness overhaul of the dashboard, sharp new vector-based icons, better support for mobile platforms, improved responsiveness features, better theme and widget management, better RTL (Right To Left) suport, some bug fixes, and a new theme, TwentyFourteen. An entry in the WordPress Codex lists all the changes in the new version.
boot13