Fixes for vulnerabilities in 48 different products
Oracle today rolled out a Critical Patch Update for the month of January 2015, which contains fixes for 167 vulnerabilities found in hundreds of the company's products. The most severe of these received a score of 10.0 on the Common Vulnerability Scoring System (CVSS), the highest score available -- they pertain to Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite, and M10-4S Servers of Oracle Sun Systems Products Suite.
Google Docs and Office Web apps have gone a long way towards offering a compelling solution for storing our documents online, but for those in need of offline access, Open Office used to be the best free alterative to Microsoft around. Fast forward to 2012 however, and Open Office hasn’t just fallen off the map, it has been lapped several times by a new community fork called LibreOffice.
When Oracle acquired Sun last year, it did so for things like the Java platform and the Solaris operating system, not servers running on Intel's x86 architecture. In fact, even though Sun thought it could become a major seller of x86 servers prior to the buyout, Oracle CEO Larry Ellison now says that the company makes next to no money on them and plans to start phasing x86-based servers out entirely in 2012 favor of more profitable Solaris/SPARC-based hardware.
James Gosling, father of the Java programming language, has finally found a job, nearly a year after he quit Oracle-owned Sun. Gosling’s latest employer happens to be Internet giant Google, which, very interestingly, has been accused of “knowingly, directly and repeatedly” copying Java code by Oracle. Hit the jump for more.
When Oracle scooped up Sun Microsystems in 2010, it also inherited the latter's legal woes, including complaints that Sun paid kickbacks to systems integrators in exchange for recommending Sun products to federal organizations. According to the U.S. Department of Justice, Oracle has agreed to put the matter to rest by coughing up $46 million to settle the suit, InfoWorld.com reports.
"Kickbacks, illegal inducements, misrepresentations during contract negotiations -- these undermine the integrity of the government procurement process and unnecessarily cost taxpayers money," Tony West, assistant attorney general for the DOJ's Civil Division, said in a statement. "As this case demonstrates, we will take action against those who abuse the public contracting process."
The settlement, which covers allegations dating as far back as 2004, also resolves charges of violating the False Claims Act in which Sun allegedly provided incomplete and inaccurate information to GSA (General Services Administration Schedule) contracting offers during negotiations in 1997 and again in 1999.
This, in fact, is a revised version of the report. As per the original, Google was the company with the highest percentage of unpatched flaws in H1 2010. However, Google was quick to dispute IBM's claim that it had left 33 percent of critical and high-risk bugs in its software unpatched: “We learned after investigating that the 33% figure referred to a single unpatched vulnerability out of a total of three — and importantly, the one item that was considered unpatched was only mistakenly considered a security vulnerability due to a terminology mix-up. As a result, the true unpatched rate for these high-risk bugs is 0 out of 2, or 0%.”
But this wasn't the lone mistake in the original, which also erroneously rated Oracle-owned Sun as the vendor with the highest percentage of unpatched vulnerabilities in the first half of 2010. But that honor now belongs to Microsoft.
“After we released our trend report this week, we received feedback from two software vendors regarding the severity and remedy information for some of the vulnerabilities behind this chart,” IBM said in a blog post.“As a consequence of this feedback, we have manually reassessed the CVSS scoring, remedy information, and vendor information for every vulnerability that impacted the percentages that appear in this chart.”
Around a couple of weeks back, Oracle brought a patent infringement action against Google for infringing its “Java-related intellectual property.” The search giant immediately retorted by saying that the lawsuit was without merit, and even went as far as labeling it an attack on both Google and the open-source Java community. It has once again made it clear that there is absolutely no love lost between the two companies.
“We understand that this may disappoint and inconvenience many of you, but we look forward to presenting at other venues soon. We’re proud to participate in the open source Java community, and look forward to finding additional ways to engage and contribute.”
The patent infringement lawsuit against Google pertains to the use of the Dalvik virtual machine for running Java code in Android.
Oracle has issued a statement today saying that they have filed suit against Google for patent and copyright infringement. The target for the lawsuit is reportedly Google's Android mobile operating system. According to Oracle's Karen Tillman, "[Google] knowingly, directly and repeatedly infringed Oracle's Java-related intellectual property." Oracle acquired Java maker Sun last year.
No details are yet available on just what aspects of Android Oracle believes infringes on their intellectual property. The majority of apps on Android are written in Java, and are compiled on the phone. The suit could be related to how Android interprets that code. Several months ago, Apple took legal action against HTC for their use of Android, but did not go after Google itself. Oracle however, is going up against the Big G toe to toe.
We'll keep an eye on this as it develops. It is possible this will be quickly resolved with a cross-licensing deal. Anyone care to place a wager on what Google's response will be?
The sun shines brightest in the summer time, but dark days loom for more Sun workers. Oracle will make more job cuts related to its acquisition of Sun Microsystems, the company said in a regulatory filing.
Oracle didn't say exactly how many pink slips it plans to hand out, and an Oracle spokeswoman declined to comment beyond the filing. Sun employees have been living on eggshells even before Oracle acquired the company, and according to an InfoWorld report, at least one analyst predicted that Oracle would lay off 50 percent of Sun's workforce to put the company back in the black. At the time, Oracle CEO Larry Ellison vehemently shrugged off the claim.
"The Sun people went through enough angst without having to read this garbage that you're writing," he told reporters and analysts in January. "The truth is, we're actually hiring 2,000 people over the next few months to beef up these businesses, and that's about twice as many people as we'll be laying off. We're not cutting Sun to profitability, we're growing Sun to profitability."
To cover the layoffs, which will mostly be concentrated in Europe and Asia, Oracle will take a charge of up to $650 million this year.
Somewhere, someone out there is saying "Told you so!" The reason? Oracle has begun charging $90 per user on a plug-in for Microsoft Office that Sun Microsystems used to give away for free.
The tool makes it so Word, Excel, and PowerPoint users can read, edit, and save documents in the ODF (Open Document Format), the same one used by OpenOffice. Oracle's only selling the plug-in in quantities of 100 or more, which works out to $9,000 per order, at least for the perpetual license. Oracle also offers 1-5 year licenses ranging in price from $18 to $63 per user, which are also only available in quantities of 100 or more.
If that weren't enough of a 'gotcha,' customers who wish to receive upgrades in the future must also purchase a support contract.