Last week Oracle posted a new update of Java version 6 Update 29.  Here is the information from Oracle related to that release.

====================================================================================

Advisory: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update (CPU) fixes as soon as possible.  This CPU contains 20 new security fixes across Java SE.

Note:  There was no Java 6 Update 28 released to the public.  So, this update skips an update number.

All but one of the fixed vulnerabilities are remotely exploitable without authentication.  I have not found any information on whether or not any of the fixed vulnerabilities are being actively exploited or the details of the vulnerability are publically available.  If anyone finds information to help evaluate the criticality of this patch, please let us know.

Release notes are at http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html

====================================================================================

We held on this release a little longer than normal, but we pushed out Java 6 Update 29 on Monday.  Since the release we have received reports of multiple bugs in Java 6 update 29 including issues with Avocent KVMs and the MS SQL Server JDBC Drivers.  So we are left with the option of being exposed to security exploits or to deal with the fallout of a buggy release of Java.  I would default to the newer code unless it is causing problems for you.

If either of these bugs are causing you problems the best course is to downgrade to Java 6 update 27.  ManageIT will not downgrade existing version 6 update 29 installs to update 27, so if you need to downgrade you need to remove and repush Java to the workstation.

If you have any questions about ManageIT or this definition update please feel free to contact our IT support team.