This security update fixes multiple critical vulnerabilities. Oracle strongly recommends that users update as soon as possible. Twenty-nine security fixes prevent these exploits. Some of them are listed below:

• An error allowing the execution of arbitrary code in the 2D component has been fixed.
• A fix to a NULL-pointer dereference error in Kerberos GSS-API ensures it is no longer exploited to cause a Denial of Service.
• A vulnerability in the Transport Layer Security (TLS) protocol that allows Man-In-The-Middle (MITM) type attacks has been eliminated.
• An integer overflow error in the “JPEGImageWriter.writeImage()” function could be exploited to corrupt memory. This has been avoided.
• An error in the com.sun.jnlp.BasicServiceImpl class when retrieving a security policy has been fixed. It is no longer exploited to remove sandbox restrictions.
• An error in the JRE component allowing the execution of arbitrary code has been fixed.

The complete list of security patches can be found here.

This version’s release notes are here.