Package: openjdk-6 Version: 6b11-9.1+lenny2 Severity: grave Tags: security Justification: trivial denial of service by unauthenticated remote users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for openjdk-6. CVE-2010-4476[0]: (description from upstream announcement) | This Security Alert addresses security issue CVE-2010-4476 (Java Runtime | Environment hangs when converting "2.2250738585072012e-308" to a binary | floating-point number), which is a vulnerability in the Java Runtime | Environment component of the Oracle Java SE and Java for Business products. | This vulnerability allows unauthenticated network attacks ( i.e. it may be | exploited over a network without the need for a username and password). | Successful attack of this vulnerability can result in unauthorized ability | to cause a hang or frequently repeatable crash (complete Denial of Service) | of the Java Runtime Environment. Java based application and web servers are | especially at risk from this vulnerability. In particular, there is a trivial attack involving a crafted HTTP header, which probably affects many systems. There is a patch available [1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://security-tracker.debian.org/tracker/CVE-2010-4476 [1] http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html - -- System Information: Debian Release: 6.0 APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJNUu1AAAoJEFOUR53TUkxRcWAP/iMKvgancaw2RdctEZY54qKX 9W7MdhosFyeP4BAwtHUrge1SeRO9FzTitXXuAXEOcYD0nkKKnfN6c8HdqGly2TbJ CFQXGgExyd3zuaSJwXohW9eFk983qLXokBHU0fMj0zDSIV7m3uqpo+hqQfdbQLyb NYbDP+rfiCP+G7EisrEJjcqyMAQsxXLHhHlAmZHsgBFFc/3YbG+h/hEmoNzugfvU ZQ+YE4GxTUBFlH5l+NjKey+r8kGrAg9A9cR2cz4+pKRCG6Li2MJGRewVy0GK92OL ePjeKAFe0yfHTzFjKZz1FMnCeB+5341C7FpEqGdINNOet5fDjjkGPinXHAm8ysYu en3GikXBf1xFmLhKOtpM4KgPTx6xt+zPOxY4xmQt+4xXl8WUHE9whsqWmrwtjoyh 8u9x5tXQkIK5hdHH1ZGAUBN9SoaYBc3Ml0H7h5jEilkvovqjZhTbvf8mt+LDAaBL RUEeg1pH9UybHzpxqCdMmGABZTed+eLDxY+YvYL8IxPxLDlnHkwUPuD59lMU+l/c OWQyYCETHIrlKVK6rTMkycJbpHryGxWb54XPWJ0oG/egXL1Rujm6njfnwEqXkKMk y6pmAYjEDxs8VTnkeUjRiEbs9TIOTh/mN2fQ3NsSEYvgAeHnoIDijSo8XC/N5ove e4zN86De2nUl9G1TPxLX =SwDF -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
