Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

Red Hat Enterprise: RHSA-2011:0214-01 Moderate: Java DoS in OpenJDK

red hat
Calendar Grey February 10, 2011
Scroller Redhat
A significant notification for the java-1.6.0-openjdk concerning a vulnerability in Red Hat. Users are urged to perform updates!
Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.

References

https://access.redhat.com/security/cve/CVE-2010-4476 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.18.b17.el5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.18.b17.el5.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.18.b17.el5.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.18.b17.el5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.18.b17.el5.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2011:0214-01
Product: Red Hat Enterprise Linux
Issue date: 2011-02-10

Topic

Updated java-1.6.0-openjdk packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux HPC Node (v. 6) - x86_64

Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64

Red Hat Enterprise Linux Server (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

Bugs Fixed

674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.