JDK/JRE RSA vulnerability
Andrew Pantyukhin
infofarmer at FreeBSD.org
Fri Oct 13 12:26:22 PDT 2006
On 10/4/06, Simon L. Nielsen <simon at freebsd.org> wrote:
> On 2006.10.04 20:41:34 +0400, Andrew Pantyukhin wrote:
> > Please review the following patch to vuln.xml:
> >
> > http://people.freebsd.org/~sat/diffs/jdk1509.diff
>
> Are you sure that the JDK/JRE for FreeBSD is actually vulnerable? On
> some OS'es which don't support cryptographic operations by default
> (e.g. Windows) crypto libs are bundled with the program, but OS
> suplied libs are used on the OS'es which has them. I don't know if
> this is the case of JDK/JRE but it should probably be checked first.
> Could you poke the java people (e.g. glewis AFAIR) to check?
>
> As a sitenote, the Secunia advisory doesn't contain anything which
> isn't on Sun's page, so much better to use the info directly from Sun.
Could you please take a look and tell us if we're affected by
one or more of these advisories:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5201
http://secunia.com/advisories/22204/
I'm almost sure linux versions are vulnerable, but as for
native versions (both certified and not), it's unclear.
Thank you!
More information about the freebsd-java
mailing list