[glewis@freebsd.org: cvs commit: ports/java/jdk14 Makefile]
Panagiotis Astithas
past at ebs.gr
Mon Dec 6 00:28:40 PST 2004
Greg Lewis wrote:
> All,
>
> FYI. Please stop using the browser plugin until we can fix this.
>
> ----- Forwarded message from Greg Lewis <glewis at freebsd.org> -----
>
> glewis 2004-11-24 15:16:39 UTC
>
> FreeBSD ports repository
>
> Modified files:
> java/jdk14 Makefile
> Log:
> . Mark FORBIDDEN when building with the browser plugin due to the
> vulnerabilities discussed in:
>
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029
>
> Revision Changes Path
> 1.82 +2 -0 ports/java/jdk14/Makefile
>
> ----- End forwarded message -----
There seems to be another vulnerability:
Java 1.4.2_05 also has a vulnerability in the serialization APIs (used
by RMI) that allows to overload a remote JVM [and drive uptime loads
to the 100s].
http://www.securityfocus.com/archive/1/382309
I suppose we are vulnerable to that, too.
Cheers,
Panagiotis
More information about the freebsd-java
mailing list