java/141919: Serious remote vulnerability in the JRE
Romain Dalmaso
artefact2 at gmail.com
Wed Dec 23 13:40:06 UTC 2009
>Number: 141919
>Category: java
>Synopsis: Serious remote vulnerability in the JRE
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-java
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 23 13:40:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Romain Dalmaso
>Release: 7.2-RELEASE
>Organization:
>Environment:
>Description:
A serious vulnerability affecting all the current Java ports allows any potential attacker to take control of the machine remotely if it uses a Java application dealing with the XML parser.
The issue has been there for months, and has been fixed since Java 6 update 15 and Java 5 update 20. So simply updating the port would solve the issue.
This vulnerability affects, for instance, all the Freenet nodes running under FreeBSD :
http://freenetproject.org/news.html#xml-vuln
More details about it :
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
Thanks for your interest.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-java
mailing list