Synopsis: Moderate: java-1.6.0-openjdk security update
Issue date: 2011-02-10
CVE Names: CVE-2010-4476
A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to
cause Java-based applications to hang, for instance if they parse Double
values in a specially-crafted HTTP request. (CVE-2010-4476)
All running instances of OpenJDK Java must be restarted for the update
to take effect.
SL 6.x
SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.36.b17.el6_0.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.36.b17.el6_0.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.36.b17.el6_0.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.b17.el6_0.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.36.b17.el6_0.x86_64.rpm
-Connie Sieh
-Troy Dawson
|