CentOS Update For Java CESA-2011:0214 Centos5 X86_64 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially-crafted HTTP request. (CVE-2010-4476) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect.

Affected

java on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2011-April/017312.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4476

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1139 (pidgin)
CentOS Security Advisory CESA-2009:1140 (ruby)
CentOS Update for acpid CESA-2009:0474 centos4 i386
CentOS Security Advisory CESA-2009:1455 (kernel)
CentOS Update for apr CESA-2011:0844 centos4 i386

CentOS Update for java CESA-2011:0214 centos5 x86_64

Take action and discover your vulnerabilities