Date: Mon, 06 Dec 2004 10:28:14 +0200 From: Panagiotis Astithas <past@ebs.gr> To: Greg Lewis <glewis@eyesbeyond.com> Cc: freebsd-java@freebsd.org Subject: Re: [glewis@freebsd.org: cvs commit: ports/java/jdk14 Makefile] Message-ID: <41B4181E.10704@ebs.gr> In-Reply-To: <20041124161926.GB10910@misty.eyesbeyond.com> References: <20041124161926.GB10910@misty.eyesbeyond.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Lewis wrote: > All, > > FYI. Please stop using the browser plugin until we can fix this. > > ----- Forwarded message from Greg Lewis <glewis@freebsd.org> ----- > > glewis 2004-11-24 15:16:39 UTC > > FreeBSD ports repository > > Modified files: > java/jdk14 Makefile > Log: > . Mark FORBIDDEN when building with the browser plugin due to the > vulnerabilities discussed in: > > http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029 > > Revision Changes Path > 1.82 +2 -0 ports/java/jdk14/Makefile > > ----- End forwarded message ----- There seems to be another vulnerability: Java 1.4.2_05 also has a vulnerability in the serialization APIs (used by RMI) that allows to overload a remote JVM [and drive uptime loads to the 100s]. http://www.securityfocus.com/archive/1/382309 I suppose we are vulnerable to that, too. Cheers, Panagiotis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41B4181E.10704>