5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.041 Low
EPSS
Percentile
92.1%
CentOS Errata and Security Advisory CESA-2011:0214
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Java-based applications to hang, for instance if they parse Double values
in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve this issue. All running instances of OpenJDK Java
must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079473.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079474.html
Affected packages:
java-1.6.0-openjdk
java-1.6.0-openjdk-demo
java-1.6.0-openjdk-devel
java-1.6.0-openjdk-javadoc
java-1.6.0-openjdk-src
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0214