oss-sec mailing list archives
More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 29 Dec 2011 13:13:42 +0100
Am Wed, 28 Dec 2011 19:07:30 +0100 schrieb Andrea Barisani <lcars () ocert org>:
Affected version: Java, all versions JRuby <= 1.6.5 PHP <= 5.3.8, <= 5.4.0RC3 Python, all versions Rubinius, all versions Ruby <= 1.8.7-p356 Apache Geronimo, all versions Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22 Oracle Glassfish <= 3.1.1 Jetty, all versions Plone, all versions Rack, all versions V8 JavaScript Engine, all versions Fixed version: Java, N/A JRuby >= 1.6.5.1 PHP >= 5.3.9, >= 5.4.0RC4 Python, N/A Rubinius, N/A Ruby >= 1.8.7-p357, 1.9.x Apache Geronimo, N/A Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23 Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the main codeline and scheduled for a future CPU) Jetty, N/A Plone, N/A Rack, N/A V8 JavaScript Engine, N/A Credit: vulnerability report and PoC code received from Alexander Klink <alexander.klink AT nruns.com> and Julian Waelde <jwaelde AT cdc.informatik.tu-darmstadt.de>. CVE: CVE-2011-4461 (Jetty), CVE-2011-4838 (JRuby), CVE-2011-4885 (PHP), CVE-2011-4462 (Plone), CVE-2011-4815 (Ruby)
Kurt or other CVE assigners, can you please assign a bunch for python, java, tomcat etc. pp. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 28)
- More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Kurt Seifried (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) David Jorm (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Tomas Hoger (Dec 30)
- More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 31)