Your submission was sent successfully! Close

CVE-2012-2739

Published: 28 November 2012

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Priority

Low

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
hardy
Released (6b27-1.12.3-0ubuntu1~08.04.1)
lucid
Released (6b24-1.11.5-0ubuntu1~10.04.2)
natty Ignored
(reached end-of-life)
oneiric
Released (6b24-1.11.5-0ubuntu1~11.10.1)
precise
Released (6b24-1.11.5-0ubuntu1~12.04.1)
quantal
Released (6b24-1.11.5-0ubuntu1~12.10.1)
upstream
Released (6b24-1.11.5)
openjdk-6b18
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Ignored
(LP: #1043003)
oneiric Ignored
(superceded by openjdk-6)
precise Does not exist

quantal Does not exist

upstream Needs triage

openjdk-7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric
Released (7u9-2.3.3-0ubuntu1~11.10.1)
precise
Released (7u9-2.3.3-0ubuntu1~12.04.1)
quantal
Released (7u9-2.3.3-0ubuntu1~12.10.1)
upstream
Released (7u9-2.3.3)
sun-java5
Launchpad, Ubuntu, Debian
hardy Ignored
(upstream sun-java5 is EoL)
lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

sun-java6
Launchpad, Ubuntu, Debian
hardy Ignored
(upstream version is not redistributable)
lucid Does not exist
(removed from archive)
natty Does not exist
(removed from archive)
oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

Notes

AuthorNote
sbeattie
openjdk-6b18 in oneiric has been superceded by openjdk-6
openjdk-6b18 in lucid & natty would be superceded by
openjdk-6 except that openjdk-6 FTBFS on armel (LP: #1043003)
jdstrand
this was actually fixed in usn-1619-1 as part of the new upstream
releases, but it wasn't reported as such.

References