Candidate: CVE-2012-2739
PublicDate: 2012-11-28 13:03:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2739
 http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
 http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
 http://www.openwall.com/lists/oss-security/2012/06/15/12
 http://www.openwall.com/lists/oss-security/2012/06/17/1
 https://ubuntu.com/security/notices/USN-1619-1
Description:
 Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8
 before build 39, computes hash values without restricting the ability to
 trigger hash collisions predictably, which allows context-dependent
 attackers to cause a denial of service (CPU consumption) via crafted input
 to an application that maintains a hash table.
Ubuntu-Description:
Notes:
 sbeattie> openjdk-6b18 in oneiric has been superceded by openjdk-6
 sbeattie> openjdk-6b18 in lucid & natty would be superceded by
   openjdk-6 except that openjdk-6 FTBFS on armel (LP: #1043003)
 jdstrand> this was actually fixed in usn-1619-1 as part of the new upstream
  releases, but it wasn't reported as such.
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1043003
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_sun-java6:
upstream_sun-java6: needs-triage
hardy_sun-java6: ignored (upstream version is not redistributable)
lucid_sun-java6: DNE (removed from archive)
natty_sun-java6: DNE (removed from archive)
oneiric_sun-java6: DNE
precise_sun-java6: DNE
quantal_sun-java6: DNE
devel_sun-java6: DNE

Patches_sun-java5:
upstream_sun-java5: needs-triage
hardy_sun-java5: ignored (upstream sun-java5 is EoL)
lucid_sun-java5: DNE
natty_sun-java5: DNE
oneiric_sun-java5: DNE
precise_sun-java5: DNE
quantal_sun-java5: DNE
devel_sun-java5: DNE

Patches_openjdk-6:
upstream_openjdk-6: released (6b24-1.11.5)
hardy_openjdk-6: released (6b27-1.12.3-0ubuntu1~08.04.1)
lucid_openjdk-6: released (6b24-1.11.5-0ubuntu1~10.04.2)
natty_openjdk-6: ignored (reached end-of-life)
oneiric_openjdk-6: released (6b24-1.11.5-0ubuntu1~11.10.1)
precise_openjdk-6: released (6b24-1.11.5-0ubuntu1~12.04.1)
quantal_openjdk-6: released (6b24-1.11.5-0ubuntu1~12.10.1)
devel_openjdk-6: not-affected (6b24-1.11.5-0ubuntu1~12.10.1)

Patches_openjdk-6b18:
upstream_openjdk-6b18: needs-triage
hardy_openjdk-6b18: DNE
lucid_openjdk-6b18: ignored (reached end-of-life)
natty_openjdk-6b18: ignored (LP: #1043003)
oneiric_openjdk-6b18: ignored (superceded by openjdk-6)
precise_openjdk-6b18: DNE
quantal_openjdk-6b18: DNE
devel_openjdk-6b18: DNE

Patches_openjdk-7:
upstream_openjdk-7: released (7u9-2.3.3)
hardy_openjdk-7: DNE
lucid_openjdk-7: DNE
natty_openjdk-7: DNE
oneiric_openjdk-7: released (7u9-2.3.3-0ubuntu1~11.10.1)
precise_openjdk-7: released (7u9-2.3.3-0ubuntu1~12.04.1)
quantal_openjdk-7: released (7u9-2.3.3-0ubuntu1~12.10.1)
devel_openjdk-7: not-affected (7u9-2.3.3-0ubuntu1~12.10.1)