Date: Fri, 15 Jun 2012 23:13:49 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: CVE request: java hashdos vulnerability Hi, Seems java is fixing HashDos finally: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html They don't mention hashdos, but the interesting part is here: "The enhanced hashing implementation uses the murmur3 hashing algorithm along with random hash seeds and index masks" random hash seeds is what prevents hashdos. Further info here: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html Please assign CVE. cu, -- Hanno Böck mail/jabber: hanno@...eck.de GPG: BBB51E42 http://www.hboeck.de/ Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ