Anyone running Freenet must upgrade to at least Sun Java 6 Update 15 or Sun Java 5 Update 20.
Until you are able to do this, please shut down anything that parses XML, specifically: - Do not use the search function (XMLLibrarian). - Unload the WoT and Freetalk plugins if you are using them. Likewise with Library etc. - Do not use Thaw. Shut it down if it is running. Other applications may also be vulnerable via the Python libexpat and Apache Xerces libraries, so you should update your distribution ASAP. However, not all applications that process XML are vulnerable as there are a number of XML parsers. This concerns both denial of service and remote code execution and thus is a *SEVERE* vulnerability. I will be putting out a new build ASAP, which will tell any users who haven't upgraded to upgrade and will disable XMLLibrarian until they do so. http://www.cert.fi/en/reports/2009/vulnerability2009085.html
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
