Anyone running Freenet must upgrade to at least Sun Java 6 Update 15 or Sun 
Java 5 Update 20.

Until you are able to do this, please shut down anything that parses XML, 
- Do not use the search function (XMLLibrarian).
- Unload the WoT and Freetalk plugins if you are using them. Likewise with 
Library etc.
- Do not use Thaw. Shut it down if it is running.

Other applications may also be vulnerable via the Python libexpat and Apache 
Xerces libraries, so you should update your distribution ASAP. However, not all 
applications that process XML are vulnerable as there are a number of XML 

This concerns both denial of service and remote code execution and thus is a 
*SEVERE* vulnerability.

I will be putting out a new build ASAP, which will tell any users who haven't 
upgraded to upgrade and will disable XMLLibrarian until they do so.

Attachment: signature.asc
Description: This is a digitally signed message part.

Support mailing list
Unsubscribe at

Reply via email to