hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: Java 1.6.0_19 & Hadoop
Date Tue, 06 Apr 2010 16:09:43 GMT
Todd Lipcon wrote:
> I was seeing errors in 18 without escape analysis explicitly enabled. So
> unless it became enabled by default in 18, I don't think that was the issue.

That's not good. The security fixes in this JVM do hint it's something 
to deploy sooner rather than later.

http://isc.sans.org/diary.html?storyid=8572
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

"Due to the threat posed by a successful attack, Oracle strongly 
recommends that customers apply CPU fixes as soon as possible.  This 
Critical Patch Update contains 27 new security fixes across all products."

There's something involving imageIO, which may imply JPEG or other image 
processing as a vulnerability; the other details are too vague to be 
sure what the implications are.

Mime
View raw message