Ubuntu
jenkins package

  1. Bug #914628
  2. Comment #0

Comment 0 for bug 914628

Revision history for this message
James Page (james-page) wrote :

Jenkins running standalone (as it does in the Ubuntu packaging) is vulnerable to the Hash DoS attack as detailed here:

http://www.ocert.org/advisories/ocert-2011-003.html

Full details of the Jenkins vulnerability:

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb

I believe this will require updates to jenkins-executable-war (1.25) and jenkins-winstone (0.9.10-jenkins-31):