[월:] 2017년 08월

USN-3396-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-3396-1 18th August, 2017 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details It was discovered that the JPEGImageReader class in OpenJDK wouldincorrectly read unused image data. An attacker could use this to speciallyconstruct a jpeg image file that when opened by a Java application wouldcause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properly handlearchives containing files missing digests. An attacker could use this tomodify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspot componentof OpenJDK when generating range check loop predicates. An attacker coulduse this to specially construct an [ more… ]

USN-3391-3: Firefox regression Ubuntu Security Notice USN-3391-3 17th August, 2017 firefox regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3391-1 introduced a regression in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-3391-1 fixed vulnerabilities in Firefox. The update introduced aperformance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, [ more… ]