[월:] 2022년 04월

USN-5388-2: OpenJDK vulnerabilities It was discovered that OpenJDK incorrectly verified ECDSA signatures. An attacker could use this issue to bypass the signature verification process. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. [ more… ]

USN-5388-1: OpenJDK vulnerabilities It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept [ more… ]

USN-5376-3: Git regression USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Source: USN-5376-3: Git regression