Articles by KENNETH

USN-3614-1: OpenJDK 7 vulnerabilities openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software Description openjdk-7 – Open Source Java implementation Details It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588) It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. (CVE-2018-2599) It was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource [ more… ]

USN-3613-1: OpenJDK 8 vulnerabilities openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software Description openjdk-8 – Open Source Java implementation Details It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579) It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2582) It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588) It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote [ more… ]