Articles by KENNETH

USN-3366-1: OpenJDK 8 vulnerabilities Ubuntu Security Notice USN-3366-1 26th July, 2017 openjdk-8 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenJDK 8. Software description openjdk-8 – Open Source Java implementation Details It was discovered that the JPEGImageReader class in OpenJDK wouldincorrectly read unused image data. An attacker could use this tospecially construct a jpeg image file that when opened by a Javaapplication would cause a denial of service. (CVE-2017-10053) It was discovered that the JAR verifier in OpenJDK did not properlyhandle archives containing files missing digests. An attacker coulduse this to modify the signed contents of a JAR file. (CVE-2017-10067) It was discovered that integer overflows existed in the Hotspotcomponent of OpenJDK when generating range check loop predicates. Anattacker could use this to specially [ more… ]

USN-3367-1: gdb vulnerabilities Ubuntu Security Notice USN-3367-1 26th July, 2017 gdb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in gdb. Software description gdb – GNU Debugger Details Hanno Böck discovered that gdb incorrectly handled certain malformed AOUTheaders in PE executables. If a user or automated system were tricked intoprocessing a specially crafted binary, a remote attacker could use thisissue to cause gdb to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.(CVE-2014-8501) It was discovered that gdb incorrectly handled printing bad bytes in IntelHex objects. If a user or automated system were tricked into processing aspecially crafted binary, a remote attacker could use this issue to causegdb to crash, resulting in [ more… ]