Ubuntu Security Notice USN-3824-1

Discussion in 'News Aggregator' started by Packet Storm, 17 Nov 2018.

  1. Packet Storm

    Packet Storm Guest

    Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

    Continue reading...
     

Share This Page

Loading...