Monthly Archives: March 2015

NVD

CVE-2015-2191

Leave a comment

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

NVD

CVE-2015-2192

Leave a comment

Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

Full Disclosure

Re: Java 8u40 released: why?

Leave a comment

Posted by Nick FitzGerald on Mar 07

James Hodgkinson wrote:

Indeed!

So you did not notice the explanation that this would happen, right
there on the “continue the install” permission dialog?

The one we can see a screenshot of at, say:

https://grahamcluley.com/2015/03/oracle-java-mac/

Your description rather strongly implies that you have no choice in
getting the Ask toolbar, which is untrue.

I understand that Mac users will likely not be _accustomed_ to such…

Full Disclosure

Re: Java 8u40 released: why?

Leave a comment

Posted by Alan Coopersmith on Mar 07

There are Java updates associated with security fixes on the quarterly
CPU cycle, but those aren’t the only Java updates – it is software under
active development after all, and releases new features too, not just
security patches.

http://www.oracle.com/technetwork/java/javase/overview/jdk-version-number-scheme-1918258.html
https://www.java.com/en/download/faq/release_dates.xml
http://openjdk.java.net/projects/jdk8u/