Monthly Archives: March 2015

Full Disclosure

Re: Java 8u40 released: why?

Leave a comment

Posted by paul . szabo on Mar 06

Yes, they changed the wording since I wrote that! Noting that 7u75/76
are not new now, but were released in January.

Seems that 8u40 is simply a useability release; previous must have been
very bad, unusual that Oracle would release out-of-band.

Thanks, Paul

Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

Full Disclosure

Re: Partial pointer leaks

Leave a comment

Posted by Robert Święcki on Mar 06

2015-03-03 18:38 GMT-08:00 Christophe Hauser <christophe () cs ucsb edu>:

I’m not sure if that’s what you look for, but certain perf operations
leak one or two addresses from the kernel space in the default Ubuntu
configuration. It’s possible to write a short PoC, but it might take a
few mins, instead feel free to to compile and use
https://code.google.com/p/honggfuzz/source/checkout – which serves
other purpose, but uses…

Security

Ubuntu Security Notice USN-2522-2

Leave a comment

Ubuntu Security Notice 2522-2 – USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have been temporarily backed out until the regression is investigated. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.