Software Development

Security news roundup: October 23

Here's a collection of recent security vulnerabilities and alerts, which include cross-platform flaws discovered in the Java Runtime Environment, vulnerabilities discovered in Thunderbird in Ubuntu, and a local buffer overflow in IBM AIX.

Here's a collection of recent security vulnerabilities and alerts, which include cross-platform flaws discovered in the Java Runtime Environment, vulnerabilities discovered in Thunderbird in Ubuntu, and a local buffer overflow in IBM AIX.

  • Vulnerability in Java Runtime Environment

According to Sun:

A vulnerability in the Virtual Machine of the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

The following releases of Java (Windows, Solaris and Linux) are affected.

  • JDK and JRE 6 Update 2 and earlier
  • JDK and JRE 5.0 Update 12 and earlier
  • SDK and JRE 1.4.2_15 and earlier
  • SDK and JRE 1.3.1_20 and earlier

Affected users are urged to upgrade to the latest version, where available.

  • Vulnerabilities discovered in Thunderbird in Ubuntu

A number of security issue affecting Thunderbird across Ubuntu releases have been discovered. The affected releases are:

  • Ubuntu 6.06 LTS
  • Ubuntu 6.10
  • Ubuntu 7.04
  • Ubuntu 7.10

Corresponding versions of Kubuntu, Edubunt, and Xubuntu are also affected.

The problem can be corrected by updating your system. Find more information at SecurityFocus.

  • Local buffer overflow vulnerability discovered in IBM AIX

According to SecurityFocus:

The IBM AIX is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue to execute arbitrary code using superuser privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.