714 matches found
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
SuSE 11.2 / 11.3 Security Update : openssl-certs (SAT Patch Numbers 8681 / 8682)
openssl-certs was updated with the current certificate data available from mozilla.org. Changes : - Updated certificates to revision 1.95 Distrust a sub-ca that issued google.com certificates. 'Distrusted AC DG Tresor SSL'. bnc854367 Many CA updates from Mozilla : - new:...
openSUSE: Security Advisory for ca-certificates-mozilla (openSUSE-SU-2013:1891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ca-certificates-mozilla: add, remove or blacklist some certificates (important)
The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...
Security Advisory 2880823: Recommendation to discontinue use of SHA-1
Microsoft is recommending that customers and CA’s stop using SHA-1 for cryptographic applications, including use in SSL/TLS and code signing. Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based...
Java Code-Signing, Security Prompts Fail with Developers
Why would a software company require developers to sign code, thereby ensuring a modicum of trust—but not security—and then shatter that trust by allowing signed applets to bypass their own application sandbox? Welcome to the world of Oracle and Java, where a once healthy programming language has...
Updated opera packages replace code signing certificate
Opera 12.16 contains a replaced code signing certificate. Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signin...
MGASA-2013-0202 Updated opera packages replace code signing certificate
Opera 12.16 contains a replaced code signing certificate. Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signin...
Replaced code signing certificate
Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing...
Replaced code signing certificate – Opera Security Advisories
Opera Software recently experienced an attack on the internal infrastructure. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing...
CentOS 5 : nss (CESA-2013:0214)
Updated nss and nspr packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designe...
Opera Hack, Certificate Theft Redirects Thousands to Malware
Several thousand Opera users may have been presented with script redirecting them to a server hosting malware as a result of a hack of the Opera network and theft of a code-signing certificate. A new version of the browser is available and Opera representatives urge users to update as soon as...
Malware threat to Opera users, Trojan signed with a stolen certificate
On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. "On June 19th we uncovered, halted and contained a targeted attack on our internal...
Stolen Opera Code-Signing Certificate Used to Sign Malware
Opera Software said it was able to contain the impact of a security breach that resulted in the theft of an expired code-signing certificate used to sign malware distributed to Windows users during a 36-minute stretch on June 19. Opera developer Sigbjorn Vik said the browser maker was victimized ...
Malware threat to Opera users, Trojan signed with a stolen certificate
On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. "On June 19th we uncovered, halted and contained a targeted attack on our internal...
Google Play Android Apps Must Update in Google Store
The Google Play store has been an Eden for hackers wanting to get malicious code onto Android devices. A number of things made the marketplace too tempting for attackers to resist, including the open source nature of the operating system, lax vetting of developers, and the ability to modify code ...