Written by: Stephen Withers | Published in: SecurityIt turns out that 'soon' really can mean 'very soon indeed.' On Friday, an Oracle spokesperson said a Java update to fix a serious vulnerability that was being exploited would be available soon - it's here already.
Canonical published details in a security notice about an Apache XML Security for a Java vulnerability in its Ubuntu 10.04 LTS (Lucid Lynx) operating system. According to the company, Apache XML Security for Java could be tricked into validating spoofed signatures. It has been discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters.