Written by: Stephen Withers | Published in: SecurityIt turns out that 'soon' really can mean 'very soon indeed.' On Friday, an Oracle spokesperson said a Java update to fix a serious vulnerability that was being exploited would be available soon - it's here already.
Canonical published details in a security notice about an Apache XML Security for a Java vulnerability in its Ubuntu 10.04 LTS (Lucid Lynx) operating system. According to the company, Apache XML Security for Java could be tricked into validating spoofed signatures. It has been discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters.
Hi, I've been reading several stories this morning about a recently discovered security hole in the java web-plugin. Apparently OS X is pushing through updates to disable it and Microsoft recommends a similar course of action. It seems to be a fairly critical exploit.My question is, does this vulnerability affect users of openJDK/icedtea?