Red Hat Security Blog: August 2013 archives

  • Tweaking integer overflows

    Integer overflows when calculating the memory size for data structures (such as to hold image data from an image file) is a common source of security vulnerabilities. Often, such integer overflows are initially reported as denial-of-service issues, as the result of an arbitrarily large memory allocation. But with some tweaking, they can be turned into the successful allocation of a memory area that is too small because the integer overflow results in the wrong computed allocation size....
    Posted 2013-08-28T13:00:40+00:00 - 0
  • A Brief History of Cryptography

    Cryptology is a young science. Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science (and perhaps an art) just started around one hundred years ago. The first known evidence of the use of cryptography (in some form) was found in an inscription carved around 1900 BC, in the main chamber of the tomb of the nobleman Khnumhotep II, in Egypt. The scribe used some unusual hieroglyphic symbols here and there in place of more ordinary ones....
    Posted 2013-08-14T13:00:50+00:00 - 0
  • Apache Tomcat and JBoss Web security flaws

    Apache Tomcat and JBoss Web are two closely-related components that have a large amount of code in common. This article explains the difference between these components and examines how security flaws affect them. Apache Tomcat and JBoss Web Apache Tomcat is a popular open source implementation of the Java Servlet and JavaServer Pages specifications. It is commonly used as a container to host Java-based web applications. Tomcat is distributed as part of both Red Hat Enterprise Linux and Red Hat...
    Posted 2013-08-07T13:30:42+00:00 - 0