Red Hat Security Blog: August 2013 archives
-
Tweaking integer overflows
Integer overflows when calculating the memory size for data structures (such as to hold image data from an image file) is a common source of security vulnerabilities. Often, such integer overflows are initially reported as denial-of-service issues, as the result of an arbitrarily large memory allocation. But with some tweaking, they can be turned into the successful allocation of a memory area that is too small because the integer overflow results in the wrong computed allocation size.... -
Apache Tomcat and JBoss Web security flaws
Apache Tomcat and JBoss Web are two closely-related components that have a large amount of code in common. This article explains the difference between these components and examines how security flaws affect them. Apache Tomcat and JBoss Web Apache Tomcat is a popular open source implementation of the Java Servlet and JavaServer Pages specifications. It is commonly used as a container to host Java-based web applications. Tomcat is distributed as part of both Red Hat Enterprise Linux and Red Hat...