Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

Antivirus Advice for Computer Protection on the Internet

:: Apple Releases QuickTime 7.7.2 :: Google Releases Google Chrome 19 :: Apple Releases Multiple Security Updates :: Adobe Releases Security Bulletins for Multiple Products :: Apple Releases iOS 5.1.1 :: Adobe Releases Security Advisory for Adobe Flash Player :: Microsoft Releases May Security Bulletin :: Microsoft Releases Advanced Notification for May Security Bulletin :: Microsoft Releases Advance Notification for May Security Bulletin :: Google Releases Chrome 18.0.1025.168 :: RuggedCom Rugged Operating System Vulnerability :: DNSChanger Malware :: Oracle Releases Critical Patch Update for April 2012 :: Apple Releases Flashback Malware Security Updates :: Apple Releases Flashback Malware Security Updates :: HP ProCurve 5400 zl Switches Security Bulletin :: Samba Releases Updates for 3.0.x - 3.6.3 :: Adobe Releases Security Bulletin for Adobe Reader and Acrobat :: Microsoft Releases Advance Notification for April Security Bulletin :: Microsoft Releases April Security Bulletin

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products.

The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is not affected by this attack. Additional information can be found in the ruby 1.8.7 patchlevel 357 release notes.

Microsoft has released a security advisory for ASP.NET containing a workaround. Additional information can be found in Microsoft Security Advisory 2659883.

More information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#903934 and n.runs Security Advisory n.runs-SA-2011.004.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity

Today's Internet Security Alerts

SANSFIRE 2011
SANSFIRE 2011
(1) HIGH: Google Chrome Sandbox Escapes
...
(2) HIGH: Microsoft Remote Desktop Protocol Vulnerability
...
(3) HIGH: Mozilla Firefox Use-After-Free Vulnerability
...
2.8 Mozilla Firefox/Thunderbird/SeaMonkey "shlwapi.dll" Use-After-Free Memory Corruption
...
12.11.11 IBM DB2 Multiple Security Vulnerabilities
...
12.11.12 IBM Maximo Asset Management Multiple Security Vulnerabilities
...

Popular Words in Security Alerts
attack visual google earlier number device advisories backup iphone program public elevated january vendor preventative