Launchpad.net

CVE 2008-5352

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

See the

CVE page on Mitre.org for more details.

References

SUNALERT: 244992
IDEFENSE: 20081204 Sun Java JRE ...
REDHAT: RHSA-2008:1018
REDHAT: RHSA-2008:1025
SECUNIA: 32991
SECUNIA: 33015
BID: 32608
SUSE: SUSE-SA:2009:007
CERT: TA08-340A
SECUNIA: 33710
SECUNIA: 33709
REDHAT: RHSA-2009:0015
SECUNIA: 33528
SUSE: SUSE-SR:2009:006
CONFIRM: http://support.avaya.c...
CONFIRM: http://www116.nortel.c...
REDHAT: RHSA-2009:0016
SECUNIA: 34259
REDHAT: RHSA-2009:0466
SECUNIA: 34972
OSVDB: 50501
SECTRACK: 1021312
GENTOO: GLSA-200911-02
SECUNIA: 37386
VUPEN: ADV-2008-3339
CONFIRM: http://support.nortel....
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2008-5352

Related bugs

References