Bug 474556 (CVE-2008-2086)
Summary: | CVE-2008-2086 Java Web Start File Inclusion via System Properties Override | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marc Schoenefeld <mschoene> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | charlieb-fedora-bugzilla, jlieskov, kreilly |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-12 04:46:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 474557, 474558, 474559, 474560, 479814, 479815, 479822, 479823, 493287, 493288, 493289, 529660, 529661 | ||
Bug Blocks: |
Description
Marc Schoenefeld
2008-12-04 13:03:54 UTC
Another mention of this issue: http://secunia.com/advisories/32991/ This bug 474556 is mentioned in the "bugs fixed" section of Red Hat Advisory RHSA-2009-0015 but is still in 'NEW' state. http://www.redhat.com/support/errata/RHSA-2009-0015.html Is this problem fixed in java-1.6.0-openjdk-1.6.0.0-0.25.b09.el5 and java-1.6.0-ibm-1.6.0.3-1jpp.3.el4 or not? I notice also that changelog for java-1.6.0-openjdk-1.6.0.0-0.25.b09.el5 jumps from 1:1.6.0.0-0.15.b09 to 1:1.6.0.0-0.21.b09 and doesn't mention any of the security patches or CVE numbers. Could the changelog be repaired please, to contain the missing information? This bug is also referenced in the 'bugs fixed' section of RHSA-2008-1018: http://rhn.redhat.com/errata/RHSA-2008-1018.html This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0445 https://rhn.redhat.com/errata/RHSA-2009-0445.html This issue has been addressed in following products: Red Hat Network Satellite Server v 5.1 Via RHSA-2009:1662 https://rhn.redhat.com/errata/RHSA-2009-1662.html |