Red Hat Bugzilla – Bug 452658
CVE-2008-3107 JDK untrusted applet/application privilege escalation (6661918)
Last modified: 2010-12-23 16:33:24 EST
From Sun pre-notification, 6/23/2008
A vulnerability in the Java Runtime Environment Virtual Machine may allow an
untrusted applet or application to elevate its privileges. For example, an
applet may grant itself permissions to read and write local files or execute
local applications that are accessible to the user running the untrusted applet.
java-1.6.0-openjdk-220.127.116.11-0.16.b09.fc9 has been submitted as an update for Fedora 9
java-1.7.0-icedtea-18.104.22.168-0.20.b21.snapshot.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
java-1.6.0-openjdk-22.214.171.124-0.16.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via:
RHEL Supplementary version 5 (java-1.6.0-sun) RHSA-2008:0594
Red Hat Enterprise Linux version 4 Extras (java-1.5.0-sun) RHSA-2008:0595
RHEL Supplementary version 5 (java-1.5.0-sun) RHSA-2008:0595
Red Hat Network Satellite Server 5.1 (RHEL v.4 AS) (java-1.5.0-sun) RHSA-2008:0636