Red Hat Bugzilla – Bug 472208
CVE-2008-5347 OpenJDK applet privilege escalation via JAX package access (6592792)
Last modified: 2010-12-25 12:07:17 EST
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE)
for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets
and applications to gain privileges via vectors related to access to
inner classes in the (1) JAX-WS and (2) JAXB packages.
java-1.6.0-openjdk-18.104.22.168-0.20.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
java-1.6.0-openjdk-22.214.171.124-7.b12.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Another mention of this issue:
http://secunia.com/advisories/32991/ (Point 20) ).
This was addressed via:
Red Hat Enterprise Linux version 4 Extras (java-1.6.0-sun) RHSA-2008:1018
RHEL Supplementary version 5 (java-1.6.0-sun) RHSA-2008:1018
Red Hat Enterprise Linux version 4 Extras (java-1.6.0-ibm) RHSA-2009:0015
RHEL Supplementary version 5 (java-1.6.0-ibm) RHSA-2009:0015