Name: CVE-2008-5352 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352 Reference: SUNALERT:244992 Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1 Reference: IDEFENSE:20081204 Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=759 Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Another mention of this issue: http://secunia.com/advisories/32991/ (Point 15) ).
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.2 Via RHSA-2009:0466 https://rhn.redhat.com/errata/RHSA-2009-0466.html