Red Hat Bugzilla – Bug 472234
CVE-2008-5358 OpenJDK Buffer Overflow in GIF image processing (6766136)
Last modified: 2010-12-25 12:10:09 EST
Reference: IDEFENSE:20081204 Sun Java Web Start GIF Decoding Memory Corruption Vulnerability
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and
earlier might allow remote attackers to execute arbitrary code via a
crafted GIF file that triggers memory corruption during display of the
splash screen, possibly related to splashscreen.dll.
java-1.6.0-openjdk-18.104.22.168-0.20.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
java-1.6.0-openjdk-22.214.171.124-7.b12.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Another mention of this issue:
http://secunia.com/advisories/32991/ (Point 3) ).
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0369 https://rhn.redhat.com/errata/RHSA-2009-0369.html
This was addressed via:
Red Hat Enterprise Linux version 4 Extras (java-1.6.0-sun) RHSA-2008:1018
RHEL Supplementary version 5 (java-1.6.0-sun) RHSA-2008:1018
Red Hat Enterprise Linux version 4 Extras (java-1.6.0-ibm) RHSA-2009:0369
RHEL Supplementary version 5 (java-1.6.0-ibm) RHSA-2009:0369