Red Hat Bugzilla – Bug 474795
CVE-2008-5355 JRE allows arbitrary code execution via DNS mitm attacks
Last modified: 2010-12-25 12:09:01 EST
The "Java Update" feature for Java Runtime Environment (JRE) for Sun
JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and
earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the
signature of the JRE that is downloaded, which allows remote attackers
to execute arbitrary code via DNS man-in-the-middle attacks.
Another mention of this issue:
http://secunia.com/advisories/32991/ (Point 12) ).
This is Windows-specific, so no need to keep the bug open.