Name: CVE-2008-5341 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341 Reference: SUNALERT:244988 Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1 Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors.
Another mention of this issue: http://secunia.com/advisories/32991/ (Point 7) )
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0369 https://rhn.redhat.com/errata/RHSA-2009-0369.html
This was addressed via: Red Hat Enterprise Linux version 4 Extras (java-1.6.0-sun) RHSA-2008:1018 RHEL Supplementary version 5 (java-1.6.0-sun) RHSA-2008:1018 Red Hat Enterprise Linux version 4 Extras (java-1.5.0-sun) RHSA-2008:1025 RHEL Supplementary version 5 (java-1.5.0-sun) RHSA-2008:1025 Red Hat Enterprise Linux version 4 Extras (java-1.5.0-ibm) RHSA-2009:0016 RHEL Supplementary version 5 (java-1.5.0-ibm) RHSA-2009:0016 Red Hat Enterprise Linux version 4 Extras (java-1.6.0-ibm) RHSA-2009:0369 RHEL Supplementary version 5 (java-1.6.0-ibm) RHSA-2009:0369