Name: CVE-2008-5344 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344 Reference: SUNALERT:244988 Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1 Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading.
Another mention of this issue: http://secunia.com/advisories/32991/
Red Hat advisory RHSA-2009-0015 states that this bug is fixed: https://rhn.redhat.com/errata/RHSA-2009-0015.html Suprisingly, this bug (and bug 474556 and bug 474772) and in state NEW, not ERRATA.
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0445 https://rhn.redhat.com/errata/RHSA-2009-0445.html