Name: CVE-2008-5345 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345 Reference: SUNALERT:246387 Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-246387-1 Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.
Another mention of this issue: http://secunia.com/advisories/32991/
Red Hat advisory RHSA-2009-0015 says that this is one of the bugs fixed in the release of java-1.6.0-ibm released as errata. https://rhn.redhat.com/errata/RHSA-2009-0015.html Yet the bug is open, and I don't see any indication of the status of java-1.6.0-openjdk. Is it vulnerable?
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0445 https://rhn.redhat.com/errata/RHSA-2009-0445.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.2 Via RHSA-2009:0466 https://rhn.redhat.com/errata/RHSA-2009-0466.html