CVE-2008-1188

Publication date 6 March 2008

Last updated 24 July 2024


Ubuntu priority

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

Status

Package Ubuntu Release Status
sun-java5 9.10 karmic Not in release
9.04 jaunty
Fixed 1.5.0-15-0ubuntu1
8.10 intrepid
Fixed 1.5.0-15-0ubuntu1
8.04 LTS hardy
Fixed 1.5.0-15-0ubuntu1
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life
sun-java6 9.10 karmic
Fixed 6-05-0ubuntu1
9.04 jaunty
Fixed 6-05-0ubuntu1
8.10 intrepid
Fixed 6-05-0ubuntu1
8.04 LTS hardy
Fixed 6-05-0ubuntu1
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Not in release
6.06 LTS dapper Not in release