Your submission was sent successfully! Close

CVE-2008-5352

Published: 5 December 2008

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (6b11-2ubuntu2.1)
intrepid
Released (6b12-0ubuntu6.1)
jaunty Not vulnerable
(6b14-0ubuntu4)
karmic Not vulnerable
(6b14-0ubuntu4)
upstream Needs triage

sun-java5
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needs triage
(reached end-of-life)
hardy
Released (1.5.0-22-0ubuntu0.8.04)
intrepid
Released (1.5.0-19-0ubuntu0.8.10)
jaunty
Released (1.5.0-19-0ubuntu0.9.04)
karmic Does not exist

upstream Needs triage

sun-java6
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needs triage
(reached end-of-life)
hardy
Released (6-17-0ubuntu1.8.04)
intrepid
Released (6-14-0ubuntu1.8.10)
jaunty
Released (6-16-0ubuntu1.9.04)
karmic
Released (6-15-1)
upstream Needs triage

Notes

AuthorNote
kees
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1
6755943

References