Novell Home

CVE-2008-5352

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2008-5352 at MITRE

Details

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
Novell Bugzilla entries: 456770,465624,471829

SUSE Security Advisories:

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • java-1_4_2-sun >= 1.4.2.19-0.3
  • java-1_4_2-sun-alsa >= 1.4.2.19-0.3
  • java-1_4_2-sun-demo >= 1.4.2.19-0.3
  • java-1_4_2-sun-devel >= 1.4.2.19-0.3
  • java-1_4_2-sun-jdbc >= 1.4.2.19-0.3
  • java-1_4_2-sun-plugin >= 1.4.2.19-0.3
  • java-1_4_2-sun-src >= 1.4.2.19-0.3
 sled10-sp2. x86-64
sles10-sp2. ia64
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2. x86
ZYPP Patch Nr: 5852
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for x86
  • java-1_4_2-sun >= 1.4.2.19-0.3
  • java-1_4_2-sun-alsa >= 1.4.2.19-0.3
  • java-1_4_2-sun-devel >= 1.4.2.19-0.3
  • java-1_4_2-sun-jdbc >= 1.4.2.19-0.3
  • java-1_4_2-sun-plugin >= 1.4.2.19-0.3
 sled10-sp2. x86-64
sles10-sp2. ia64
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2. x86
ZYPP Patch Nr: 5852
SUSE Linux Enterprise Server 10 SP2 for IPF
  • java-1_4_2-sun >= 1.4.2.19-0.3
  • java-1_4_2-sun-devel >= 1.4.2.19-0.3
  • java-1_4_2-sun-jdbc >= 1.4.2.19-0.3
  • java-1_4_2-sun-plugin >= 1.4.2.19-0.3
 sled10-sp2. x86-64
sles10-sp2. ia64
sled10-sp2. x86
sles10-sp2. x86-64
sles10-sp2. x86
ZYPP Patch Nr: 5852
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for x86
  • IBMJava5-JRE >= 1.5.0-0.57
  • IBMJava5-SDK >= 1.5.0-0.57
 core9. x86
core9. s390
core9. x86-64
core9. ppc
sles9-nlpos. x86
core9. s390x
sles9-oes. x86
YOU Patch Nr: 12336
SUSE CORE 9 for AMD64 and Intel EM64T
  • IBMJava5-JRE >= 1.5.0-0.56
  • IBMJava5-SDK >= 1.5.0-0.56
 core9. x86
core9. s390
core9. x86-64
core9. ppc
sles9-nlpos. x86
core9. s390x
sles9-oes. x86
YOU Patch Nr: 12336
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • java-1_5_0-ibm >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-alsa >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-demo >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-fonts >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-plugin >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-src >= 1.5.0_sr9-2.4
 sles10-sp2. ppc
sles10-sp2. x86
sles10-sp2. x86-64
sled10-sp2. x86-64
sles10-sp2. s390x
sled10-sp2. x86
ZYPP Patch Nr: 5960
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-demo >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-fonts >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-src >= 1.5.0_sr9-2.4
 sles10-sp2. ppc
sles10-sp2. x86
sles10-sp2. x86-64
sled10-sp2. x86-64
sles10-sp2. s390x
sled10-sp2. x86
ZYPP Patch Nr: 5960
SUSE Linux Enterprise Server 10 SP2 for x86
  • java-1_5_0-ibm >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-alsa >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-fonts >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-plugin >= 1.5.0_sr9-2.4
 sles10-sp2. ppc
sles10-sp2. x86
sles10-sp2. x86-64
sled10-sp2. x86-64
sles10-sp2. s390x
sled10-sp2. x86
ZYPP Patch Nr: 5960
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
  • java-1_5_0-ibm >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-64bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-fonts >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-jdbc >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-plugin >= 1.5.0_sr9-2.4
 sles10-sp2. ppc
sles10-sp2. x86
sles10-sp2. x86-64
sled10-sp2. x86-64
sles10-sp2. s390x
sled10-sp2. x86
ZYPP Patch Nr: 5960
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
  • java-1_5_0-ibm >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-fonts >= 1.5.0_sr9-2.4
 sles10-sp2. ppc
sles10-sp2. x86
sles10-sp2. x86-64
sled10-sp2. x86-64
sles10-sp2. s390x
sled10-sp2. x86
ZYPP Patch Nr: 5960
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
  • java-1_5_0-ibm >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-alsa-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-devel-32bit >= 1.5.0_sr9-2.4
  • java-1_5_0-ibm-fonts >= 1.5.0_sr9-2.4
 sles10-sp2. ppc
sles10-sp2. x86
sles10-sp2. x86-64
sled10-sp2. x86-64
sles10-sp2. s390x
sled10-sp2. x86
ZYPP Patch Nr: 5960
openSUSE 10.3
openSUSE 11.0
  • java-1_5_0-sun >= 1.5.0_update17-0.1
  • java-1_5_0-sun-alsa >= 1.5.0_update17-0.1
  • java-1_5_0-sun-demo >= 1.5.0_update17-0.1
  • java-1_5_0-sun-devel >= 1.5.0_update17-0.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update17-0.1
  • java-1_5_0-sun-plugin >= 1.5.0_update17-0.1
  • java-1_5_0-sun-src >= 1.5.0_update17-0.1
 ZYPP Patch Nr: 5875
SAT Patch Nr: 375
openSUSE 11.1
  • java-1_5_0-sun >= 1.5.0_update17-1.1
  • java-1_5_0-sun-alsa >= 1.5.0_update17-1.1
  • java-1_5_0-sun-devel >= 1.5.0_update17-1.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update17-1.1
  • java-1_5_0-sun-plugin >= 1.5.0_update17-1.1
 ZYPP Patch Nr: 5875
SAT Patch Nr: 375
openSUSE 11.0
  • java-1_6_0-openjdk-debuginfo >= 1.4_b14-24.2
  • java-1_6_0-openjdk-debugsource >= 1.4_b14-24.2
 SAT Patch Nr: 578
openSUSE 11.0
  • java-1_6_0-openjdk >= 1.4_b14-24.2
  • java-1_6_0-openjdk-demo >= 1.4_b14-24.2
  • java-1_6_0-openjdk-devel >= 1.4_b14-24.2
  • java-1_6_0-openjdk-javadoc >= 1.4_b14-24.2
  • java-1_6_0-openjdk-plugin >= 1.4_b14-24.2
  • java-1_6_0-openjdk-src >= 1.4_b14-24.2
 SAT Patch Nr: 578
openSUSE 11.1
  • java-1_6_0-openjdk-debuginfo >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-debugsource >= 1.4_b14-24.2.1
 SAT Patch Nr: 578
openSUSE 11.1
  • java-1_6_0-openjdk >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-demo >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-devel >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-javadoc >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-plugin >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-src >= 1.4_b14-24.2.1
 SAT Patch Nr: 578
openSUSE 10.3
  • java-1_6_0-sun >= 1.6.0.u11-0.1
  • java-1_6_0-sun-alsa >= 1.6.0.u11-0.1
  • java-1_6_0-sun-debuginfo >= 1.6.0.u11-0.1
  • java-1_6_0-sun-demo >= 1.6.0.u11-0.1
  • java-1_6_0-sun-devel >= 1.6.0.u11-0.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u11-0.1
  • java-1_6_0-sun-plugin >= 1.6.0.u11-0.1
 ZYPP Patch Nr: 5876
SAT Patch Nr: 376
openSUSE 11.0
  • java-1_6_0-sun >= 1.6.0.u11-0.1
  • java-1_6_0-sun-alsa >= 1.6.0.u11-0.1
  • java-1_6_0-sun-demo >= 1.6.0.u11-0.1
  • java-1_6_0-sun-devel >= 1.6.0.u11-0.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u11-0.1
  • java-1_6_0-sun-plugin >= 1.6.0.u11-0.1
 ZYPP Patch Nr: 5876
SAT Patch Nr: 376
openSUSE 11.1
  • java-1_6_0-sun >= 1.6.0.u11-1.1
  • java-1_6_0-sun-alsa >= 1.6.0.u11-1.1
  • java-1_6_0-sun-devel >= 1.6.0.u11-1.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u11-1.1
  • java-1_6_0-sun-plugin >= 1.6.0.u11-1.1
 ZYPP Patch Nr: 5876
SAT Patch Nr: 376
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Novell Linux POS 9
Open Enterprise Server
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
  • java2 >= 1.4.2-129.48
  • java2-jre >= 1.4.2-129.48
 sles9-nlpos. x86
core9. x86-64
core9. x86
sles9-nld. x86
sles9-nld. x86-64
sles9-oes. x86
core9. ia64
YOU Patch Nr: 12321

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.