Upstream information
Description
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entries: 456770, 465624, 471829 SUSE Security Advisories:- SUSE-SA:2009:001, published Fri, 09 Jan 2009 15:00:00 +0000
- SUSE-SA:2009:007, published Thu, 29 Jan 2009 14:00:00 +0000
- SUSE-SR:2009:006, published Tue, 10 Mar 2009 15:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sled10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.x86 ZYPP Patch Nr: 5852 |
| SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for x86 |
| sled10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.x86 ZYPP Patch Nr: 5852 |
| SUSE Linux Enterprise Server 10 SP2 for IPF |
| sled10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86 sles10-sp2.x86-64 sles10-sp2.x86 ZYPP Patch Nr: 5852 |
| SUSE CORE 9 for AMD64 and Intel EM64T |
| Builds YOU Patch Nr: 12799 |
| Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for x86 |
| core9.x86 core9.s390 core9.x86-64 core9.ppc sles9-nlpos.x86 core9.s390x sles9-oes.x86 YOU Patch Nr: 12336 |
| SUSE CORE 9 for AMD64 and Intel EM64T |
| core9.x86 core9.s390 core9.x86-64 core9.ppc sles9-nlpos.x86 core9.s390x sles9-oes.x86 YOU Patch Nr: 12336 |
| SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sles10-sp2.ppc sles10-sp2.x86 sles10-sp2.x86-64 sled10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86 ZYPP Patch Nr: 5960 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T |
| sles10-sp2.ppc sles10-sp2.x86 sles10-sp2.x86-64 sled10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86 ZYPP Patch Nr: 5960 |
| SUSE Linux Enterprise Server 10 SP2 for x86 |
| sles10-sp2.ppc sles10-sp2.x86 sles10-sp2.x86-64 sled10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86 ZYPP Patch Nr: 5960 |
| SUSE Linux Enterprise Server 10 SP2 for IBM POWER |
| sles10-sp2.ppc sles10-sp2.x86 sles10-sp2.x86-64 sled10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86 ZYPP Patch Nr: 5960 |
| SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit |
| sles10-sp2.ppc sles10-sp2.x86 sles10-sp2.x86-64 sled10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86 ZYPP Patch Nr: 5960 |
| SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T |
| sles10-sp2.ppc sles10-sp2.x86 sles10-sp2.x86-64 sled10-sp2.x86-64 sles10-sp2.s390x sled10-sp2.x86 ZYPP Patch Nr: 5960 |
| openSUSE 10.3 |
| |
| openSUSE 10.3 |
| |
| Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 |
| sles9-nlpos.x86 core9.x86-64 core9.x86 sles9-nld.x86 sles9-nld.x86-64 sles9-oes.x86 core9.ia64 YOU Patch Nr: 12321 |