Upstream information
Description
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entries: 525562, 528268, 537969, 548655 SUSE Security Advisories:- SUSE-SA:2009:043, published Fri, 07 Aug 2009 15:00:00 +0000
- SUSE-SA:2009:053, published Wed, 04 Nov 2009 15:00:00 +0000
- SUSE-SR:2009:016, published Tue, 13 Oct 2009 14:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T |
| sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380 |
| SUSE Linux Enterprise Server 10 SP2 for x86 |
| sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380 |
| SUSE Linux Enterprise Server 10 SP2 for IBM POWER |
| sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380 |
| SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit |
| sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380 |
| SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T |
| sles10-sp2.x86-64 sles10-sp2.ppc sled10-sp2.x86-64 sled10-sp2.x86 sles10-sp2.x86 sles10-sp2.s390x ZYPP Patch Nr: 6380 |
| Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for x86 |
| core9.x86-64 sles9-oes.x86 core9.s390x core9.x86 core9.ppc core9.s390 sles9-nlpos.x86 YOU Patch Nr: 12461 |
| SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit |
| core9.x86-64 sles9-oes.x86 core9.s390x core9.x86 core9.ppc core9.s390 sles9-nlpos.x86 YOU Patch Nr: 12461 |
| openSUSE 10.3 |
| |
| openSUSE 10.3 |
|
