Launchpad.net

CVE 2008-5353

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

Related bugs and status

CVE-2008-5353 (Candidate) is related to these bugs:

Bug #319367: security vulnerability in sun java packages

		In	Importance	Status
319367	security vulnerability in sun java packages	sun-java5 (Ubuntu)	Undecided	Invalid
319367	security vulnerability in sun java packages	sun-java6 (Ubuntu)	Undecided	Invalid
319367	security vulnerability in sun java packages	sun-java5 (Ubuntu Dapper)	Undecided	Won't Fix
319367	security vulnerability in sun java packages	sun-java6 (Ubuntu Dapper)	Undecided	Won't Fix
319367	security vulnerability in sun java packages	sun-java5 (Ubuntu Intrepid)	Undecided	Invalid
319367	security vulnerability in sun java packages	sun-java6 (Ubuntu Intrepid)	Undecided	Invalid
319367	security vulnerability in sun java packages	sun-java5 (Ubuntu Hardy)	Undecided	Won't Fix
319367	security vulnerability in sun java packages	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
319367	security vulnerability in sun java packages	sun-java5 (Ubuntu Gutsy)	Undecided	Won't Fix
319367	security vulnerability in sun java packages	sun-java6 (Ubuntu Gutsy)	Undecided	Won't Fix
319367	security vulnerability in sun java packages	sun-java5 (Ubuntu Jaunty)	Undecided	Invalid
319367	security vulnerability in sun java packages	sun-java6 (Ubuntu Jaunty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

SUNALERT: 244991
REDHAT: RHSA-2008:1018
REDHAT: RHSA-2008:1025
SECUNIA: 32991
SECUNIA: 33015
BID: 32608
SUSE: SUSE-SA:2009:007
CERT: TA08-340A
SECUNIA: 33710
SECUNIA: 33709
REDHAT: RHSA-2009:0015
SECUNIA: 33528
SUSE: SUSE-SR:2009:006
CONFIRM: http://support.avaya.c...
CONFIRM: http://www116.nortel.c...
REDHAT: RHSA-2009:0016
SECUNIA: 34233
SECUNIA: 34259
VUPEN: ADV-2009-0672
SUSE: SUSE-SA:2009:018
SECUNIA: 34605
REDHAT: RHSA-2009:0445
SECUNIA: 34889
SUSE: SUSE-SR:2009:010
SECUNIA: 35065
REDHAT: RHSA-2009:0466
SECUNIA: 34972
MISC: http://blog.cr0.org/20...
MISC: http://landonf.bikemon...
VUPEN: ADV-2009-1391
SECUNIA: 35118
OSVDB: 50500
SECTRACK: 1021313
GENTOO: GLSA-200911-02
SECUNIA: 37386
SECUNIA: 38539
VUPEN: ADV-2008-3339
CONFIRM: http://support.nortel....
HP: HPSBUX02411
HP: SSRT080111
HP: HPSBMA02486
HP: SSRT090049
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090524 Hardening OSX...