Upstream information

CVE-2008-5351 at MITRE

Description

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 456770 [RESOLVED / FIXED], 465624 [RESOLVED / FIXED], 471829 [RESOLVED / FIXED], 496004 [RESOLVED], 603283 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Legacy Software 12
  • java-1_6_0-ibm >= 1.6.0_sr16.1-5.9
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.1-5.9
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.1-5.9
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.1-5.9
Patchnames:
SUSE Linux Enterprise Module for Legacy Software 12 GA java-1_6_0-ibm
SUSE Linux Enterprise Server 11
  • java-1_4_2-ibm >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13-0.1.1
  • java-1_6_0-ibm >= 1.6.0-124.6.1
  • java-1_6_0-ibm-alsa >= 1.6.0-124.6.1
  • java-1_6_0-ibm-alsa-x86 >= 1.6.0-124.7.1
  • java-1_6_0-ibm-fonts >= 1.6.0-124.6.1
  • java-1_6_0-ibm-jdbc >= 1.6.0-124.6.1
  • java-1_6_0-ibm-plugin >= 1.6.0-124.6.1
  • java-1_6_0-ibm-x86 >= 1.6.0-124.7.1
Patchnames:
slessp0-java-1_4_2-ibm
slessp0-java-1_6_0-ibm
SUSE Linux Enterprise Server 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr9.3-0.4.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr9.3-0.4.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr9.3-0.4.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr9.3-0.4.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr9.3-0.4.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA java-1_6_0-ibm
SUSE Linux Enterprise Server 11 SP3
  • java-1_6_0-ibm >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr13.1-0.9.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr13.1-0.9.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA java-1_6_0-ibm
SUSE Linux Enterprise Server for SAP Applications 11
  • java-1_4_2-ibm >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13-0.1.1
  • java-1_6_0-ibm >= 1.6.0-124.6.1
  • java-1_6_0-ibm-alsa >= 1.6.0-124.6.1
  • java-1_6_0-ibm-alsa-x86 >= 1.6.0-124.7.1
  • java-1_6_0-ibm-fonts >= 1.6.0-124.6.1
  • java-1_6_0-ibm-jdbc >= 1.6.0-124.6.1
  • java-1_6_0-ibm-plugin >= 1.6.0-124.6.1
  • java-1_6_0-ibm-x86 >= 1.6.0-124.7.1
Patchnames:
slessp0-java-1_4_2-ibm
slessp0-java-1_6_0-ibm
SUSE Linux Enterprise SDK 11 GA
  • java-1_4_2-ibm >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.1.1
sles11.ppc
sles11.x86-64
sles11.s390x
sle11-debuginfo.ia64
sle11-debuginfo.x86
sle11-sdk.s390x
sle11-debuginfo.s390x
sles11.ia64
sle11-sdk.ia64
sle11-sdk.x86
sle11-debuginfo.ppc
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sle11-sdk.ppc
sles11.x86
SAT Patch Nr: 735
SUSE Linux Enterprise SDK 11 GA
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.1.1
sles11.ppc
sles11.x86-64
sles11.s390x
sle11-debuginfo.ia64
sle11-debuginfo.x86
sle11-sdk.s390x
sle11-debuginfo.s390x
sles11.ia64
sle11-sdk.ia64
sle11-sdk.x86
sle11-debuginfo.ppc
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sle11-sdk.ppc
sles11.x86
SAT Patch Nr: 735
SUSE Linux Enterprise Server 11 GA
  • java-1_4_2-ibm >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13-0.1.1
sles11.ppc
sles11.x86-64
sles11.s390x
sle11-debuginfo.ia64
sle11-debuginfo.x86
sle11-sdk.s390x
sle11-debuginfo.s390x
sles11.ia64
sle11-sdk.ia64
sle11-sdk.x86
sle11-debuginfo.ppc
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sle11-sdk.ppc
sles11.x86
SAT Patch Nr: 735
SUSE Linux Enterprise Server 11 GA
  • java-1_4_2-ibm >= 1.4.2_sr13-0.1.1
sles11.ppc
sles11.x86-64
sles11.s390x
sle11-debuginfo.ia64
sle11-debuginfo.x86
sle11-sdk.s390x
sle11-debuginfo.s390x
sles11.ia64
sle11-sdk.ia64
sle11-sdk.x86
sle11-debuginfo.ppc
sle11-sdk.x86-64
sle11-debuginfo.x86-64
sle11-sdk.ppc
sles11.x86
SAT Patch Nr: 735
SUSE Linux Enterprise SDK 11 GA
  • java-1_6_0-ibm >= 1.6.0-124.6.1
  • java-1_6_0-ibm-devel >= 1.6.0-124.6.1
  • java-1_6_0-ibm-fonts >= 1.6.0-124.6.1
sle11-sdk.s390x
sle11-sdk.x86-64
sle11-sdk.x86
sles11.x86-64
sle11-sdk.ppc
sles11.x86
sles11.ppc
sles11.s390x
SAT Patch Nr: 736
SUSE Linux Enterprise SDK 11 GA
  • java-1_6_0-ibm-devel >= 1.6.0-124.6.1
sle11-sdk.s390x
sle11-sdk.x86-64
sle11-sdk.x86
sles11.x86-64
sle11-sdk.ppc
sles11.x86
sles11.ppc
sles11.s390x
SAT Patch Nr: 736
SUSE Linux Enterprise Server 11 GA
  • java-1_6_0-ibm >= 1.6.0-124.6.1
  • java-1_6_0-ibm-alsa >= 1.6.0-124.6.1
  • java-1_6_0-ibm-fonts >= 1.6.0-124.6.1
  • java-1_6_0-ibm-jdbc >= 1.6.0-124.6.1
  • java-1_6_0-ibm-plugin >= 1.6.0-124.6.1
sle11-sdk.s390x
sle11-sdk.x86-64
sle11-sdk.x86
sles11.x86-64
sle11-sdk.ppc
sles11.x86
sles11.ppc
sles11.s390x
SAT Patch Nr: 736
SUSE Linux Enterprise Server 11 GA
  • java-1_6_0-ibm >= 1.6.0-124.6.1
  • java-1_6_0-ibm-fonts >= 1.6.0-124.6.1
  • java-1_6_0-ibm-jdbc >= 1.6.0-124.6.1
sle11-sdk.s390x
sle11-sdk.x86-64
sle11-sdk.x86
sles11.x86-64
sle11-sdk.ppc
sles11.x86
sles11.ppc
sles11.s390x
SAT Patch Nr: 736
Open Enterprise Server
  • IBMJava5-JRE >= 1.5.0-0.57
  • IBMJava5-SDK >= 1.5.0-0.57
core9.x86
core9.s390
core9.x86-64
core9.ppc
sles9-nlpos.x86
core9.s390x
sles9-oes.x86
YOU Patch Nr: 12336
openSUSE 11.0
  • java-1_5_0-sun >= 1.5.0_update17-0.1
  • java-1_5_0-sun-alsa >= 1.5.0_update17-0.1
  • java-1_5_0-sun-demo >= 1.5.0_update17-0.1
  • java-1_5_0-sun-devel >= 1.5.0_update17-0.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update17-0.1
  • java-1_5_0-sun-plugin >= 1.5.0_update17-0.1
  • java-1_5_0-sun-src >= 1.5.0_update17-0.1
openSUSE 11.1
  • java-1_5_0-sun >= 1.5.0_update17-1.1
  • java-1_5_0-sun-alsa >= 1.5.0_update17-1.1
  • java-1_5_0-sun-devel >= 1.5.0_update17-1.1
  • java-1_5_0-sun-jdbc >= 1.5.0_update17-1.1
  • java-1_5_0-sun-plugin >= 1.5.0_update17-1.1
Open Enterprise Server
  • IBMJava2-JRE >= 1.4.2-0.133
  • IBMJava2-SDK >= 1.4.2-0.133
core9.s390
sles9-nlpos.x86
core9.ppc
core9.s390x
core9.x86-64
core9.ia64
core9.x86
sles9-oes.x86
YOU Patch Nr: 12387
openSUSE 11.0
  • java-1_6_0-openjdk-debuginfo >= 1.4_b14-24.2
  • java-1_6_0-openjdk-debugsource >= 1.4_b14-24.2
openSUSE 11.0
  • java-1_6_0-openjdk >= 1.4_b14-24.2
  • java-1_6_0-openjdk-demo >= 1.4_b14-24.2
  • java-1_6_0-openjdk-devel >= 1.4_b14-24.2
  • java-1_6_0-openjdk-javadoc >= 1.4_b14-24.2
  • java-1_6_0-openjdk-plugin >= 1.4_b14-24.2
  • java-1_6_0-openjdk-src >= 1.4_b14-24.2
openSUSE 11.1
  • java-1_6_0-openjdk-debuginfo >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-debugsource >= 1.4_b14-24.2.1
openSUSE 11.1
  • java-1_6_0-openjdk >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-demo >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-devel >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-javadoc >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-plugin >= 1.4_b14-24.2.1
  • java-1_6_0-openjdk-src >= 1.4_b14-24.2.1
openSUSE 11.0
  • java-1_6_0-sun >= 1.6.0.u11-0.1
  • java-1_6_0-sun-alsa >= 1.6.0.u11-0.1
  • java-1_6_0-sun-demo >= 1.6.0.u11-0.1
  • java-1_6_0-sun-devel >= 1.6.0.u11-0.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u11-0.1
  • java-1_6_0-sun-plugin >= 1.6.0.u11-0.1
openSUSE 11.1
  • java-1_6_0-sun >= 1.6.0.u11-1.1
  • java-1_6_0-sun-alsa >= 1.6.0.u11-1.1
  • java-1_6_0-sun-devel >= 1.6.0.u11-1.1
  • java-1_6_0-sun-jdbc >= 1.6.0.u11-1.1
  • java-1_6_0-sun-plugin >= 1.6.0.u11-1.1
sles10-ltss.i386
  • java-1_4_2-ibm >= 1.4.2_sr13-0.2.2
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.2.2
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.2.2
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13-0.2.2
sles10-ltss.x86
sles10-ltss.x86-64
sles10-ltss.s390x
ZYPP Patch Nr: 6202
sles10-ltss.s390x
sles10-ltss.x86_64
  • java-1_4_2-ibm >= 1.4.2_sr13-0.2.2
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.2.2
sles10-ltss.x86
sles10-ltss.x86-64
sles10-ltss.s390x
ZYPP Patch Nr: 6202
SUSE Linux Enterprise SDK 10 SP2
  • java-1_4_2-ibm >= 1.4.2_sr13-0.4
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.4
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.4
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13-0.4
sle10-sp2-sdk.ppc
sles10-sp2.x86-64
sle10-sp2-sdk.ia64
sles10-sp2.ia64
sles10-sp2.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.s390x
sles10-sp2.s390x
sle10-sp2-sdk.x86-64
sles10-sp2.ppc
ZYPP Patch Nr: 6136
SUSE Linux Enterprise SDK 10 SP2
  • java-1_4_2-ibm >= 1.4.2_sr13-0.4
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.4
sle10-sp2-sdk.ppc
sles10-sp2.x86-64
sle10-sp2-sdk.ia64
sles10-sp2.ia64
sles10-sp2.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.s390x
sles10-sp2.s390x
sle10-sp2-sdk.x86-64
sles10-sp2.ppc
ZYPP Patch Nr: 6136
SUSE Linux Enterprise SDK 10 SP2
  • java-1_4_2-ibm >= 1.4.2_sr13-0.4
  • java-1_4_2-ibm-devel >= 1.4.2_sr13-0.4
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.4
sle10-sp2-sdk.ppc
sles10-sp2.x86-64
sle10-sp2-sdk.ia64
sles10-sp2.ia64
sles10-sp2.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.s390x
sles10-sp2.s390x
sle10-sp2-sdk.x86-64
sles10-sp2.ppc
ZYPP Patch Nr: 6136
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • java2 >= 1.4.2-129.48
  • java2-jre >= 1.4.2-129.48
sles9-nlpos.x86
core9.x86-64
core9.x86
sles9-nld.x86
sles9-nld.x86-64
sles9-oes.x86
core9.ia64
YOU Patch Nr: 12321