Upstream information

CVE-2008-5360 at MITRE

Description

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.4
Vector AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 456770 [RESOLVED / FIXED], 465624 [RESOLVED / FIXED], 471829 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server for SAP Applications 11
  • java-1_4_2-ibm >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13-0.1.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13-0.1.1
Patchnames:
slessp0-java-1_4_2-ibm