suse · CVE-2008-5353

Quick triage

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2008-5353 severity moderate: SUSE including 3 source package names (java-1_4_2-ibm-1.4.2_sr13-0.1.1, java-1_4_2-ibm-jdbc-1.4.2_sr13-0.1.1, java-1_4_2-ibm-plugin-1.4.2_sr13-0.1.1), 6 product×package rows across 2 product lines (SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server for SAP Applications 11): Fixed 6.

Description:

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".