CVE-2008-5355

Publication date 5 December 2008

Last updated 24 July 2024

Description

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openjdk-6	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
sun-java5	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected
sun-java6	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not in release

Notes

kees

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1 6728071 internal Java Updates are disabled on Ubuntu

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5355