It was discovered that MethodHandles.Lookup did not properly check for "protected" modifier, making it possible to access protected constructors in a different package. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0890 https://rhn.redhat.com/errata/RHSA-2014-0890.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:0889 https://rhn.redhat.com/errata/RHSA-2014-0889.html
Fixed now in Oracle Java SE 7.0u65 and 8.0u11 via Critical Patch Update July 2014. Fixed in IcedTea 2.5.1 for OpenJDK 7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html OpenJDK 7 Patch(es): http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a External reference: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
This issue has been addressed in following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:0902 https://rhn.redhat.com/errata/RHSA-2014-0902.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 7 Via RHSA-2014:1042 https://rhn.redhat.com/errata/RHSA-2014-1042.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1041 https://rhn.redhat.com/errata/RHSA-2014-1041.html