It was discovered that the event logger contains a format string error. An untrusted Java application or applet could possibly use this flaw to cause the Java Virtual Machine to crash, or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0890 https://rhn.redhat.com/errata/RHSA-2014-0890.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:0889 https://rhn.redhat.com/errata/RHSA-2014-0889.html
Fixed now in Oracle Java SE 5u71, 6.0u81, 7.0u65, and 8.0u11 via Critical Patch Update July 2014. Fixed in IcedTea 1.13.4 for OpenJDK 6: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028550.html Fixed in IcedTea 2.5.1 for OpenJDK 7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html OpenJDK 6 Patch(es): http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af OpenJDK 7 Patch(es): http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec External reference: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
This issue has been addressed in following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:0902 https://rhn.redhat.com/errata/RHSA-2014-0902.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:0907 https://rhn.redhat.com/errata/RHSA-2014-0907.html