It was discovered that the java-1.8.0-openjdk packages for Red Hat Enterprise Linux released via RHSA-2015:0809 (https://rhn.redhat.com/errata/RHSA-2015-0809.html) regressed the fix for the CVE-2015-0383 (bug 1123870) issue - "OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)". This regression makes it possible to exploit the original issue and allow local attacker to make other users of OpenJDK 8 packages to overwrite arbitrary file via a symlink attack. Refer to bug 1123870 for technical details.
This issue also affected java-1.8.0-openjdk-220.127.116.11-31.b13 Fedora packages (currently only in updates-testing repository).
Created java-1.8.0-openjdk tracking bugs for this issue:
Affects: fedora-all [bug 1213381]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2015:1228 https://rhn.redhat.com/errata/RHSA-2015-1228.html