It was discovered that the Hotspot component of OpenJDK failed to properly validate uses of the invokeinterface Java Virtual Machine instruction. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Public now via Oracle CPU January 2018: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA The issue was fixed in Oracle JDK 9.0.4 and 8u161.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0095
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0099
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/a3e756231625 http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/f8a45a60bc6b http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/b1606443958a
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0351
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:0352 https://access.redhat.com/errata/RHSA-2018:0352
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:0458 https://access.redhat.com/errata/RHSA-2018:0458
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:0521 https://access.redhat.com/errata/RHSA-2018:0521
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:1463 https://access.redhat.com/errata/RHSA-2018:1463