A flaw was found in the way the Hotspot component of OpenJDK handled clones of the java.lang.ref.Reference objects. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Public now via Oracle CPU April 2018: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA The issue was fixed in Oracle JDK 10.0.1, 8u171, 7u181, and 6u191.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1188
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1191
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/08326a76b148
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1201
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1202
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1204 https://access.redhat.com/errata/RHSA-2018:1204
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1203
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1205 https://access.redhat.com/errata/RHSA-2018:1205
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1206 https://access.redhat.com/errata/RHSA-2018:1206
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1270 https://access.redhat.com/errata/RHSA-2018:1270
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1278 https://access.redhat.com/errata/RHSA-2018:1278