It was found that the Java launcher provided by OpenJDK did not check the LD_LIBRARY_PATH environment variable for insecure empty path elements. A local attacker able to trick a user into running the Java launcher while working from an attacker-writable directory could use this flaw to load an untrusted library, subverting the Java security model.
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Extras for RHEL 4 Via RHSA-2011:0282 https://rhn.redhat.com/errata/RHSA-2011-0282.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:0281 https://rhn.redhat.com/errata/RHSA-2011-0281.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0364 https://rhn.redhat.com/errata/RHSA-2011-0364.html