A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects.
Public now via Oracle CPU June 2011: http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Also fixed in IcedTea6 versions 1.8.8, 1.9.8 and 1.10.2: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-June/014607.html Patch: http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/6618658.patch
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0856 https://rhn.redhat.com/errata/RHSA-2011-0856.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0857 https://rhn.redhat.com/errata/RHSA-2011-0857.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0860 https://rhn.redhat.com/errata/RHSA-2011-0860.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0938 https://rhn.redhat.com/errata/RHSA-2011-0938.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2011:1087 https://rhn.redhat.com/errata/RHSA-2011-1087.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html