Update 26 of Oracle/Sun Java fixes two unspecified vulnerabilities in the Sound component (CVE-2011-0802, CVE-2011-0814). Upstream has CVSSv2 scored this issue as: 7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0860 https://rhn.redhat.com/errata/RHSA-2011-0860.html
ZDI has published an advisory for CVE-2011-0802: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-199/ According to ZDI advisory, it is and integer overflow flaw, leading to a heap-based buffer overflow. Soundbank file parsing code is affected.
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0938 https://rhn.redhat.com/errata/RHSA-2011-0938.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2011:1087 https://rhn.redhat.com/errata/RHSA-2011-1087.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html