A type confusion flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java applet or application could use this flaw to execute arbitrary code by deserializing a specially-crafted input.
External References: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:1380 https://rhn.redhat.com/errata/RHSA-2011-1380.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1384 https://rhn.redhat.com/errata/RHSA-2011-1384.html
java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0034 https://rhn.redhat.com/errata/RHSA-2012-0034.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html