It was disovered that the com.sun.jmx.remote.util.EnvHelp class in OpenJDK could perform certain actions in an insecure manner. A malicious Java application or applet could possibly use these flaws to disclose sensitive information.A malicious Java application or applet could use this flaw to disclose possibly sensitive information.
Fixed now in Oracle JDK 7u9. External Reference: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1386 https://rhn.redhat.com/errata/RHSA-2012-1386.html
Fix included in IcedTea7 versions 2.1.3, 2.2.3 and 2.3.3: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020571.html http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/da0ee7f1af26
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1391 https://rhn.redhat.com/errata/RHSA-2012-1391.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1467 https://rhn.redhat.com/errata/RHSA-2012-1467.html