It was discovered that the "AccessController.doPrivilegedWithCombiner()" method did not properly preserve the AccessControlContext. A malicious Java application or applet could possibly use this flaw to disclose sensitive information.
Fixed now in Oracle JDK 7u9 and 6u37. External Reference: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Fix included in IcedTea6 versions 1.10.10 and 1.11.5: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/d9564350faa6/patches/security/20121016/7172522.patch
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1386 https://rhn.redhat.com/errata/RHSA-2012-1386.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1385 https://rhn.redhat.com/errata/RHSA-2012-1385.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1384 https://rhn.redhat.com/errata/RHSA-2012-1384.html
Fix included in IcedTea7 versions 2.1.3, 2.2.3 and 2.3.3: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020571.html http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/0048b76ea9fd
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1391 https://rhn.redhat.com/errata/RHSA-2012-1391.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1392 https://rhn.redhat.com/errata/RHSA-2012-1392.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1467 https://rhn.redhat.com/errata/RHSA-2012-1467.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1466 https://rhn.redhat.com/errata/RHSA-2012-1466.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.5 Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html