java.util.ServiceLoader was creating an instance of a class while doing provide lookup, even when class was not of an expected subtype, resulting in ClassCastException exception to be thrown. The fix changes the ServiceLoader to check class type before creating instance.
Fixed now in Oracle JDK 7u9 and 6u37. External Reference: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Fix included in IcedTea6 versions 1.10.10 and 1.11.5: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020556.html http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/d9564350faa6/patches/security/20121016/7195919.patch
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1386 https://rhn.redhat.com/errata/RHSA-2012-1386.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1385 https://rhn.redhat.com/errata/RHSA-2012-1385.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1384 https://rhn.redhat.com/errata/RHSA-2012-1384.html
Fix included in IcedTea7 versions 2.1.3, 2.2.3 and 2.3.3: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-October/020571.html http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c7b17be8f842
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1391 https://rhn.redhat.com/errata/RHSA-2012-1391.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1392 https://rhn.redhat.com/errata/RHSA-2012-1392.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1467 https://rhn.redhat.com/errata/RHSA-2012-1467.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1465 https://rhn.redhat.com/errata/RHSA-2012-1465.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1466 https://rhn.redhat.com/errata/RHSA-2012-1466.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1485 https://rhn.redhat.com/errata/RHSA-2012-1485.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.5 Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html