IBM Java could allow a remote attacker to execute arbitrary code on the system, caused by insecure use of the java.lang.ClassLoder defineClass() method. By persuading a victim to visit a malicious Web site containing a specially-crafted applet, an attacker could exploit this vulnerability to bypass sandbox restrictions and execute arbitrary Java code. External Reference: http://xforce.iss.net/xforce/xfdb/78767
Other references: http://www-01.ibm.com/support/docview.wss?uid=swg21616617 http://seclists.org/bugtraq/2012/Sep/38 http://www.security-explorations.com/en/SE-2012-01.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:1467 https://rhn.redhat.com/errata/RHSA-2012-1467.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:1466 https://rhn.redhat.com/errata/RHSA-2012-1466.html
Other references: http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss?uid=swg21616594 http://www-01.ibm.com/support/docview.wss?uid=swg21616616 http://www-01.ibm.com/support/docview.wss?uid=swg21616617 http://www-01.ibm.com/support/docview.wss?uid=swg21616652 http://www-01.ibm.com/support/docview.wss?uid=swg21616708 http://www-01.ibm.com/support/docview.wss?uid=swg21621154 https://www-304.ibm.com/support/docview.wss?uid=swg21616546 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687 http://www.securityfocus.com/bid/55495 http://secunia.com/advisories/51634
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.5 Via RHSA-2013:1456 https://rhn.redhat.com/errata/RHSA-2013-1456.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html