Hide Forgot
It was discovered that the Hotspot component did not properly handle certain intrinsic frames. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Public now via Oracle Java SE CPU April 2014: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Fixed in Oracle Java SE 7u21.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
OpenJDK7 upstream repositories commit: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/c954aab38a7f
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0757 https://rhn.redhat.com/errata/RHSA-2013-0757.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0770 https://rhn.redhat.com/errata/RHSA-2013-0770.html
Fixed in IcedTea6 versions 1.11.10 and 1.12.5, and IcedTea7 version 2.3.9: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022890.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022985.html
According to IBM Java security alerts page, this issue did not affect IBM JDKs: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_April_16_2013_CPU