It was discovered that InputStream used a global buffer to store input bytes skipped using InputStream.skip(). A caller of InputStream.skip() could use this flaw to get bytes skipped by the previous caller, possibly gaining access to sensitive information.
External References: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:1380 https://rhn.redhat.com/errata/RHSA-2011-1380.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1384 https://rhn.redhat.com/errata/RHSA-2011-1384.html
java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1478 https://rhn.redhat.com/errata/RHSA-2011-1478.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:0006 https://rhn.redhat.com/errata/RHSA-2012-0006.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0034 https://rhn.redhat.com/errata/RHSA-2012-0034.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2012:0343 https://rhn.redhat.com/errata/RHSA-2012-0343.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html