It was discovered that an unpacker for JAR files using pack200 format did not properly check for errors. A specially crafted pack200 file could crash Java Virtual Machine or, possibly, execute arbitrary code with JVM privileges.
External References: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2011:1380 https://rhn.redhat.com/errata/RHSA-2011-1380.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1384 https://rhn.redhat.com/errata/RHSA-2011-1384.html
java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1478 https://rhn.redhat.com/errata/RHSA-2011-1478.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0034 https://rhn.redhat.com/errata/RHSA-2012-0034.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html