It was discovered that Corba implementation in Java did not properly protect repository identifiers (that can be obtained using _ids() method) on certain Corba objects. This could have been used to perform modification of the data that should have been immutable.
External Reference: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0135 https://rhn.redhat.com/errata/RHSA-2012-0135.html
Patches were applied in following IcedTea versions: * IcedTea6 1.8.13 (based on OpenJDK6 b18) * IcedTea6 1.9.13 (based on OpenJDK6 b20) * IcedTea6 1.10.6 (based on OpenJDK6 b22) * IcedTea6 1.11.1 (based on OpenJDK6 b24) * IcedTea 2.0.1 (based on OpenJDK7 u1 + u3 security patches) http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-February/017249.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-February/017233.html Patch: http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/4e7a700d4ecc/patches/security/20120214/7110704.patch
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0139 https://rhn.redhat.com/errata/RHSA-2012-0139.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0322 https://rhn.redhat.com/errata/RHSA-2012-0322.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0508 https://rhn.redhat.com/errata/RHSA-2012-0508.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0514 https://rhn.redhat.com/errata/RHSA-2012-0514.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Via RHSA-2012:0702 https://rhn.redhat.com/errata/RHSA-2012-0702.html
This issue has been addressed in following products: RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2012:1080 https://rhn.redhat.com/errata/RHSA-2012-1080.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html