java.lang.invoke.MethodHandles did not perform access checks correctly. An untrusted Java application or applet could use this to set value of a final field.
Public now via Oracle Java SE CPU April 2014: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Fixed in Oracle Java SE 7u21.
OpenJDK7 upstream repositories commit: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0752 https://rhn.redhat.com/errata/RHSA-2013-0752.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0751 https://rhn.redhat.com/errata/RHSA-2013-0751.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0757 https://rhn.redhat.com/errata/RHSA-2013-0757.html
Fixed in IcedTea7 version 2.3.9: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022890.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0822 https://rhn.redhat.com/errata/RHSA-2013-0822.html