It was discovered that the HotSpot JVM in OpenJDK did not properly handle methods in MethodHandles. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Public now via Oracle CPU January 2014. Fixed in Oracle JDK 7u51. External References: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0027 https://rhn.redhat.com/errata/RHSA-2014-0027.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0026 https://rhn.redhat.com/errata/RHSA-2014-0026.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:0030 https://rhn.redhat.com/errata/RHSA-2014-0030.html
OpenJDK7 upstream commit: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498
This issue was fixed in IcedTea7 2.4.4. This fix probably won't get backported to 2.3: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html