Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot
Java Virtual Machine (JVM) with support for monitoring multiple JVM
instances.
It was discovered that, in certain configurations, the Thermostat agent
disclosed JMX management URLs of all local Java virtual machines to any
local user. A local, unprivileged user could use this flaw to escalate
their privileges on the system. (CVE-2014-8120)
This issue was discovered by Elliott Baron of Red Hat.
All thermostat1-thermostat users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.