Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine (JVM) with support for monitoring multiple JVM instances.
It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-8120)
This issue was discovered by Elliott Baron of Red Hat.
All thermostat1-thermostat users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.