Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. See http://www.kde.org/info/security/advisory-20041220-1.txt for the full advisory.
This issue should also affect RHEL2.1
There're many API changes between 3.1 and 3.2 in KJAS. Backporting is not possible. Disable jave is a workaround ATM, which we should probably mention in the errata. I close it as WONTFIX