IBM fixed a number of flaws in their Java Runtime Environment in 1.5.0 SR3:

        http://www-128.ibm.com/developerworks/java/jdk/alerts/

        Two vulnerabilities in the Java Runtime Environment may
        independently allow an untrusted applet to access data in other
        applets. CVE-2006-6736 CVE-2006-6737 (sun#102732)

        Two vulnerabilities in the Java(TM) Runtime Environment with
        serialization may independently allow an untrusted applet or
        application to elevate its privileges. (sun#102731) CVE-2006-6745

        Two buffer overflow vulnerabilities in the Java(TM) Runtime
        Environment may independently allow an untrusted applet to
        elevate its privileges. For example, an applet may grant
        itself permissions to read and write local files or execute
        local applications that are accessible to the user running the
        untrusted applet.  (sun#102729) CVE-2006-6731
        public=20060104,impact=critical

        An RSA(1) Signature Verification vulnerability allows
        unauthorized forged certificates to be validated. This may
        result in a number of different types of remote exploits.
        (20061012 sun#102646/8) CVE-2006-4339

We will prepare a security advisory to alert users that these issues existed,
although they were fixed in a previous erratum:

Please note that the packages in this erratum are the same as those we
released on January 24th 2007 in advisory RHEA-2007:0027.  We have issued this
security update as at the time of release we were not aware the update fixed
critical security issues. If you have already updated to those packages you will
not need to apply this update.