In January 2007 a flaw was found affecting the SUN JRE; "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption." On 17th April 2007 IBM updated their alerts page to note that this issue affected the IBM JRE and was fixed in 1.4.2 SR8 Also affects RHEL4Extras, RHEL3Extras
We're going to label this with impact=critical rather than important and we were not able to prove this issue could not allow a malicious applet the ability to run arbitrary code. This issue was reported by IBM as affecting IBM Java on 20070417.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0166.html