Sun reported they fixed a security flaw in javaws, CVE-2007-2435, details at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 This could allow an unprivileged application the ability to read or write files on a local system which could lead to arbitrary code execution.
Note that we shipped the Sun Java for the first time in Red Hat Enterprise Linux 4 Update 5. The version we shipped already contained a fix for this vulnerability, therefore no update is required for Sun Java on Red Hat Enterprise Linux
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2007-0817.html http://rhn.redhat.com/errata/RHSA-2007-0829.html
The list of fixed products with their respective errata is here: https://access.redhat.com/security/cve/CVE-2007-2435