Update 26 of Oracle/Sun Java fixes multiple unspecified vulnerabilities in the Deployment and JRE components. Upstream has CVSSv2 scored these issues as: CVE-2011-0786 Deployment 7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C CVE-2011-0788 Deployment 7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C CVE-2011-0817 Deployment 10/AV:N/AC:L/Au:N/C:C/I:C/A:C CVE-2011-0866 JRE 7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Upstream advisory lists these issues as only affecting JRE/JDK versions running on Windows platform. Versions for Linux should not be affected.
ZDI has published an advisory for CVE-2011-0817: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-182/