There are a bunch of vulns again. Reflection and some part of webstart are the culprits this time.
1.5.0_06, 1.4.2_10 or 1.3.1_17 are save. If your version is lower than that update.
Advisories:
Security Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges
Security Vulnerability With Java Web Start
Download:
1.5.0_06
1.4.2_10
1.3.1_17
Source: news on heise.de (german)