Welcome to Security Alerts, an overview of recent Unix and open-source security advisories. In this column, we look at a problem in Java that allows Java code to execute unauthorized commands. Some versions of Sun's JRE (Java Runtime Environment), SDK (System Development Kit), and the JDK (Java Development Kit) have a bug that can allow Java code to execute unauthorized commands. This bug is mitigated by the requirement that the malicious code have permission to execute at least one command. Sun has reported that they have no knowledge of the bug affecting Netscape Navigator or Microsoft Explorer.