It was discovered that the JAXP (Java API for XML Processing) component of OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. A specially-crafted XML input could cause a Java application to use an excessive amount of memory when parsed.
Public now via Oracle Critical Patch Update - April 2016. Fixed in Oracle Java SE 6u115, 7u101, and 8u91. External References: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0651 https://rhn.redhat.com/errata/RHSA-2016-0651.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0650 https://rhn.redhat.com/errata/RHSA-2016-0650.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Via RHSA-2016:0676 https://rhn.redhat.com/errata/RHSA-2016-0676.html
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2016:0677 https://rhn.redhat.com/errata/RHSA-2016-0677.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0675 https://rhn.redhat.com/errata/RHSA-2016-0675.html
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 5 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2016:0679 https://rhn.redhat.com/errata/RHSA-2016-0679.html
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 5 Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2016:0678 https://rhn.redhat.com/errata/RHSA-2016-0678.html
OpenJDK8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/rev/f911290b1b4e
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2016:0723 https://rhn.redhat.com/errata/RHSA-2016-0723.html