It was discovered that the implementation of the PriorityBlockingQueue class in the Concurrency component of OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized.
Public now via Oracle CPU April 2018: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA The issue was fixed in Oracle JDK 10.0.1, 8u171, and 7u181.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1188
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1191
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/333e367780d8
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1201
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1202
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1204 https://access.redhat.com/errata/RHSA-2018:1204
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1206 https://access.redhat.com/errata/RHSA-2018:1206
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1270 https://access.redhat.com/errata/RHSA-2018:1270
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1278 https://access.redhat.com/errata/RHSA-2018:1278
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:1721 https://access.redhat.com/errata/RHSA-2018:1721
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:1722 https://access.redhat.com/errata/RHSA-2018:1722
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:1723 https://access.redhat.com/errata/RHSA-2018:1723
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:1724 https://access.redhat.com/errata/RHSA-2018:1724
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:1974 https://access.redhat.com/errata/RHSA-2018:1974
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:1975 https://access.redhat.com/errata/RHSA-2018:1975