It was discovered that the implementation of the JceKeyStore class in the Serialization component of OpenJDK did not limit the amount of resources allocated when reading serialized objects from a jceks key store. A specially-crafted key store file could cause a Java application to use an excessive amount of resources when used.
Public now via Oracle CPU October 2017: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA The issue was fixed in Oracle JDK 9.0.1, 8u151, 7u161, and 6u171.
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/8c6f671e9556
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2998
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:2999
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3047
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3046
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3264
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:3267 https://access.redhat.com/errata/RHSA-2017:3267
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Red Hat Enterprise Linux 7 Supplementary Via RHSA-2017:3268 https://access.redhat.com/errata/RHSA-2017:3268
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:3392 https://access.redhat.com/errata/RHSA-2017:3392
This issue has been addressed in the following products: Red Hat Satellite 5.8 Red Hat Satellite 5.8 ELS Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453