It was discovered that the implementation of the ArrayBlockingQueue class in the Libraries component of OpenJDK did not check that all assumed invariants were satisfied after creating object instance from a serialized form, leaving the instance in an inconsistent state. If a Java application deserialized a specially-crafted input, this could cause it to raise an unexpected exceptions or allocate an excessive amount of memory.
Public now via Oracle CPU January 2018: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA The issue was fixed in Oracle JDK 9.0.4, 8u161, 7u171, and 6u181.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0095
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0099
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0100
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0115
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5be29012dcf2
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0351
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:0352 https://access.redhat.com/errata/RHSA-2018:0352
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0349
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:0458 https://access.redhat.com/errata/RHSA-2018:0458
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:0521 https://access.redhat.com/errata/RHSA-2018:0521
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:1463 https://access.redhat.com/errata/RHSA-2018:1463
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:1812 https://access.redhat.com/errata/RHSA-2018:1812