Java SE, Java SE Embedded are vulnerable to improper input validation. It is discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application which may leads to disclosure of information.
rhn.redhat.com/errata/RHSA-2017-0175.html
rhn.redhat.com/errata/RHSA-2017-0176.html
rhn.redhat.com/errata/RHSA-2017-0177.html
rhn.redhat.com/errata/RHSA-2017-0180.html
rhn.redhat.com/errata/RHSA-2017-0263.html
rhn.redhat.com/errata/RHSA-2017-0269.html
rhn.redhat.com/errata/RHSA-2017-0336.html
rhn.redhat.com/errata/RHSA-2017-0337.html
rhn.redhat.com/errata/RHSA-2017-0338.html
www.debian.org/security/2017/dsa-3782
www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
www.securityfocus.com/bid/95488
www.securitytracker.com/id/1037637
access.redhat.com/errata/RHSA-2017:0180
access.redhat.com/errata/RHSA-2017:1216
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=1369383
erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/
security.gentoo.org/glsa/201701-65
security.gentoo.org/glsa/201707-01
security.netapp.com/advisory/ntap-20170119-0001/
www.exploit-db.com/exploits/41145/