Java SE and Java SE Embedded are vulnerable to denial of service(Dos) attacks. This occurs in JAXP component of OpenJDK which fails to correctly enforce parse tree size limits when parsing XML documents. An attacker could use this flaw to crash the application via consuming an excessive amount of CPU and memory.
www.debian.org/security/2017/dsa-3858
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
www.securityfocus.com/bid/97733
www.securitytracker.com/id/1038286
access.redhat.com/errata/RHSA-2017:1108
access.redhat.com/errata/RHSA-2017:1109
access.redhat.com/errata/RHSA-2017:1117
access.redhat.com/errata/RHSA-2017:1118
access.redhat.com/errata/RHSA-2017:1119
access.redhat.com/errata/RHSA-2017:1204
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHSA-2016-2079.html
security.gentoo.org/glsa/201705-03
security.gentoo.org/glsa/201707-01