Java SE and Java SE Embedded are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization
component causing partial denial of service conditions.
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.securityfocus.com/bid/101355
www.securitytracker.com/id/1039596
access.redhat.com/errata/RHSA-2017:2998
access.redhat.com/errata/RHSA-2017:2999
access.redhat.com/errata/RHSA-2017:3046
access.redhat.com/errata/RHSA-2017:3047
access.redhat.com/errata/RHSA-2017:3264
access.redhat.com/errata/RHSA-2017:3267
access.redhat.com/errata/RHSA-2017:3268
access.redhat.com/errata/RHSA-2017:3392
access.redhat.com/errata/RHSA-2017:3453
access.redhat.com/security/updates/classification/#critical
developer.ibm.com/javasdk/support/security-vulnerabilities/
lists.debian.org/debian-lts-announce/2017/11/msg00033.html
security.gentoo.org/glsa/201710-31
security.gentoo.org/glsa/201711-14
security.netapp.com/advisory/ntap-20171019-0001/
www.debian.org/security/2017/dsa-4015
www.debian.org/security/2017/dsa-4048