openjdk is vulnerable to denial of service. It was discovered that the implementation of the Throwable class in the Utilities component of OpenJDK did not sufficiently validate serial stream before deserializing suppressed exceptions. A specially-crafted input could cause a Java application to construct inconsistent object and possibly use an excessive amount of system resources when deserialized.
lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
access.redhat.com/errata/RHSA-2019:1811
access.redhat.com/errata/RHSA-2019:2494
access.redhat.com/errata/RHSA-2019:2495
access.redhat.com/errata/RHSA-2019:2585
access.redhat.com/errata/RHSA-2019:2590
access.redhat.com/errata/RHSA-2019:2592
access.redhat.com/errata/RHSA-2019:2737
access.redhat.com/security/updates/classification/#moderate
kc.mcafee.com/corporate/index?page=content&id=SB10300
lists.debian.org/debian-lts-announce/2019/08/msg00020.html
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
usn.ubuntu.com/4080-1/
usn.ubuntu.com/4083-1/