openjdk is vulnerable to denial of service. It was discovered that the implementation of the Collections class in the Utilities component of OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized.
lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
access.redhat.com/errata/RHSA-2019:1811
access.redhat.com/errata/RHSA-2019:2494
access.redhat.com/errata/RHSA-2019:2495
access.redhat.com/errata/RHSA-2019:2585
access.redhat.com/errata/RHSA-2019:2590
access.redhat.com/errata/RHSA-2019:2592
access.redhat.com/errata/RHSA-2019:2737
access.redhat.com/security/updates/classification/#moderate
kc.mcafee.com/corporate/index?page=content&id=SB10300
lists.debian.org/debian-lts-announce/2019/08/msg00020.html
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
usn.ubuntu.com/4080-1/
usn.ubuntu.com/4083-1/