Ubuntu Security Notice 4083-1 - It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. Various other issues were also addressed.
1a9a516552f67cc0818e16bae226fc402cc11e761ed01697738ead45cac2a35f
Red Hat Security Advisory 2019-1817-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
e40f5a9cce5d3768d19c806c747f191ded9a72d18dc09d620231824b5418a6f6
Red Hat Security Advisory 2019-1810-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
472c18ffca284f41f7bdde6a48f50834689e4e3227bac3cb0b56b5adb628406c
Debian Linux Security Advisory 4486-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised.
38f773b7a920474ebaeb7db954d7256190f0cd245e640cb9b50f7ce85676f54b