RedHat: RHSA-2021-1444:01 Moderate: OpenJDK 8u292 Security Update for

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenJDK 8u292 Security Update for Portable Linux Builds
Advisory ID:       RHSA-2021:1444-01
Product:           OpenJDK
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1444
Issue date:        2021-04-28
Keywords:          openjdk,linux
Cross references:  RHSA-2021:70423-01
CVE Names:         CVE-2021-2163 
=====================================================================

1. Summary:

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for
portable Linux.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and
the OpenJDK 8 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 8 (1.8.0.292) for portable
Linux serves as a replacement for the Red Hat build of OpenJDK 8
(1.8.0.282) and includes security and bug fixes, and enhancements. For
further information, refer to the release notes linked to in the References
section.

Security Fix(es):

* OpenJDK: Incomplete enforcement of JAR signing disabled algorithms
(Libraries, 8249906) (CVE-2021-2163)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and
_using_openjdk_8_for_rhel/installing-openjdk8-on-rhel#installing-jdk8-on-rh
el-using-archive

4. Bugs fixed (https://bugzilla.redhat.com/):

1951217 - CVE-2021-2163 OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

5. References:

https://access.redhat.com/security/cve/CVE-2021-2163
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=core.service.openjdk&version=1.8.0.292
https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_rhel/installing-openjdk8-on-rhel#installing-jdk8-on-rhel-using-archive
https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYIlXEtzjgjWX9erEAQgkGA/+KwHX9908X0tSGlR+Rv+N7W8r1AwuAFCi
HyBHyL//zrDQCVF9HnW6COz2SIig3K10+TTZbYZsvNExd6b385A7h00gX6TBw+kW
YSZvPggAZMbDZHr5nPHyqiN/vrVtxm8hbi7t9t+HgEz8xTd4VlfWWVd4gBcF6IpG
VhoIdDaUrJucgSR9ZudO9iqQlHXDYP74GTvvznb5IUpHbsO7GZvtQM55BK0s57mh
erC3tz4UmpR09MhqE74QT8IcpZIVNOCwlSkfG3LVVrctblcj9sfCbcSo4PNqDv6L
Bpadskuw/zPT9zAxc70wgCycAflcZmb0Zg3DrjTniO36guzckvG5q0aIsAziDvFP
/Sla4lkIXsYz/Xa1WYRcY3INwznenkJ3mHPYFNH8JdXAjVpEWVqFxdNOTEekhzgg
brdHVjgMZbMR+JWixM1LRxS6eWlhseTDSSKt5mziFFBClm2MNiAZ8ghwMfgchw1t
36xBk7qzJmkcE3gBhDeoqiL/C31bZhZHpQlETK1acX3aaxS66V0wgDextRkyiRzT
V1o3lyMBKhfjrC/qxSV1sH+qGl/KXQq9MXXr6d68elAzsts3OxB06ALIR8s+IzZq
CLobiA34kyTeElURpS3LeK9treTaMpXicCayhRqBGiimmg28RP836O1IpE8qnNEb
9Z6bL7yqZog=
=/xtA
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-1444:01 Moderate: OpenJDK 8u292 Security Update for

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux

Summary

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 8 (1.8.0.292) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 8 (1.8.0.282) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906) (CVE-2021-2163)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_rhel/installing-openjdk8-on-rhel#installing-jdk8-on-rhel-using-archive

References

https://access.redhat.com/security/cve/CVE-2021-2163 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=core.service.openjdk&version=1.8.0.292 https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_rhel/installing-openjdk8-on-rhel#installing-jdk8-on-rhel-using-archive https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20

Package List

Severity
Advisory ID: RHSA-2021:1444-01
Product: OpenJDK
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1444
Issued Date: : 2021-04-28
Keywords: openjdk,linux
Cross references: RHSA-2021:70423-01
CVE Names: CVE-2021-2163

Topic

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available forportable Linux.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1951217 - CVE-2021-2163 OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.