CVE-2021-2163 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	A security issue was found in the way the Libraries component of OpenJDK enforced constraints defined in the jdk.jar.disabledAlgorithms security property. Verification of a JAR filed signed using a disabled algorithm could succeed in certain cases, leading to bypass of the intended security restrictions. The issue is fixed in versions 16.0.1, 11.0.11, 8u291 and 7u301.

Group	Package	Affected	Fixed	Severity	Status
AVG-1850	jdk7-openjdk, jre7-openjdk-headless	7.u261_2.6.22-1		Medium	Unknown
AVG-1849	jdk8-openjdk, jre8-openjdk-headless	8.u282-1	8.u292-1	Medium	Fixed
AVG-1848	jdk11-openjdk, jre11-openjdk-headless	11.0.10.u9-1	11.0.11.u9-1	Medium	Fixed
AVG-1847	jdk-openjdk, jre-openjdk-headless	15.0.2.u7-1	16.0.1.u9-1	Medium	Fixed

References
https://www.oracle.com/security-alerts/cpuapr2021verbose.html#JAVA https://bugzilla.redhat.com/show_bug.cgi?id=1951217 https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8249906 https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256 https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4

References

https://www.oracle.com/security-alerts/cpuapr2021verbose.html#JAVA
https://bugzilla.redhat.com/show_bug.cgi?id=1951217
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8249906
https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256
https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4