CVE-2021-2163 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
A security issue was found in the way the Libraries component of OpenJDK enforced constraints defined in the jdk.jar.disabledAlgorithms security property. Verification of a JAR filed signed using a disabled algorithm could succeed in certain cases, leading to bypass of the intended security restrictions. The issue is fixed in versions 16.0.1, 11.0.11, 8u291 and 7u301.
Group Package Affected Fixed Severity Status Ticket
AVG-1850 jdk7-openjdk, jre7-openjdk-headless 7.u261_2.6.22-1 Medium Vulnerable
AVG-1847 jdk-openjdk, jre-openjdk-headless 15.0.2.u7-1 Medium Vulnerable
AVG-1849 jdk8-openjdk, jre8-openjdk-headless 8.u282-1 8.u292-1 Medium Fixed
AVG-1848 jdk11-openjdk, jre11-openjdk-headless 11.0.10.u9-1 11.0.11.u9-1 Medium Fixed
References
https://www.oracle.com/security-alerts/cpuapr2021verbose.html#JAVA
https://bugzilla.redhat.com/show_bug.cgi?id=1951217
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8249906
https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256
https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4