A flaw was found in the way the Libraries component of OpenJDK enforced constraints defined in the jdk.jar.disabledAlgorithms security property. Verification of a JAR filed signed using a disabled algorithm could succeed in certain cases, leading to bypass of the intended security restrictions.
Public now via Oracle CPU April 2021: https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA Fixed in Oracle Java SE 16.0.1, 11.0.11, 8u291, and 7u301.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1301 https://access.redhat.com/errata/RHSA-2021:1301
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1305 https://access.redhat.com/errata/RHSA-2021:1305
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1299 https://access.redhat.com/errata/RHSA-2021:1299
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1306 https://access.redhat.com/errata/RHSA-2021:1306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1307 https://access.redhat.com/errata/RHSA-2021:1307
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1298 https://access.redhat.com/errata/RHSA-2021:1298
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1297 https://access.redhat.com/errata/RHSA-2021:1297
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-2163
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1315 https://access.redhat.com/errata/RHSA-2021:1315
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4
This issue has been addressed in the following products: Red Hat Build of OpenJDK Via RHSA-2021:1444 https://access.redhat.com/errata/RHSA-2021:1444
This issue has been addressed in the following products: Red Hat Build of OpenJDK Via RHSA-2021:1445 https://access.redhat.com/errata/RHSA-2021:1445
This issue has been addressed in the following products: Red Hat Build of OpenJDK Via RHSA-2021:1447 https://access.redhat.com/errata/RHSA-2021:1447
This issue has been addressed in the following products: Red Hat Build of OpenJDK Via RHSA-2021:1446 https://access.redhat.com/errata/RHSA-2021:1446
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:6755 https://access.redhat.com/errata/RHSA-2022:6755
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:6756 https://access.redhat.com/errata/RHSA-2022:6756
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6735 https://access.redhat.com/errata/RHSA-2022:6735