RHSA-2021:0946: Red Hat Security Advisory: Red Hat Build of OpenJDK 1.8 (container images) release and security update

The Red Hat Build of OpenJDK 8 (container images) is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-26 and ubi8-openjdk-8:1.3-9) serves as a replacement for the Red Hat build of OpenJDK 8 (openjdk18-openshift:1.8-25 and ubi8-openjdk-8:1.3-8), and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es):

• ubi8/openjdk-8: containers/openjdk: /etc/passwd is given incorrect privileges (CVE-2021-20264)
• redhat-openjdk-18/openjdk18-openshift: containers/openjdk: /etc/passwd is given incorrect privileges (CVE-2021-20264) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-20264: containers/openjdk: /etc/passwd is given incorrect privileges