RHSA-2021:1445: Red Hat Security Advisory: OpenJDK 8u292 Windows Builds release and security update

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (1.8.0.292) for Windows serves as a replacement for the Red Hat build of OpenJDK 8 (1.8.0.282) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es):

• OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568) (CVE-2021-2161)
• OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-2161: OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568)
• CVE-2021-2163: OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)