RHSA-2021:2778: Red Hat Security Advisory: OpenJDK 8u302 Security Update for Portable Linux Builds

The Red Hat Build of OpenJDK 8 (java-1.8.0-openjdk) is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 (1.8.0.302) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 8 (1.8.0.292) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es):

• OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341)
• OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369)
• OpenJDK: Incorrect comparison during range check elimination (Hotspot,

8264066. (CVE-2021-2388) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:

• CVE-2021-2341: OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
• CVE-2021-2369: OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
• CVE-2021-2388: OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)