Oracle Java SE is vulnerable to remote code execution. A flaw was found in the way the Library component of OpenJDK handled JAR files containing multiple MANIFEST.MF files. Such JAR files could cause signature verification process to return an incorrect result, possibly allowing tampering with signed JAR files. After the fix, all JAR files with multiple MANIFEST.MF files are treated as unsigned.
access.redhat.com/errata/RHSA-2021:2775
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1982879
lists.debian.org/debian-lts-announce/2021/08/msg00011.html
security.netapp.com/advisory/ntap-20210723-0002/
www.debian.org/security/2021/dsa-4946
www.oracle.com/security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuoct2021.html