Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4812

[SECURITY] [DSA 6246-1] openjdk-25 security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6246-1] openjdk-25 security update
Date 2026-05-03 17:10 +0200
Message-ID <MQGCe-2jap-7@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6246-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 03, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-25
CVE ID         : CVE-2026-22007 CVE-2026-22008 CVE-2026-22013 CVE-2026-22016 
                 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268 CVE-2026-34282

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in incorrect generation of cryptographic keys, denial of
service, information disclosure, XEE/XEE attacks or incorrect validation
of Kerberos credentials.

For the stable distribution (trixie), these problems have been fixed in
version 25.0.3+9-2~deb13u1.

We recommend that you upgrade your openjdk-25 packages.

For the detailed security status of openjdk-25 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-25

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn3YOYACgkQEMKTtsN8
TjbvPQ//bbZC/9NxpT9x4vk4NBqJQCQnNbPhBxmbKdK/wfZ53tMeDBQQ/u3KAFTw
aQZnxujMh2CeVSFNw3UiYcaGdIqmZCFFW5mpfgasW9ZIDSMB0aLDRpdTRlmZN+Ak
yLMZiKh2HOMUoDaLlMN4th6RIljNmgDVm/k8nVHOyfy5im4/eMfCFV/COKLgbFAi
Tijb3y9IhASaoPgt9EuRpAcFxmMjalDgepOSW7HDhdgD9IcSZa7/kv/5GOgPHcZ+
rK7Hw7Bwsbyu3+kbI4g+R7h+XD++bn4ejOEUMiTx1rbk4480Mp/HYwXtaLHVH0OT
wSw5iRr0LimGuvMwWE8w8CU9/DPvj50DGkCSbt61BpE6yE4CGk0qJhJH1w44RTRg
4n9I+q6le751LZLg8ez0Hc04f2uFoLOCpc3XTk/n6YiIiqLBlEz/W9CtAj+839hl
9hD2fdAMtvB4pGamdBAieYwvoKc+zO/lJq6Rk74pBg0g2tJg3aNpceplqXrs12F7
5WOJgI+XLMsiVrGhxSdjRxQfxs+ouObpL868KiVN+dzcioeaW/THOztGcgtntaJr
44rwuFb0hocbbYbxSaf1rpaMNBLnKm0z9AlNdt9bmnnNtwOeU49UiDVv/GAOvT6j
CimnPkGDp1v9Cmh3bFwA2oa3XPN0FI7nxYYTFHL7VWaNHZZTFO0=
=c6pB
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6246-1] openjdk-25 security update Moritz Muehlenhoff <jmm@debian.org> - 2026-05-03 17:10 +0200

csiph-web