Mageia alert MGASA-2025-0156 (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2025-0156: Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities | |
| Date: | Tue, 13 May 2025 22:57:17 +0200 | |
| Message-ID: | <20250513205718.0C3E39FE10@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2025-0156 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities Publication date: 13 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0156.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Description: Better TLS connection support. (CVE-2025-21587) Improve compiler transformations. (CVE-2025-30691) Enhance Buffered Image handling. (CVE-2025-30698) The updated timezone data are needed by the new Java packages. References: - https://bugs.mageia.org/show_bug.cgi?id=34206 - https://access.redhat.com/errata/RHSA-2025:3845 - https://access.redhat.com/errata/RHSA-2025:3850 - https://access.redhat.com/errata/RHSA-2025:3853 - https://access.redhat.com/errata/RHSA-2025:3856 - https://www.oracle.com/security-alerts/cpuapr2025.html#Ap... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3... SRPMS: - 9/core/timezone-2025a-1.mga9 - 9/core/java-1.8.0-openjdk-1.8.0.452.b09-1.mga9 - 9/core/java-11-openjdk-11.0.27.0.6-1.mga9 - 9/core/java-17-openjdk-17.0.15.0.6-1.mga9 - 9/core/java-latest-openjdk-24.0.1.0.9-1.rolling.1.mga9