|
|
Log in / Subscribe / Register

Debian alert DLA-4346-1 (openjdk-11)



From:
              Emilio Pozuelo Monfort <pochu@debian.org>


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4346-1] openjdk-11 security update


Date:
              Sat, 25 Oct 2025 21:13:51 +0200


Message-ID:
              <20251025191351.1D6E55F00082@kamino>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4346-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 25, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openjdk-11
Version        : 11.0.29+6-1~deb11u1
CVE ID         : CVE-2025-53057 CVE-2025-53066

Two vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in XML external entity injection attacks or incorrect
certificate validation.

For Debian 11 bullseye, these problems have been fixed in version
11.0.29+6-1~deb11u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmj9IWsACgkQnUbEiOQ2
gwL0WQ//URvAQ6VwpxWPBYsZtkv8ef3hntRryNwkT06856kAWNcG6AhOjW9y+VuU
m8LidFaVpoaSW9/WmHn68HhbBo2M0ijQwmgTI9Up8DA9hIna10Zs049YJZsg7WxL
xlupFx398xYEK8WfKftY8MredYIuxQekO5A4Rw3Ks0l9mszB+8WEkpkmoLBKpyzV
JyD6dOm94byu2xiirvR4m08nWU8PLFgpFGY4P7rqPQb6IiEMryqJwQdMpQznZpd/
R1wx+Xk3o9hnQbrXSFgyWha7I3z1mchYNwvvTBQsLjecb3DW8U2CfQPP+M2sQ1zQ
hEqM9o+o3UfhYr3URoBZ8dtGtN4OR3mLlOiL0gKeRw+XP/qIgwnqib9XWp55xWhN
c5S0uY84vb+xGqax9IvzgXxCV05RE4biwOaMQUadwh5YC/lOhh68IwveAwKrW2ig
XXaTpVYB6JKPlTSUDphdQeQIwrVtcf/tWfMy5yRYXA0dECGna5RTUHK+kZbvr5lF
Kr9VdL3JtQ/7xCE937fYRtVPcPgbXN54SvIUFSqL7XyUbGCiVOwKcyw3Wq0XCRbQ
Q0YYDCGhJozMRMEDOiYcK9602G+2fuD3VojPsfWjZvUolyDxSfDAO7+6NFZmMgOX
89yu9G043mkw0vIndmpiLwXsFnaBCVXdxRn7jv/ud5yPQpXCZfc=
=UHxg
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds