|
|
Log in / Subscribe / Register

Debian alert DLA-4456-1 (openjdk-17)



From:
              Emilio Pozuelo Monfort <pochu@debian.org>


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4456-1] openjdk-17 security update


Date:
              Mon, 26 Jan 2026 16:25:44 +0100


Message-ID:
              <20260126152544.E67975F00083@kamino>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4456-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
January 26, 2026                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openjdk-17
Version        : 17.0.18+8-1~deb11u1
CVE ID         : CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945

Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect certificate validation,
CRLF injection or man-in-the-middle attacks.

For Debian 11 bullseye, these problems have been fixed in version
17.0.18+8-1~deb11u1.

We recommend that you upgrade your openjdk-17 packages.

For the detailed security status of openjdk-17 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-17

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAml3h3UACgkQnUbEiOQ2
gwI6ZQ//WRufBOTUIRabxxVJbYgllpvhduG2iB8dZwJlTbv3TlFuX5HXU6xFp6Gt
2IgNvIJ1VD9QV7s8nnKY/8AxKWfEnzkL0OXgfYaef3oC3N1driXGQhBCCorAtFuz
OuROh92PwgL4WA+jd0KI07Q/YtC152CrYUAsoT622x52yXSF2iU4LvmIBZLCX8gU
Ixdsx+dGrF++3NZhgzGlxOiuSie5ba6EnVDNj8SefHI8kKxLMi4/ymTYHFmtSFso
gLVa5+krIyN8Vs2RWTEcqUu+RDLfT05QbM2yIHxXUXagVXXwDR2CM0JIR39JkOEN
d9RXtFLWZVQo2pvax/9iNM6l0dXBDoQBcXFwBNd+b+1jjnkES+WeFMGmo+DGYTEu
dEVSA7RUNojTFPVebK7r2hEHavymvBI9zs9sPne4OXEs/+8SEareapdFJ19HapHU
HE05Zphnw8Y64cBl8CKeaSySTxNTPywnpfyNlp4f+eFPUlWPINIjEsj9fE5OycUR
xdUcNygiNYi/g4fPA+by0lheR6A0uZ8QCHCspp64shTS8ZipN700/Jq4gtaGR+8o
UcSXs11GZa1I5GlTKMMbaSP5h47eKI1BQ5av+1qcT8QUzHLWAExDkVYdnHFy1KYv
UJ4G0YlU+aNAZueCu9NJCnv1qdOQ/W45eDBoOWhx+KDp3mQnWuw=
=lc2B
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds