|
|
Log in / Subscribe / Register

Debian alert DLA-4566-1 (openjdk-11)



From:
              Emilio Pozuelo Monfort <pochu@debian.org>


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4566-1] openjdk-11 security update


Date:
              Wed, 06 May 2026 13:59:28 +0200


Message-ID:
              <20260506115928.899665F00082@kamino>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4566-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
May 06, 2026                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openjdk-11
Version        : 11.0.31+11-1~deb11u1
CVE ID         : CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018
                 CVE-2026-22021 CVE-2026-34268 CVE-2026-34282

Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect generation of cryptographic
keys, denial of service, information disclosure, XEE/XEE attacks
or incorrect validation of Kerberos credentials.

For Debian 11 bullseye, these problems have been fixed in version
11.0.31+11-1~deb11u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmn7LSAACgkQnUbEiOQ2
gwL8yw/7BxVf2dQVYjYuWQTItXIf04eq2LUA3nRMkIPAKqwPbrVgMg0gjNucpeuB
5B530F3vcvDGkO9Rc0DYrx70/qSysBsL07GkLibYTKwAHBKozBd211zKkeYWNKx5
On12itaIaU/Ujv7x+YDaDdWPr8SQObrfm30dXEviWVA21LllFtq46J/+F6T4z1tW
64jp/Pxp91EBIq95HWzZ/C34vcpbZd7jHDOFs8JZwN0wLBhG1wUyApdxsERU1Nwa
NyAVyekNDn5XLH5EIZs5xcRIO0CR0R6bOSVYyGrzgW3PQAHNhVk5ZbNJVG2Brnc6
CFJ1qq3Uv0//RuRz4jSWtxavrOgv1EMlxdCwexAjLZqWWlgsL6hpDvZuw3uMUYfX
2hUYGy58rEYRi2O7pxKFlxeFG/dCmUHJ9KRKCZ+oqmRLAC/gVtKUnump3gwLKTmv
Vj7NVdjG1xkUqF+F+lwb8IwhdG56PPlPe6A/Gz+qkFTHZbHNbSZORUIleZDpA5A6
eb0FvIrB/5OFKmiKm7p8V5oqcCMJz/czGRYm1aqwwI6Q5uQh5PK0iqQfil/hsbdN
0pQmG7msBoS4LElguxgomvGCX/I6bv6PHhANrPfHoBee9h6shmwL7VYp1LLvFYqp
BqBsRQBYKqtMoWaLbazCNcEajnz0EQkfqrUmMSpJ/Sdsu+n5FI0=
=UeID
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds