Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerability
Publication date: 07 Feb 2025Modification date: 07 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21502
Description
A difficult to exploit vulnerability allows unauthenticated attackers with
network access via multiple protocols to compromise Oracle Java SE.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to Oracle Java SE accessible. This
vulnerability can be exploited by using APIs in the specified Component,
e.g., through a web service which supplies data to the APIs. This
vulnerability also applies to Java deployments, typically in clients
running sandboxed Java Web Start applications or sandboxed Java applets,
that load and run untrusted code (e.g., code that comes from the
Internet) and rely on the Java sandbox for security. (CVE-2025-21502)
References
- https://bugs.mageia.org/show_bug.cgi?id=33954
- https://access.redhat.com/errata/RHBA-2025:0418
- https://access.redhat.com/errata/RHSA-2025:0429
- https://access.redhat.com/errata/RHSA-2025:0422
- https://www.oracle.com/security-alerts/cpujan2025.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21502
SRPMS
9/core
- java-17-openjdk-17.0.14.0.7-1.mga9
- java-11-openjdk-11.0.26.0.4-1.mga9
- java-1.8.0-openjdk-1.8.0.442.b06-1.mga9
- java-latest-openjdk-23.0.2.0.7-1.rolling.1.mga9