CLSA-2025-1752246531

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1752246531.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1752246531
Upstream
Published
2025-07-11T15:08:55Z
Modified
2026-05-29T01:35:51.550349966Z
Summary
java-11-openjdk: Fix of 13 CVEs
Details
  • Upgrade to openjdk-11.0.27+6. The following CVEs were fixed:
  • CVE-2025-30698: fix buffered image handling to avoid unauthorized access to accessible data
  • CVE-2025-30691: improve compiler transformations to avoid unauthorized access to accessible data
  • CVE-2024-21144: invalid header validation leads to Pack200 excessive loading time
  • CVE-2024-21147: out-of-bounds array index in range check elimination
  • CVE-2024-21138: infinite loop vunlerability in SymbolTable
  • CVE-2024-21131: UTF8 size overflow
  • CVE-2024-21235: incorrect range check because of integer conversion error in LoopNode
  • CVE-2024-21140: int overflow/underflow in range check elimination
  • CVE-2024-21217: out-of-memory because of unbounded allocation in MessageFormat
  • CVE-2024-21210: integer overflow in array indexing in SuperWord
  • CVE-2024-21145: out-of-bounds access in MaskFill
  • CVE-2024-21208: improper handling of maxHeaderSize in HTTP client
  • CVE-2025-21502: enhance array handling
References

Affected packages