CLSA-2025-1753730595

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1753730595
Upstream
Published
2025-07-28T19:23:19Z
Modified
2026-05-29T01:35:55.844923451Z
Summary
java-17-openjdk: Fix of 25 CVEs
Details
  • Update to jdk-17.0.15+6
  • Set bundled freetype provide version to 2.13.2
  • Set bundled harfbuzz provide version to 8.2.2
  • Require tzdata-java 2025a at runtime and for build
  • CVE-2025-21502: fix Hotspot component vulnerability allowing unauthorized access to resources and exposure of sensitive information
  • CVE-2025-30698: fix 2D component vulnerability allowing unauthorized data access and partial denial of service
  • CVE-2025-30691: fix Compiler component vulnerability allowing unauthorized data access and modification (CVSS 4.8 Medium)
  • CVE-2025-21587: fix JSSE component vulnerability allowing unauthorized creation/deletion/modification of critical data
  • CVE-2024-20921: fix information disclosure in Hotspot that allows remote attackers to access sensitive data via untrusted input through exposed APIs or sandboxed environments
  • CVE-2024-21235: fix vulnerability in Hotspot that allows remote attackers to read or modify limited data via untrusted input through exposed APIs or sandboxed code
  • CVE-2024-21217: fix vulnerability in Serialization that allows remote attackers to trigger partial denial of service via untrusted input through exposed APIs or sandboxed code
  • CVE-2024-21210: fix vulnerability in Hotspot that allows remote attackers to modify limited data via untrusted input through exposed APIs or sandboxed code.
  • CVE-2024-21208: fix security vulnerability in OpenJDK component
  • CVE-2024-21147: fix Hotspot component vulnerability allowing unauthorized data access
  • CVE-2024-21145: fix 2D component vulnerability allowing unauthorized data access
  • CVE-2024-21144: fix security vulnerability in OpenJDK component
  • CVE-2024-21140: fix Hotspot component vulnerability
  • CVE-2024-21138: fix Hotspot component vulnerability causing partial denial of service
  • CVE-2024-21131: fix vulnerability in Hotspot that allows remote attackers to modify limited data via untrusted input through exposed APIs or sandboxed code
  • CVE-2024-21094: fix Hotspot component vulnerability allowing unauthorized data modification
  • CVE-2024-21085: fix Concurrency component vulnerability causing partial denial of service
  • CVE-2024-21068: fix Hotspot component vulnerability allowing unauthorized data access
  • CVE-2024-21011: fix Hotspot component vulnerability causing partial denial of service
  • CVE-2024-20918: fix information disclosure and data modification in Hotspot via untrusted input
  • CVE-2024-20952: fix information disclosure and data modification in Security via untrusted input
  • CVE-2024-20926: fix information disclosure in Scripting via untrusted input
  • CVE-2023-48161: fix buffer overflow in GifLib’s DumpSCreen2RGB function allowing local attackers to access sensitive information
  • CVE-2023-22025: fix data modification in Hotspot via untrusted input through exposed APIs or sandboxed code
  • CVE-2023-25193: fix O(n^2) growth vulnerability in HarfBuzz's hb-ot-layout-gsubgpos.hh when processing consecutive marks
References

Affected packages