UBUNTU-CVE-2025-0509
- Source
- https://ubuntu.com/security/CVE-2025-0509
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-0509.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-0509
- Upstream
- Published
- 2025-02-04T20:15:00Z
- Modified
- 2025-09-08T17:06:47Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / openjdk-9
Package
- Name
- openjdk-9
- Purl
- pkg:deb/ubuntu/openjdk-9@9~b114-0ubuntu1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "openjdk-9-demo",
"binary_version": "9~b114-0ubuntu1"
},
{
"binary_name": "openjdk-9-jdk",
"binary_version": "9~b114-0ubuntu1"
},
{
"binary_name": "openjdk-9-jdk-headless",
"binary_version": "9~b114-0ubuntu1"
},
{
"binary_name": "openjdk-9-jre",
"binary_version": "9~b114-0ubuntu1"
},
{
"binary_name": "openjdk-9-jre-headless",
"binary_version": "9~b114-0ubuntu1"
},
{
"binary_name": "openjdk-9-source",
"binary_version": "9~b114-0ubuntu1"
}
]
}
Ubuntu:Pro:20.04:LTS / openjdk-13
Package
- Name
- openjdk-13
- Purl
- pkg:deb/ubuntu/openjdk-13@13.0.7+5-0ubuntu1~20.04?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
13+33-1
13.*
13.0.1+9-2
13.0.2+8-1
13.0.2+8-2
13.0.3+3-1ubuntu2
13.0.4+8-1~20.04
13.0.7+5-0ubuntu1~20.04
Ecosystem specific
{
"binaries": [
{
"binary_name": "openjdk-13-demo",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
},
{
"binary_name": "openjdk-13-jdk",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
},
{
"binary_name": "openjdk-13-jdk-headless",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
},
{
"binary_name": "openjdk-13-jre",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
},
{
"binary_name": "openjdk-13-jre-headless",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
},
{
"binary_name": "openjdk-13-jre-zero",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
},
{
"binary_name": "openjdk-13-source",
"binary_version": "13.0.7+5-0ubuntu1~20.04"
}
]
}
Ubuntu:Pro:20.04:LTS / openjdk-16
Package
- Name
- openjdk-16
- Purl
- pkg:deb/ubuntu/openjdk-16@16.0.1+9-1~20.04?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "openjdk-16-demo",
"binary_version": "16.0.1+9-1~20.04"
},
{
"binary_name": "openjdk-16-jdk",
"binary_version": "16.0.1+9-1~20.04"
},
{
"binary_name": "openjdk-16-jdk-headless",
"binary_version": "16.0.1+9-1~20.04"
},
{
"binary_name": "openjdk-16-jre",
"binary_version": "16.0.1+9-1~20.04"
},
{
"binary_name": "openjdk-16-jre-headless",
"binary_version": "16.0.1+9-1~20.04"
},
{
"binary_name": "openjdk-16-jre-zero",
"binary_version": "16.0.1+9-1~20.04"
},
{
"binary_name": "openjdk-16-source",
"binary_version": "16.0.1+9-1~20.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-18
Package
- Name
- openjdk-18
- Purl
- pkg:deb/ubuntu/openjdk-18@18.0.2+9-2~22.04?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "openjdk-18-demo",
"binary_version": "18.0.2+9-2~22.04"
},
{
"binary_name": "openjdk-18-jdk",
"binary_version": "18.0.2+9-2~22.04"
},
{
"binary_name": "openjdk-18-jdk-headless",
"binary_version": "18.0.2+9-2~22.04"
},
{
"binary_name": "openjdk-18-jre",
"binary_version": "18.0.2+9-2~22.04"
},
{
"binary_name": "openjdk-18-jre-headless",
"binary_version": "18.0.2+9-2~22.04"
},
{
"binary_name": "openjdk-18-jre-zero",
"binary_version": "18.0.2+9-2~22.04"
},
{
"binary_name": "openjdk-18-source",
"binary_version": "18.0.2+9-2~22.04"
}
]
}
Ubuntu:22.04:LTS / openjdk-19
Package
- Name
- openjdk-19
- Purl
- pkg:deb/ubuntu/openjdk-19@19.0.2+7-0ubuntu3~22.04?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "openjdk-19-demo",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
},
{
"binary_name": "openjdk-19-jdk",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
},
{
"binary_name": "openjdk-19-jdk-headless",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
},
{
"binary_name": "openjdk-19-jre",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
},
{
"binary_name": "openjdk-19-jre-headless",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
},
{
"binary_name": "openjdk-19-jre-zero",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
},
{
"binary_name": "openjdk-19-source",
"binary_version": "19.0.2+7-0ubuntu3~22.04"
}
]
}