USN-7484-1
- Source
- https://ubuntu.com/security/notices/USN-7484-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7484-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7484-1
- Related
- Published
- 2025-05-06T03:17:25.598054Z
- Modified
- 2025-05-06T03:17:25.598054Z
- Summary
- openjdk-24 vulnerabilities
- Details
-
Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587)
It was discovered that the Compiler component of OpenJDK 24 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691)
It was discovered that the 2D component of OpenJDK 24 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698)
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15
- References
Affected packages
Ubuntu:24.10 / openjdk-24
Package
- Name
- openjdk-24
- Purl
- pkg:deb/ubuntu/openjdk-24@24.0.1+9~us1-0ubuntu1~24.10?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.0.1+9~us1-0ubuntu1~24.10
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-dbg"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-demo"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-doc"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-jdk"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-jdk-headless"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-jre"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-jre-headless"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-jre-zero"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-jvmci-jdk"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-source"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~24.10",
"binary_name": "openjdk-24-testsupport"
}
]
}
Ubuntu:25.04 / openjdk-24
Package
- Name
- openjdk-24
- Purl
- pkg:deb/ubuntu/openjdk-24@24.0.1+9~us1-0ubuntu1~25.04?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.0.1+9~us1-0ubuntu1~25.04
Affected versions
Other
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-dbg"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-demo"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-doc"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-jdk"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-jdk-headless"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-jre"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-jre-headless"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-jre-zero"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-jvmci-jdk"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-source"
},
{
"binary_version": "24.0.1+9~us1-0ubuntu1~25.04",
"binary_name": "openjdk-24-testsupport"
}
]
}