java-21-openjdk-21.0.6.0.7-1.el8.ML.1

エラータID: AXSA:2025-9623:04

Release date: 
Tuesday, February 4, 2025 - 09:55
Subject: 
java-21-openjdk-21.0.6.0.7-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* JDK: Enhance array handling (CVE-2025-21502)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-21502
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2025-21502
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-21-openjdk-21.0.6.0.7-1.el8.ML.1.src.rpm
    MD5: c870db66c38a93b61465a00bda947f19
    SHA-256: f50a2674af7cfdf7f1cb4524d27874598062264f0203f14599c885848274d755
    Size: 67.29 MB

Asianux Server 8 for x86_64
  1. java-21-openjdk-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 4b0553691ce3b82e32cc18cf6c3c68e1
    SHA-256: 8b3bd9ac2361ba7f73b6fd7e8363607fe3e07d79d64069527739da84bb59b1a8
    Size: 448.23 kB
  2. java-21-openjdk-demo-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: bf4b8efb54e330dba39b2fcbf39d2012
    SHA-256: 24d17b90310ea54180e4807e2b89310620410b23da0e40603b0b020ce7bcc985
    Size: 3.17 MB
  3. java-21-openjdk-demo-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: ad8b47bdf5c0af6b6128710349331d13
    SHA-256: fb0114f0469d4025d18051ebfe0defc4d3b8e67e397bf006cb51bdaa0440877e
    Size: 3.17 MB
  4. java-21-openjdk-demo-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: dc588739aa52c1eca7ec6defd44b463e
    SHA-256: 9edbc6373e21acf0e1668c34ce9a590097e0279d5edec6d77c79079a475fd669
    Size: 3.17 MB
  5. java-21-openjdk-devel-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 24b0148e039ab567fbffa6c0e884fdbb
    SHA-256: aa3192032e789f664783964f07baba2362e5d81ba8752fc0b5ff9e5d40b76f50
    Size: 5.16 MB
  6. java-21-openjdk-devel-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: af4dde1761bddff687b10ce96c65ccfc
    SHA-256: a826cd69593976370b3c34a1211214bcec32e0523c003bad57c8ec231e749379
    Size: 5.17 MB
  7. java-21-openjdk-devel-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 9fcb95157329b9263c09c4548191678f
    SHA-256: 2fcf5a0a22fb4946e537aaada27760758347305e137c49d88f85a55a80e77cb9
    Size: 5.17 MB
  8. java-21-openjdk-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: f6e461693ca608369303a48ac7470f32
    SHA-256: 8fc953766c339cf0a6e1d8644d1463210475340ad4b4bda98167f9b1566b73e0
    Size: 457.35 kB
  9. java-21-openjdk-headless-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: cae44a63405cd5209298e53ef15fcbdf
    SHA-256: f9d17121661d312ecb9280b0159b53c515875ad1c61b800d2e4e9a413e9a210f
    Size: 49.29 MB
  10. java-21-openjdk-headless-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 3cf4fa098f6ae7715de826d7c78bf5c9
    SHA-256: 76ceb3abf804992bf43bac0de2247c8b9264521a6ae6af3c7add56005a8e7e56
    Size: 54.04 MB
  11. java-21-openjdk-headless-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: d17904a5d92f4a19d3b3a976e2e0b02a
    SHA-256: c6ee337a9931582d07ed55de4dcb9bae60a6598f1adddad9cf80135e2b213275
    Size: 53.21 MB
  12. java-21-openjdk-javadoc-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: b1589f8ddc0ece5b90c7a5474bb10edf
    SHA-256: 426bb4bb29f8b43847895595e076a63daf92e4198fe1489a7fdc69e69abe19c2
    Size: 16.40 MB
  13. java-21-openjdk-javadoc-zip-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 325f8aca39733794be055a0f0c28cb3e
    SHA-256: bee789c182ef159384384afe2fb2543f591c119f810cb71ff06cf3973880879b
    Size: 41.50 MB
  14. java-21-openjdk-jmods-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 94bd2a98852b2496ea7bfa8601a8a41e
    SHA-256: b683187793a58458c774e9f2df71aed416ecb5bf2f550f1bc8cfce75736646ba
    Size: 305.94 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 3fca70dfc6fd041a7008eb930bf74fbb
    SHA-256: acfd54db31a858b91dcdf7b4bcc73bb798edf2389568304391b96d351282de7d
    Size: 360.95 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: fd097f9e091d09f96eaf6dfbd677a600
    SHA-256: 65cf30b66d578e8a8de16b8f4f0d24b0686cb55992a5b4edabe1957621070eb8
    Size: 282.58 MB
  17. java-21-openjdk-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: b8c63af0b0f091a0d364f9281871c4c6
    SHA-256: 4b4c6d88aef00a823c1ca3e221a6835672d311ae55c3c029c2fe845c80af8f6b
    Size: 433.96 kB
  18. java-21-openjdk-src-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 68bd39bc9331409a6476f6c1d1357382
    SHA-256: ddf25539e291733c66ff6905f634711aceafeee1c696f090068daafa1cdce006
    Size: 47.34 MB
  19. java-21-openjdk-src-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 3eb865cc4a0543927cb136cacc5fa0e1
    SHA-256: 1ff2c1e6344a0d2e8fa5a9c7ea00937fbd2c8dc162ef10d5ddad35a14990d3ec
    Size: 47.35 MB
  20. java-21-openjdk-src-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 0c2911cb2c9a7957615a1c7f442c6d67
    SHA-256: 3afbcb484a7919a01f9737c53fe21831dfffbb91d44bf362cc620e7813e42332
    Size: 47.35 MB
  21. java-21-openjdk-static-libs-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 0d719f340e10f46d264fcdd5e3c1eaf4
    SHA-256: d7d1bfbca0624538e41409ac7bdc9f4b7eeaa9865459bef248ca59011b9aaed2
    Size: 30.89 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: f36cca7503db9c43e69a32c1ef690216
    SHA-256: 2c95e484552596b7ea2513c7b5b7e72695cf1e9f26af85d39229d975d10b6268
    Size: 31.04 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.6.0.7-1.el8.ML.1.x86_64.rpm
    MD5: 3e047f800a977ad0267500561d3c41dc
    SHA-256: b51e9fd8d0e7b2422c71bf4cde3ed4952bbdc640826a24bb2367628b0ed06e47
    Size: 24.35 MB