java-21-openjdk-21.0.7.0.6-1.el9.ML.1

エラータID: AXSA:2025-9870:05

Release date: 
Thursday, April 24, 2025 - 11:58
Subject: 
java-21-openjdk-21.0.7.0.6-1.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the
OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* JDK: Better TLS connection support (CVE-2025-21587)
* JDK: Improve compiler transformations (CVE-2025-30691)
* JDK: Enhance Buffered Image handling (CVE-2025-30698)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2025-21587
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: JSSE). Supported
versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26,
17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM
Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
creation, deletion or modification access to critical data or all Oracle Java
SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as
well as unauthorized access to critical data or complete access to all Oracle
Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible
data. Note: This vulnerability can be exploited by using APIs in the specified
Component, e.g., through a web service which supplies data to the APIs. This
vulnerability also applies to Java deployments, typically in clients running
sandboxed Java Web Start applications or sandboxed Java applets, that load and
run untrusted code (e.g., code that comes from the internet) and rely on the
Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and
Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-30691
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that
are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and
24. Difficult to exploit vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise Oracle Java SE. Successful
attacks of this vulnerability can result in unauthorized update, insert or
delete access to some of Oracle Java SE accessible data as well as unauthorized
read access to a subset of Oracle Java SE accessible data. Note: This
vulnerability can be exploited by using APIs in the specified Component, e.g.,
through a web service which supplies data to the APIs. This vulnerability also
applies to Java deployments, typically in clients running sandboxed Java Web
Start applications or sandboxed Java applets, that load and run untrusted code
(e.g., code that comes from the internet) and rely on the Java sandbox for
security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions
that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14,
21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM
Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized
read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle
GraalVM Enterprise Edition accessible data and unauthorized ability to cause a
partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for
JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java
deployments, typically in clients running sandboxed Java Web Start applications
or sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability does not apply to Java deployments, typically in servers, that
load and run only trusted code (e.g., code installed by an administrator). CVSS
3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

Solution: 

Update packages.

CVEs: 
CVE-2025-21587
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-30691
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-21-openjdk-21.0.7.0.6-1.el9.ML.1.src.rpm
    MD5: 8f6810ed2c9133f341e61a1a32ee5130
    SHA-256: 5d40b94afc1226335131c67b316252ba3508647ccf4ceb1771357a9395f642f1
    Size: 67.32 MB

Asianux Server 9 for x86_64
  1. java-21-openjdk-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: eda268852eebb721169cecf3d1d3128c
    SHA-256: 852a56b0bf084f1f1290e1e60440080b2b8314843a6ebdc9f37629abf190e045
    Size: 429.25 kB
  2. java-21-openjdk-demo-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 5e4102d6e55e0fb55c8d27477f7113cc
    SHA-256: 6519f400c34f68627af7a14344888d5bc4157d057f0b9d5bee40f871d4780721
    Size: 3.18 MB
  3. java-21-openjdk-demo-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 69c6c78a5263e6a4810d18b1620f073c
    SHA-256: 573ff68148fe1f91d5eeb9a3dcffdfb9bf50ccb2122b197e42c5ac54a6d1142b
    Size: 3.18 MB
  4. java-21-openjdk-demo-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: bbd7cdfcef6da7aa1b0085b26140c80c
    SHA-256: 4ce5bed2c03bd493fba9e0cd1ba522d18b11b941bcf957f6cbb932b075c5f75c
    Size: 3.18 MB
  5. java-21-openjdk-devel-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 2f185e94dd26d936106ef44b94429d1d
    SHA-256: 7f233a83a62dfbf30495685acf9494f33498fb8584f7f48565187739ddcdcf03
    Size: 5.01 MB
  6. java-21-openjdk-devel-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 14450fe4d21ceadbd3d9f013dd468fbb
    SHA-256: 195014b8c0db828e49960fa96eb2ae75697e1f9c4419c36e9d3dc2314389c3fa
    Size: 5.01 MB
  7. java-21-openjdk-devel-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: d28c0cbb8c5211e9967a41fddc625cd4
    SHA-256: cbee0080fb40a570ccb2d29081e41bba6cd7493b8173973f9875407522fae7ee
    Size: 5.01 MB
  8. java-21-openjdk-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 4f3de7da97c9ea1e90f8d922bce755f3
    SHA-256: dc5f2087acad4eaa6ca260ab9767dd2c879f37df5e887b0acb1da1ccad1947a9
    Size: 437.85 kB
  9. java-21-openjdk-headless-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: f4003c6ad5252b44849b9f9425f86538
    SHA-256: 34179ab78549c21e17562f1bd3ad85f10f3f7df7053e89032f8235cc60ea9b72
    Size: 47.29 MB
  10. java-21-openjdk-headless-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: a2c4624a36624ba874dbde8ab6394d3b
    SHA-256: 7c923f3ec270d24df9cdd7729abd64d9289071ef399a1c7ad1ae27fa78015248
    Size: 51.81 MB
  11. java-21-openjdk-headless-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 0921ba399ad932b216f5effc48c2bbec
    SHA-256: 455637456c5970f94954ffda1643d8226e2bf5174142f2be75ca0314cd7eff11
    Size: 49.90 MB
  12. java-21-openjdk-javadoc-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: f58c951b9e9608214ca31bf89e102334
    SHA-256: 5c07152e55a9a283d48054fe1aec4299a43f6b3d83cbb2ca31b332ffc5a727eb
    Size: 14.98 MB
  13. java-21-openjdk-javadoc-zip-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 365d6e47df6b2e76a508c64e936aef2c
    SHA-256: f6492e0a7aaf25c03ed079b2523394d22d522189eed873e767aa0fa4a1446751
    Size: 40.56 MB
  14. java-21-openjdk-jmods-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 53253fc2acc126b0ad62f06129c451af
    SHA-256: b9263c639d889a487f81457fac7126da37fde363564ff2af2245b8691e776ea2
    Size: 301.19 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 314489119c390004171986f3ddf9818b
    SHA-256: 25f7cc80d01a2d21af0ae00d45fd30fed50d832fce7a0106f1876ec7261ef36d
    Size: 352.28 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 42bc0266bf4017d259d69cf610620724
    SHA-256: 47a285d395cb5779d26eb08f6d6f92ae3836484843b417d8e49bd2a9f6823e24
    Size: 267.39 MB
  17. java-21-openjdk-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: ceac60a6bd010b35d53c08d50156935f
    SHA-256: 15ab88760e4150fd16fabc2ea3919a1d2d5cf3dd12dd358f84a87789178b97e3
    Size: 408.50 kB
  18. java-21-openjdk-src-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 2788351d729ed264320755dcc0683a61
    SHA-256: 2953cbd7b7f3827bf85d81f86aba70cd630548def62a0f71adfbe68ad7ba9e61
    Size: 46.72 MB
  19. java-21-openjdk-src-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 8a79af82dbdd36c9a77aa067b7fc3531
    SHA-256: f7dc35263df0bd3580702e594843d5969a29cbafda031f817392e17dfecea471
    Size: 46.72 MB
  20. java-21-openjdk-src-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: f6037d2b610bf5fafeede9c0f2ffd605
    SHA-256: 37751bc55884e5e3b016abfa470066c180c0b2d38733f73a1f4a42633c8f438e
    Size: 46.72 MB
  21. java-21-openjdk-static-libs-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 0a6415ff9bb778dbff2e4ad5868504ae
    SHA-256: 8a8ef54dffeaa94858f29060af63ad5a0d4df6693bafbe75679a6f8b5b251a89
    Size: 28.38 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 54cbd44ef751719d36abcc0af8336bcd
    SHA-256: 53139d2f0a209816954fd84972f3f2d2b8ed087a643e79aadb7c5110eaf597c5
    Size: 28.47 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.7.0.6-1.el9.ML.1.x86_64.rpm
    MD5: 9cbbfda036803011d3bd5129f09f423e
    SHA-256: 581e50069eae7a1af334ce77d6ef89cef890fd4c5eb7ef39dd6acd2bc62758ff
    Size: 19.94 MB