java-1.8.0-openjdk-1.8.0.462.b08-2.el8

エラータID: AXSA:2025-10573:11

Release date: 
Wednesday, July 23, 2025 - 22:42
Subject: 
java-1.8.0-openjdk-1.8.0.462.b08-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* JDK: Better Glyph drawing (CVE-2025-30749)
* JDK: Enhance TLS protocol support (CVE-2025-30754)
* JDK: Improve scripting supports (CVE-2025-30761)
* JDK: Better Glyph drawing redux (CVE-2025-50106)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-30749
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-30754
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-30761
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-50106
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Solution: 

Update packages.

CVEs: 
CVE-2025-30749
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-30754
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-30761
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-50106
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.462.b08-2.el8.src.rpm
    MD5: 9def3a85c4503a6e345bcde6a8bd7323
    SHA-256: 66918028328ca5835b945c5a6adebc63366c731a374d9f5f67a44298d0548da8
    Size: 58.10 MB

Asianux Server 8 for x86_64
  1. java-1.8.0-openjdk-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 4982f7ac5169ec77f7f8d502c5b5d4d4
    SHA-256: 6bfb13d94e06c72ab7fa3a8e0e32f2434928b9bbbb18128c02b2aad5013f8f44
    Size: 558.48 kB
  2. java-1.8.0-openjdk-accessibility-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: f1b7b022eaa69fc3049ad8378b527f30
    SHA-256: 7185666a3b1d1cb933572b13080c60c14adf580583449edc0f5eb6b61f7f4f11
    Size: 127.29 kB
  3. java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 444dae95a06ecb32d73920aad6715fb1
    SHA-256: 6ea1aa7a0df8d656090e3406f9af4483c89b6d7a6c9b145949741834b8cab468
    Size: 127.13 kB
  4. java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 1daaf55c8b61f91ea1bf4b1fc738ebee
    SHA-256: 2bf9b1615f69a78b7ba470c549bf1cd720ae104feb8b3aa9d260d1c7ce7b5778
    Size: 127.14 kB
  5. java-1.8.0-openjdk-demo-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: cd704b649221b789e7aa3cbbce8cafea
    SHA-256: e34e70902b8917565475d6a3a8331c469dcdcfa8883e5839e97c30c89c9b4656
    Size: 2.09 MB
  6. java-1.8.0-openjdk-demo-fastdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: bea520843a8ec142d286630807284349
    SHA-256: 3e24f47932ad2e496e25af27f5ce4791b10e60b807582d7774b63a51d37d18ac
    Size: 2.11 MB
  7. java-1.8.0-openjdk-demo-slowdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 890e6f3da344a62f3b907e25e946b958
    SHA-256: e4f36e58a93c3389ab5f380c96aff7a35ef90261949f70ed2cebeca660bb993a
    Size: 2.11 MB
  8. java-1.8.0-openjdk-devel-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: a66f9252288281197d41e247af4c793e
    SHA-256: 36258d36be18d5cdd68c9596abc7afbdb9f01848874eb8d06d1fc0bb1d85b354
    Size: 9.96 MB
  9. java-1.8.0-openjdk-devel-fastdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 8bd391d11d1fed9c1bf030513dfbf44f
    SHA-256: 4b65b250293f1b8aecbfe190a1daa54d095032324607042ebb52f6cb8f528263
    Size: 9.96 MB
  10. java-1.8.0-openjdk-devel-slowdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: fe2f73bcab457f2dd277666b8f873d83
    SHA-256: e2b0612e5e7edf755759d1640af2bffb9444d32a907695e953f59f9af0d0d762
    Size: 9.96 MB
  11. java-1.8.0-openjdk-fastdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: a89fcb4e19018babdc19a5dba088bea9
    SHA-256: 8f78eca9135d79a1f966380e66ac643084eaeb503e3d4452229588cafe6df345
    Size: 571.78 kB
  12. java-1.8.0-openjdk-headless-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 2bf5dcaae475f7de806474cde70e976d
    SHA-256: 22c010f1a01284d0d1dd8d3222a3169dfdd19b88ab328c18a2c63777ee128b9c
    Size: 34.54 MB
  13. java-1.8.0-openjdk-headless-fastdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 5bb8f37f7a4a68e88a89846f2d2e93ca
    SHA-256: 55676ed6083c1161f1e75dd38c0fa552dbfdd3726e25e8e97f2b5909b78aef11
    Size: 38.18 MB
  14. java-1.8.0-openjdk-headless-slowdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 2a47cfbeca85999f7b2528937e8a0347
    SHA-256: 31b4add2c80aaba31d21cfcafddab30232e883753238dc94719ea94f91cdaeaf
    Size: 36.37 MB
  15. java-1.8.0-openjdk-javadoc-1.8.0.462.b08-2.el8.noarch.rpm
    MD5: 42a2bc3ccbaf70999daac9ac7173bc95
    SHA-256: d13d775ef8a3faa882b058399614e354daf832eaf1c5323bd476465db0033a3b
    Size: 15.20 MB
  16. java-1.8.0-openjdk-javadoc-zip-1.8.0.462.b08-2.el8.noarch.rpm
    MD5: 17f41e82ad4ca9ebe40f2421b43d23de
    SHA-256: 8854bdffc75ed00ed4ae3904161a166b716ac6df93a16404e74bc56f369ff0f9
    Size: 41.68 MB
  17. java-1.8.0-openjdk-slowdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: df407147c999221d2b3b15fe3bb89933
    SHA-256: fe9e5b1654958a9f146a660498b812a2dedc2b37875686273f21baae04dcaa74
    Size: 548.14 kB
  18. java-1.8.0-openjdk-src-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 238cd1cf44f308f7f3081c1730b14f8f
    SHA-256: d6e0e4aaaa969d880de088ce5ac26f75626f83249b7c05f4371db850164574f4
    Size: 45.53 MB
  19. java-1.8.0-openjdk-src-fastdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: 6c72d3e676bde3f74d271226b80df45f
    SHA-256: 5ca734e51ed777593bd6f4a2240cfe8bea937c0d213558b2e55ee3d719e60999
    Size: 45.53 MB
  20. java-1.8.0-openjdk-src-slowdebug-1.8.0.462.b08-2.el8.x86_64.rpm
    MD5: f90dc0928f88368b54a012769725af15
    SHA-256: aa45b7158ee4e01d70bc5d473b310ae720024765759118a017eac448d57e4d59
    Size: 45.53 MB