java-21-openjdk-21.0.8.0.9-1.el8.ML.1

エラータID: AXSA:2025-10611:10

Release date: 
Monday, July 28, 2025 - 11:25
Subject: 
java-21-openjdk-21.0.8.0.9-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* JDK: Better Glyph drawing (CVE-2025-30749)
* JDK: Enhance TLS protocol support (CVE-2025-30754)
* JDK: Improve HTTP client header handling (CVE-2025-50059)
* JDK: Better Glyph drawing redux (CVE-2025-50106)

Bug Fix(es):

* In Asianux Server 9 and Asianux Server 10 systems, the default graphical display system is Wayland. The use of Wayland in these systems causes a failure in the traditional X11 method that java.awt.Robot uses to take a screen capture, producing a blank image. With this update, the RPM now recommends installing the PipeWire package, which the JDK can use to take screen captures in Wayland systems (RHEL-102683, RHEL-102684, RHEL-102685)
* On NUMA systems, the operating system can choose to migrate a task from one NUMA node to another. In the G1 garbage collector, G1AllocRegion objects are associated with NUMA nodes. The G1Allocator code assumes that obtaining the G1AllocRegion object for the current thread is sufficient, but OS scheduling can lead to arbitrary changes in the NUMA-to-thread association. This can cause crashes when the G1AllocRegion being used changes mid-operation. This update resolves this issue by always using the same NUMA node and associated G1AllocRegion object throughout an operation. (RHEL-90307, RHEL-90308, RHEL-90311)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-30749
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-30754
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-50059
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
CVE-2025-50106
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Solution: 

Update packages.

CVEs: 
CVE-2025-30749
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-30754
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-50059
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-50106
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. java-21-openjdk-21.0.8.0.9-1.el8.ML.1.src.rpm
    MD5: 1da62e185b98020595446dd92f53b20f
    SHA-256: d130837660def3d6126964b674eb33e84d62d8379db121dd52f9c36c3a691957
    Size: 67.67 MB

Asianux Server 8 for x86_64
  1. java-21-openjdk-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 0ecdd393e3c1e96b9cedeb5262bd5c86
    SHA-256: 2712386c7b28c6e3c70f506d2e93021e5704f71b5a561bafe7cea9a6dd99e979
    Size: 448.61 kB
  2. java-21-openjdk-demo-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: dc425d9aea7df3362044e67075ae6cfa
    SHA-256: d7ae2dde0ab87e27b915cf81648ccf89c7e8bfdcaad5a56069f9c2b18228f2db
    Size: 3.17 MB
  3. java-21-openjdk-demo-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: b26f836ceb2cf181ccaf7b323d093677
    SHA-256: 030345e876744ee27c335c5ea42c2fd9f360b5d8966e57d1224d3cf587beebc2
    Size: 3.18 MB
  4. java-21-openjdk-demo-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 10c40a0c0770050d0dfe6c8f93bafac5
    SHA-256: dea8d78f8decd77c32a464401d66f4a47abb63c25d7b336f1d87051bcd1732e4
    Size: 3.18 MB
  5. java-21-openjdk-devel-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: b2be5fbdd14e7a532fd402b6d7e322a8
    SHA-256: d07679e9cadefc98f81db7e194398bd8784b360d7abc7523ec46aa2992db0144
    Size: 5.17 MB
  6. java-21-openjdk-devel-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: f125c84feb5bcf5ae3cf88d196f0eab4
    SHA-256: 6e4aa2c113d71f40d94ab97229751488b2f778911de96e37cc076e9272f097a4
    Size: 5.17 MB
  7. java-21-openjdk-devel-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: d2f2efa4ffcb7abcdd4f3133a2be61fb
    SHA-256: ea3d84bf3f7a37f8c8439d7e7f9ae5c7cbf204fa79eb851b5b1a7dae82a7e247
    Size: 5.17 MB
  8. java-21-openjdk-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: d78a260db0ee714d537db482f1257058
    SHA-256: 276f1ecc374b8aab36324f8d8f23595f45afdd25678d1cbdee1b996b904307c4
    Size: 457.84 kB
  9. java-21-openjdk-headless-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: d62be2697fb5d2ffa9eb3daef7383e0d
    SHA-256: 0e543f7b87ec0b3c9c4d57220bee441ea297f2b2edd7e8dee970e8d3af690349
    Size: 49.41 MB
  10. java-21-openjdk-headless-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 74c3edc4dbfd26d7f2bd27f6f93fca7d
    SHA-256: 24db6a8f1144d1cc67191fb592aec59c890ba55c1631196b47803902c5a6e588
    Size: 54.20 MB
  11. java-21-openjdk-headless-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 0dfaea5084f9ab1a9fca87a1381c8f76
    SHA-256: 4e55355bcbac52e525f2842bcc5300f9c50995a44ae97b7b3ff694ee78363e94
    Size: 53.36 MB
  12. java-21-openjdk-javadoc-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 12350a5068b0cba09a4fb3cb76ddc6b9
    SHA-256: 7ad66d69429b94c50cd6e78cfcb5e35645fb1d79531d52fd9980ae5a462c1b8f
    Size: 16.40 MB
  13. java-21-openjdk-javadoc-zip-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: b2f08118da6f031bdf82aacc60887278
    SHA-256: 1788c8644003b965c0bac8edab5932faa92a7db7de9d8ce8b9bc9cfc1717e086
    Size: 41.51 MB
  14. java-21-openjdk-jmods-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: ef4872b105c1b55ca609925cff8096e6
    SHA-256: b9199737fb45efba3ab085f76f2a3bfa72388ea9eff3e9245db57265ac438b87
    Size: 307.24 MB
  15. java-21-openjdk-jmods-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: dd1be70dce2068c9ad84226162ff52f0
    SHA-256: d200d69b06d1bc3dee48ba9d9d340bf75af70e94a9994fd85bf5a6e099cdec9a
    Size: 362.37 MB
  16. java-21-openjdk-jmods-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 8acbc193a723ea9f56248d5168271bf0
    SHA-256: 2df1f8aa024998466e2acaab3c15d2da83394a811b57524453aaffe4c9199875
    Size: 284.15 MB
  17. java-21-openjdk-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 4693f377e754e25e2673e79047e4262b
    SHA-256: 6dc88dc3a7d7f20fcde63b0df94c26f497932ebedf5109a8be3be389844e2a0c
    Size: 435.25 kB
  18. java-21-openjdk-src-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 19ae58dbcd02219485e279ee718ab891
    SHA-256: d47ee62f556da30a1a6958d46b84edc16425546ccca4e6bfd5949703bd604c45
    Size: 47.38 MB
  19. java-21-openjdk-src-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 09f211eb04a09a423e6275a0612427e9
    SHA-256: 6a858898bb858e3b4e6278e46223c39d3782bcb0a2202d5cd03092e1795d4596
    Size: 47.38 MB
  20. java-21-openjdk-src-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: b2123b5f778301db1c4d59c8cf20cb26
    SHA-256: b30b09f332d77edcc07f6977d325fcc25e3dac9114b1a49320668e53cdb3d865
    Size: 47.38 MB
  21. java-21-openjdk-static-libs-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: d7dae364aa688ec3197e7a5789c8a8ab
    SHA-256: 3a476309570d30ef8dbf6c895320207901ef08a03de7107397136e266bf1a895
    Size: 31.95 MB
  22. java-21-openjdk-static-libs-fastdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: c6cdc969f9b494e3b20b2979ebc77917
    SHA-256: 76e888194331905961a92c4507cfc529c4df49493e052c49752789a1d397bab9
    Size: 32.11 MB
  23. java-21-openjdk-static-libs-slowdebug-21.0.8.0.9-1.el8.ML.1.x86_64.rpm
    MD5: 5636986a23d2663fe1cc7c6ea34cf992
    SHA-256: f029ae6be0a2944177e29828d9cdf4440e282d1abe7cf26e6fd466b35c45ad8b
    Size: 25.40 MB