java-1.8.0-openjdk-1.8.0.472.b08-1.el9.ML.1

エラータID: AXSA:2025-11022:19

Release date: 
Wednesday, November 5, 2025 - 10:10
Subject: 
java-1.8.0-openjdk-1.8.0.472.b08-1.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment
and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Security). Supported
versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28,
17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM
Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
creation, deletion or modification access to critical data or all Oracle Java
SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
Note: This vulnerability can be exploited by using APIs in the specified
Component, e.g., through a web service which supplies data to the APIs. This
vulnerability also applies to Java deployments, typically in clients running
sandboxed Java Web Start applications or sandboxed Java applets, that load and
run untrusted code (e.g., code that comes from the internet) and rely on the
Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: JAXP). Supported
versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28,
17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM
Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise
Edition. Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle Java SE, Oracle GraalVM
for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This
vulnerability can be exploited by using APIs in the specified Component, e.g.,
through a web service which supplies data to the APIs. This vulnerability also
applies to Java deployments, typically in clients running sandboxed Java Web
Start applications or sandboxed Java applets, that load and run untrusted code
(e.g., code that comes from the internet) and rely on the Java sandbox for
security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2025-53057
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Additional Info: 

N/A

Download: 

SRPMS
  1. java-1.8.0-openjdk-1.8.0.472.b08-1.el9.ML.1.src.rpm
    MD5: f146fe833eef4bffb41786dab8cbad1b
    SHA-256: 1d496a3d3a948c938ae0f2430b5465a512083083a7ce2dad14410c598da70fd3
    Size: 57.99 MB

Asianux Server 9 for x86_64
  1. java-1.8.0-openjdk-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: b89781e011e170633b5c2dbc1295eb25
    SHA-256: 0b50be8a532418fe944a8e0ed372937ff4f5bee4be1dd226a66bf9340ec5e452
    Size: 424.80 kB
  2. java-1.8.0-openjdk-demo-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: e856fafbee1ea64f857d76bf64717700
    SHA-256: beb1fee5e658ec80343bc2c733ce383b8790a888cecb5a939b78832171382bca
    Size: 2.04 MB
  3. java-1.8.0-openjdk-demo-fastdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 4968e14767d5f91742ca58349db5905a
    SHA-256: d7dcb2a21def7769bd22cd68d5eb5f44712541e58960ff56f847e673a691723e
    Size: 2.06 MB
  4. java-1.8.0-openjdk-demo-slowdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 7a6183b42548512d74c6b3220313131f
    SHA-256: b1cb0cba2abb1a064c2c9b2f6ea86121896eb2d1feb95ff4400960e2089c75b9
    Size: 2.06 MB
  5. java-1.8.0-openjdk-devel-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 77fc45ff722ba4699586d073acf48233
    SHA-256: 11a0e97898cfe378f3bac9d7b4323c5f5d8895f2098a37bfda7e5b479e2b77b1
    Size: 9.34 MB
  6. java-1.8.0-openjdk-devel-fastdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 6ef9ce51b554e7605fa1d05baf5a7415
    SHA-256: 8922fbce0d5534a3b4da4ea9cd508752de218627e8b16a2a432fc0ae3b2da179
    Size: 9.35 MB
  7. java-1.8.0-openjdk-devel-slowdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 87aa3bad5270655bab45cae1515896cf
    SHA-256: 8940d0283e61e5722a5056f15ecfadbf024ac164999233aa737b5addab8e3681
    Size: 9.36 MB
  8. java-1.8.0-openjdk-fastdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: b32c305fe0a073043cae89fc60d6e154
    SHA-256: 3516561bd8f9f8d50a62b68a00274ffb80e1089a84242bd8c9d142651014de63
    Size: 437.00 kB
  9. java-1.8.0-openjdk-headless-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 699946c8fbb0e5ab8a840cf61bd80e37
    SHA-256: 6559185ff92440c4a56cec46cc125212a14accabe03a8d002e948c7bdb87b2d2
    Size: 32.84 MB
  10. java-1.8.0-openjdk-headless-fastdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 4139cb0ac8a351db2623d22edef94d70
    SHA-256: 3d75e08474cb241379f16e71421b377298f56fdf5803c5a713aca9565a0b896b
    Size: 36.59 MB
  11. java-1.8.0-openjdk-headless-slowdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: a895fa20e3c111e860c205aad74993f0
    SHA-256: b4282568f9328857c6c5f20dabb7987110397b63830d4c936711d423acb96541
    Size: 34.05 MB
  12. java-1.8.0-openjdk-javadoc-1.8.0.472.b08-1.el9.ML.1.noarch.rpm
    MD5: 5bfbded127a0e5168b77a7deb4e6fe23
    SHA-256: 43354d853bc1fa473f338584a0d713d634ff3df9243401e9433db2bf78d0ae12
    Size: 14.45 MB
  13. java-1.8.0-openjdk-javadoc-zip-1.8.0.472.b08-1.el9.ML.1.noarch.rpm
    MD5: f64868b408a20f97632e8ffed6f72860
    SHA-256: 73c00b489b143580e90da36f7a8495e352cb3dfd4a02156f3a337a90cb96f6cd
    Size: 40.74 MB
  14. java-1.8.0-openjdk-slowdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 991950646ae822ed54f6a6e9bd5112ae
    SHA-256: 6216689152208f9af5c43a8dddf2ba98d084b3ac32a6cdeaf63d34ef780d6b4a
    Size: 409.21 kB
  15. java-1.8.0-openjdk-src-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: d6a1baf689c6fe9dc1ea15248779430b
    SHA-256: 05119d088509f72ae94e227c27770bedec73e52232f5886eb53a00e867fd4425
    Size: 44.66 MB
  16. java-1.8.0-openjdk-src-fastdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: 5a009c03968ad6ccb8f6173ede9f923d
    SHA-256: 63a8d54924f6e0962008a3c808256a77ac49f66525c5c59d48ba44ca21fdfeff
    Size: 44.65 MB
  17. java-1.8.0-openjdk-src-slowdebug-1.8.0.472.b08-1.el9.ML.1.x86_64.rpm
    MD5: bb9bd7ca2b783400d32f0d85c001955d
    SHA-256: c437123f676ffd366a0b8d59eb09ab58dfe91bd82d689d5e3f55e873fd45e376
    Size: 44.66 MB