INFSA-2025:18821: java-17-openjdk security update
Information about definition
Identificator: INFSA-2025:18821
Type: security
Release date: 2025-10-31 14:41:24 UTC
Information about package
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Vulnerabilities description
- CVE-2025-53057
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
- CVE-2025-53066
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact. Bug Fix(es): * Since the 8.8 release and the 9.2 release, OpenJDK 17 has used a single build repackaged for each major OS release. With this release, this same build is now also used by the following older releases: 8.4, 8.6 and 9.0.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-53057
|
no information | 5.9 | no information |
|
NIST — CVE-2025-53066
|
no information | 4.8 | no information |
Updated packages
Preparing to download...