{"id":"CLSA-2025-1753799434","summary":"java-1.8.0-openjdk: Fix of 19 CVEs","details":"- Security fixes from OpenJDK 8u452-b09:\n - CVE-2025-21587: JSSE issue allowing remote access or modification of sensitive data\n - CVE-2025-30698: allows limited data access and partial DoS via untrusted Java code\n - CVE-2025-30691: allows limited data access via untrusted code using compiler APIs\n- Security fixes from OpenJDK 8u442-b06:\n - CVE-2025-21502: hotspot vulnerability enabling limited data access java clients\n- Security fixes from OpenJDK 8u432-b06:\n - CVE-2024-21235: sandbox bypass in java clients via exposed APIs\n - CVE-2024-21208: network flaw in sandboxed java clients enabling limited DoS\n - CVE-2024-21210: enabling data modification in sandboxed clients via crafted API input\n - CVE-2024-21217: serialization flaw may trigger partial DoS in sandboxed environments\n- Security fixes from OpenJDK 8u422-b05:\n - CVE-2024-21147: hotspot issue may lead to unauthorized access of sensitive data\n - CVE-2024-21145: enable limited unauthorized data access via untrusted java code\n - CVE-2024-21140: expose limited data to unauthorized read/write via sandboxed java code\n - CVE-2024-21144: allow remote unauthenticated attacker to cause partial DoS\n - CVE-2024-21131: remote access via API may lead to limited data modification\n - CVE-2024-21138: remote API calls may trigger partial DoS in sandboxed java environments\n- Security fixes from OpenJDK 8u412-b08:\n - CVE-2024-21094: lead to unauthorized data changes in sandboxed java apps\n - CVE-2024-21085: concurrency flaw may cause partial DoS in sandboxed java environments\n - CVE-2024-21011: hotspot issue may trigger partial DoS in sandboxed java environments\n - CVE-2024-21068: lead to limited unauthorized data modification in sandboxed deployments\n - CVE-2024-21012: networking issue may allow limited data modification","modified":"2026-05-27T11:36:13.892584313Z","published":"2025-07-29T14:30:38Z","upstream":["CVE-2024-21011","CVE-2024-21012","CVE-2024-21068","CVE-2024-21085","CVE-2024-21094","CVE-2024-21131","CVE-2024-21138","CVE-2024-21140","CVE-2024-21144","CVE-2024-21145","CVE-2024-21147","CVE-2024-21208","CVE-2024-21210","CVE-2024-21217","CVE-2024-21235","CVE-2025-21502","CVE-2025-21587","CVE-2025-30691","CVE-2025-30698"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1753799434.html"}],"affected":[{"package":{"name":"java-1.8.0-openjdk","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-demo","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-demo-fastdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo-fastdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-demo-slowdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-demo-slowdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-devel-fastdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel-fastdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-devel-slowdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-devel-slowdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-fastdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-fastdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-headless","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-headless-fastdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless-fastdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-headless-slowdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-headless-slowdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-javadoc","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-javadoc?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-javadoc-zip","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-javadoc-zip?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-slowdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-slowdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-src","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-src-fastdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src-fastdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}},{"package":{"name":"java-1.8.0-openjdk-src-slowdebug","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/java-1.8.0-openjdk-src-slowdebug?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.8.0.452.b09-3.tuxcare.els1.el9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753799434.json"}}],"schema_version":"1.7.5"}