{"id":"MGASA-2025-0042","summary":"Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerability","details":"A difficult to exploit vulnerability allows unauthenticated attackers with\nnetwork access via multiple protocols to compromise Oracle Java SE.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to Oracle Java SE accessible. This\nvulnerability can be exploited by using APIs in the specified Component,\ne.g., through a web service which supplies data to the APIs. This\nvulnerability also applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java applets,\nthat load and run untrusted code (e.g., code that comes from the\nInternet) and rely on the Java sandbox for security. (CVE-2025-21502)\n","modified":"2026-04-16T00:09:20.003364495Z","published":"2025-02-07T19:45:58Z","upstream":["CVE-2025-21502"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0042.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33954"},{"type":"WEB","url":"https://access.redhat.com/errata/RHBA-2025:0418"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0429"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2025:0422"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2025.html#AppendixJAVA"}],"affected":[{"package":{"name":"java-17-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-17-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.0.14.0.7-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0042.json"}},{"package":{"name":"java-11-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-11-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.26.0.4-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0042.json"}},{"package":{"name":"java-1.8.0-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-1.8.0-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0.442.b06-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0042.json"}},{"package":{"name":"java-latest-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-latest-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.0.2.0.7-1.rolling.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0042.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}