Release Info

Advisory: CLSA-2025:1753730595

OS: AlmaLinux 9.2 ESU

Public date: 2025-07-28 19:23:17

Project: java-17-openjdk

Version: 17.0.15.0.6-1.el9.tuxcare.els1

Errata link: https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1753730595.html

Changelog

- Update to jdk-17.0.15+6 - Set bundled freetype provide version to 2.13.2 - Set bundled harfbuzz provide version to 8.2.2 - Require tzdata-java 2025a at runtime and for build - CVE-2025-21502: fix Hotspot component vulnerability allowing unauthorized access to resources and exposure of sensitive information - CVE-2025-30698: fix 2D component vulnerability allowing unauthorized data access and partial denial of service - CVE-2025-30691: fix Compiler component vulnerability allowing unauthorized data access and modification (CVSS 4.8 Medium) - CVE-2025-21587: fix JSSE component vulnerability allowing unauthorized creation/deletion/modification of critical data - CVE-2024-20921: fix information disclosure in Hotspot that allows remote attackers to access sensitive data via untrusted input through exposed APIs or sandboxed environments - CVE-2024-21235: fix vulnerability in Hotspot that allows remote attackers to read or modify limited data via untrusted input through exposed APIs or sandboxed code - CVE-2024-21217: fix vulnerability in Serialization that allows remote attackers to trigger partial denial of service via untrusted input through exposed APIs or sandboxed code - CVE-2024-21210: fix vulnerability in Hotspot that allows remote attackers to modify limited data via untrusted input through exposed APIs or sandboxed code. - CVE-2024-21208: fix security vulnerability in OpenJDK component - CVE-2024-21147: fix Hotspot component vulnerability allowing unauthorized data access - CVE-2024-21145: fix 2D component vulnerability allowing unauthorized data access - CVE-2024-21144: fix security vulnerability in OpenJDK component - CVE-2024-21140: fix Hotspot component vulnerability - CVE-2024-21138: fix Hotspot component vulnerability causing partial denial of service - CVE-2024-21131: fix vulnerability in Hotspot that allows remote attackers to modify limited data via untrusted input through exposed APIs or sandboxed code - CVE-2024-21094: fix Hotspot component vulnerability allowing unauthorized data modification - CVE-2024-21085: fix Concurrency component vulnerability causing partial denial of service - CVE-2024-21068: fix Hotspot component vulnerability allowing unauthorized data access - CVE-2024-21011: fix Hotspot component vulnerability causing partial denial of service - CVE-2024-20918: fix information disclosure and data modification in Hotspot via untrusted input - CVE-2024-20952: fix information disclosure and data modification in Security via untrusted input - CVE-2024-20926: fix information disclosure in Scripting via untrusted input - CVE-2023-48161: fix buffer overflow in GifLib’s DumpSCreen2RGB function allowing local attackers to access sensitive information - CVE-2023-22025: fix data modification in Hotspot via untrusted input through exposed APIs or sandboxed code - CVE-2023-25193: fix O(n^2) growth vulnerability in HarfBuzz's hb-ot-layout-gsubgpos.hh when processing consecutive marks

Update

Update command: dnf update java-17-openjdk*

Packages list

java-17-openjdk-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-demo-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-demo-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-demo-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-devel-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-devel-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-devel-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-headless-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-headless-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-headless-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-javadoc-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-javadoc-zip-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-jmods-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-jmods-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-jmods-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-src-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-src-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-src-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-static-libs-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-static-libs-fastdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm java-17-openjdk-static-libs-slowdebug-17.0.15.0.6-1.el9.tuxcare.els1.x86_64.rpm

CVEs

CVE-2024-21208
CVE-2024-21210
CVE-2024-21217
CVE-2024-21235
CVE-2025-21587
CVE-2024-21140
CVE-2024-21094
CVE-2024-21085
CVE-2024-21011
CVE-2024-20918
CVE-2024-20952
CVE-2024-21068
CVE-2024-21131
CVE-2024-21138
CVE-2024-20926
CVE-2023-22025
CVE-2025-30698
CVE-2024-20921
CVE-2025-21502
CVE-2023-25193
CVE-2024-21145
CVE-2025-30691
CVE-2024-21144
CVE-2023-48161
CVE-2024-21147