Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2cedd6d383aa0c5e4dafe92870d4650fae24119 commit c2cedd6d383aa0c5e4dafe92870d4650fae24119 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:11:19 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:53 +0000 dev-java/openjdk-jre-bin: add 8.442_p06 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/40304 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-8.442_p06.ebuild | 82 ++++++++++++++++++++++ 2 files changed, 83 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6442126ae24b7d097bd7b435782394e9d1870b52 commit 6442126ae24b7d097bd7b435782394e9d1870b52 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:10:19 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:53 +0000 dev-java/openjdk-jre-bin: add 11.0.26_p4 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-11.0.26_p4.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e348dd7284451cbad8ce1ffa34451fa503c3c354 commit e348dd7284451cbad8ce1ffa34451fa503c3c354 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:09:04 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:52 +0000 dev-java/openjdk-jre-bin: add 17.0.14_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-17.0.14_p7.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dcbd9327bc422500b7e92f10b9b949703784f4b commit 9dcbd9327bc422500b7e92f10b9b949703784f4b Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:07:42 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:51 +0000 dev-java/openjdk-jre-bin: add 21.0.6_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-21.0.6_p7.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09ea07daf3e6e80d9e15c79885f576b565e94b9f commit 09ea07daf3e6e80d9e15c79885f576b565e94b9f Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-22 03:34:45 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:38 +0000 dev-java/openjdk: add 8.442_p06 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/40253 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-8.442_p06.ebuild | 283 ++++++++++++++++++++++++++++++ 2 files changed, 284 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff1f7ee5f98b7c8a0aabbfd80ea07e8705eef2fa commit ff1f7ee5f98b7c8a0aabbfd80ea07e8705eef2fa Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-22 03:29:58 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:38 +0000 dev-java/openjdk: add 11.0.26_p4 - CVE-2025-21502 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-11.0.26_p4.ebuild | 316 +++++++++++++++++++++++++++++ 2 files changed, 317 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a3906ebf737a0b5dcd7eed9372aad80f6df0de2 commit 4a3906ebf737a0b5dcd7eed9372aad80f6df0de2 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-21 22:19:09 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:37 +0000 dev-java/openjdk: add 17.0.14_p7 - CVE-2025-21502 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-17.0.14_p7.ebuild | 325 +++++++++++++++++++++++++++++ 2 files changed, 326 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95d9226673a6865f1bb55c7bc36d1744fc43f957 commit 95d9226673a6865f1bb55c7bc36d1744fc43f957 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-21 22:16:07 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:37 +0000 dev-java/openjdk: add 21.0.6_p7 - CVE-2025-21502 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-21.0.6_p7.ebuild | 330 ++++++++++++++++++++++++++++++ 2 files changed, 331 insertions(+)
openjdk-bin updates tbd once downloads are complete
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=657c435bd940e7477a4d5658ebd99ff0c7a9a64e commit 657c435bd940e7477a4d5658ebd99ff0c7a9a64e Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-30 20:57:06 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:47 +0000 dev-java/openjdk-bin: add 8.442_p06 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/40358 Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 6 + dev-java/openjdk-bin/openjdk-bin-8.442_p06.ebuild | 130 ++++++++++++++++++++++ 2 files changed, 136 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23374e7a7387a5edef425d85418ccd16f6ae08ac commit 23374e7a7387a5edef425d85418ccd16f6ae08ac Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-28 19:31:25 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:47 +0000 dev-java/openjdk-bin: add 11.0.26_p4 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 6 + dev-java/openjdk-bin/openjdk-bin-11.0.26_p4.ebuild | 134 +++++++++++++++++++++ 2 files changed, 140 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4425a7e4b9b50285036d186eecf963c6670b7a0 commit d4425a7e4b9b50285036d186eecf963c6670b7a0 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-28 08:03:10 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:47 +0000 dev-java/openjdk-bin: add 21.0.6_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 6 + dev-java/openjdk-bin/openjdk-bin-21.0.6_p7.ebuild | 135 ++++++++++++++++++++++ 2 files changed, 141 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a79f9099f575f3b54a0051807a7e27c455f365b commit 6a79f9099f575f3b54a0051807a7e27c455f365b Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-27 15:25:23 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:46 +0000 dev-java/openjdk-bin: add 17.0.14_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 7 ++ dev-java/openjdk-bin/openjdk-bin-17.0.14_p7.ebuild | 135 +++++++++++++++++++++ 2 files changed, 142 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2eca608d7b3d43612a4d51854f6824e04594bf34 commit 2eca608d7b3d43612a4d51854f6824e04594bf34 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-02-24 20:19:21 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-25 16:36:00 +0000 dev-java/openjdk-bin: drop versions Bug: https://bugs.gentoo.org/948666 Closes: https://bugs.gentoo.org/947770 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 25 ---- dev-java/openjdk-bin/openjdk-bin-11.0.25_p9.ebuild | 134 -------------------- .../openjdk-bin/openjdk-bin-17.0.13_p11.ebuild | 135 --------------------- dev-java/openjdk-bin/openjdk-bin-21.0.5_p11.ebuild | 135 --------------------- dev-java/openjdk-bin/openjdk-bin-8.432_p06.ebuild | 130 -------------------- 5 files changed, 559 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c30ee407d9fded4937404340fdd45cc8218a1667 commit c30ee407d9fded4937404340fdd45cc8218a1667 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-02-24 20:17:25 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-25 16:36:00 +0000 dev-java/openjdk: drop versions Bug: https://bugs.gentoo.org/948666 Bug: https://bugs.gentoo.org/947770 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk/Manifest | 4 - dev-java/openjdk/openjdk-11.0.25_p9.ebuild | 316 ------------------------ dev-java/openjdk/openjdk-17.0.13_p11.ebuild | 325 ------------------------- dev-java/openjdk/openjdk-21.0.5_p11-r1.ebuild | 330 -------------------------- dev-java/openjdk/openjdk-8.432_p06.ebuild | 283 ---------------------- 5 files changed, 1258 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be6cc0b3d0d7e165905f4a712839aed6db7d4d87 commit be6cc0b3d0d7e165905f4a712839aed6db7d4d87 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-02-24 15:37:28 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-25 16:35:59 +0000 dev-java/openjdk-jre-bin: drop versions Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 4 -- .../openjdk-jre-bin-11.0.25_p9.ebuild | 83 ---------------------- .../openjdk-jre-bin-17.0.13_p11.ebuild | 83 ---------------------- .../openjdk-jre-bin-21.0.5_p11.ebuild | 83 ---------------------- .../openjdk-jre-bin-8.432_p06.ebuild | 82 --------------------- 5 files changed, 335 deletions(-)
