CLSA-2025-1753730595

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLSA-2025-1753730595
Upstream
Published
2025-07-28T19:23:19Z
Modified
2026-05-27T11:35:09.608076156Z
Summary
java-17-openjdk: Fix of 25 CVEs
Details
  • Update to jdk-17.0.15+6
  • Set bundled freetype provide version to 2.13.2
  • Set bundled harfbuzz provide version to 8.2.2
  • Require tzdata-java 2025a at runtime and for build
  • CVE-2025-21502: fix Hotspot component vulnerability allowing unauthorized access to resources and exposure of sensitive information
  • CVE-2025-30698: fix 2D component vulnerability allowing unauthorized data access and partial denial of service
  • CVE-2025-30691: fix Compiler component vulnerability allowing unauthorized data access and modification (CVSS 4.8 Medium)
  • CVE-2025-21587: fix JSSE component vulnerability allowing unauthorized creation/deletion/modification of critical data
  • CVE-2024-20921: fix information disclosure in Hotspot that allows remote attackers to access sensitive data via untrusted input through exposed APIs or sandboxed environments
  • CVE-2024-21235: fix vulnerability in Hotspot that allows remote attackers to read or modify limited data via untrusted input through exposed APIs or sandboxed code
  • CVE-2024-21217: fix vulnerability in Serialization that allows remote attackers to trigger partial denial of service via untrusted input through exposed APIs or sandboxed code
  • CVE-2024-21210: fix vulnerability in Hotspot that allows remote attackers to modify limited data via untrusted input through exposed APIs or sandboxed code.
  • CVE-2024-21208: fix security vulnerability in OpenJDK component
  • CVE-2024-21147: fix Hotspot component vulnerability allowing unauthorized data access
  • CVE-2024-21145: fix 2D component vulnerability allowing unauthorized data access
  • CVE-2024-21144: fix security vulnerability in OpenJDK component
  • CVE-2024-21140: fix Hotspot component vulnerability
  • CVE-2024-21138: fix Hotspot component vulnerability causing partial denial of service
  • CVE-2024-21131: fix vulnerability in Hotspot that allows remote attackers to modify limited data via untrusted input through exposed APIs or sandboxed code
  • CVE-2024-21094: fix Hotspot component vulnerability allowing unauthorized data modification
  • CVE-2024-21085: fix Concurrency component vulnerability causing partial denial of service
  • CVE-2024-21068: fix Hotspot component vulnerability allowing unauthorized data access
  • CVE-2024-21011: fix Hotspot component vulnerability causing partial denial of service
  • CVE-2024-20918: fix information disclosure and data modification in Hotspot via untrusted input
  • CVE-2024-20952: fix information disclosure and data modification in Security via untrusted input
  • CVE-2024-20926: fix information disclosure in Scripting via untrusted input
  • CVE-2023-48161: fix buffer overflow in GifLib’s DumpSCreen2RGB function allowing local attackers to access sensitive information
  • CVE-2023-22025: fix data modification in Hotspot via untrusted input through exposed APIs or sandboxed code
  • CVE-2023-25193: fix O(n^2) growth vulnerability in HarfBuzz's hb-ot-layout-gsubgpos.hh when processing consecutive marks
References

Affected packages

TuxCare:AlmaLinux:9.2
java-17-openjdk

Package

Name
java-17-openjdk
Purl
pkg:rpm/tuxcare/java-17-openjdk?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-demo

Package

Name
java-17-openjdk-demo
Purl
pkg:rpm/tuxcare/java-17-openjdk-demo?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-demo-fastdebug

Package

Name
java-17-openjdk-demo-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-demo-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-demo-slowdebug

Package

Name
java-17-openjdk-demo-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-demo-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-devel

Package

Name
java-17-openjdk-devel
Purl
pkg:rpm/tuxcare/java-17-openjdk-devel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-devel-fastdebug

Package

Name
java-17-openjdk-devel-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-devel-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-devel-slowdebug

Package

Name
java-17-openjdk-devel-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-devel-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-fastdebug

Package

Name
java-17-openjdk-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-headless

Package

Name
java-17-openjdk-headless
Purl
pkg:rpm/tuxcare/java-17-openjdk-headless?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-headless-fastdebug

Package

Name
java-17-openjdk-headless-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-headless-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-headless-slowdebug

Package

Name
java-17-openjdk-headless-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-headless-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-javadoc

Package

Name
java-17-openjdk-javadoc
Purl
pkg:rpm/tuxcare/java-17-openjdk-javadoc?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-javadoc-zip

Package

Name
java-17-openjdk-javadoc-zip
Purl
pkg:rpm/tuxcare/java-17-openjdk-javadoc-zip?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-jmods

Package

Name
java-17-openjdk-jmods
Purl
pkg:rpm/tuxcare/java-17-openjdk-jmods?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-jmods-fastdebug

Package

Name
java-17-openjdk-jmods-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-jmods-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-jmods-slowdebug

Package

Name
java-17-openjdk-jmods-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-jmods-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-slowdebug

Package

Name
java-17-openjdk-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-src

Package

Name
java-17-openjdk-src
Purl
pkg:rpm/tuxcare/java-17-openjdk-src?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-src-fastdebug

Package

Name
java-17-openjdk-src-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-src-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-src-slowdebug

Package

Name
java-17-openjdk-src-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-src-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-static-libs

Package

Name
java-17-openjdk-static-libs
Purl
pkg:rpm/tuxcare/java-17-openjdk-static-libs?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-static-libs-fastdebug

Package

Name
java-17-openjdk-static-libs-fastdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-static-libs-fastdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"
java-17-openjdk-static-libs-slowdebug

Package

Name
java-17-openjdk-static-libs-slowdebug
Purl
pkg:rpm/tuxcare/java-17-openjdk-static-libs-slowdebug?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:17.0.15.0.6-1.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1753730595.json"