USN-7533-1
- Source
- https://ubuntu.com/security/notices/USN-7533-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7533-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7533-1
- Related
- Published
- 2025-05-26T11:44:38.734054Z
- Modified
- 2025-05-26T11:44:38.734054Z
- Summary
- openjdk-17-crac vulnerabilities
- Details
-
Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587)
It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691)
It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698)
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following link for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15
- References
Affected packages
Ubuntu:24.10 / openjdk-17-crac
Package
- Name
- openjdk-17-crac
- Purl
- pkg:deb/ubuntu/openjdk-17-crac@17.0.15+6-0ubuntu1~24.10?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.15+6-0ubuntu1~24.10
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-dbg"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-demo"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-doc"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-jdk"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-jdk-headless"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-jre"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-jre-headless"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-jre-zero"
},
{
"binary_version": "17.0.15+6-0ubuntu1~24.10",
"binary_name": "openjdk-17-crac-source"
}
]
}
Ubuntu:25.04 / openjdk-17-crac
Package
- Name
- openjdk-17-crac
- Purl
- pkg:deb/ubuntu/openjdk-17-crac@17.0.15+6-0ubuntu1~25.04?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.15+6-0ubuntu1~25.04
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-dbg"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-demo"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-doc"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-jdk"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-jdk-headless"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-jre"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-jre-headless"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-jre-zero"
},
{
"binary_version": "17.0.15+6-0ubuntu1~25.04",
"binary_name": "openjdk-17-crac-source"
}
]
}