USN-7669-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7669-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7669-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-7669-1
Upstream
Related
Published
2025-07-24T12:48:01.239838Z
Modified
2025-07-28T07:45:50.718883Z
Summary
openjdk-24 vulnerabilities
Details

It was discovered that the 2D component of OpenJDK 24 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30749, CVE-2025-50106)

Mashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK 24 did not properly manage TLS 1.3 handshakes under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-30754)

Martin van Wingerden and Violeta Georgieva of Broadcom discovered that the Networking component of OpenJDK 24 did not properly manage network connections under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-50059)

References

Affected packages

Ubuntu:25.04 / openjdk-24

Package

Name
openjdk-24
Purl
pkg:deb/ubuntu/openjdk-24@24.0.2+12~us1-0ubuntu1~25.04.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.0.2+12~us1-0ubuntu1~25.04.1

Affected versions

Other

24~16ea-1
24~20ea-1
24~22ea-1
24~30ea-1
24~33ea-1
24~34ea-0ubuntu1
24~36ea-1
24+36-1

24.*

24.0.1+9~us1-0ubuntu1~25.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "openjdk-24-dbg",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-demo",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-doc",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-jdk",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-jdk-headless",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-jre",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-jre-headless",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-jre-zero",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-jvmci-jdk",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-source",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        },
        {
            "binary_name": "openjdk-24-testsupport",
            "binary_version": "24.0.2+12~us1-0ubuntu1~25.04.1"
        }
    ],
    "availability": "No subscription required"
}