USN-7480-1: OpenJDK 8 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 8 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15
Affected Software
Event History
Child vulnerabilities
Contains the following vulnerabilities.
Frequently Asked Questions
What is the severity of USN-7480-1?
The severity of USN-7480-1 is high due to potential exposure of sensitive information through incorrect RSA padding handling in the JSSE component.
How do I fix USN-7480-1?
To fix USN-7480-1, update your OpenJDK to version 8u452-ga~us1-0ubuntu1~24.04 or later on Ubuntu 25.04.
What components are affected by USN-7480-1?
USN-7480-1 affects the JSSE and Compiler components of OpenJDK 8.
What versions of OpenJDK are impacted by USN-7480-1?
USN-7480-1 impacts several versions of OpenJDK 8, specifically those prior to 8u452-ga~us1-0ubuntu1~24.04.
Who discovered the vulnerabilities reported in USN-7480-1?
The vulnerabilities reported in USN-7480-1 were discovered by researcher Alicja Kario.