USN-7482-1: OpenJDK 17 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15
Affected Software
Event History
Child vulnerabilities
Contains the following vulnerabilities.
Frequently Asked Questions
What is the severity of USN-7482-1?
USN-7482-1 addresses vulnerabilities in OpenJDK 17 that could lead to the exposure of sensitive information, which is considered serious.
How do I fix USN-7482-1?
To fix USN-7482-1, update OpenJDK 17 to version 17.0.15+6~us1-0ubuntu1~25.04 or later.
What versions of OpenJDK are affected by USN-7482-1?
OpenJDK 17 versions prior to 17.0.15+6~us1-0ubuntu1~25.04 on Ubuntu 25.04 and earlier versions are affected.
What specific vulnerabilities does USN-7482-1 address?
USN-7482-1 addresses vulnerabilities related to incorrect handling of RSA padding and compiler transformations in OpenJDK 17.
Is it safe to continue using OpenJDK 17 without applying the update from USN-7482-1?
No, it is not safe to continue using an unpatched version of OpenJDK 17, as it may expose sensitive information.