[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4345-1] openjdk-17 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4345-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 25, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openjdk-17
Version        : 17.0.17+10-1~deb11u1
CVE ID         : CVE-2025-53057 CVE-2025-53066

Two vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in XML external entity injection attacks or incorrect
certificate validation.

For Debian 11 bullseye, these problems have been fixed in version
17.0.17+10-1~deb11u1.

We recommend that you upgrade your openjdk-17 packages.

For the detailed security status of openjdk-17 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-17

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmj8k44ACgkQnUbEiOQ2
gwJLExAA0DDcPENcI790DVK6hGdehIehQymjBxUvUKrBL4HnE/vAL6bCfE/uv+gv
8q4SchvPJumdrTdNWOIeofC2U+A8ETbSZAAOEWE2kJ2a93Pd02QYBmZiMRImdo53
+2gFaPMxHFi8uqviwUixc9o27BKSnztCglXPZ1aKYLfOYxsLOkoxb5dgQqW0FOPo
kTAOGa+IgOc+9wECQgov0U+/UWY21v4cyPFuRTKCIJG0OOkoGpQUeerKBe15IENk
PTF+1iQoZUwyOsc/SICahD/rfgM9WBvZXgiPdMBOUImqobdLB9QoZr4jeck73LIm
PvPjXuVuAn692MqCPPtS/GK9QPoTTQgsH0upFtm0KmzTS7VxNNKCQcHnZ94pzQbC
fSRcCk5jWYABFBM+dyUcVIBI7v/7wJoGur3upqzhmTtmkzkAJYzOaj6C7Rwey0AK
ldSmz1y4qQzhih7MdfRYu6979NRzQk3hj4D5aF2nRw/nn9j5CqbSXo9qcDrQaDdv
oouR6UVknGBLa9x4kssTFkO+RSOjeer2dK7+TLL7jTnXOtDXe8u39tf/mSrLuV8G
m3jd7ypjSIJtFVV/Cznn14prSbKl6XcWy6+jknuVsmOEPvyjIkweP0ttXZ2nldIw
7l5HC+OdiUKn33vtyGxNEPYLMvkir3PKAkktoQOBpVMNX+MTFgw=
=rd9l
-----END PGP SIGNATURE-----
Reply to: