[SECURITY] [DSA 6112-1] openjdk-21 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6112-1] openjdk-21 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 27 Jan 2026 07:20:00 +0000
Message-id: <[🔎] aXhnIF9d-ZZ2aozg@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6112-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 27, 2026                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-21
CVE ID         : CVE-2026-21925 CVE-2026-21932 CVE-2026-21933
                 CVE-2026-21945

Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect certificate validation, CRLF
injection or man-in-the-middle attacks.

For the stable distribution (trixie), these problems have been fixed in
version 21.0.10+7-1~deb13u1.

We recommend that you upgrade your openjdk-21 packages.

For the detailed security status of openjdk-21 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-21

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAml4ZgYACgkQEMKTtsN8
TjaCXA//d5JIxUqn8YaZwQ8YYZ02vvTXtYgHjJuNhr5BGr+bCCmSI0Y2Ci0+LQ8Q
di+3OKTQtSc3AAF8ccER3ooZ4jqmV2Ei/xNOp2PywnWvbtTpc30tlSblA9lOPh6c
CbEty1XPQFotgpwTVeWMyXJa5Iz7zQVJxeu6ekDhLDhxEcnG3Ibylng+6xIHoymH
R7WLNEers47Jvp13hGa0UvSagXSoQl9/AJKpgpgmWIn5XjfMoi1tdqtHbVoV0yJP
2Y3tIKaU2eKGULTJkXdcCpTdOx43A3E0hw7BFR5R+4SHGiQVAvs99CZ7uE27KQqa
tpK+d2z9wBdWfVebJYxz16JMzOmfczb78hm6FBD82+dGYHkNUZEswZBVb/xl8S7+
a6TulV4SgY9k1rH+VnRNMi1JY3vlEn1NToNxCGF9CYUB2dnaerdH+ehnZUGeMRkl
KI/Ivyn5/xMl/QWCUkirsnpC3spHYU1ZDsEXjcvbIKDO99lMySZBX4y6w6tG6XEg
MyOUgA0tUi+o/hOQht+DLaBF3RpvhYt2DxnZB2yGvKYGDkuE/3IjuqEASGClr1TI
UvEPy6OuaWmr+JnJDLTZKIupqiWn5PRPXMAgvDjzfrHStaTXeUh9Nmgi6ytd1tMg
agC6gW1AOgCfqPGuGPcbYwA3HSWXq2q+uvJpbF8BUsuGgWUtqY8=
=FdL9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6111-1] imagemagick security update
Next by Date: [SECURITY] [DSA 6113-1] openssl security update
Previous by thread: [SECURITY] [DSA 6111-1] imagemagick security update
Next by thread: [SECURITY] [DSA 6113-1] openssl security update
Index(es):
- Date
- Thread