[SECURITY] [DSA 6237-1] openjdk-17

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6237-1] openjdk-17
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 29 Apr 2026 18:43:21 +0000
Message-id: <[🔎] afJRSbxezIcgk114@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6237-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 29, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-17
CVE ID         : CVE-2026-22007 CVE-2026-22013 CVE-2026-22016
                 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268
		 CVE-2026-34282

Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect generation of cryptographic
keys, denial of service, information disclosure, XEE/XEE attacks
or incorrect validation of Kerberos credentials.

For the oldstable distribution (bookworm), these problems have been fixed
in version 17.0.19+10-1~deb12u2.

We recommend that you upgrade your openjdk-17 packages.

For the detailed security status of openjdk-17 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-17

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnyUGgACgkQEMKTtsN8
TjaRYQ//ULet2am6UxedMnBQn8U7wq3arHpgLm4c0XR8qQANFnVf37PS5zFyac63
zC2hDazvid8hR9XOTllfRL7CIuJM9G/Am7xAkgicckPNM4r2QPsyNSampFzLBPyg
ggB8FTCkJTMLEzQ/b3cHTV5gLspF4zrxQT/2rCoMCfRdhsr36yyJ7OgPB7PZJngv
mOVDjH1HafGSLVMr9SBPRnucvcyt+OkoLhjgly7AXQ4sNR8wA/J5Z8oCOB93KZ3F
200H87RZOk2UKj0CgORJWiQCBW8sipbzSWGiY6uuBF1KIexQ1bifzXiNgIFt+M2G
7fWWbFshVSz+78M3eK5MuE0WtdlVaorJEKHr2Pt/lm25ndmGClUHiJvsa4IzxXRn
cE5W2wjHKf/qF4SB8Sb7c9jwUVtgTAhPnfqqAP+tzN1gDDguZO/G2lKA871T/Yf7
bVA1Yd30k5JLpPyhwMn0kluBQKNQZi1cmHJ+HrzEV9Qufnc9K9LYSLhcFTLW4KIq
ZcSh9QFEUuEZePG+c+rDr0Np/gufGI09CYgU4flYSNtt2RndZwkeu7MBebfr7hNq
yWZsW4tSmQOPZWFfwfEhNug6Lw3GmqnaAwTQLlXlEdMMiy1vlhWMczoBneXEq2qL
e6HfRo5Q+EzBjA5ihnO3y/bfwsmo95+115kcV4x4MqsJ+rJS1TA=
=mZuq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6236-1] firefox-esr security update
Next by Date: [SECURITY] [DSA 6238-1] linux security update
Previous by thread: [SECURITY] [DSA 6236-1] firefox-esr security update
Next by thread: [SECURITY] [DSA 6238-1] linux security update
Index(es):
- Date
- Thread