Ubuntu 25.10 OpenJDK 25 Critical RCE Information Disclosure 7996-1

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 Summary: Several security issues were fixed in CRaC JDK 25. Software Description: - openjdk-25-crac: Open Source Java implementation with Coordinated Restore at Checkpoints Details: It was discovered that the RMI component of CRaC JDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint identification algorithm. An unauthenticated remote attacker could possibly use this issue to steal sensitive information. (CVE-2026-21925) Mingijung discovered that the AWT and JavaFX componenets of CRaC JDK 25 could run programs if Desktop.browse() was supplied a filename as a URI. An unauthenticated remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-21932) Zhihui Chen discovered that the Networking component of CRaC JDK 25 was suceptible to a CRLF injection vulnerability via the HttpServer class. An unauthenticated remote attacker co...