Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Ubuntu 25.04: OpenJDK 8 Critical Denial of Service Advisory USN-7667-1

Calendar Jul 29, 2025 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu vulnerability java openjdk-8
Several security issues were fixed in OpenJDK 8. 
==========================================================================
Ubuntu Security Notice USN-7667-1
July 24, 2025

openjdk-8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenJDK 8.

Software Description:
- openjdk-8: Open Source Java implementation

Details:

It was discovered that the 2D component of OpenJDK 8 did not properly
manage memory under certain circumstances. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30749, CVE-2025-50106)

Mashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK 8
did not properly manage TLS 1.3 handshakes under certain circumstances.
An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-30754)

It was discovered that the Scripting component of OpenJDK 8 did not
properly manage properties under certain circumstances. An attacker
could possibly use this issue to cause a denial of service, execute
arbitrary code or bypass Java sandbox restrictions. (CVE-2025-30761)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-07-15

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  openjdk-8-jdk                   8u462-ga~us1-0ubuntu2~25.04.2
  openjdk-8-jdk-headless          8u462-ga~us1-0ubuntu2~25.04.2
  openjdk-8-jre                   8u462-ga~us1-0ubuntu2~25.04.2
  openjdk-8-jre-headless          8u462-ga~us1-0ubuntu2~25.04.2
  openjdk-8-jre-zero              8u462-ga~us1-0ubuntu2~25.04.2

Ubuntu 24.04 LTS
  openjdk-8-jdk                   8u462-ga~us1-0ubuntu2~24.04.2
  openjdk-8-jdk-headless          8u462-ga~us1-0ubuntu2~24.04.2
  openjdk-8-jre                   8u462-ga~us1-0ubuntu2~24.04.2
  openjdk-8-jre-headless          8u462-ga~us1-0ubuntu2~24.04.2
  openjdk-8-jre-zero              8u462-ga~us1-0ubuntu2~24.04.2

Ubuntu 22.04 LTS
  openjdk-8-jdk                   8u462-ga~us1-0ubuntu2~22.04.2
  openjdk-8-jdk-headless          8u462-ga~us1-0ubuntu2~22.04.2
  openjdk-8-jre                   8u462-ga~us1-0ubuntu2~22.04.2
  openjdk-8-jre-headless          8u462-ga~us1-0ubuntu2~22.04.2
  openjdk-8-jre-zero              8u462-ga~us1-0ubuntu2~22.04.2

Ubuntu 20.04 LTS
  openjdk-8-jdk                   8u462-ga~us1-0ubuntu2~20.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u462-ga~us1-0ubuntu2~20.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u462-ga~us1-0ubuntu2~20.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u462-ga~us1-0ubuntu2~20.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u462-ga~us1-0ubuntu2~20.04.2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  openjdk-8-jdk                   8u462-ga~us1-0ubuntu2~18.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u462-ga~us1-0ubuntu2~18.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u462-ga~us1-0ubuntu2~18.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u462-ga~us1-0ubuntu2~18.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u462-ga~us1-0ubuntu2~18.04.2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  openjdk-8-jdk                   8u462-ga~us1-0ubuntu2~16.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u462-ga~us1-0ubuntu2~16.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u462-ga~us1-0ubuntu2~16.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u462-ga~us1-0ubuntu2~16.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-jamvm             8u462-ga~us1-0ubuntu2~16.04.2
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u462-ga~us1-0ubuntu2~16.04.2
                                  Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7667-1
  CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50106

Package Information:
  https://launchpad.net/ubuntu/+source/openjdk-8/8u462-ga~us1-0ubuntu2~25.04.2
  https://launchpad.net/ubuntu/+source/openjdk-8/8u462-ga~us1-0ubuntu2~24.04.2
  https://launchpad.net/ubuntu/+source/openjdk-8/8u462-ga~us1-0ubuntu2~22.04.2

Ubuntu 25.04: OpenJDK 8 Critical Denial of Service Advisory USN-7667-1

ubuntu
Calendar Grey July 29, 2025
Dist Ubuntu Esm H88
Numerous vulnerabilities addressed in OpenJDK 8 across various Ubuntu releases, emphasizing enhancements in memory handling and TLS handshake processes.
Several security issues were fixed in OpenJDK 8.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenJDK 8. Software Description: - openjdk-8: Open Source Java implementation Details: It was discovered that the 2D component of OpenJDK 8 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30749, CVE-2025-50106) Mashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK 8 did not properly manage TLS 1.3 handshakes under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-30754) It was discovered that the Scripting component of OpenJDK 8 did not properly manage properties under certain circumstances. An attacker could possibly use this issue to cause a denial of service...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu vulnerability java openjdk-8

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 openjdk-8-jdk 8u462-ga~us1-0ubuntu2~25.04.2 openjdk-8-jdk-headless 8u462-ga~us1-0ubuntu2~25.04.2 openjdk-8-jre 8u462-ga~us1-0ubuntu2~25.04.2 openjdk-8-jre-headless 8u462-ga~us1-0ubuntu2~25.04.2 openjdk-8-jre-zero 8u462-ga~us1-0ubuntu2~25.04.2 Ubuntu 24.04 LTS openjdk-8-jdk 8u462-ga~us1-0ubuntu2~24.04.2 openjdk-8-jdk-headless 8u462-ga~us1-0ubuntu2~24.04.2 openjdk-8-jre 8u462-ga~us1-0ubuntu2~24.04.2 openjdk-8-jre-headless 8u462-ga~us1-0ubuntu2~24.04.2 openjdk-8-jre-zero 8u462-ga~us1-0ubuntu2~24.04.2 Ubuntu 22.04 LTS openjdk-8-jdk 8u462-ga~us1-0ubuntu2~22.04.2 openjdk-8-jdk-headless 8u462-ga~us1-0ubuntu2~22.04.2 openjdk-8-jre 8u462-ga~us1-0ubuntu2~22.04.2 openjdk-8-jre-headless 8u462-ga~us1-0ubuntu2~22.04.2 openjdk-8-jre-zero 8u462-ga~us1-0ubuntu2~22.04.2 Ubuntu 20.04 LTS openjdk-8-jdk 8u462-ga~us1-0ubuntu2~20.04.2 Available with Ubuntu Pro openjdk-8-jdk-headless 8u462-ga~us1-0ubuntu2~20.04.2 Available with Ubuntu Pro openjdk-8-jre 8u462-ga~us1-0ubuntu2~20.04.2 Available with Ubuntu Pro openjdk-8-jre-headless 8u462-ga~us1-0ubuntu2~20.04.2 Available with Ubuntu Pro openjdk-8-jre-zero 8u462-ga~us1-0ubuntu2~20.04.2 Available with Ubuntu Pro Ubuntu 18.04 LTS openjdk-8-jdk 8u462-ga~us1-0ubuntu2~18.04.2 Available with Ubuntu Pro openjdk-8-jdk-headless 8u462-ga~us1-0ubuntu2~18.04.2 Available with Ubuntu Pro openjdk-8-jre 8u462-ga~us1-0ubuntu2~18.04.2 Available with Ubuntu Pro openjdk-8-jre-headless 8u462-ga~us1-0ubuntu2~18.04.2 Available with Ubuntu Pro openjdk-8-jre-zero 8u462-ga~us1-0ubuntu2~18.04.2 Available with Ubuntu Pro Ubuntu 16.04 LTS openjdk-8-jdk 8u462-ga~us1-0ubuntu2~16.04.2 Available with Ubuntu Pro openjdk-8-jdk-headless 8u462-ga~us1-0ubuntu2~16.04.2 Available with Ubuntu Pro openjdk-8-jre 8u462-ga~us1-0ubuntu2~16.04.2 Available with Ubuntu Pro openjdk-8-jre-headless 8u462-ga~us1-0ubuntu2~16.04.2 Available with Ubuntu Pro openjdk-8-jre-jamvm 8u462-ga~us1-0ubuntu2~16.04.2 Available with Ubuntu Pro openjdk-8-jre-zero 8u462-ga~us1-0ubuntu2~16.04.2 Available with Ubuntu Pro This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7667-1

CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50106

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7667-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu vulnerability java openjdk-8

Package Information

https://launchpad.net/ubuntu/+source/openjdk-8/8u462-ga~us1-0ubuntu2~25.04.2 https://launchpad.net/ubuntu/+source/openjdk-8/8u462-ga~us1-0ubuntu2~24.04.2 https://launchpad.net/ubuntu/+source/openjdk-8/8u462-ga~us1-0ubuntu2~22.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here