Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 25.04: OpenJDK 17 Critical Memory Issue DoS USN-7690-1

ubuntu
Calendar Grey August 12, 2025
Dist Ubuntu Esm H88
Significant vulnerabilities in OpenJDK 17 have been resolved with patches for Ubuntu versions 18.04 through 25.04. It's essential to keep your environments protected.
Several security issues were fixed in OpenJDK 17.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenJDK 17. Software Description: - openjdk-17: Open Source Java implementation Details: It was discovered that the 2D component of OpenJDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30749, CVE-2025-50106) VMashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK 17 did not properly manage TLS 1.3 handshakes under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-30754) Martin van Wingerden and Violeta Georgieva of Broadcom discovered that the Networking component of OpenJDK 17 did not properly manage network connections under certain circumstances. An attacker could possibl...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS Ubuntu memory management TLS openjdk

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 openjdk-17-jdk 17.0.16+8~us1-0ubuntu1~25.04.1 openjdk-17-jdk-headless 17.0.16+8~us1-0ubuntu1~25.04.1 openjdk-17-jre 17.0.16+8~us1-0ubuntu1~25.04.1 openjdk-17-jre-headless 17.0.16+8~us1-0ubuntu1~25.04.1 openjdk-17-jre-zero 17.0.16+8~us1-0ubuntu1~25.04.1 Ubuntu 24.04 LTS openjdk-17-jdk 17.0.16+8~us1-0ubuntu1~24.04.1 openjdk-17-jdk-headless 17.0.16+8~us1-0ubuntu1~24.04.1 openjdk-17-jre 17.0.16+8~us1-0ubuntu1~24.04.1 openjdk-17-jre-headless 17.0.16+8~us1-0ubuntu1~24.04.1 openjdk-17-jre-zero 17.0.16+8~us1-0ubuntu1~24.04.1 Ubuntu 22.04 LTS openjdk-17-jdk 17.0.16+8~us1-0ubuntu1~22.04.1 openjdk-17-jdk-headless 17.0.16+8~us1-0ubuntu1~22.04.1 openjdk-17-jre 17.0.16+8~us1-0ubuntu1~22.04.1 openjdk-17-jre-headless 17.0.16+8~us1-0ubuntu1~22.04.1 openjdk-17-jre-zero 17.0.16+8~us1-0ubuntu1~22.04.1 Ubuntu 20.04 LTS openjdk-17-jdk 17.0.16+8~us1-0ubuntu1~20.04.6 Available with Ubuntu Pro openjdk-17-jdk-headless 17.0.16+8~us1-0ubuntu1~20.04.6 Available with Ubuntu Pro openjdk-17-jre 17.0.16+8~us1-0ubuntu1~20.04.6 Available with Ubuntu Pro openjdk-17-jre-headless 17.0.16+8~us1-0ubuntu1~20.04.6 Available with Ubuntu Pro openjdk-17-jre-zero 17.0.16+8~us1-0ubuntu1~20.04.6 Available with Ubuntu Pro Ubuntu 18.04 LTS openjdk-17-jdk 17.0.16+8~us1-0ubuntu1~18.04.1 Available with Ubuntu Pro openjdk-17-jdk-headless 17.0.16+8~us1-0ubuntu1~18.04.1 Available with Ubuntu Pro openjdk-17-jre 17.0.16+8~us1-0ubuntu1~18.04.1 Available with Ubuntu Pro openjdk-17-jre-headless 17.0.16+8~us1-0ubuntu1~18.04.1 Available with Ubuntu Pro openjdk-17-jre-zero 17.0.16+8~us1-0ubuntu1~18.04.1 Available with Ubuntu Pro This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7690-1

CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7690-1

Topics%20covered

Topics Covered

security advisory DoS Ubuntu memory management TLS openjdk

Package Information

https://launchpad.net/ubuntu/+source/openjdk-17/17.0.16+8~us1-0ubuntu1~25.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here