[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6231-1] openjdk-21 security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6231-1] openjdk-21 security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Mon, 27 Apr 2026 20:20:32 +0000 Message-id: <[🔎] ae_FEG1dT7bNoNhK@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6231-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-21 CVE ID : CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268 CVE-2026-34282 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect generation of cryptographic keys, denial of service, information disclosure, XEE/XEE attacks or incorrect validation of Kerberos credentials. For the stable distribution (trixie), these problems have been fixed in version 21.0.11+10-1~deb13u2. We recommend that you upgrade your openjdk-21 packages. For the detailed security status of openjdk-21 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-21 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnvxGwACgkQEMKTtsN8 TjaV6BAAt8AOHXsFgmxqUyrwc/Rl+duGWRmRhbhoOo8RujaUz/iKAE0qg6w09upQ /jmoAF2/FFDBurge+86zvGOWa6YuJQdbKSd1HYzJFRRdDGpGOB8cbZMAJQ3wg9TJ 7Yvdjn6jkUGwgeFJB55l1WANFTec7gqAz95UOTXd4X4Addk1sVRJKpwH1qCzxWfo rTqhICSvqe1pS5EfSbI8s7V9LG8hfcp2NI97VUTaoaPsBHDVFk+YMG8MNIczBhzn VlxK+BT+g9yM6fn0pFS8MWudEE81NjUPdv5T25xPEbe79ycwTjbrSMEQ/JV9AIbH mcpfxbGCh44zOxysXdJ+QgLe6JFtub2JiNqkfwPVcVvKFYj3EHb9DqJAEhQOOn6N 1ukR41G27PW5Ia+sRefpXTu6l50CJ7PVBHtMI+kaNuSrDS+g9SOH9hYuxazFF/jN ZonZe2tX5QqfzunXurCjmTlDNa4V+VKmnuQxcNQpA5p7ueB6BcKR/SypdJRKaLiy 0V4LrFH2OApxh28PUD5Fdc6wvml9vBjAygpIKwIr9APTRl6/3LXk5dvgK049CN0+ 9CWoGz2Mp/l4Sf7ekYQ49OvJ3BhSeOkiJ+ckod/vmfrXc16faK3IvTVJdOkCTDJx emRiOX+CqFv0AdNJIIlzje7jq9h3Wd4M63uHi+fHQmHa93vSCNs= =1Nrh -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6230-1] chromium security update Previous by thread: [SECURITY] [DSA 6230-1] chromium security update Index(es): Date Thread