Opened 7 months ago
Closed 7 months ago
#21846 closed enhancement (fixed)
jdk-24.0.2
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
I won't be able to do this until at least tomorrow, if not slightly later, but this is an urgent security release.
- CVE-2025-50059: Networking component across multiple protocols. Remote exploit without authentication. Rated as 8.6/10, low attack complexity, with high confidentiality impacts.
- CVE-2025-30749: 2D component across multiple protocols. Another remote exploit without authentication. Rated as 8.1/10, but high attack complexity. High impacts to Confidentiality, Integrity, and Availability.
- CVE-2025-50106: 2D component across multiple protocols. Another remote exploit without authentication. Rated as 8.1/10, with High attack complexity, but also high impacts to Confidentiality, Integrity, and Availability.
- CVE-2025-30754: JSSE component. Rated as 4.8/10, with High attack complexity. Low impacts to Confidentiality, Integrity, and Availability. Another remote exploit without authentication.
- CVE-2025-30752: Compiler component. Rated as 3.7/10, with no authentication required. Low impacts to availability.
Change History (3)
comment:1 by , 7 months ago
comment:2 by , 7 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 7 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 650e8be252a912acd0f8764c3260faddce0a0919
SA-12.3-084 issued
Note:
See TracTickets
for help on using tickets.
Some updates here from my adventures with JDK from the past 24 hours or so.
The new build number is 12. I can't redistribute the binary that I have on my Minecraft server because it's heavily optimized towards it's specific CPU, but I can confirm that the tests look about as they should as well.
The same version of jtreg also works