C-Ares, Corosync, OpenJDK, MySQL updates for Ubuntu

Ubuntu 6741 Published by

Ubuntu Linux has received updates addressing multiple security vulnerabilities for C-Ares, Corosync, OpenJDK, and MySQL:

[USN-7477-1] c-ares vulnerability
[USN-7478-1] Corosync vulnerability
[USN-7482-1] OpenJDK 17 vulnerabilities
[USN-7480-1] OpenJDK 8 vulnerabilities
[USN-7483-1] OpenJDK 21 vulnerabilities
[USN-7481-1] OpenJDK 11 vulnerabilities
[USN-7484-1] OpenJDK 24 vulnerabilities
[USN-7479-1] MySQL vulnerabilities




[USN-7477-1] c-ares vulnerability


==========================================================================
Ubuntu Security Notice USN-7477-1
May 05, 2025

c-ares vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10

Summary:

c-ares could be made to crash if it received specially crafted network
traffic.

Software Description:
- c-ares: library for asynchronous name resolution

Details:

It was discovered that c-ares incorrectly handled re-enqueuing certain
queries. A remote attacker could possibly use this issue to cause c-ares to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libcares2 1.34.4-2.1ubuntu0.1

Ubuntu 24.10
libcares2 1.33.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7477-1
CVE-2025-31498

Package Information:
https://launchpad.net/ubuntu/+source/c-ares/1.34.4-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/c-ares/1.33.0-1ubuntu0.1



[USN-7478-1] Corosync vulnerability


==========================================================================
Ubuntu Security Notice USN-7478-1
May 05, 2025

corosync vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Corosync could be made to crash if it received specially crafted network
traffic.

Software Description:
- corosync: cluster engine daemon and utilities

Details:

It was discovered that Corosync incorrectly handled certain large UDP
packets. If encryption is disabled, or an attacker knows the encryption
key, this issue could be used to cause Corosync to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
corosync 3.1.8-2ubuntu1.1

Ubuntu 24.04 LTS
corosync 3.1.7-1ubuntu3.1

Ubuntu 22.04 LTS
corosync 3.1.6-1ubuntu1.1

Ubuntu 20.04 LTS
corosync 3.0.3-2ubuntu2.2

After a standard system update you need to restart Corosync to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-7478-1
CVE-2025-30472

Package Information:
https://launchpad.net/ubuntu/+source/corosync/3.1.8-2ubuntu1.1
https://launchpad.net/ubuntu/+source/corosync/3.1.7-1ubuntu3.1
https://launchpad.net/ubuntu/+source/corosync/3.1.6-1ubuntu1.1
https://launchpad.net/ubuntu/+source/corosync/3.0.3-2ubuntu2.2



[USN-7482-1] OpenJDK 17 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7482-1
May 06, 2025

openjdk-17 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenJDK 17.

Software Description:
- openjdk-17: Open Source Java implementation

Details:

Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly
handled RSA padding. An Attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-21587)

It was discovered that the Compiler component of OpenJDK 17 incorrectly
handled compiler transformations. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30691)

It was discovered that the 2D component of OpenJDK 17 did not properly
manage memory under certain circumstances. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30698)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-04-15

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  openjdk-17-jdk                  17.0.15+6~us1-0ubuntu1~25.04
  openjdk-17-jdk-headless         17.0.15+6~us1-0ubuntu1~25.04
  openjdk-17-jre                  17.0.15+6~us1-0ubuntu1~25.04
  openjdk-17-jre-headless         17.0.15+6~us1-0ubuntu1~25.04
  openjdk-17-jre-zero             17.0.15+6~us1-0ubuntu1~25.04

Ubuntu 24.10
  openjdk-17-jdk                  17.0.15+6~us1-0ubuntu1~24.10
  openjdk-17-jdk-headless         17.0.15+6~us1-0ubuntu1~24.10
  openjdk-17-jre                  17.0.15+6~us1-0ubuntu1~24.10
  openjdk-17-jre-headless         17.0.15+6~us1-0ubuntu1~24.10
  openjdk-17-jre-zero             17.0.15+6~us1-0ubuntu1~24.10

Ubuntu 24.04 LTS
  openjdk-17-jdk                  17.0.15+6~us1-0ubuntu1~24.04
  openjdk-17-jdk-headless         17.0.15+6~us1-0ubuntu1~24.04
  openjdk-17-jre                  17.0.15+6~us1-0ubuntu1~24.04
  openjdk-17-jre-headless         17.0.15+6~us1-0ubuntu1~24.04
  openjdk-17-jre-zero             17.0.15+6~us1-0ubuntu1~24.04

Ubuntu 22.04 LTS
  openjdk-17-jdk                  17.0.15+6~us1-0ubuntu1~22.04
  openjdk-17-jdk-headless         17.0.15+6~us1-0ubuntu1~22.04
  openjdk-17-jre                  17.0.15+6~us1-0ubuntu1~22.04
  openjdk-17-jre-headless         17.0.15+6~us1-0ubuntu1~22.04
  openjdk-17-jre-zero             17.0.15+6~us1-0ubuntu1~22.04

Ubuntu 20.04 LTS
  openjdk-17-jdk                  17.0.15+6~us1-0ubuntu1~20.04
  openjdk-17-jdk-headless         17.0.15+6~us1-0ubuntu1~20.04
  openjdk-17-jre                  17.0.15+6~us1-0ubuntu1~20.04
  openjdk-17-jre-headless         17.0.15+6~us1-0ubuntu1~20.04
  openjdk-17-jre-zero             17.0.15+6~us1-0ubuntu1~20.04

Ubuntu 18.04 LTS
  openjdk-17-jdk                  17.0.15+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-17-jdk-headless         17.0.15+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-17-jre                  17.0.15+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-17-jre-headless         17.0.15+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-17-jre-zero             17.0.15+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7482-1
  CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~25.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~24.10
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.15+6~us1-0ubuntu1~20.04



[USN-7480-1] OpenJDK 8 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7480-1
May 06, 2025

openjdk-8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenJDK 8.

Software Description:
- openjdk-8: Open Source Java implementation

Details:

Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly
handled RSA padding. An Attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-21587)

It was discovered that the Compiler component of OpenJDK 8 incorrectly
handled compiler transformations. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30691)

It was discovered that the 2D component of OpenJDK 8 did not properly
manage memory under certain circumstances. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30698)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-04-15

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~25.04
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~25.04
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~25.04
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~25.04
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~25.04

Ubuntu 24.10
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~24.10
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~24.10
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~24.10
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~24.10
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~24.10

Ubuntu 24.04 LTS
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~24.04
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~24.04
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~24.04
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~24.04
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~24.04

Ubuntu 22.04 LTS
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~22.04
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~22.04
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~22.04
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~22.04
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~22.04

Ubuntu 20.04 LTS
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~20.04
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~20.04
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~20.04
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~20.04
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~20.04

Ubuntu 18.04 LTS
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  openjdk-8-jdk                   8u452-ga~us1-0ubuntu1~16.04.1
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u452-ga~us1-0ubuntu1~16.04.1
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u452-ga~us1-0ubuntu1~16.04.1
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u452-ga~us1-0ubuntu1~16.04.1
                                  Available with Ubuntu Pro
  openjdk-8-jre-jamvm             8u452-ga~us1-0ubuntu1~16.04.1
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u452-ga~us1-0ubuntu1~16.04.1
                                  Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7480-1
  CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u452-ga~us1-0ubuntu1~25.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u452-ga~us1-0ubuntu1~24.10
https://launchpad.net/ubuntu/+source/openjdk-8/8u452-ga~us1-0ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u452-ga~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u452-ga~us1-0ubuntu1~20.04



[USN-7483-1] OpenJDK 21 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7483-1
May 06, 2025

openjdk-21 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenJDK 21.

Software Description:
- openjdk-21: Open Source Java implementation

Details:

Alicja Kario discovered that the JSSE component of OpenJDK 21 incorrectly
handled RSA padding. An Attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-21587)

It was discovered that the Compiler component of OpenJDK 21 incorrectly
handled compiler transformations. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30691)

It was discovered that the 2D component of OpenJDK 21 did not properly
manage memory under certain circumstances. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30698)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-04-15

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  openjdk-21-jdk                  21.0.7+6~us1-0ubuntu1~25.04
  openjdk-21-jdk-headless         21.0.7+6~us1-0ubuntu1~25.04
  openjdk-21-jre                  21.0.7+6~us1-0ubuntu1~25.04
  openjdk-21-jre-headless         21.0.7+6~us1-0ubuntu1~25.04
  openjdk-21-jre-zero             21.0.7+6~us1-0ubuntu1~25.04

Ubuntu 24.10
  openjdk-21-jdk                  21.0.7+6~us1-0ubuntu1~24.10
  openjdk-21-jdk-headless         21.0.7+6~us1-0ubuntu1~24.10
  openjdk-21-jre                  21.0.7+6~us1-0ubuntu1~24.10
  openjdk-21-jre-headless         21.0.7+6~us1-0ubuntu1~24.10
  openjdk-21-jre-zero             21.0.7+6~us1-0ubuntu1~24.10

Ubuntu 24.04 LTS
  openjdk-21-jdk                  21.0.7+6~us1-0ubuntu1~24.04
  openjdk-21-jdk-headless         21.0.7+6~us1-0ubuntu1~24.04
  openjdk-21-jre                  21.0.7+6~us1-0ubuntu1~24.04
  openjdk-21-jre-headless         21.0.7+6~us1-0ubuntu1~24.04
  openjdk-21-jre-zero             21.0.7+6~us1-0ubuntu1~24.04

Ubuntu 22.04 LTS
  openjdk-21-jdk                  21.0.7+6~us1-0ubuntu1~22.04
  openjdk-21-jdk-headless         21.0.7+6~us1-0ubuntu1~22.04
  openjdk-21-jre                  21.0.7+6~us1-0ubuntu1~22.04
  openjdk-21-jre-headless         21.0.7+6~us1-0ubuntu1~22.04
  openjdk-21-jre-zero             21.0.7+6~us1-0ubuntu1~22.04

Ubuntu 20.04 LTS
  openjdk-21-jdk                  21.0.7+6~us1-0ubuntu1~20.04
  openjdk-21-jdk-headless         21.0.7+6~us1-0ubuntu1~20.04
  openjdk-21-jre                  21.0.7+6~us1-0ubuntu1~20.04
  openjdk-21-jre-headless         21.0.7+6~us1-0ubuntu1~20.04
  openjdk-21-jre-zero             21.0.7+6~us1-0ubuntu1~20.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7483-1
  CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.7+6~us1-0ubuntu1~25.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.7+6~us1-0ubuntu1~24.10
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.7+6~us1-0ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.7+6~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.7+6~us1-0ubuntu1~20.04



[USN-7481-1] OpenJDK 11 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7481-1
May 06, 2025

openjdk-lts vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenJDK 11.

Software Description:
- openjdk-lts: Open Source Java implementation

Details:

Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly
handled RSA padding. An Attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-21587)

It was discovered that the Compiler component of OpenJDK 11 incorrectly
handled compiler transformations. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30691)

It was discovered that the 2D component of OpenJDK 11 did not properly
manage memory under certain circumstances. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30698)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-04-15

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  openjdk-11-jdk                  11.0.27+6~us1-0ubuntu1~25.04
  openjdk-11-jdk-headless         11.0.27+6~us1-0ubuntu1~25.04
  openjdk-11-jre                  11.0.27+6~us1-0ubuntu1~25.04
  openjdk-11-jre-headless         11.0.27+6~us1-0ubuntu1~25.04
  openjdk-11-jre-zero             11.0.27+6~us1-0ubuntu1~25.04

Ubuntu 24.10
  openjdk-11-jdk                  11.0.27+6~us1-0ubuntu1~24.10
  openjdk-11-jdk-headless         11.0.27+6~us1-0ubuntu1~24.10
  openjdk-11-jre                  11.0.27+6~us1-0ubuntu1~24.10
  openjdk-11-jre-headless         11.0.27+6~us1-0ubuntu1~24.10
  openjdk-11-jre-zero             11.0.27+6~us1-0ubuntu1~24.10

Ubuntu 24.04 LTS
  openjdk-11-jdk                  11.0.27+6~us1-0ubuntu1~24.04
  openjdk-11-jdk-headless         11.0.27+6~us1-0ubuntu1~24.04
  openjdk-11-jre                  11.0.27+6~us1-0ubuntu1~24.04
  openjdk-11-jre-headless         11.0.27+6~us1-0ubuntu1~24.04
  openjdk-11-jre-zero             11.0.27+6~us1-0ubuntu1~24.04

Ubuntu 22.04 LTS
  openjdk-11-jdk                  11.0.27+6~us1-0ubuntu1~22.04
  openjdk-11-jdk-headless         11.0.27+6~us1-0ubuntu1~22.04
  openjdk-11-jre                  11.0.27+6~us1-0ubuntu1~22.04
  openjdk-11-jre-headless         11.0.27+6~us1-0ubuntu1~22.04
  openjdk-11-jre-zero             11.0.27+6~us1-0ubuntu1~22.04

Ubuntu 20.04 LTS
  openjdk-11-jdk                  11.0.27+6~us1-0ubuntu1~20.04
  openjdk-11-jdk-headless         11.0.27+6~us1-0ubuntu1~20.04
  openjdk-11-jre                  11.0.27+6~us1-0ubuntu1~20.04
  openjdk-11-jre-headless         11.0.27+6~us1-0ubuntu1~20.04
  openjdk-11-jre-zero             11.0.27+6~us1-0ubuntu1~20.04

Ubuntu 18.04 LTS
  openjdk-11-jdk                  11.0.27+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-11-jdk-headless         11.0.27+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-11-jre                  11.0.27+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-11-jre-headless         11.0.27+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro
  openjdk-11-jre-zero             11.0.27+6~us1-0ubuntu1~18.04
                                  Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7481-1
  CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.27+6~us1-0ubuntu1~25.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.27+6~us1-0ubuntu1~24.10
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.27+6~us1-0ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.27+6~us1-0ubuntu1~22.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.27+6~us1-0ubuntu1~20.04



[USN-7484-1] OpenJDK 24 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7484-1
May 06, 2025

openjdk-24 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10

Summary:

Several security issues were fixed in OpenJDK 24.

Software Description:
- openjdk-24: Open Source Java implementation

Details:

Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly
handled RSA padding. An Attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-21587)

It was discovered that the Compiler component of OpenJDK 24 incorrectly
handled compiler transformations. An attacker could possibly use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30691)

It was discovered that the 2D component of OpenJDK 24 did not properly
manage memory under certain circumstances. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30698)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-04-15

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  openjdk-24-jdk                  24.0.1+9~us1-0ubuntu1~25.04
  openjdk-24-jdk-headless         24.0.1+9~us1-0ubuntu1~25.04
  openjdk-24-jre                  24.0.1+9~us1-0ubuntu1~25.04
  openjdk-24-jre-headless         24.0.1+9~us1-0ubuntu1~25.04
  openjdk-24-jre-zero             24.0.1+9~us1-0ubuntu1~25.04
  openjdk-24-jvmci-jdk            24.0.1+9~us1-0ubuntu1~25.04

Ubuntu 24.10
  openjdk-24-jdk                  24.0.1+9~us1-0ubuntu1~24.10
  openjdk-24-jdk-headless         24.0.1+9~us1-0ubuntu1~24.10
  openjdk-24-jre                  24.0.1+9~us1-0ubuntu1~24.10
  openjdk-24-jre-headless         24.0.1+9~us1-0ubuntu1~24.10
  openjdk-24-jre-zero             24.0.1+9~us1-0ubuntu1~24.10
  openjdk-24-jvmci-jdk            24.0.1+9~us1-0ubuntu1~24.10

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7484-1
  CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-24/24.0.1+9~us1-0ubuntu1~25.04
https://launchpad.net/ubuntu/+source/openjdk-24/24.0.1+9~us1-0ubuntu1~24.10



[USN-7479-1] MySQL vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7479-1
May 05, 2025

mysql-8.0, mysql-8.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-8.4: MySQL database
- mysql-8.0: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.42 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, and Ubuntu 24.10. Ubuntu 25.04 has been updated to MySQL
8.4.5.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-42.html
https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-5.html
https://www.oracle.com/security-alerts/cpuapr2025.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
mysql-server 8.4.5-0ubuntu0.1

Ubuntu 24.10
mysql-server-8.0 8.0.42-0ubuntu0.24.10.1

Ubuntu 24.04 LTS
mysql-server-8.0 8.0.42-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
mysql-server-8.0 8.0.42-0ubuntu0.22.04.1

Ubuntu 20.04 LTS
mysql-server-8.0 8.0.42-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-7479-1
CVE-2025-21574, CVE-2025-21575, CVE-2025-21577, CVE-2025-21579,
CVE-2025-21580, CVE-2025-21581, CVE-2025-21584, CVE-2025-21585,
CVE-2025-21588, CVE-2025-30681, CVE-2025-30682, CVE-2025-30683,
CVE-2025-30684, CVE-2025-30685, CVE-2025-30687, CVE-2025-30688,
CVE-2025-30689, CVE-2025-30693, CVE-2025-30695, CVE-2025-30696,
CVE-2025-30699, CVE-2025-30703, CVE-2025-30704, CVE-2025-30705,
CVE-2025-30715, CVE-2025-30721, CVE-2025-30722

Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.5-0ubuntu0.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.42-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.42-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.42-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.42-0ubuntu0.20.04.1


FFmpeg, Libva, Linux Kerner, ChromeDriver updates for SUSE

Golang-Glog security update for Debian 10 ELTS

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...