[USN-7669-1] OpenJDK 24 vulnerabilities
[USN-7668-1] OpenJDK 21 vulnerabilities
[USN-7671-1] Linux kernel vulnerabilities
[USN-7669-1] OpenJDK 24 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7669-1
July 24, 2025
openjdk-24 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
Several security issues were fixed in OpenJDK 24.
Software Description:
- openjdk-24: Open Source Java implementation
Details:
It was discovered that the 2D component of OpenJDK 24 did not properly
manage memory under certain circumstances. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30749, CVE-2025-50106)
Mashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK
24 did not properly manage TLS 1.3 handshakes under certain
circumstances. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-30754)
Martin van Wingerden and Violeta Georgieva of Broadcom discovered
that the Networking component of OpenJDK 24 did not properly
manage network connections under certain circumstances. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2025-50059)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
openjdk-24-jdk 24.0.2+12~us1-0ubuntu1~25.04.1
openjdk-24-jdk-headless 24.0.2+12~us1-0ubuntu1~25.04.1
openjdk-24-jre 24.0.2+12~us1-0ubuntu1~25.04.1
openjdk-24-jre-headless 24.0.2+12~us1-0ubuntu1~25.04.1
openjdk-24-jre-zero 24.0.2+12~us1-0ubuntu1~25.04.1
openjdk-24-jvmci-jdk 24.0.2+12~us1-0ubuntu1~25.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7669-1
CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-24/24.0.2+12~us1-0ubuntu1~25.04.1
[USN-7668-1] OpenJDK 21 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7668-1
July 24, 2025
openjdk-21 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 21.
Software Description:
- openjdk-21: Open Source Java implementation
Details:
It was discovered that the 2D component of OpenJDK 21 did not properly
manage memory under certain circumstances. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
(CVE-2025-30749, CVE-2025-50106)
Mashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK
21 did not properly manage TLS 1.3 handshakes under certain
circumstances. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2025-30754)
Martin van Wingerden and Violeta Georgieva of Broadcom discovered
that the Networking component of OpenJDK 24 did not properly
manage network connections under certain circumstances. An attacker
could possibly use this issue to obtain sensitive information.
(CVE-2025-50059)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
openjdk-21-jdk 21.0.8+9~us1-0ubuntu1~25.04.1
openjdk-21-jdk-headless 21.0.8+9~us1-0ubuntu1~25.04.1
openjdk-21-jre 21.0.8+9~us1-0ubuntu1~25.04.1
openjdk-21-jre-headless 21.0.8+9~us1-0ubuntu1~25.04.1
openjdk-21-jre-zero 21.0.8+9~us1-0ubuntu1~25.04.1
Ubuntu 24.04 LTS
openjdk-21-jdk 21.0.8+9~us1-0ubuntu1~24.04.1
openjdk-21-jdk-headless 21.0.8+9~us1-0ubuntu1~24.04.1
openjdk-21-jre 21.0.8+9~us1-0ubuntu1~24.04.1
openjdk-21-jre-headless 21.0.8+9~us1-0ubuntu1~24.04.1
openjdk-21-jre-zero 21.0.8+9~us1-0ubuntu1~24.04.1
Ubuntu 22.04 LTS
openjdk-21-jdk 21.0.8+9~us1-0ubuntu1~22.04.1
openjdk-21-jdk-headless 21.0.8+9~us1-0ubuntu1~22.04.1
openjdk-21-jre 21.0.8+9~us1-0ubuntu1~22.04.1
openjdk-21-jre-headless 21.0.8+9~us1-0ubuntu1~22.04.1
openjdk-21-jre-zero 21.0.8+9~us1-0ubuntu1~22.04.1
Ubuntu 20.04 LTS
openjdk-21-jdk 21.0.8+9~us1-0ubuntu1~20.04.1
Available with Ubuntu Pro
openjdk-21-jdk-headless 21.0.8+9~us1-0ubuntu1~20.04.1
Available with Ubuntu Pro
openjdk-21-jre 21.0.8+9~us1-0ubuntu1~20.04.1
Available with Ubuntu Pro
openjdk-21-jre-headless 21.0.8+9~us1-0ubuntu1~20.04.1
Available with Ubuntu Pro
openjdk-21-jre-zero 21.0.8+9~us1-0ubuntu1~20.04.1
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7668-1
CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.8+9~us1-0ubuntu1~25.04.1
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.8+9~us1-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.8+9~us1-0ubuntu1~22.04.1
[USN-7671-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7671-1
July 25, 2025
linux, linux-aws, linux-aws-5.4, linux-aws-fips, linux-bluefield,
linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-xilinx-zynqmp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-fips: Linux kernel with FIPS
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
- linux-ibm: Linux kernel for IBM cloud systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ACPI drivers;
- GPU drivers;
- SMB network file system;
- Memory management;
- Netfilter;
- Network traffic control;
(CVE-2024-53051, CVE-2024-46787, CVE-2024-50047, CVE-2024-56662,
CVE-2025-37890, CVE-2025-38001, CVE-2025-37997, CVE-2025-37932,
CVE-2025-37798, CVE-2025-38177, CVE-2025-38000)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1066-xilinx-zynqmp 5.4.0-1066.70
Available with Ubuntu Pro
linux-image-5.4.0-1094-ibm 5.4.0-1094.99
Available with Ubuntu Pro
linux-image-5.4.0-1107-bluefield 5.4.0-1107.114
Available with Ubuntu Pro
linux-image-5.4.0-1122-fips 5.4.0-1122.132
Available with Ubuntu Pro
linux-image-5.4.0-1135-kvm 5.4.0-1135.144
Available with Ubuntu Pro
linux-image-5.4.0-1146-oracle 5.4.0-1146.156
Available with Ubuntu Pro
linux-image-5.4.0-1148-aws 5.4.0-1148.158
Available with Ubuntu Pro
linux-image-5.4.0-1148-aws-fips 5.4.0-1148.158+fips1
Available with Ubuntu Pro
linux-image-5.4.0-1151-gcp 5.4.0-1151.160
Available with Ubuntu Pro
linux-image-5.4.0-1151-gcp-fips 5.4.0-1151.160+fips1
Available with Ubuntu Pro
linux-image-5.4.0-219-generic 5.4.0-219.239
Available with Ubuntu Pro
linux-image-5.4.0-219-generic-lpae 5.4.0-219.239
Available with Ubuntu Pro
linux-image-5.4.0-219-lowlatency 5.4.0-219.239
Available with Ubuntu Pro
linux-image-aws-5.4 5.4.0.1148.145
Available with Ubuntu Pro
linux-image-aws-fips 5.4.0.1148.95
Available with Ubuntu Pro
linux-image-aws-fips-5.4 5.4.0.1148.95
Available with Ubuntu Pro
linux-image-aws-lts-20.04 5.4.0.1148.145
Available with Ubuntu Pro
linux-image-bluefield 5.4.0.1107.103
Available with Ubuntu Pro
linux-image-bluefield-5.4 5.4.0.1107.103
Available with Ubuntu Pro
linux-image-fips 5.4.0.1122.119
Available with Ubuntu Pro
linux-image-fips-5.4 5.4.0.1122.119
Available with Ubuntu Pro
linux-image-gcp-5.4 5.4.0.1151.153
Available with Ubuntu Pro
linux-image-gcp-fips 5.4.0.1151.93
Available with Ubuntu Pro
linux-image-gcp-fips-5.4 5.4.0.1151.93
Available with Ubuntu Pro
linux-image-gcp-lts-20.04 5.4.0.1151.153
Available with Ubuntu Pro
linux-image-generic 5.4.0.219.211
Available with Ubuntu Pro
linux-image-generic-5.4 5.4.0.219.211
Available with Ubuntu Pro
linux-image-generic-lpae 5.4.0.219.211
Available with Ubuntu Pro
linux-image-generic-lpae-5.4 5.4.0.219.211
Available with Ubuntu Pro
linux-image-ibm-5.4 5.4.0.1094.123
Available with Ubuntu Pro
linux-image-ibm-lts-20.04 5.4.0.1094.123
Available with Ubuntu Pro
linux-image-kvm 5.4.0.1135.131
Available with Ubuntu Pro
linux-image-kvm-5.4 5.4.0.1135.131
Available with Ubuntu Pro
linux-image-lowlatency 5.4.0.219.211
Available with Ubuntu Pro
linux-image-lowlatency-5.4 5.4.0.219.211
Available with Ubuntu Pro
linux-image-oem 5.4.0.219.211
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.219.211
Available with Ubuntu Pro
linux-image-oracle-5.4 5.4.0.1146.140
Available with Ubuntu Pro
linux-image-oracle-lts-20.04 5.4.0.1146.140
Available with Ubuntu Pro
linux-image-virtual 5.4.0.219.211
Available with Ubuntu Pro
linux-image-virtual-5.4 5.4.0.219.211
Available with Ubuntu Pro
linux-image-xilinx-zynqmp 5.4.0.1066.66
Available with Ubuntu Pro
linux-image-xilinx-zynqmp-5.4 5.4.0.1066.66
Available with Ubuntu Pro
Ubuntu 18.04 LTS
linux-image-5.4.0-1094-ibm 5.4.0-1094.99~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1146-oracle 5.4.0-1146.156~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1148-aws 5.4.0-1148.158~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1151-gcp 5.4.0-1151.160~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-219-generic 5.4.0-219.239~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-219-lowlatency 5.4.0-219.239~18.04.1
Available with Ubuntu Pro
linux-image-aws 5.4.0.1148.158~18.04.1
Available with Ubuntu Pro
linux-image-aws-5.4 5.4.0.1148.158~18.04.1
Available with Ubuntu Pro
linux-image-gcp 5.4.0.1151.160~18.04.1
Available with Ubuntu Pro
linux-image-gcp-5.4 5.4.0.1151.160~18.04.1
Available with Ubuntu Pro
linux-image-generic-5.4 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1094.99~18.04.1
Available with Ubuntu Pro
linux-image-ibm-5.4 5.4.0.1094.99~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-5.4 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1146.156~18.04.1
Available with Ubuntu Pro
linux-image-oracle-5.4 5.4.0.1146.156~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-5.4 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-virtual-5.4 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.219.239~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7671-1
CVE-2024-46787, CVE-2024-50047, CVE-2024-53051, CVE-2024-56662,
CVE-2025-37798, CVE-2025-37890, CVE-2025-37932, CVE-2025-37997,
CVE-2025-38000, CVE-2025-38001, CVE-2025-38177
