java-11-openjdk-11.0.27.0.6-1.0.1.el7.AXS7

エラータID: AXSA:2025-10028:03

Release date: 
Thursday, June 19, 2025 - 00:40
Subject: 
java-11-openjdk-11.0.27.0.6-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The OpenJDK 11 runtime environment.

Security Fix(es):

* Upgrade to openjdk-11.0.27+6 (GA). The following CVEs were fixed:
* CVE-2025-21587: fix TLS connection support to avoid unauthorized access to
critical data
* CVE-2025-30698: fix buffered image handling to avoid unauthorized access to
accessible data
* CVE-2025-30691: improve compiler transformations to avoid unauthorized
access to accessible data

CVE(s):
CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
CVE-2025-21587
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-30691
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Solution: 

Update packages.

CVEs: 
CVE-2025-21587
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-30691
Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. java-11-openjdk-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 315ee8e3cd4b2400259e2bc4db697b86
    SHA-256: 27c37e33335a626d90f9d4673dbf0666b7baa0bffc2ba537bcf09061983841c4
    Size: 240.16 kB
  2. java-11-openjdk-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: e98e55efa09403a549ce730415e33274
    SHA-256: cc1e1a931fbbbe70e303b39d4c87cfd00da4a854dddabcfdd619a658419b2834
    Size: 244.02 kB
  3. java-11-openjdk-demo-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 2f264534c2c2bd863ef69fbe40632ae1
    SHA-256: cacdd30149c0e321e5eec7e88efd5b039336f38cfd341fd6f6897b6317524cb1
    Size: 4.37 MB
  4. java-11-openjdk-demo-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: a89e5afde6198a0005ecd0fabd5e01ff
    SHA-256: 202d5a4c19d6d853a1144a681b2193cedd705cd45f3709515b9207afcda2a899
    Size: 4.37 MB
  5. java-11-openjdk-devel-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: dadc50e298b3d256d8f2d0e05bb8cd92
    SHA-256: 2482833703d876aa3f014358bf236637f6dc3f4a8d292b1e496e37f256c6927e
    Size: 3.36 MB
  6. java-11-openjdk-devel-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 5e6814e903f74db3fbeae535fc51a917
    SHA-256: 14c1bb6a98e1ee27f984ae9e551830d4e1ba4a8a9c20b2abd9e8701e29720d6d
    Size: 3.38 MB
  7. java-11-openjdk-headless-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 0ecf7a39d90b88f4760a8903fda8fc4d
    SHA-256: 7290ec3b8464429075d5ee3637ac8bc121af694e2851f7cf48fbee6ba9eba572
    Size: 35.20 MB
  8. java-11-openjdk-headless-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 41f8190f8efbc6e68249409767ae3e16
    SHA-256: 33fba9b88d1330451fd4dc384a386be0e4eff0e44387060f229fb79b15d090ee
    Size: 39.11 MB
  9. java-11-openjdk-javadoc-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 97dd2e637419ec0ec817c05db67c4665
    SHA-256: 4006d32841ad4cae603861f7c97955214baa3d9c865c4cdbca9b94ea6e7ffff9
    Size: 16.11 MB
  10. java-11-openjdk-javadoc-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 6c431fc7567e43c80ac2ac2ebe9b16ad
    SHA-256: 9cbf656e3fa3e120caaa4e54d3f374f8506c2b05f78b2d87d0ff7f286c1e8798
    Size: 16.11 MB
  11. java-11-openjdk-javadoc-zip-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 7f96ae10591cafebedea77ab9025ec67
    SHA-256: 9897fc94eb4f8cc82bd820b7fa3ff2392d7aa02294409d78195144784f9ee4ed
    Size: 42.15 MB
  12. java-11-openjdk-javadoc-zip-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: cd6f9971fb1a4d3b0c5af70b58e379fe
    SHA-256: 4e3ea4703a35d1e8e827796d26e988cd756c41002b3f2966d35a066c2d37f496
    Size: 42.10 MB
  13. java-11-openjdk-jmods-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 4dc830ba42132d31745d6576f61254a4
    SHA-256: e64e5a2f9899df03c1c232895209d0d75b7a3a664bf5e37cb01d0ea962fd05c3
    Size: 258.69 MB
  14. java-11-openjdk-jmods-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: fea659256931927f4d6924875aab6671
    SHA-256: 01fdd41e864a9ef2f27c62a956e960ed6b76112d3ebda0c6a48a5068daaef337
    Size: 306.35 MB
  15. java-11-openjdk-src-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: 3a0556ddb1c1f3c79f9fb7598f3b88b9
    SHA-256: 049ebb46bdf428c3daf204fc6ae5e62f3711f0f3101772e5de01f84cf40f8d8a
    Size: 45.78 MB
  16. java-11-openjdk-src-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: dd320f8bee60b463a79d10d129fb89a0
    SHA-256: ef7ba708bc3b53f0f9dd9cbe60f935380e063501f76ac3abae7f87dc585a3dad
    Size: 50.51 MB
  17. java-11-openjdk-static-libs-11.0.27.0.6-1.0.1.el7.AXS7.i686.rpm
    MD5: a1e82cd3befb8130d96cf1e4b73253f9
    SHA-256: a25700cd1bc3537d2fcc9b072484a521507d44ee048b2fb167cb08cff7a32283
    Size: 7.17 MB
  18. java-11-openjdk-static-libs-11.0.27.0.6-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 22ab141e0030e2ca54258d724a6a0b8f
    SHA-256: 0c2555976843b7c08c199ee456f81a35cf7c31a75001bc038c78f38539964e4e
    Size: 7.59 MB