Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-64720 (GCVE-0-2025-64720)
Vulnerability from cvelistv5 – Published: 2025-11-24 23:45 – Updated: 2025-11-25 19:28
VLAI
EPSS
Title
LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
Severity
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/pnggroup/libpng/security/advis… | x_refsource_CONFIRM |
| https://github.com/pnggroup/libpng/issues/686 | x_refsource_MISC |
| https://github.com/pnggroup/libpng/pull/751 | x_refsource_MISC |
| https://github.com/pnggroup/libpng/commit/08da33b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64720",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:28:16.806638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:28:20.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:45:38.315Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
},
{
"name": "https://github.com/pnggroup/libpng/issues/686",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"name": "https://github.com/pnggroup/libpng/pull/751",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"name": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
}
],
"source": {
"advisory": "GHSA-hfc7-ph9c-wcww",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64720",
"datePublished": "2025-11-24T23:45:38.315Z",
"dateReserved": "2025-11-10T14:07:42.922Z",
"dateUpdated": "2025-11-25T19:28:20.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-64720",
"date": "2026-05-25",
"epss": "0.00079",
"percentile": "0.23321"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-64720\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-25T00:15:47.460\",\"lastModified\":\"2025-11-26T18:35:18.253\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.51\",\"matchCriteriaId\":\"3545FEA5-4FFA-4955-BFDA-CC3602C9A894\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/686\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/pull/751\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-64720\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-25T19:28:16.806638Z\"}}}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-25T19:28:11.366Z\"}}], \"cna\": {\"title\": \"LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication\", \"source\": {\"advisory\": \"GHSA-hfc7-ph9c-wcww\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.6.0, \u003c 1.6.51\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pnggroup/libpng/issues/686\", \"name\": \"https://github.com/pnggroup/libpng/issues/686\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/pull/751\", \"name\": \"https://github.com/pnggroup/libpng/pull/751\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643\", \"name\": \"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \\u2264 alpha \\u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-24T23:45:38.315Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-64720\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-25T19:28:20.336Z\", \"dateReserved\": \"2025-11-10T14:07:42.922Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-24T23:45:38.315Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:0125
Vulnerability from osv_almalinux
Published
2026-01-06 00:00
Modified
2026-01-07 21:32
Summary
Important: mingw-libpng security update
Details
MinGW Windows Libpng library.
Security Fix(es):
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
- libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mingw32-libpng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.34-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mingw32-libpng-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.34-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mingw64-libpng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.34-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mingw64-libpng-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.34-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MinGW Windows Libpng library. \n\nSecurity Fix(es): \n\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n * libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0125",
"modified": "2026-01-07T21:32:21Z",
"published": "2026-01-06T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416904"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416907"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2418711"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-0125.html"
}
],
"related": [
"CVE-2025-64720",
"CVE-2025-65018",
"CVE-2025-66293"
],
"summary": "Important: mingw-libpng security update"
}
alsa-2026:0237
Vulnerability from osv_almalinux
Published
2026-01-07 00:00
Modified
2026-01-07 21:38
Summary
Important: libpng security update
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
- libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "libpng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.40-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "libpng-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.40-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. \n\nSecurity Fix(es): \n\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n * libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0237",
"modified": "2026-01-07T21:38:33Z",
"published": "2026-01-07T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416904"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416907"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2418711"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-0237.html"
}
],
"related": [
"CVE-2025-64720",
"CVE-2025-65018",
"CVE-2025-66293"
],
"summary": "Important: libpng security update"
}
alsa-2026:0238
Vulnerability from osv_almalinux
Published
2026-01-07 00:00
Modified
2026-01-07 21:36
Summary
Important: libpng security update
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
- libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "libpng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.37-12.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "libpng-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.37-12.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. \n\nSecurity Fix(es): \n\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n * libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0238",
"modified": "2026-01-07T21:36:21Z",
"published": "2026-01-07T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416904"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416907"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2418711"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-0238.html"
}
],
"related": [
"CVE-2025-64720",
"CVE-2025-65018",
"CVE-2025-66293"
],
"summary": "Important: libpng security update"
}
alsa-2026:0241
Vulnerability from osv_almalinux
Published
2026-01-07 00:00
Modified
2026-01-07 21:34
Summary
Important: libpng security update
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
- libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libpng"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.34-9.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libpng-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.34-9.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. \n\nSecurity Fix(es): \n\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n * libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0241",
"modified": "2026-01-07T21:34:12Z",
"published": "2026-01-07T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416904"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416907"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2418711"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-0241.html"
}
],
"related": [
"CVE-2025-64720",
"CVE-2025-65018",
"CVE-2025-66293"
],
"summary": "Important: libpng security update"
}
alsa-2026:0927
Vulnerability from osv_almalinux
Published
2026-01-22 00:00
Modified
2026-01-24 01:52
Summary
Important: java-17-openjdk security update
Details
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
- JDK: Improve JMX connections (CVE-2026-21925)
- JDK: Improve HttpServer Request handling (CVE-2026-21933)
- JDK: Enhance Certificate Checking (CVE-2026-21945)
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
Bug Fix(es):
- When using a P11SecretKey for both signing and encryption in FIPS mode, the FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This was due to the default configuration not applying the CKA_ENCRYPT=true attribute to the key. The configuration in this release is updated to include this attribute. (AlmaLinux-142862, AlmaLinux-142881, AlmaLinux-142882, AlmaLinux-142883, AlmaLinux-142884, AlmaLinux-142885, AlmaLinux-142886, AlmaLinux-142887, AlmaLinux-142888)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-17-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-17-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:17.0.18.0.8-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. \n\nSecurity Fix(es): \n\n * JDK: Improve JMX connections (CVE-2026-21925)\n * JDK: Improve HttpServer Request handling (CVE-2026-21933)\n * JDK: Enhance Certificate Checking (CVE-2026-21945)\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n\nBug Fix(es): \n\n * When using a P11SecretKey for both signing and encryption in FIPS mode, the FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This was due to the default configuration not applying the CKA_ENCRYPT=true attribute to the key. The configuration in this release is updated to include this attribute. (AlmaLinux-142862, AlmaLinux-142881, AlmaLinux-142882, AlmaLinux-142883, AlmaLinux-142884, AlmaLinux-142885, AlmaLinux-142886, AlmaLinux-142887, AlmaLinux-142888)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0927",
"modified": "2026-01-24T01:52:06Z",
"published": "2026-01-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0927"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-0927.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-0927.html"
}
],
"related": [
"CVE-2026-21925",
"CVE-2026-21933",
"CVE-2026-21945",
"CVE-2025-64720",
"CVE-2025-65018"
],
"summary": "Important: java-17-openjdk security update"
}
alsa-2026:0928
Vulnerability from osv_almalinux
Published
2026-01-22 00:00
Modified
2026-01-26 11:04
Summary
Important: java-21-openjdk security update
Details
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
Security Fix(es):
- JDK: Improve JMX connections (CVE-2026-21925)
- JDK: Improve HttpServer Request handling (CVE-2026-21933)
- JDK: Enhance Certificate Checking (CVE-2026-21945)
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
Bug Fix(es):
- When using a P11SecretKey for both signing and encryption in FIPS mode, the FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This was due to the default configuration not applying the CKA_ENCRYPT=true attribute to the key. The configuration in this release is updated to include this attribute. (AlmaLinux-142860, AlmaLinux-142876, AlmaLinux-142877, AlmaLinux-142878, AlmaLinux-142879, AlmaLinux-142880)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-21-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-21-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-21-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:21.0.10.0.7-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. \n\nSecurity Fix(es): \n\n * JDK: Improve JMX connections (CVE-2026-21925)\n * JDK: Improve HttpServer Request handling (CVE-2026-21933)\n * JDK: Enhance Certificate Checking (CVE-2026-21945)\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n\nBug Fix(es): \n\n * When using a P11SecretKey for both signing and encryption in FIPS mode, the FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This was due to the default configuration not applying the CKA_ENCRYPT=true attribute to the key. The configuration in this release is updated to include this attribute. (AlmaLinux-142860, AlmaLinux-142876, AlmaLinux-142877, AlmaLinux-142878, AlmaLinux-142879, AlmaLinux-142880)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0928",
"modified": "2026-01-26T11:04:56Z",
"published": "2026-01-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0928"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-0928.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-0928.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-0928.html"
}
],
"related": [
"CVE-2026-21925",
"CVE-2026-21933",
"CVE-2026-21945",
"CVE-2025-64720",
"CVE-2025-65018"
],
"summary": "Important: java-21-openjdk security update"
}
alsa-2026:0932
Vulnerability from osv_almalinux
Published
2026-01-26 00:00
Modified
2026-01-29 13:07
Summary
Important: java-1.8.0-openjdk security update
Details
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
- JDK: Improve JMX connections (CVE-2026-21925)
- JDK: Improve HttpServer Request handling (CVE-2026-21933)
- JDK: Enhance Certificate Checking (CVE-2026-21945)
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
Bug Fix(es):
- When using a P11SecretKey for both signing and encryption in FIPS mode, the FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This was due to the default configuration not applying the CKA_ENCRYPT=true attribute to the key. The configuration in this release is updated to include this attribute. (AlmaLinux-142865, AlmaLinux-142866, AlmaLinux-142867, AlmaLinux-142868, AlmaLinux-142869, AlmaLinux-142870, AlmaLinux-142871, AlmaLinux-142872, AlmaLinux-142873, AlmaLinux-142874)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-accessibility"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-accessibility-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-accessibility-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "java-1.8.0-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-1.8.0-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.8.0.482.b08-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. \n\nSecurity Fix(es): \n\n * JDK: Improve JMX connections (CVE-2026-21925)\n * JDK: Improve HttpServer Request handling (CVE-2026-21933)\n * JDK: Enhance Certificate Checking (CVE-2026-21945)\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n\nBug Fix(es): \n\n * When using a P11SecretKey for both signing and encryption in FIPS mode, the FIPS PKCS11 provider would fail with a CKR_ATTRIBUTE_VALUE_INVALID error. This was due to the default configuration not applying the CKA_ENCRYPT=true attribute to the key. The configuration in this release is updated to include this attribute. (AlmaLinux-142865, AlmaLinux-142866, AlmaLinux-142867, AlmaLinux-142868, AlmaLinux-142869, AlmaLinux-142870, AlmaLinux-142871, AlmaLinux-142872, AlmaLinux-142873, AlmaLinux-142874)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0932",
"modified": "2026-01-29T13:07:43Z",
"published": "2026-01-26T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0932"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-0932.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-0932.html"
}
],
"related": [
"CVE-2026-21925",
"CVE-2026-21933",
"CVE-2026-21945",
"CVE-2025-64720",
"CVE-2025-65018"
],
"summary": "Important: java-1.8.0-openjdk security update"
}
alsa-2026:0933
Vulnerability from osv_almalinux
Published
2026-01-26 00:00
Modified
2026-01-28 14:39
Summary
Important: java-25-openjdk security update
Details
The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit.
Security Fix(es):
- JDK: Improve JMX connections (CVE-2026-21925)
- JDK: Improve HttpServer Request handling (CVE-2026-21933)
- JDK: Enhance Certificate Checking (CVE-2026-21945)
- libpng: LIBPNG buffer overflow (CVE-2025-64720)
- libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-crypto-adapter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-crypto-adapter-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-crypto-adapter-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "java-25-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-crypto-adapter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-crypto-adapter-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-crypto-adapter-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-demo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-demo-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-demo-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-devel-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-devel-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-headless"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-headless-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-headless-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-javadoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-javadoc-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-jmods"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-jmods-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-jmods-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-src"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-src-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-src-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-static-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-static-libs-fastdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "java-25-openjdk-static-libs-slowdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:25.0.2.0.10-1.el9.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. \n\nSecurity Fix(es): \n\n * JDK: Improve JMX connections (CVE-2026-21925)\n * JDK: Improve HttpServer Request handling (CVE-2026-21933)\n * JDK: Enhance Certificate Checking (CVE-2026-21945)\n * libpng: LIBPNG buffer overflow (CVE-2025-64720)\n * libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0933",
"modified": "2026-01-28T14:39:55Z",
"published": "2026-01-26T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21925"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21933"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-21945"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-0933.html"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-0933.html"
}
],
"related": [
"CVE-2026-21925",
"CVE-2026-21933",
"CVE-2026-21945",
"CVE-2025-64720",
"CVE-2025-65018"
],
"summary": "Important: java-25-openjdk security update"
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
CERTFR-2026-AVI-0014
Vulnerability from certfr_avis - Published: 2026-01-08 - Updated: 2026-01-08
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 18.5.5 | ||
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x antérieures à 18.6.3 | ||
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x antérieures à 18.7.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 18.5.5",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x ant\u00e9rieures \u00e0 18.6.3",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x ant\u00e9rieures \u00e0 18.7.1",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9222"
},
{
"name": "CVE-2025-11246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11246"
},
{
"name": "CVE-2025-10569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10569"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3950"
},
{
"name": "CVE-2025-13772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13772"
},
{
"name": "CVE-2025-13781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13781"
},
{
"name": "CVE-2025-13761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13761"
}
],
"initial_release_date": "2026-01-08T00:00:00",
"last_revision_date": "2026-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": "2026-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 GitLab",
"url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…