34206 – java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk and java-latest-openjdk new security issues

Bug 34206 - java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk and java-latest-openjdk new security issues

Summary: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk and jav...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-32-OK MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-04-22 10:32 CEST by Nicolas Salguero
Modified:	2025-05-13 22:57 CEST (History)
CC List:	7 users (show)

See Also:
Source RPM:	java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk
CVE:	CVE-2025-21587, CVE-2025-30691, CVE-2025-30698
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-04-22 10:32:27 CEST

RedHat has issued advisories on April 16:
https://access.redhat.com/errata/RHSA-2025:3845 (java-1.8.0-openjdk)
https://access.redhat.com/errata/RHSA-2025:3850 (java-11-openjdk)
https://access.redhat.com/errata/RHSA-2025:3853 (java-17-openjdk)
https://access.redhat.com/errata/RHSA-2025:3856 (java-21-openjdk)

Corresponding Oracle CPU:
https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA

Nicolas Salguero 2025-04-22 10:33:25 CEST

Whiteboard: (none) => MGA9TOO
Source RPM: (none) => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, java-latest-openjdk
CVE: (none) => CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

Morgan Leijström 2025-04-22 11:28:45 CEST

CC: (none) => fri

Comment 1 Lewis Smith 2025-04-22 21:37:22 CEST

I think these are the patches per OpenJDK version:

CVE-2025-21587
OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/3cdd3081565d890801a27a1f9ac8bc53e5711ce6

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/2adb01e8c5fbcc3dfa9f82df3deccb3a1705bf13

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/73aa304234f2ec17abbb640b7f2d0503cf1bfc91

OpenJDK-21 upstream commit:
https://github.com/openjdk/jdk21u/commit/d5c94adf69ba20f5652453729620c4f1c8e4860e

CVE-2025-30691
OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/949c6ffc54efaa92d6559a3e7897432b95e99253

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/2b70822671cf5f9b37956949421e7c77da082c8e

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/5b0a5f436fb9817d679f64302b37543bf160d43d

OpenJDK-21 upstream commit:
https://github.com/openjdk/jdk21u/commit/11067d7e975ce71bedbfdd314519ec9ff689a7e7

CVE-2025-30698
OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/68d10daabaf9c939a5d2e665994c6d348f38cfd5

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/ea1389c971827876134a6d1d3ab2934681e9f3d6

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/0a89eb2588334226531e8e25ac340eabbc00bd6d

OpenJDK-21 upstream commit:
https://github.com/openjdk/jdk21u/commit/3048e287d8ea7d5e0d19d9188eb4212801ebf2a2

Assigning to Java stack maintainers.

Assignee: bugsquad => java

Comment 2 Nicolas Salguero 2025-04-25 15:54:42 CEST

java-latest-openjdk (java 24) cannot build because it needs graphviz and, more problematic, pandoc to generate the man pages.

Comment 3 Nicolas Salguero 2025-04-25 15:55:17 CEST

Partial list of files:

timezone-2025a-1.mga9
timezone-java-2025a-1.mga9

java-1.8.0-openjdk-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-javadoc-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-javadoc-zip-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-slowdebug-1.8.0.452.b09-1.mga9

java-11-openjdk-11.0.27.0.6-1.mga9
java-11-openjdk-demo-11.0.27.0.6-1.mga9
java-11-openjdk-demo-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-demo-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-devel-11.0.27.0.6-1.mga9
java-11-openjdk-devel-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-devel-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-headless-11.0.27.0.6-1.mga9
java-11-openjdk-headless-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-headless-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-javadoc-11.0.27.0.6-1.mga9
java-11-openjdk-javadoc-zip-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-src-11.0.27.0.6-1.mga9
java-11-openjdk-src-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-src-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-slowdebug-11.0.27.0.6-1.mga9

java-17-openjdk-17.0.15.0.6-1.mga9
java-17-openjdk-demo-17.0.15.0.6-1.mga9
java-17-openjdk-demo-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-demo-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-devel-17.0.15.0.6-1.mga9
java-17-openjdk-devel-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-devel-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-headless-17.0.15.0.6-1.mga9
java-17-openjdk-headless-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-headless-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-javadoc-17.0.15.0.6-1.mga9
java-17-openjdk-javadoc-zip-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-src-17.0.15.0.6-1.mga9
java-17-openjdk-src-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-src-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-slowdebug-17.0.15.0.6-1.mga9

from SRPMS:
timezone-2025a-1.mga9.src.rpm
java-1.8.0-openjdk-1.8.0.452.b09-1.mga9.src.rpm
java-11-openjdk-11.0.27.0.6-1.mga9.src.rpm
java-17-openjdk-17.0.15.0.6-1.mga9.src.rpm

Comment 4 Morgan Leijström 2025-04-26 14:01:22 CEST

mga9-64 Tested java 1.8 OK
Runs my invoicing/bookkeeping program FriBok incl printing

---

So what is the plan about currently not buildable java-latest-openjdk (java 24)
(comment 2)

I CC QA for testing of the other versions meanwhile.

CC: (none) => qa-bugs
Status comment: (none) => To fix: java-latest-openjdk - comment 2

Comment 5 Nicolas Salguero 2025-04-28 17:03:35 CEST

(In reply to Morgan Leijström from comment #4)
> So what is the plan about currently not buildable java-latest-openjdk (java
> 24)
> (comment 2)

I removed man pages to fix the build of java 24.  I also had to exclude i586 because it crashed during the build (for Cauldron, i686 build was successful).

Java 24 is the first version that officially states that 32bits arches are deprecated (configure is run with "--enable-deprecated-ports=yes" as an option) and that, in a future version, it might be impossible to build java for 32bits arches.

Comment 6 Nicolas Salguero 2025-04-28 17:07:43 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Better TLS connection support. (CVE-2025-21587)

Improve compiler transformations. (CVE-2025-30691)

Enhance Buffered Image handling. (CVE-2025-30698)

References:
https://access.redhat.com/errata/RHSA-2025:3845
https://access.redhat.com/errata/RHSA-2025:3850
https://access.redhat.com/errata/RHSA-2025:3853
https://access.redhat.com/errata/RHSA-2025:3856
https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA
========================

Updated packages in core/updates_testing:
========================
timezone-2025a-1.mga9
timezone-java-2025a-1.mga9

java-1.8.0-openjdk-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-javadoc-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-javadoc-zip-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-slowdebug-1.8.0.452.b09-1.mga9

java-11-openjdk-11.0.27.0.6-1.mga9
java-11-openjdk-demo-11.0.27.0.6-1.mga9
java-11-openjdk-demo-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-demo-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-devel-11.0.27.0.6-1.mga9
java-11-openjdk-devel-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-devel-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-headless-11.0.27.0.6-1.mga9
java-11-openjdk-headless-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-headless-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-javadoc-11.0.27.0.6-1.mga9
java-11-openjdk-javadoc-zip-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-src-11.0.27.0.6-1.mga9
java-11-openjdk-src-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-src-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-slowdebug-11.0.27.0.6-1.mga9

java-17-openjdk-17.0.15.0.6-1.mga9
java-17-openjdk-demo-17.0.15.0.6-1.mga9
java-17-openjdk-demo-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-demo-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-devel-17.0.15.0.6-1.mga9
java-17-openjdk-devel-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-devel-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-headless-17.0.15.0.6-1.mga9
java-17-openjdk-headless-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-headless-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-javadoc-17.0.15.0.6-1.mga9
java-17-openjdk-javadoc-zip-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-src-17.0.15.0.6-1.mga9
java-17-openjdk-src-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-src-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-slowdebug-17.0.15.0.6-1.mga9

java-latest-openjdk-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-demo-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-demo-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-demo-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-devel-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-devel-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-devel-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-headless-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-headless-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-headless-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-javadoc-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-javadoc-zip-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-jmods-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-jmods-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-jmods-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-src-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-src-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-src-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-static-libs-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-static-libs-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-static-libs-slowdebug-24.0.1.0.9-1.rolling.1.mga9

from SRPMS:
timezone-2025a-1.mga9.src.rpm
java-1.8.0-openjdk-1.8.0.452.b09-1.mga9.src.rpm
java-11-openjdk-11.0.27.0.6-1.mga9.src.rpm
java-17-openjdk-17.0.15.0.6-1.mga9.src.rpmjava-latest-openjdk-24.0.1.0.9-1.rolling.1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: java => qa-bugs
Status comment: To fix: java-latest-openjdk - comment 2 => (none)
Version: Cauldron => 9
Source RPM: java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, java-latest-openjdk => java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk

Comment 7 Nicolas Salguero 2025-04-28 17:08:26 CEST

Updated packages in core/updates_testing:
========================
timezone-2025a-1.mga9
timezone-java-2025a-1.mga9

java-1.8.0-openjdk-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-demo-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-devel-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-headless-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-javadoc-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-javadoc-zip-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-devel-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-openjfx-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-slowdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-fastdebug-1.8.0.452.b09-1.mga9
java-1.8.0-openjdk-src-slowdebug-1.8.0.452.b09-1.mga9

java-11-openjdk-11.0.27.0.6-1.mga9
java-11-openjdk-demo-11.0.27.0.6-1.mga9
java-11-openjdk-demo-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-demo-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-devel-11.0.27.0.6-1.mga9
java-11-openjdk-devel-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-devel-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-headless-11.0.27.0.6-1.mga9
java-11-openjdk-headless-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-headless-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-javadoc-11.0.27.0.6-1.mga9
java-11-openjdk-javadoc-zip-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-jmods-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-src-11.0.27.0.6-1.mga9
java-11-openjdk-src-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-src-slowdebug-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-fastdebug-11.0.27.0.6-1.mga9
java-11-openjdk-static-libs-slowdebug-11.0.27.0.6-1.mga9

java-17-openjdk-17.0.15.0.6-1.mga9
java-17-openjdk-demo-17.0.15.0.6-1.mga9
java-17-openjdk-demo-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-demo-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-devel-17.0.15.0.6-1.mga9
java-17-openjdk-devel-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-devel-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-headless-17.0.15.0.6-1.mga9
java-17-openjdk-headless-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-headless-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-javadoc-17.0.15.0.6-1.mga9
java-17-openjdk-javadoc-zip-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-jmods-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-src-17.0.15.0.6-1.mga9
java-17-openjdk-src-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-src-slowdebug-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-fastdebug-17.0.15.0.6-1.mga9
java-17-openjdk-static-libs-slowdebug-17.0.15.0.6-1.mga9

java-latest-openjdk-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-demo-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-demo-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-demo-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-devel-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-devel-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-devel-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-headless-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-headless-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-headless-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-javadoc-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-javadoc-zip-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-jmods-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-jmods-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-jmods-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-src-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-src-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-src-slowdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-static-libs-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-static-libs-fastdebug-24.0.1.0.9-1.rolling.1.mga9
java-latest-openjdk-static-libs-slowdebug-24.0.1.0.9-1.rolling.1.mga9

from SRPMS:
timezone-2025a-1.mga9.src.rpm
java-1.8.0-openjdk-1.8.0.452.b09-1.mga9.src.rpm
java-11-openjdk-11.0.27.0.6-1.mga9.src.rpm
java-17-openjdk-17.0.15.0.6-1.mga9.src.rpm
java-latest-openjdk-24.0.1.0.9-1.rolling.1.mga9.src.rpm

katnatek 2025-04-28 18:39:21 CEST

Keywords: (none) => advisory

PC LX 2025-04-29 13:20:21 CEST

CC: (none) => mageia

Comment 8 katnatek 2025-04-29 20:01:44 CEST

RH x86_64

installing timezone-2025a-1.mga9.x86_64.rpm timezone-java-2025a-1.mga9.noarch.rpm java-17-openjdk-headless-17.0.15.0.6-1.mga9.x86_64.rpm java-17-openjdk-17.0.15.0.6-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/4: timezone-java         ##################################################################################################
      2/4: java-17-openjdk-headless
                                 #################################################################################################warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/conf/net.properties created as /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/conf/net.properties.rpmnew
warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/conf/security/java.policy created as /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/conf/security/java.policy.rpmnew
warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/conf/security/java.security created as /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/conf/security/java.security.rpmnew
warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/lib/security/default.policy created as /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/lib/security/default.policy.rpmnew
warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/lib/security/public_suffix_list.dat created as /etc/java/java-17-openjdk/java-17-openjdk-17.0.15.0.6-1.mga9.x86_64/lib/security/public_suffix_list.dat.rpmnew
#
      3/4: java-17-openjdk       ##################################################################################################
      4/4: timezone              ##################################################################################################
      1/4: removing java-17-openjdk-1:17.0.14.0.7-1.mga9.x86_64
                                 ##################################################################################################
      2/4: removing java-17-openjdk-headless-1:17.0.14.0.7-1.mga9.x86_64
                                 ########################################################################################warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/lib/security/public_suffix_list.dat saved as /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/lib/security/public_suffix_list.dat.rpmsave
warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/lib/security/default.policy saved as /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/lib/security/default.policy.rpmsave
####warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/conf/security/java.security saved as /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/conf/security/java.security.rpmsave
warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/conf/security/java.policy saved as /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/conf/security/java.policy.rpmsave
###warning: /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/conf/net.properties saved as /etc/java/java-17-openjdk/java-17-openjdk-17.0.14.0.7-1.mga9.x86_64/conf/net.properties.rpmsave
###
      3/4: removing timezone-java-6:2024a-1.mga9.noarch
                                 ##################################################################################################
      4/4: removing timezone-6:2024a-1.mga9.x86_64
                                 ##################################################################################################

jdownlader starts and update without issues

Comment 9 Herman Viaene 2025-05-03 11:53:00 CEST

MGA9-64 Plasma Wayland on Compaq H000SB.
No installation issues.
Ref bug 33954 for testing:
As in bug 33648 tested all versions one by one, running my LO Base application on Mageia's (defective) latest version and get the same results: crashes with 1.8.0 and 11, expacted behavior OK wuth 17 and 24.
Also run Biogenesis. Not sure what it exactly represents, but items (organisms) on the screen move and grow, So this should also be OK.
AFAICS, this is good enough to go.

CC: (none) => herman.viaene

Comment 10 Thomas Andrews 2025-05-12 03:25:04 CEST

MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100. Qarepo was unable to locate many of the packages on the list, but by using wildcards I was able to get these packages:

java-1.8.0-openjdk-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-demo-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-devel-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-headless-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-javadoc-1.8.0.452.b09-1.mga9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.452.b09-1.mga9.noarch.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-src-1.8.0.452.b09-1.mga9.i586.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.452.b09-1.mga9.i586.rpm
java-11-openjdk-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-demo-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-demo-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-devel-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-devel-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-headless-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-headless-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-javadoc-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-javadoc-zip-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-jmods-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-jmods-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-src-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-src-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-static-libs-11.0.27.0.6-1.mga9.i586.rpm
java-11-openjdk-static-libs-slowdebug-11.0.27.0.6-1.mga9.i586.rpm
java-17-openjdk-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-demo-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-demo-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-devel-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-devel-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-headless-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-headless-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-javadoc-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-javadoc-zip-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-jmods-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-jmods-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-src-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-src-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-static-libs-17.0.15.0.6-1.mga9.i586.rpm
java-17-openjdk-static-libs-slowdebug-17.0.15.0.6-1.mga9.i586.rpm
timezone-2025a-1.mga9.i586.rpm
timezone-java-2025a-1.mga9.noarch.rpm

It was apparently all that was necessary. (Seems like I ran into this before, so I guess it's expected.)

The following 6 packages are going to be installed:

- java-11-openjdk-11.0.27.0.6-1.mga9.i586
- java-11-openjdk-headless-11.0.27.0.6-1.mga9.i586
- java-17-openjdk-17.0.15.0.6-1.mga9.i586
- java-17-openjdk-headless-17.0.15.0.6-1.mga9.i586
- timezone-2025a-1.mga9.i586
- timezone-java-2025a-1.mga9.noarch

No installation issues. I opened a few old documents with Writer and Calc, with no issues. So, I guess this is OK for 32-bit.

CC: (none) => andrewsfarm

Comment 11 Thomas Andrews 2025-05-13 15:50:47 CEST

Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
CC: (none) => sysadmin-bugs

Comment 12 Dan Fandrich 2025-05-13 21:01:16 CEST

The timezone package updates don't strike me as related to this security fix and time isn't mentioned in the CVEs. Those packages should really be handled as a regular bugfix update if so.

CC: (none) => dan

Comment 13 Nicolas Salguero 2025-05-13 21:39:49 CEST

(In reply to Dan Fandrich from comment #12)
> The timezone package updates don't strike me as related to this security fix
> and time isn't mentioned in the CVEs. Those packages should really be
> handled as a regular bugfix update if so.

The timezone package updates are required by those versions of openjdk so they need to be in the same advisory.

Comment 14 Dan Fandrich 2025-05-13 22:13:48 CEST

I'll add something to the advisory about that then.

Comment 15 Mageia Robot 2025-05-13 22:57:26 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0156.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.