[El-errata] ELSA-2025-10873 Important: Oracle Linux 8 java-21-openjdk security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Jul 30 16:26:08 UTC 2025
Oracle Linux Security Advisory ELSA-2025-10873
http://linux.oracle.com/errata/ELSA-2025-10873.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
java-21-openjdk-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-zip-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-fastdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-slowdebug-21.0.8.0.9-1.0.1.el8.x86_64.rpm
aarch64:
java-21-openjdk-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-zip-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-fastdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-slowdebug-21.0.8.0.9-1.0.1.el8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/java-21-openjdk-21.0.8.0.9-1.0.1.el8.src.rpm
Related CVEs:
CVE-2025-30749
CVE-2025-30754
CVE-2025-50059
CVE-2025-50106
Description of changes:
[1:21.0.8.0.9-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]
[1:21.0.8.0.9-1.1]
- Update to jdk-21.0.8+9 (GA)
- Update release notes to 21.0.8+9
- Switch to GA mode
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. **
- Resolves: RHEL-102278
[1:21.0.8.0.8-0.1.ea]
- Update to jdk-21.0.8+8 (EA)
- Update release notes to 21.0.8+8
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-101799
[1:21.0.8.0.2-0.1.ea]
- Update to jdk-21.0.8+2 (EA)
- Update release notes to 21.0.8+2
- Sync the copy of the portable specfile with the latest update
- Add timezone data update check to openjdk_news.sh
- Add duplicate check to openjdk_news.sh
- Exit if no fixes are obtained rather than try to run filters in openjdk_news.sh
- Related: RHEL-101799
- Resolves: RHEL-103210
[1:21.0.8.0.1-0.1.ea]
- Update get_bundle_versions.sh to match other scripts
- * get_bundle_versions.sh: Add license
- * get_bundle_versions.sh: Set compile-command in Emacs
- * get_bundle_versions.sh: Use different error codes for different failures
- * get_bundle_versions.sh: Remove unneeded '.' in JPEG version
- * get_bundle_versions.sh: shellcheck: Double-quote variable references (SC2086)
- * get_bundle_versions.sh: shellcheck: Drop use of cat and pass file to awk directly (SC2002)
- Add OpenJDK 8u support to get_bundle_versions.sh
- Print bundle updates and backouts at end of openjdk_news.sh output
- Refer user to get_bundle_versions.sh when bundle updates are found by openjdk_news.sh
- Related: RHEL-103210
[1:21.0.8.0.1-0.1.ea]
- Add script to obtain bundled library versions from OpenJDK sources
- Related: RHEL-103210
[1:21.0.8.0.1-0.1.ea]
- Warn about bundled provide version bumps and backouts in openjdk_news.sh
- Related: RHEL-103210
[1:21.0.8.0.1-0.1.ea]
- Update to jdk-21.0.8+1 (EA)
- Update release notes to 21.0.8+1
- Bump freetype version to 2.13.3 following JDK-8348596
- Bump harfbuzz version to 10.4.0 following JDK-8348597
- Bump lcms2 version to 2.17.0 following JDK-8348110
- Bump libpng version to 1.6.47 following JDK-8348598
- Switch to EA mode
- Drop JDK-8351500 local patch which is now available in 21.0.8+1 upstream
- Sync the copy of the portable specfile with the latest update
- Related: RHEL-101799
More information about the El-errata
mailing list