{"id":"MGASA-2026-0024","summary":"Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-latest-openjdk packages fix security vulnerabilities","details":"LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite`\nvia incorrect palette premultiplication. (CVE-2025-64720)\nLIBPNG is vulnerable to a heap buffer overflow in `png_combine_row`\ntriggered via `png_image_finish_read`. (CVE-2025-65018)\nImprove JMX connections. (CVE-2026-21925)\nImprove HttpServer Request handling. (CVE-2026-21933)\nEnhance Certificate Checking. (CVE-2026-21945)\n","modified":"2026-02-04T03:41:58.824839Z","published":"2026-01-29T19:22:06Z","related":["CVE-2025-64720","CVE-2025-65018","CVE-2026-21925","CVE-2026-21933","CVE-2026-21945"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0024.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35045"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA"}],"affected":[{"package":{"name":"java-11-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-11-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.30.0.7-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0024.json"}},{"package":{"name":"java-17-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-17-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.0.18.0.8-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0024.json"}},{"package":{"name":"java-1.8.0-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-1.8.0-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0.482.b08-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0024.json"}},{"package":{"name":"java-latest-openjdk","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/java-latest-openjdk?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"25.0.2.0.10-1.rolling.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0024.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}