SLFS Advisories

This page covers advisories, notably in relation with security and changes that may have broken earlier versions of the book.

This page is ordered like the Changelog of the book, with newest items first.

12.4 to 12.5

Security Advisories

slfs-sa-12.4-001: OpenJDK-17 - Rating: High (Date: October 23rd, 2025)

In OpenJDK-17.0.17-ga, two security vulnerabilties were fixed that could allow for exploitation of APIs via multiple network protocols, leading to creation, modification, and deletion of data. This is especially an issue with Minecraft servers, as an affected JDK version will have elevated privileges because of calls to mods/modpacks. These vulnerabilities affect other major JDK versions. If you have multiple OpenJDK versions built, update all of them if there is an update present. These security vulnerabilities have been assigned CVE-2025-53057 and CVE-2025-53066.

To update to OpenJDK-17.0.17-ga, follow the OpenJDK installation page. SysVinit and Systemd instructions for the page do not differ. The Java page also has the new version.