| Package | openjdk-8 |
|---|---|
| Version | 8u492-ga-1~deb9u1 (stretch) |
| Related CVEs | CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268 |
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect generation of cryptographic keys, denial of service, information disclosure, XXE/XEE attacks or incorrect validation of Kerberos credentials.
For Debian 9 stretch, these problems have been fixed in version 8u492-ga-1~deb9u1.
We recommend that you upgrade your openjdk-8 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.