The Red Hat java-21-openjdk security update addresses four security vulnerabilities: CVE-2025-30749 and CVE-2025-50106 related to glyph drawing improvements, CVE-2025-30754 enhancing TLS protocol support, and CVE-2025-50059 improving HTTP client header handling. Additionally, the update resolves bugs affecting screen capture functionality on Wayland graphical systems by recommending the PipeWire package and fixes a stability issue in the G1 garbage collector on NUMA systems caused by thread migration across NUMA nodes. These fixes are provided for multiple Red Hat Enterprise Linux and CodeReady Linux Builder versions across various architectures. The advisory references official Red Hat documentation for applying the update.

The vulnerabilities fixed by this update affect the OpenJDK 21 runtime and SDK, potentially impacting applications relying on Java for graphical rendering, secure communications via TLS, and HTTP client operations. The bugs fixed improve system stability and functionality on Wayland graphical environments and NUMA hardware architectures. While the security impact is rated as important, no exploits are currently known in the wild. The update mitigates risks related to incorrect glyph rendering, TLS protocol weaknesses, and HTTP header handling errors, which could otherwise affect application reliability and security.

An official security update is available from Red Hat for java-21-openjdk packages on supported Red Hat Enterprise Linux and CodeReady Linux Builder versions. Users should apply this update promptly following Red Hat's published guidance at https://access.redhat.com/articles/11258 to remediate the listed vulnerabilities and bugs. The update also recommends installing the PipeWire package on Wayland systems to restore screen capture functionality. No additional mitigations are indicated by Red Hat beyond applying the provided update.