Java 17

hardened

Full version: 17 Analyzed: 2026-02-11

Size Reduction -123% 448.2 MB to 999.2 MB (-551.0 MB saved)

Component Reduction -7% 146 to 156 packages (-10 removed)

Vulnerability Reduction 66% 29 to 10 vulnerabilities (19 eliminated)

Image Comparison

Property	upstream	hardened
Image	docker.io/library/eclipse-temurin:17	ghcr.io/armorred/java:17-hardened
Size	448.2 MB	999.2 MB
Layers	5	100
Components	146	156
Vulnerabilities	29	10
Runtime User	root	65534

Vulnerability Analysis

upstream 29 total

7high

14medium

8low

hardened 10 total

3high

6medium

Upstream vulnerability details (29)

CVE ID	Severity	Package	Version	Fixed In
UBUNTU-CVE-2017-13716	medium	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-1149	low	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-11495	medium	binutils	2.42-4ubuntu2.8	2.45-7ubuntu1.2
UBUNTU-CVE-2025-1150	low	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-1151	low	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-1152	low	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-1180	low	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-66861	low	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-66862	high	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-66863	high	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-66864	high	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-66865	high	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2025-66866	high	binutils	2.42-4ubuntu2.8	unfixed
UBUNTU-CVE-2016-2781	medium	coreutils	9.4-3ubuntu6.1	unfixed
UBUNTU-CVE-2025-5278	medium	coreutils	9.4-3ubuntu6.1	unfixed
UBUNTU-CVE-2025-0167	low	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-10148	medium	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-14017	medium	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-14524	medium	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-14819	medium	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-15079	medium	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-15224	low	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2025-9086	high	curl	8.5.0-2ubuntu10.6	unfixed
UBUNTU-CVE-2024-2236	medium	libgcrypt20	1.10.3-2build1	unfixed
UBUNTU-CVE-2024-41996	high	openssl	3.0.13-0ubuntu3.7	unfixed
UBUNTU-CVE-2025-27587	medium	openssl	3.0.13-0ubuntu3.7	unfixed
UBUNTU-CVE-2025-45582	medium	tar	1.35+dfsg-3build1	unfixed
UBUNTU-CVE-2021-31879	medium	wget	1.21.4-1ubuntu4.1	unfixed
UBUNTU-CVE-2024-10524	medium	wget	1.21.4-1ubuntu4.1	unfixed

Hardened vulnerability details (10)

CVE ID	Severity	Package	Version	Fixed In
OSV-2023-298	high	cairo	1.18.2	04656d7450e229622546fd2b11496aa58c44181d
OSV-2023-1398	medium	file	5.45	81a0cbd10c347496bdee7dde78f7e47a16b4e79f
OSV-2023-505	high	file	5.45	1fc9175166fc5c5117838a1dcfb309b7c595eb56
OSV-2023-137	medium	harfbuzz	10.0.1	08784baf101aea472c133dcd67604b475ace3772
OSV-2023-1307	medium	libbpf	1.4.7	unfixed
OSV-2023-877	medium	libbpf	1.4.7	unfixed
OSV-2024-395	medium	libpcap	1.10.5	unfixed
OSV-2024-817	medium	libpcap	1.10.5	3cbf9ed34a0e040d53bfdb01f81870a61ad41ec6
OSV-2021-777	high	libxml2	2.13.8	unfixed
OSV-2023-197	unknown	p11-kit	0.25.5	unfixed

Software Bill of Materials

upstream components (146)

adduser 3.137ubuntu1
apt 2.8.3
base-files 13ubuntu10.3
base-passwd 3.6.3build1
bash 5.2.21-2ubuntu4
binutils 2.42-4ubuntu2.8
binutils-common 2.42-4ubuntu2.8
binutils-x86-64-linux-gnu 2.42-4ubuntu2.8
bsdutils 1:2.39.3-9ubuntu6.4
ca-certificates 20240203
coreutils 9.4-3ubuntu6.1
curl 8.5.0-2ubuntu10.6
dash 0.5.12-6ubuntu5
debconf 1.5.86ubuntu1
debianutils 5.17build1
diffutils 1:3.10-1build1
dirmngr 2.4.4-2ubuntu17.4
dpkg 1.22.6ubuntu6.5
e2fsprogs 1.47.0-2.4~exp1ubuntu4.1
findutils 4.9.0-5build1
fontconfig 2.15.0-1.1ubuntu2
fontconfig-config 2.15.0-1.1ubuntu2
fonts-dejavu-core 2.37-8
fonts-dejavu-mono 2.37-8
gcc-14-base 14.2.0-4ubuntu2~24.04
gnupg 2.4.4-2ubuntu17.4
gnupg-utils 2.4.4-2ubuntu17.4
gpg 2.4.4-2ubuntu17.4
gpg-agent 2.4.4-2ubuntu17.4
gpgconf 2.4.4-2ubuntu17.4
gpgsm 2.4.4-2ubuntu17.4
gpgv 2.4.4-2ubuntu17.4
grep 3.11-4build1
gzip 1.12-1ubuntu3.1
hostname 3.23+nmu2ubuntu2
init-system-helpers 1.66ubuntu1
jrt-fs 17.0.18
keyboxd 2.4.4-2ubuntu17.4
libacl1 2.3.2-1build1.1
libapt-pkg6.0t64 2.8.3
libassuan0 2.5.6-1build1
libattr1 1:2.5.2-1build1.1
libaudit-common 1:3.1.2-2.1build1.1
libaudit1 1:3.1.2-2.1build1.1
libbinutils 2.42-4ubuntu2.8
libblkid1 2.39.3-9ubuntu6.4
libbrotli1 1.1.0-2build2
libbz2-1.0 1.0.8-5.1build0.1
libc-bin 2.39-0ubuntu8.7
libc6 2.39-0ubuntu8.7
libcap-ng0 0.8.4-2build2
libcap2 1:2.66-5ubuntu2.2
libcom-err2 1.47.0-2.4~exp1ubuntu4.1
libcrypt1 1:4.4.36-4build1
libctf-nobfd0 2.42-4ubuntu2.8
libctf0 2.42-4ubuntu2.8
libcurl4t64 8.5.0-2ubuntu10.6
libdb5.3t64 5.3.28+dfsg2-7
libdebconfclient0 0.271ubuntu3
libexpat1 2.6.1-2ubuntu0.3
libext2fs2t64 1.47.0-2.4~exp1ubuntu4.1
libffi8 3.4.6-1build1
libfontconfig1 2.15.0-1.1ubuntu2
libfreetype6 2.13.2+dfsg-1build3
libgcc-s1 14.2.0-4ubuntu2~24.04
libgcrypt20 1.10.3-2build1
libgmp10 2:6.3.0+dfsg-2ubuntu6.1
libgnutls30t64 3.8.3-1.1ubuntu3.4
libgpg-error0 1.47-3build2.1
libgprofng0 2.42-4ubuntu2.8
libgssapi-krb5-2 1.20.1-6ubuntu2.6
libhogweed6t64 3.9.1-2.2build1.1
libidn2-0 2.3.7-2build1.1
libjansson4 2.14-2build2
libk5crypto3 1.20.1-6ubuntu2.6
libkeyutils1 1.6.3-3build1
libkrb5-3 1.20.1-6ubuntu2.6
libkrb5support0 1.20.1-6ubuntu2.6
libksba8 1.6.6-1build1
libldap2 2.6.10+dfsg-0ubuntu0.24.04.1
liblz4-1 1.9.4-1build1.1
liblzma5 5.6.1+really5.4.5-1ubuntu0.2
libmd0 1.1.0-2build1.1
libmount1 2.39.3-9ubuntu6.4
libncursesw6 6.4+20240113-1ubuntu2
libnettle8t64 3.9.1-2.2build1.1
libnghttp2-14 1.59.0-1ubuntu0.2
libnpth0t64 1.6-3.1build1
libp11-kit0 0.25.3-4ubuntu2.1
libpam-modules 1.5.3-5ubuntu5.5
libpam-modules-bin 1.5.3-5ubuntu5.5
libpam-runtime 1.5.3-5ubuntu5.5
libpam0g 1.5.3-5ubuntu5.5
libpcre2-8-0 10.42-4ubuntu2.1
libpng16-16t64 1.6.43-5ubuntu0.4
libproc2-0 2:4.0.4-4ubuntu3.2
libpsl5t64 0.21.2-1.1build1
libreadline8t64 8.2-4build1
librtmp1 2.4+20151223.gitfa8646d.1-2build7
libsasl2-2 2.1.28+dfsg1-5ubuntu3.1
libsasl2-modules-db 2.1.28+dfsg1-5ubuntu3.1
libseccomp2 2.5.5-1ubuntu3.1
libselinux1 3.5-2ubuntu2.1
libsemanage-common 3.5-1build5
libsemanage2 3.5-1build5
libsepol2 3.5-2build1
libsframe1 2.42-4ubuntu2.8
libsmartcols1 2.39.3-9ubuntu6.4
libsqlite3-0 3.45.1-1ubuntu2.5
libss2 1.47.0-2.4~exp1ubuntu4.1
libssh-4 0.10.6-2ubuntu0.2
libssl3t64 3.0.13-0ubuntu3.7
libstdc++6 14.2.0-4ubuntu2~24.04
libsystemd0 255.4-1ubuntu8.12
libtasn1-6 4.19.0-3ubuntu0.24.04.2
libtinfo6 6.4+20240113-1ubuntu2
libudev1 255.4-1ubuntu8.12
libunistring5 1.1-2build1.1
libuuid1 2.39.3-9ubuntu6.4
libxxhash0 0.8.2-2build1
libzstd1 1.5.5+dfsg2-2build1.1
locales 2.39-0ubuntu8.7
login 1:4.13+dfsg1-4ubuntu3.2
logsave 1.47.0-2.4~exp1ubuntu4.1
mawk 1.3.4.20240123-1build1
mount 2.39.3-9ubuntu6.4
ncurses-base 6.4+20240113-1ubuntu2
ncurses-bin 6.4+20240113-1ubuntu2
openssl 3.0.13-0ubuntu3.7
p11-kit 0.25.3-4ubuntu2.1
p11-kit-modules 0.25.3-4ubuntu2.1
passwd 1:4.13+dfsg1-4ubuntu3.2
perl-base 5.38.2-3.2ubuntu0.2
pinentry-curses 1.2.1-3ubuntu5
procps 2:4.0.4-4ubuntu3.2
readline-common 8.2-4build1
sed 4.9-2build1
sensible-utils 0.0.22
sysvinit-utils 3.08-6ubuntu3
tar 1.35+dfsg-3build1
tzdata 2025b-0ubuntu0.24.04.1
ubuntu-keyring 2023.11.28.1
unminimize 0.2.1
util-linux 2.39.3-9ubuntu6.4
wget 1.21.4-1ubuntu4.1
zlib1g 1:1.3.dfsg-3.1ubuntu2.1

hardened components (156)

acl 2.3.2
alsa-lib 1.2.12
alsa-topology-conf 1.2.5.1
alsa-ucm-conf 1.2.12
at-spi2-core 2.54.1
attr 2.5.2
audit 4.0
avahi 0.8
bash 5.2p37
bash-interactive 5.2p37
brotli 1.1.0
bzip2 1.0.8
bzip2 1.0.8
cairo 1.18.2
coreutils 9.5
cracklib 2.10.0
cryptsetup 2.7.5
cups 2.4.11
curl 8.12.1
db 4.8.30
dbus 1.14.10
dconf 0.40.0
dejavu-fonts-minimal 2.37
dns-root-data 2024-06-20
elfutils 0.191
expat 2.7.1
file 5.45
fontconfig 2.15.0
fontconfig 2.15.0
freetype 2.13.3
fribidi 1.0.16
gcc 13.3.0
gcc 13.3.0
gdk-pixbuf 2.42.12
getent-glibc 2.40-66
giflib 5.2.2
glib 2.82.1
glibc 2.40-66
glibc 2.40-66
gmp-with-cxx 6.3.0
gmp-with-cxx 6.3.0
gnugrep 3.11
gnupg 2.4.5
gnutar 1.35
gnutls 3.8.6
gobject-introspection 1.82.0
graphite2 1.3.14
gsettings-desktop-schemas 47.1
gtk+3 3.24.43
gzip 1.13
harfbuzz 10.0.1
icu4c 74.2
iptables 1.8.10
iso-codes 4.17.0
jrt-fs 21.0.7
json-c 0.17
json-glib 1.10.0
kbd 2.6.4
kexec-tools 2.0.29
keyutils 1.6.3
kmod 31
kmod 31
krb5 1.21.3
lcms2 2.16
lerc 4.0.0
libX11 1.8.10
libXau 1.0.11
libXcomposite 0.4.6
libXcursor 1.2.2
libXdamage 1.1.6
libXdmcp 1.1.5
libXext 1.3.6
libXfixes 6.0.1
libXft 2.3.8
libXi 1.8.2
libXinerama 1.1.5
libXrandr 1.5.4
libXrender 0.9.11
libXtst 1.2.5
libapparmor 4.0.3
libarchive 3.7.8
libassuan 2.5.7
libbpf 1.4.7
libcap 2.70
libcbor 0.11.0
libdaemon 0.14
libdatrie 2019-12-20
libdeflate 1.22
libepoxy 1.5.10
libevent 2.1.12
libffi 3.4.6
libfido2 1.15.0
libgcrypt 1.10.3
libglvnd 1.7.0
libgpg-error 1.50
libidn2 2.3.7
libjpeg-turbo 3.0.4
libmicrohttpd 1.0.1
libmnl 1.0.5
libnetfilter_conntrack 1.1.0
libnfnetlink 1.0.2
libnftnl 1.2.8
libnl 3.10.0
libpcap 1.10.5
libpng-apng 1.6.43
libpsl 0.21.5
libpwquality 1.4.5
libseccomp 2.5.5
libselinux 3.7
libsoup 3.6.1
libssh2 1.11.1
libtasn1 4.20.0
libthai 0.1.29
libtiff 4.7.0
libunistring 1.2
libwebp 1.4.0
libxcb 1.17.0
libxcrypt 4.4.36
libxkbcommon 1.7.0
libxml2 2.13.8
linux-pam 1.6.1
lvm2 2.03.31
lz4 1.10.0
ncurses 6.4.20221231
nettle 3.10
nghttp2 1.64.0
npth 1.7
openjdk 21.0.7+6
openssl 3.3.3
p11-kit 0.25.5
pango 1.54.0
pcre2 10.44
pcsclite 2.3.0
pixman 0.43.4
publicsuffix-list-0 unstable-2024-10-25
qrencode 4.1.1
readline 8.2p13
sqlite 3.46.1
systemd 256.10
systemd-minimal 256.10
systemd-minimal-libs 256.10
tinysparql 3.8.1
tpm2-tss 4.1.3
unbound 1.22.0
util-linux-minimal 2.39.4
util-linux-minimal 2.39.4
util-linux-minimal 2.39.4
util-linux-minimal 2.39.4
wayland 1.23.1
xgcc 13.3.0
xkeyboard-config 2.43
xz 5.6.3
xz 5.6.3
zlib 1.3.1
zstd 1.5.6
zstd 1.5.6

Download SBOMs

Upstream SBOM Hardened SBOM

Usage

$
podman pull ghcr.io/armorred/java:17

Verify Signature

$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/java:17