SUSE-SU-2025:02563-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202502563-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02563-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:02563-1
- Upstream
- Related
- Published
- 2025-07-31T02:15:52Z
- Modified
- 2025-07-31T18:03:18.900110Z
- Summary
- Security update for java-11-openjdk
- Details
-
This update for java-11-openjdk fixes the following issues:
Upgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU):
Security fixes:
- CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
- CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598)
- CVE-2025-30761: Improve scripting supports (bsc#1246580)
- CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
- CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)
Changelog:
+ JDK-8026976: ECParameters, Point does not match field size + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8231058: VerifyOops crashes with assert(_offset >= 0) failed: offset for non comment? + JDK-8232625: HttpClient redirect policy should be more conservative + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8301753: AppendFile/WriteFile has differences between make 3.81 and 4+ + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8328957: Update PKCS11Test.java to not use hardcoded path + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345625: Better HTTP connections + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8348110: Update LCMS to 2.17 + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349594: Enhance TLS protocol support + JDK-8350469: [11u] Test AbsPathsInImage.java fails - JDK-8239429 public clone + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350991: Improve HTTP client header handling + JDK-8351099: Bump update version of OpenJDK: 11.0.28 + JDK-8351422: Improve scripting supports + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux - References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202502563-1/
- https://bugzilla.suse.com/1246575
- https://bugzilla.suse.com/1246580
- https://bugzilla.suse.com/1246584
- https://bugzilla.suse.com/1246595
- https://bugzilla.suse.com/1246598
- https://www.suse.com/security/cve/CVE-2025-30749
- https://www.suse.com/security/cve/CVE-2025-30754
- https://www.suse.com/security/cve/CVE-2025-30761
- https://www.suse.com/security/cve/CVE-2025-50059
- https://www.suse.com/security/cve/CVE-2025-50106
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / java-11-openjdk
Package
- Name
- java-11-openjdk
- Purl
- pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS