SUSE-SU-2025:03262-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202503262-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03262-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:03262-1
- Upstream
- Related
- Published
- 2025-09-18T06:42:05Z
- Modified
- 2025-09-18T20:17:22.604959Z
- Summary
- Security update for java-1_8_0-ibm
- Details
-
This update for java-180-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 8 Fix Pack 50.
Security issues fixed:
- Oracle July 15 2025 CPU (bsc#1247754).
- CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595).
- CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598).
- CVE-2025-30761: issue in the Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580).
- CVE-2025-50059: issue in the Networking component allows unauthenticated attacker with network access to gain unauthorized access to critical data (bsc#1246575).
- CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584).
Other issues fixed:
- Class Libraries:
- Oracle Security Fix 8348989: Better Glyph drawing.
- Removal of Baltimore root certificate and TWO CAMERFIRMA root CA certificates from CACERTS.
- Update timezone information to the latest TZDATA2025B.
- Java Virtual Machine:
- Assertion failure at copyforwardscheme.cpp.
- JIT Compiler:
- GC assert due to an invalid object reference.
- SIGILL from JIT compiled method.
- Unexpected behaviour with very large arrays.
- Security:
- Deserialization of a serialized RSAPrivateCrtKey is throwing an exception.
- EDDSAsignature fails when doing multiple update.
- HTTPS channel binding support.
- IBMJCEPlus provider supports post quantum cryptography algorithms ML-KEM (key encapsulation) and ML-DSA (digital signature).
- Key certificate management: Extended key usage cannot be set without having key usage extension in certificate request.
- MessageDigest.update API does not throw the correct exception.
- Oracle Security Fix 8349594: Enhance TLS protocol support.
- Problem getting key in PKCS12 keystore on MAC.
- TLS support for the EDDSA signature algorithm.
- Wrong algorithm name returned for EDDSA keys.
- z/OS Extentions:
- IBMJCEHybridException with hybrid provider in GCM mode.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202503262-1/
- https://bugzilla.suse.com/1246575
- https://bugzilla.suse.com/1246580
- https://bugzilla.suse.com/1246584
- https://bugzilla.suse.com/1246595
- https://bugzilla.suse.com/1246598
- https://bugzilla.suse.com/1247754
- https://www.suse.com/security/cve/CVE-2025-30749
- https://www.suse.com/security/cve/CVE-2025-30754
- https://www.suse.com/security/cve/CVE-2025-30761
- https://www.suse.com/security/cve/CVE-2025-50059
- https://www.suse.com/security/cve/CVE-2025-50106
Affected packages
openSUSE:Leap 15.6
java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- pkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0_sr8.50-150000.3.104.1
Ecosystem specific
{
"binaries": [
{
"java-1_8_0-ibm-demo": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-32bit": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-src": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-devel-32bit": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-plugin": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-alsa": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-devel": "1.8.0_sr8.50-150000.3.104.1"
}
]
}SUSE:Enterprise Storage 7.1
java-1_8_0-ibm
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS
java-1_8_0-ibm
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS
java-1_8_0-ibm
SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS
java-1_8_0-ibm
SUSE:Linux Enterprise Module for Legacy 15 SP6
java-1_8_0-ibm
SUSE:Linux Enterprise Module for Legacy 15 SP7
java-1_8_0-ibm
Package
- Name
- java-1_8_0-ibm
- Purl
- pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.0_sr8.50-150000.3.104.1
Ecosystem specific
{
"binaries": [
{
"java-1_8_0-ibm-plugin": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-demo": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-alsa": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-src": "1.8.0_sr8.50-150000.3.104.1",
"java-1_8_0-ibm-devel": "1.8.0_sr8.50-150000.3.104.1"
}
]
}