drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in java-11-openjdk
| Name: |
Mehrere Probleme in java-11-openjdk |
|
| ID: |
SUSE-SU-2025:1399-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Linux Enterprise Server 12 SP5, SUSE Linux Enterprise High Performance Computing 12 SP5, SUSE Linux Enterprise Server for SAP Applications 12 SP5, SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security, SUSE Linux Enterprise Server 12 SP5 LTSS |
|
| Datum: |
Di, 29. April 2025, 23:47 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2025-30691
https://www.cve.org/CVERecord?id=CVE-2025-30698
https://www.cve.org/CVERecord?id=CVE-2025-21587 |
|
| Applikationen: |
OpenJDK |
|
Originalnachricht |
--===============4186748189931610735==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for java-11-openjdk
Announcement ID: SUSE-SU-2025:1399-1
Release Date: 2025-04-29T13:35:11Z
Rating: important
References:
* bsc#1241274
* bsc#1241275
* bsc#1241276
Cross-References:
* CVE-2025-21587
* CVE-2025-30691
* CVE-2025-30698
CVSS scores:
* CVE-2025-21587 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-30691 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30698 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 12 SP5 LTSS
* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for java-11-openjdk fixes the following issues:
Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU)
CVEs:
* CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of
critical data (bsc#1241274)
* CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access
(bsc#1241275)
* CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS
(bsc#1241276)
Changes:
+ JDK-8195675: Call to insertText with single character
from custom Input Method ignored
+ JDK-8202926: Test java/awt/Focus/
/WindowUpdateFocusabilityTest/
/WindowUpdateFocusabilityTest.html fails
+ JDK-8216539: tools/jar/modularJar/Basic.java timed out
+ JDK-8268364: jmethod clearing should be done during
unloading
+ JDK-8273914: Indy string concat changes order of
operations
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8306408: Fix the format of several tables in
building.md
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be
improved
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with "OutOfMemoryError: GC overhead limit exceeded"
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8328242: Add a log area to the PassFailJFrame
+ JDK-8331863: DUIterator_Fast used before it is constructed
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8338430: Improve compiler transformations
+ JDK-8339560: Unaddressed comments during code review of
JDK-8337664
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339931: Update problem list for
WindowUpdateFocusabilityTest.java
+ JDK-8340387: Update OS detection code to recognize
Windows Server 2025
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343474: [updates] Customize README.md to specifics
of update project
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to
macos-13 and XCode 14.3.1
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8345509: Bump update version of OpenJDK: 11.0.27
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8354087: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 12 SP5 LTSS
zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1399=1
* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
zypper in -t patch
SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1399=1
## Package List:
* SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-headless-11.0.27.0-3.87.1
* java-11-openjdk-demo-11.0.27.0-3.87.1
* java-11-openjdk-devel-11.0.27.0-3.87.1
* java-11-openjdk-11.0.27.0-3.87.1
* java-11-openjdk-debuginfo-11.0.27.0-3.87.1
* java-11-openjdk-debugsource-11.0.27.0-3.87.1
* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
* java-11-openjdk-headless-11.0.27.0-3.87.1
* java-11-openjdk-demo-11.0.27.0-3.87.1
* java-11-openjdk-devel-11.0.27.0-3.87.1
* java-11-openjdk-11.0.27.0-3.87.1
* java-11-openjdk-debuginfo-11.0.27.0-3.87.1
* java-11-openjdk-debugsource-11.0.27.0-3.87.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21587.html
* https://www.suse.com/security/cve/CVE-2025-30691.html
* https://www.suse.com/security/cve/CVE-2025-30698.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241274
* https://bugzilla.suse.com/show_bug.cgi?id=1241275
* https://bugzilla.suse.com/show_bug.cgi?id=1241276
--===============4186748189931610735==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for java-11-openjdk</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:1399-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-04-29T13:35:11Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241274">bsc#1241274</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241275">bsc#1241275</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241276">bsc#1241276</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-21587.html">CVE-2025-21587</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-30691.html">CVE-2025-30691</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-30698.html">CVE-2025-30698</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-21587</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">9.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-21587</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-21587</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-30691</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.3</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-30691</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-30691</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">4.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-30698</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.3</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-30698</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.6</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-30698</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.6</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 12 SP5 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 12 SP5 LTSS Extended Security</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves three vulnerabilities can now be
installed.</p>
<h2>Description:</h2>
<p>This update for java-11-openjdk fixes the following
issues:</p>
<p>Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU)</p>
<p>CVEs:</p>
<ul>
<li>CVE-2025-21587: Fixed JSSE unauthorized access, deletion or
modification of critical data (bsc#1241274)</li>
<li>CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data
Access (bsc#1241275)</li>
<li>CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS
(bsc#1241276)</li>
</ul>
<p>Changes:</p>
<pre><code>+ JDK-8195675: Call to insertText with single character
from custom Input Method ignored
+ JDK-8202926: Test java/awt/Focus/
/WindowUpdateFocusabilityTest/
/WindowUpdateFocusabilityTest.html fails
+ JDK-8216539: tools/jar/modularJar/Basic.java timed out
+ JDK-8268364: jmethod clearing should be done during
unloading
+ JDK-8273914: Indy string concat changes order of
operations
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8306408: Fix the format of several tables in
building.md
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be
improved
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with &quot;OutOfMemoryError: GC overhead limit exceeded&quot;
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8328242: Add a log area to the PassFailJFrame
+ JDK-8331863: DUIterator_Fast used before it is constructed
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8338430: Improve compiler transformations
+ JDK-8339560: Unaddressed comments during code review of
JDK-8337664
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339931: Update problem list for
WindowUpdateFocusabilityTest.java
+ JDK-8340387: Update OS detection code to recognize
Windows Server 2025
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343474: [updates] Customize README.md to specifics
of update project
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to
macos-13 and XCode 14.3.1
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8345509: Bump update version of OpenJDK: 11.0.27
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8354087: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27
</code></pre>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-SERVER-12-SP5-LTSS-2025-1399=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
<br/>
<code>zypper in -t patch
SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1399=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le
s390x x86_64)
<ul>
<li>java-11-openjdk-headless-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-demo-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-devel-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-debuginfo-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-debugsource-11.0.27.0-3.87.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
(x86_64)
<ul>
<li>java-11-openjdk-headless-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-demo-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-devel-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-debuginfo-11.0.27.0-3.87.1</li>
<li>java-11-openjdk-debugsource-11.0.27.0-3.87.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-21587.html">https://www.suse.com/security/cve/CVE-2025-21587.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-30691.html">https://www.suse.com/security/cve/CVE-2025-30691.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-30698.html">https://www.suse.com/security/cve/CVE-2025-30698.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241274">https://bugzilla.suse.com/show_bug.cgi?id=1241274</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241275">https://bugzilla.suse.com/show_bug.cgi?id=1241275</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1241276">https://bugzilla.suse.com/show_bug.cgi?id=1241276</a>
</li>
</ul>
</div>
--===============4186748189931610735==--
|
|
|
|
