This update for java-17-openjdk fixes the following issues:
Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU)
Security fixes:
- CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034).
- CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036).
- CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037).
- CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038).
Other fixes:
- OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446).
- Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-219=1
- openSUSE Leap 16.0:
java-17-openjdk-17.0.18.0-160000.1.1
java-17-openjdk-demo-17.0.18.0-160000.1.1
java-17-openjdk-devel-17.0.18.0-160000.1.1
java-17-openjdk-headless-17.0.18.0-160000.1.1
java-17-openjdk-javadoc-17.0.18.0-160000.1.1
java-17-openjdk-jmods-17.0.18.0-160000.1.1
java-17-openjdk-src-17.0.18.0-160000.1.1
* bsc#1255446
* bsc#1257034
* bsc#1257036
* bsc#1257037
* bsc#1257038
References:
* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html
Get the latest Linux and open source security news straight to your inbox.