Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: Java-17-OpenJDK Important Heap Corruption and TLS Update 2025:02667-1

suse
Calendar Grey August 4, 2025
Dist Suse Esm H88
The recent update for Java 17 OpenJDK addresses critical vulnerabilities, specifically those related to memory corruption and flaws in TLS security protocols.
* bsc#1246575 * bsc#1246584 * bsc#1246595 * bsc#1246598

Summary

## This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU): * CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) * CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) * CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) * CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-4850101: Setting mnemonic to VK_F4 underlines the letter S in a button. + JDK-5074006: Swing JOptionPane shows </html> tag as a string after newline + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't

Topics%20covered

Topics Covered

security advisory SuSE heap corruption important http client java-17-openjdk

References

* bsc#1246575

* bsc#1246584

* bsc#1246595

* bsc#1246598

Cross-

* CVE-2025-30749

* CVE-2025-30754

* CVE-2025-50059

* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-30754 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02667-1
Release Date: 2025-08-04T12:38:11Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE heap corruption important http client java-17-openjdk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here