Stay Secure with the Latest Linux Advisories

security advisoryheap corruptionimportant

openSUSE 15.6: java-21-openjdk Important Security Fix CVE-2025-30749

An update that solves four vulnerabilities and has one security fix can now be installed.. # Security update for java-21-openjdk Announcement ID: SUSE-SU-2025:02657-1 Release Date: 2025-08-04T10:34:53Z Rating: important References: * bsc#1213796 * bsc#1246575 * bsc#1246584 * bsc#1246595 * bsc#1246598 Cross-References: * CVE-2025-30749 * CVE-2025-30754 * CVE-2025-50059 * CVE-2025-50106 CVSS scores: * CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-50059 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: * CVE-2025-30749: several scenarios can lead toheap corruption (bsc#1246595) * CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) * CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) * CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: * Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with "Didn't find enough line numbers" + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFRLeak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with "setLocation() is not working properly" + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a freeport + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with "The size should be less than or equal to peak" + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICCconversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert "c2 compiler bug" + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as "unlimited" + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Renamejvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes "Archive" regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with "SocketException: Permission denied: connect" + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL

Aug 04, 2025 •Important OpenSUSE