SUSE-SU-2025:02667-1: important: Security update for java-17-openjdk

SLE-SECURITY-UPDATES null at suse.de
Mon Aug 4 16:31:47 UTC 2025



# Security update for java-17-openjdk

Announcement ID: SUSE-SU-2025:02667-1  
Release Date: 2025-08-04T12:38:11Z  
Rating: important  
References:

  * bsc#1246575
  * bsc#1246584
  * bsc#1246595
  * bsc#1246598

  
Cross-References:

  * CVE-2025-30749
  * CVE-2025-30754
  * CVE-2025-50059
  * CVE-2025-50106

  
CVSS scores:

  * CVE-2025-30749 ( SUSE ):  8.3
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-30749 ( SUSE ):  7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
  * CVE-2025-30749 ( NVD ):  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2025-30754 ( SUSE ):  6.3
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  * CVE-2025-30754 ( SUSE ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2025-30754 ( NVD ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2025-50059 ( SUSE ):  8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-50059 ( NVD ):  8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2025-50106 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2025-50106 ( NVD ):  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * Basesystem Module 15-SP6
  * Legacy Module 15-SP6
  * Legacy Module 15-SP7
  * openSUSE Leap 15.4
  * openSUSE Leap 15.6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server 15 SP5 LTSS
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server 15 SP7
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP7
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves four vulnerabilities can now be installed.

## Description:

This update for java-17-openjdk fixes the following issues:

Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU):

  * CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595)
  * CVE-2025-30754: incomplete handshake may lead to weakening TLS protections
    (bsc#1246598)
  * CVE-2025-50059: Improve HTTP client header handling (bsc#1246575)
  * CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584)

Changelog:

    
    
    + JDK-4850101: Setting mnemonic to VK_F4 underlines the letter
      S in a button.
    + JDK-5074006: Swing JOptionPane shows </html> tag as a string
      after newline
    + JDK-6956385: URLConnection.getLastModified() leaks file
      handles for jar:file and file: URLs
    + JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn&#x27;t
      move selection on next cell in JTable on Aqua L&F
    + JDK-8042134: JOptionPane bungles HTML messages
    + JDK-8051591: Test
      javax/swing/JTabbedPane/8007563/Test8007563.java fails
    + JDK-8077371: Binary files in JAXP test should be removed
    + JDK-8183348: Better cleanup for
      jdk/test/sun/security/pkcs12/P12SecretKey.java
    + JDK-8196465:
      javax/swing/JComboBox/8182031/ComboPopupTest.java fails on
      Linux
    + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/
      jdk/test/lib/compiler/InMemoryJavaCompiler
    + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns
      wrong value
    + JDK-8218474: JComboBox display issue with GTKLookAndFeel
    + JDK-8224267: JOptionPane message string with 5000+ newlines
      produces StackOverflowError
    + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/
      /NonUniqueAliases.java is marked with @ignore
    + JDK-8251505: Use of types in compiler shared code should be
      consistent.
    + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java
      failed with "Didn&#x27;t find enough line numbers"
    + JDK-8254786: java/net/httpclient/CancelRequestTest.java
      failing intermittently
    + JDK-8256211: assert fired in
      java/net/httpclient/DependentPromiseActionsTest (infrequent)
    + JDK-8258483: [TESTBUG] gtest
      CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
      too small
    + JDK-8269516: AArch64: Assembler cleanups
    + JDK-8271419: Refactor test code for modifying CDS archive
      contents
    + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC
    + JDK-8277983: Remove unused fields from
      sun.net.www.protocol.jar.JarURLConnection
    + JDK-8279884: Use better file for cygwin source permission
      check
    + JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java
      timeouts on Windows 11
    + JDK-8280468: Crashes in getConfigColormap,
      getConfigVisualId, XVisualIDFromVisual on Linux
    + JDK-8280820: Clean up bug8033699 and bug8075609.java tests:
      regtesthelpers aren&#x27;t used
    + JDK-8280991: [XWayland] No displayChanged event after
      setDisplayMode call
    + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with
      checkTime failed
    + JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/
      /FullscreenWindowProps.java fails on Windows 10 with HiDPI
      screen
    + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads
      the spinner value 10 as 1 when user iterates to 10 for the
      first time on macOS
    + JDK-8286789: Test forceEarlyReturn002.java timed out
    + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
      access thread fields from native
    + JDK-8286925: Move JSON parser used in JFR tests to test
      library
    + JDK-8287352: DockerTestUtils::execute shows incorrect
      elapsed time
    + JDK-8287801: Fix test-bugs related to stress flags
    + JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java:
      setFloating does not work correctly
    + JDK-8290162: Reset recursion counter missed in fix of
      JDK-8224267
    + JDK-8292064: Convert java/lang/management/MemoryMXBean shell
      tests to java version
    + JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java
      #Epsilon-64 failed assertGreaterThanOrEqual:
      expected MMM >= NNN
    + JDK-8294038: Remove "Classpath" exception from javax/swing
      tests
    + JDK-8294155: Exception thrown before awaitAndCheck hangs
      PassFailJFrame
    + JDK-8295470: Update openjdk.java.net => openjdk.org URLs in
      test code
    + JDK-8295670: Remove duplication in
      java/util/Formatter/Basic*.java
    + JDK-8295804:
      javax/swing/JFileChooser/JFileChooserSetLocationTest.java
      failed with "setLocation() is not working properly"
    + JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode
      should write into DerOutputStream
    + JDK-8296167: test/langtools/tools/jdeps/jdkinternals/
      /ShowReplacement.java failing after JDK-8296072
    + JDK-8296920: Regression Test DialogOrient.java fails on MacOS
    + JDK-8297173: usageTicks and totalTicks should be volatile to
      ensure that different threads get the latest ticks
    + JDK-8297242: Use-after-free during library unloading on Linux
    + JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/
      /btree012.java failed with "fatal error: refcount has gone to
      zero"
    + JDK-8298147: Clang warns about pointless comparisons
    + JDK-8298248: Limit sscanf output width in cgroup file parsers
    + JDK-8298709: Fix typos in src/java.desktop/ and various test
      classes of client component
    + JDK-8298730: Refactor subsystem_file_line_contents and add
      docs and tests
    + JDK-8300645: Handle julong values in logging of
      GET_CONTAINER_INFO macros
    + JDK-8300658: memory_and_swap_limit() reporting wrong values
      on systems with swapaccount=0
    + JDK-8302226: failure_handler native.core should wait for
      coredump to finish
    + JDK-8303549: [AIX] TestNativeStack.java is failing with exit
      value 1
    + JDK-8303770: Remove Baltimore root certificate expiring in
      May 2025
    + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/
      /SP05/sp05t003/TestDescription.java timed out: thread not
      suspended
    + JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in
      remote X11 sessions
    + JDK-8306997: C2: "malformed control flow" assert due to
      missing safepoint on backedge with a switch
    + JDK-8307318: Test
      serviceability/sa/ClhsdbCDSJstackPrintAll.java failed:
      ArrayIndexOutOfBoundsException
    + JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/
      /GetScreenInsetsCustomGC.java failed with &#x27;Cannot invoke
      "sun.awt.X11GraphicsDevice.getInsets()" because "device" is
      null&#x27;
    + JDK-8309841: Jarsigner should print a warning if an entry is
      removed
    + JDK-8310525: DynamicLauncher for JDP test needs to try
      harder to find a free port
    + JDK-8312246: NPE when HSDB visits bad oop
    + JDK-8314120: Add tests for FileDescriptor.sync
    + JDK-8314236: Overflow in Collections.rotate
    + JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java
      fails intermittently on Linux
    + JDK-8314320: Mark runtime/CommandLine/ tests as flagless
    + JDK-8314828: Mark 3 jcmd command-line options test as
      vm.flagless
    + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java
      timed out
    + JDK-8315669: Open source several Swing PopupMenu related
      tests
    + JDK-8315721: CloseRace.java#id0 fails transiently on libgraal
    + JDK-8315742: Open source several Swing Scroll related tests
    + JDK-8315871: Opensource five more Swing regression tests
    + JDK-8315876: Open source several Swing CSS related tests
    + JDK-8315951: Open source several Swing HTMLEditorKit related
      tests
    + JDK-8315981: Opensource five more random Swing tests
    + JDK-8316061: Open source several Swing RootPane and Slider
      related tests
    + JDK-8316156: ByteArrayInputStream.transferTo causes
      MaxDirectMemorySize overflow
    + JDK-8316228: jcmd tests are broken by 8314828
    + JDK-8316324: Opensource five miscellaneous Swing tests
    + JDK-8316388: Opensource five Swing component related
      regression tests
    + JDK-8316451: 6 java/lang/instrument/PremainClass tests
      ignore VM flags
    + JDK-8316452: java/lang/instrument/modules/
      /AppendToClassPathModuleTest.java ignores VM flags
    + JDK-8316460: 4 javax/management tests ignore VM flags
    + JDK-8316497: ColorConvertOp - typo for non-ICC conversions
      needs one-line fix
    + JDK-8316629: j.text.DateFormatSymbols setZoneStrings()
      exception is unhelpful
    + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM
      path
    + JDK-8318915: Enhance checks in BigDecimal.toPlainString()
    + JDK-8318962: Update ProcessTools javadoc with suggestions in
      8315097
    + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java
      ignores VM flags
    + JDK-8319578: Few java/lang/instrument ignore test.java.opts
      and accept test.vm.opts only
    + JDK-8319690: [AArch64] C2 compilation hits
      offset_ok_for_immed: assert "c2 compiler bug"
    + JDK-8320682: [AArch64] C1 compilation fails with "Field too
      big for insn"
    + JDK-8320687: sun.jvmstat.monitor.MonitoredHost
      .getMonitoredHost() throws unexpected exceptions when invoked
      concurrently
    + JDK-8321204: C2: assert(false) failed: node should be in
      igvn hash table
    + JDK-8321479: java -D-D crashes
    + JDK-8321509: False positive in get_trampoline fast path
      causes crash
    + JDK-8321713: Harmonize executeTestJvm with
      create[Limited]TestJavaProcessBuilder
    + JDK-8321718: ProcessTools.executeProcess calls waitFor
      before logging
    + JDK-8321931: memory_swap_current_in_bytes reports 0 as
      "unlimited"
    + JDK-8325435: [macos] Menu or JPopupMenu not closed when main
      window is resized
    + JDK-8325680: Uninitialised memory in deleteGSSCB of
      GSSLibStub.c:179
    + JDK-8325682: Rename nsk_strace.h
    + JDK-8326389: [test] improve assertEquals failure output
    + JDK-8328301: Convert Applet test
      ManualHTMLDataFlavorTest.java to main program
    + JDK-8328482: Convert and Open source few manual applet test
      to main based
    + JDK-8328484: Convert and Opensource few JFileChooser applet
      test to main
    + JDK-8328648: Remove applet usage from JFileChooser tests
      bug4150029
    + JDK-8328670: Automate and open source few closed manual
      applet test
    + JDK-8328673: Convert closed text/html/CSS manual applet test
      to main
    + JDK-8329261: G1: interpreter post-barrier x86 code asserts
      index size of wrong buffer
    + JDK-8330534: Update nsk/jdwp tests to use driver instead of
      othervm
    + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails
      with java.util.MissingFormatArgumentException: Format
      specifier &#x27;%s&#x27;
    + JDK-8331735: UpcallLinker::on_exit races with GC when
      copying frame anchor
    + JDK-8333117: Remove support of remote and manual debuggee
      launchers
    + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with
      "SocketException: Permission denied: connect"
    + JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched
      does not copy all fields
    + JDK-8334644: Automate
      javax/print/attribute/PageRangesException.java
    + JDK-8334780: Crash: assert(h_array_list.not_null()) failed:
      invariant
    + JDK-8334895: OpenJDK fails to configure on linux aarch64
      when CDS is disabled after JDK-8331942
    + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits))
      failed: Field too big for insn
    + JDK-8335684: Test ThreadCpuTime.java should pause like
      ThreadCpuTimeArray.java
    + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/
      /AllowedFunctions.java fails with unexpected exit code: 112
    + JDK-8336587: failure_handler lldb command times out on
      macosx-aarch64 core file
    + JDK-8337221: CompileFramework: test library to conveniently
      compile java and jasm sources for fuzzing
    + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/
      /stop_at002.java failure goes undetected
    + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in
      gtest framework
    + JDK-8339148: Make os::Linux::active_processor_count() public
    + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
      gtest fails on ppc64 based platforms
    + JDK-8339639: Opensource few AWT PopupMenu tests
    + JDK-8339678: Update runtime/condy tests to be executed with
      VM flags
    + JDK-8339727: Open source several AWT focus tests - series 1
    + JDK-8339794: Open source closed choice tests #1
    + JDK-8339810: Clean up the code in sun.tools.jar.Main to
      properly close resources and use ZipFile during extract
    + JDK-8339836: Open source several AWT Mouse tests - Batch 1
    + JDK-8339842: Open source several AWT focus tests - series 2
    + JDK-8339895: Open source several AWT focus tests - series 3
    + JDK-8339906: Open source several AWT focus tests - series 4
    + JDK-8339935: Open source several AWT focus tests - series 5
    + JDK-8339982: Open source several AWT Mouse tests - Batch 2
    + JDK-8339984: Open source AWT MenuItem related tests
    + JDK-8339995: Open source several AWT focus tests - series 6
    + JDK-8340077: Open source few Checkbox tests - Set2
    + JDK-8340084: Open source AWT Frame related tests
    + JDK-8340143: Open source several Java2D rendering loop tests.
    + JDK-8340164: Open source few Component tests - Set1
    + JDK-8340173: Open source some Component/Panel/EventQueue
      tests - Set2
    + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in
      test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java
    + JDK-8340193: Open source several AWT Dialog tests - Batch 1
    + JDK-8340228: Open source couple more miscellaneous AWT tests
    + JDK-8340271: Open source several AWT Robot tests
    + JDK-8340279: Open source several AWT Dialog tests - Batch 2
    + JDK-8340332: Open source mixed AWT tests - Set3
    + JDK-8340366: Open source several AWT Dialog tests - Batch 3
    + JDK-8340367: Opensource few AWT image tests
    + JDK-8340393: Open source closed choice tests #2
    + JDK-8340407: Open source a few more Component related tests
    + JDK-8340417: Open source some MenuBar tests - Set1
    + JDK-8340432: Open source some MenuBar tests - Set2
    + JDK-8340433: Open source closed choice tests #3
    + JDK-8340437: Open source few more AWT Frame related tests
    + JDK-8340458: Open source additional Component tests (part 2)
    + JDK-8340555: Open source DnD tests - Set4
    + JDK-8340560: Open Source several AWT/2D font and rendering
      tests
    + JDK-8340605: Open source several AWT PopupMenu tests
    + JDK-8340621: Open source several AWT List tests
    + JDK-8340625: Open source additional Component tests (part 3)
    + JDK-8340639: Open source few more AWT List tests
    + JDK-8340713: Open source DnD tests - Set5
    + JDK-8340784: Remove PassFailJFrame constructor with
      screenshots
    + JDK-8340790: Open source several AWT Dialog tests - Batch 4
    + JDK-8340809: Open source few more AWT PopupMenu tests
    + JDK-8340874: Open source some of the AWT Geometry/Button
      tests
    + JDK-8340907: Open source closed frame tests # 2
    + JDK-8340966: Open source few Checkbox and Cursor tests - Set1
    + JDK-8340967: Open source few Cursor tests - Set2
    + JDK-8340978: Open source few DnD tests - Set6
    + JDK-8340985: Open source some Desktop related tests
    + JDK-8341000: Open source some of the AWT Window tests
    + JDK-8341004: Open source AWT FileDialog related tests
    + JDK-8341072: Open source several AWT Canvas and Rectangle
      related tests
    + JDK-8341128: open source some 2d graphics tests
    + JDK-8341148: Open source several Choice related tests
    + JDK-8341162: Open source some of the AWT window test
    + JDK-8341170: Open source several Choice related tests (part
      2)
    + JDK-8341177: Opensource few List and a Window test
    + JDK-8341191: Open source few more AWT FileDialog tests
    + JDK-8341239: Open source closed frame tests # 3
    + JDK-8341257: Open source few DND tests - Set1
    + JDK-8341258: Open source few various AWT tests - Set1
    + JDK-8341278: Open source few TrayIcon tests - Set7
    + JDK-8341298: Open source more AWT window tests
    + JDK-8341373: Open source closed frame tests # 4
    + JDK-8341378: Open source few TrayIcon tests - Set8
    + JDK-8341447: Open source closed frame tests # 5
    + JDK-8341535: sun/awt/font/TestDevTransform.java fails with
      RuntimeException: Different rendering
    + JDK-8341637: java/net/Socket/UdpSocket.java fails with
      "java.net.BindException: Address already in use"
      (macos-aarch64)
    + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java
      timed out after JDK-8341257
    + JDK-8342376: More reliable OOM handling in
      ExceptionDuringDumpAtObjectsInitPhase test
    + JDK-8342524: Use latch in AbstractButton/bug6298940.java
      instead of delay
    + JDK-8342633: javax/management/security/
      /HashedPasswordFileTest.java creates tmp file in src dir
    + JDK-8343037: Missing @since tag on JColorChooser.showDialog
      overload
    + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/
      /scenarios/sampling/SP05/sp05t003/TestDescription.java
    + JDK-8343124: Tests fails with
      java.lang.IllegalAccessException: class
      com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot
      access
    + JDK-8343170: java/awt/Cursor/JPanelCursorTest/
      /JPanelCursorTest.java does not show the default cursor
    + JDK-8343205: CompileBroker::possibly_add_compiler_threads
      excessively polls available memory
    + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails
      AssertionFailure: Corrupted constant pool
    + JDK-8343891: Test javax/swing/JTabbedPane/
      /TestJTabbedPaneBackgroundColor.java failed
    + JDK-8343936: Adjust timeout in test
      javax/management/monitor/DerivedGaugeMonitorTest.java
    + JDK-8344316: security/auth/callback/TextCallbackHandler/
      /Password.java make runnable with JTReg and add the UI
    + JDK-8344361: Restore null return for invalid services from
      legacy providers
    + JDK-8345133: Test sun/security/tools/jarsigner/
      /TsacertOptionTest.java failed: Warning found in stdout
    + JDK-8345134: Test sun/security/tools/jarsigner/
      /ConciseJarsigner.java failed: unable to find valid
      certification path to requested target
    + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/
      /bug8033699.java fails in ubuntu22.04
    + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/
      /bug4529206.java fails in ubuntu22.04
    + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/
      /4278839/bug4278839.java fails in ubuntu22.04
    + JDK-8345598: Upgrade NSS binaries for interop tests
    + JDK-8345625: Better HTTP connections
    + JDK-8345728: [Accessibility,macOS,Screen Magnifier]:
      JCheckbox unchecked state does not magnify but works for
      checked tate
    + JDK-8345838: Remove the
      appcds/javaldr/AnonVmClassesDuringDump.java test
    + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java
      warnings
    + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in
      CI on Linux
    + JDK-8347000: Bug in
      com/sun/net/httpserver/bugs/B6361557.java test
    + JDK-8347019: Test javax/swing/JRadioButton/8033699/
      /bug8033699.java still fails:  Focus is not on Radio Button
      Single as Expected
    + JDK-8347083: Incomplete logging in
      nsk/jvmti/ResourceExhausted/resexhausted00* tests
    + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets
      OOM-killed
    + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime
      error: division by zero
    + JDK-8347286: (fs) Remove some extensions from
      java/nio/file/Files/probeContentType/Basic.java
    + JDK-8347576: Error output in libjsound has non matching
      format strings
    + JDK-8347629: Test FailOverDirectExecutionControlTest.java
      fails with -Xcomp
    + JDK-8347911: Limit the length of inflated text chunks
    + JDK-8347995: Race condition in jdk/java/net/httpclient/
      /offline/FixedResponseHttpClient.java
    + JDK-8348107: test/jdk/java/net/httpclient/
      /HttpsTunnelAuthTest.java fails intermittently
    + JDK-8348110: Update LCMS to 2.17
    + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java
    + JDK-8348596: Update FreeType to 2.13.3
    + JDK-8348597: Update HarfBuzz to 10.4.0
    + JDK-8348598: Update Libpng to 1.6.47
    + JDK-8348600: Update PipeWire to 1.3.81
    + JDK-8348865: JButton/bug4796987.java never runs because
      Windows XP is unavailable
    + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver
      doesn&#x27;t announce untick on toggling the checkbox with "space"
      key on macOS
    + JDK-8348989: Better Glyph drawing
    + JDK-8349039: Adjust exception No type named <ThreadType> in
      database
    + JDK-8349111: Enhance Swing supports
    + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark
      fails
    + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh
      to run fully in java
    + JDK-8349492: Update sun/security/pkcs12/
      /KeytoolOpensslInteropTest.java to use a recent Openssl
      version
    + JDK-8349501: Relocate supporting classes in
      security/testlibrary to test/lib/jdk tree
    + JDK-8349594: Enhance TLS protocol support
    + JDK-8349751: AIX build failure after upgrade pipewire to
      1.3.81
    + JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails
      java.lang.NoClassDefFoundError
    + JDK-8350211: CTW: Attempt to preload all classes in constant
      pool
    + JDK-8350224: Test javax/swing/JComboBox/
      /TestComboBoxComponentRendering.java fails in ubuntu 23.x and
      later
    + JDK-8350260: Improve HTML instruction formatting in
      PassFailJFrame
    + JDK-8350383: Test: add more test case for string compare (UL
      case)
    + JDK-8350386: Test TestCodeCacheFull.java fails with option
      -XX:-UseCodeCacheFlushing
    + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to
      incorrect traces in JFR
    + JDK-8350498: Remove two Camerfirma root CA certificates
    + JDK-8350540: [17u,11u] B8312065.java fails Network is
      unreachable
    + JDK-8350546: Several java/net/InetAddress tests fails
      UnknownHostException
    + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug
      builds
    + JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16
    + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails
    + JDK-8350991: Improve HTTP client header handling
    + JDK-8351086: (fc) Make
      java/nio/channels/FileChannel/BlockDeviceSize.java test manual
    + JDK-8352076: [21u] Problem list tests that fail in 21 and
      would be fixed by 8309622
    + JDK-8352109: java/awt/Desktop/MailTest.java fails in
      platforms where Action.MAIL is not supported
    + JDK-8352302: Test
      sun/security/tools/jarsigner/TimestampCheck.java is failing
    + JDK-8352649: [17u] guarantee(is_result_safe ||
      is_in_asgct()) failed inside AsyncGetCallTrace
    + JDK-8352676: Opensource JMenu tests - series1
    + JDK-8352680: Opensource few misc swing tests
    + JDK-8352684: Opensource JInternalFrame tests - series1
    + JDK-8352706: httpclient HeadTest does not run on HTTP2
    + JDK-8352716: (tz) Update Timezone Data to 2025b
    + JDK-8352908: Open source several swing tests batch1
    + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java
      fails with 32-bit build
    + JDK-8353070: Clean up and open source couple AWT Graphics
      related tests (Part 1)
    + JDK-8353138: Screen capture for test
      TaskbarPositionTest.java, failure case
    + JDK-8353320: Open source more Swing text tests
    + JDK-8353446: Open source several AWT Menu tests - Batch 2
    + JDK-8353475: Open source two Swing DefaultCaret tests
    + JDK-8353685: Open some JComboBox bugs 4
    + JDK-8353709: Debug symbols bundle should contain full debug
      files when building --with-external-symbols-in-bundles=public
    + JDK-8353714: [17u] Backport of 8347740 incomplete
    + JDK-8353942: Open source Swing Tests - Set 5
    + JDK-8354554: Open source several clipboard tests batch1
    + JDK-8356053: Test java/awt/Toolkit/Headless/
      /HeadlessToolkit.java fails by timeout
    + JDK-8356096: ISO 4217 Amendment 179 Update
    + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
    + JDK-8357105: C2: compilation fails with "assert(false)
      failed: empty program detected during loop optimization"
    + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c:
      enum type mismatch during build
    + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
    + JDK-8360147: Better Glyph drawing redux
    + JDK-8361674: [17u] Remove designator
      DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16
    

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2667=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2667=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2667=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2025-2667=1

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-2667=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2667=1

  * Legacy Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-2667=1

  * Legacy Module 15-SP7  
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-2667=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2667=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2667=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2667=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2667=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2667=1

  * SUSE Linux Enterprise Server 15 SP5 LTSS  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2667=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2667=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP5  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2667=1

## Package List:

  * SUSE Manager Proxy 4.3 (x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-src-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-jmods-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * openSUSE Leap 15.4 (noarch)
    * java-17-openjdk-javadoc-17.0.16.0-150400.3.57.1
  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-src-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-jmods-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * openSUSE Leap 15.6 (noarch)
    * java-17-openjdk-javadoc-17.0.16.0-150400.3.57.1
  * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
    x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
    x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
    * java-17-openjdk-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-17.0.16.0-150400.3.57.1
    * java-17-openjdk-demo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-headless-17.0.16.0-150400.3.57.1
    * java-17-openjdk-devel-debuginfo-17.0.16.0-150400.3.57.1
    * java-17-openjdk-debugsource-17.0.16.0-150400.3.57.1

## References:

  * https://www.suse.com/security/cve/CVE-2025-30749.html
  * https://www.suse.com/security/cve/CVE-2025-30754.html
  * https://www.suse.com/security/cve/CVE-2025-50059.html
  * https://www.suse.com/security/cve/CVE-2025-50106.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1246575
  * https://bugzilla.suse.com/show_bug.cgi?id=1246584
  * https://bugzilla.suse.com/show_bug.cgi?id=1246595
  * https://bugzilla.suse.com/show_bug.cgi?id=1246598

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250804/15659682/attachment.htm>


More information about the sle-security-updates mailing list