SUSE-SU-2025:1490-1: important: Security update for java-17-openjdk
SLE-SECURITY-UPDATES
null at suse.de
Wed May 7 12:09:56 UTC 2025
# Security update for java-17-openjdk
Announcement ID: SUSE-SU-2025:1490-1
Release Date: 2025-05-06T11:49:02Z
Rating: important
References:
* bsc#1241274
* bsc#1241275
* bsc#1241276
Cross-References:
* CVE-2025-21587
* CVE-2025-30691
* CVE-2025-30698
CVSS scores:
* CVE-2025-21587 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21587 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-21587 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-30691 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30691 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30691 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30698 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-30698 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
* Basesystem Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for java-17-openjdk fixes the following issues:
Update to upstream tag jdk-17.0.15+6 (April 2025 CPU)
CVEs:
* CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of
critical data (bsc#1241274)
* CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access
(bsc#1241275)
* CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS
(bsc#1241276)
Changes:
+ JDK-6355567: AdobeMarkerSegment causes failure to read
valid JPEG
+ JDK-8065099: [macos] javax/swing/PopupFactory/6276087/
/NonOpaquePopupMenuTest.java fails: no background shine
through
+ JDK-8179502: Enhance OCSP, CRL and Certificate Fetch
Timeouts
+ JDK-8198237: [macos] Test java/awt/Frame/
/ExceptionOnSetExtendedStateTest/
/ExceptionOnSetExtendedStateTest.java fails
+ JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac
+ JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/
/NonOpaquePopupMenuTest.java throws NPE
+ JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or
RGB tab in JColorChooser
+ JDK-8226938: [TEST_BUG]GTK L&F: There is no Details
button in FileChooser Dialog
+ JDK-8266435: WBMPImageReader.read() should not truncate
the input stream
+ JDK-8267893: Improve jtreg test failure handler do get
native/mixed stack traces for cores and live processes
+ JDK-8270961: [TESTBUG] Move GotWrongOOMEException into
vm.share.gc package
+ JDK-8274893: Update java.desktop classes to use
try-with-resources
+ JDK-8276202: LogFileOutput.invalid_file_vm asserts when
being executed from a read only working directory
+ JDK-8277240: java/awt/Graphics2D/ScaledTransform/
/ScaledTransform.java dialog does not get disposed
+ JDK-8281234: The -protected option is not always checked
in keytool and jarsigner
+ JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may
leak memory
+ JDK-8283387: [macos] a11y : Screen magnifier does not
show selected Tab
+ JDK-8283404: [macos] a11y : Screen magnifier does not
show JMenu name
+ JDK-8283664: Remove jtreg tag manual=yesno for
java/awt/print/PrinterJob/PrintTextTest.java
+ JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent
always returns 'true'
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8290400: Must run exe installers in jpackage jtreg
tests without UI
+ JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/
/MultiScreenLocationTest.java: Robot.mouseMove test failed on
Screen #0
+ JDK-8292704: sun/security/tools/jarsigner/compatibility/
/Compatibility.java use wrong key size for EC
+ JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8
with hard-coded isOel7
+ JDK-8293345: SunPKCS11 provider checks on PKCS11
Mechanism are problematic
+ JDK-8293412: Remove unnecessary java.security.egd
overrides
+ JDK-8294067: [macOS] javax/swing/JComboBox/6559152/
/bug6559152.java Cannot select an item from popup with the
ENTER key.
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8295087: Manual Test to Automated Test Conversion
+ JDK-8295176: some langtools test pollutes source tree
+ JDK-8296591: Signature benchmark
+ JDK-8296818: Enhance JMH tests
java/security/Signatures.java
+ JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea
provides no visual indication of keyboard focus
+ JDK-8299127: [REDO] JDK-8194048 Regression automated test
'/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/
/HidingSelectionTest.java' fails
+ JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/
/DefaultCaret/HidingSelection/MultiSelectionTest.java fails
+ JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java
can fail with java.lang.NullPointerException
+ JDK-8299994: java/security/Policy/Root/Root.java fails
when home directory is read-only
+ JDK-8301989: new
javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE
+ JDK-8302111: Serialization considerations
+ JDK-8305853: java/text/Format/DateFormat/
/DateFormatRegression.java fails with "Uncaught exception
thrown in test method Test4089106"
+ JDK-8306711: Improve diagnosis of `IntlTest` framework
+ JDK-8308341: JNI_GetCreatedJavaVMs returns a partially
initialized JVM
+ JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/
/jni_interception/JI05/ji05t001/TestDescription.java fails
after JDK-8308341
+ JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/
/jni_interception/JI05/ji05t001/TestDescription.java
+ JDK-8309740: Expand timeout windows for tests in
JDK-8179502
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8310234: Refactor Locale tests to use JUnit
+ JDK-8310629: java/security/cert/CertPathValidator/OCSP/
/OCSPTimeout.java fails with RuntimeException: Server not ready
+ JDK-8311306: Test com/sun/management/ThreadMXBean/
/ThreadCpuTimeArray.java failed: out of expected range
+ JDK-8311546: Certificate name constraints improperly
validated with leading period
+ JDK-8311663: Additional refactoring of Locale tests to
JUnit
+ JDK-8312416: Tests in Locale should have more descriptive
names
+ JDK-8312518: [macos13] setFullScreenWindow() shows black
screen on macOS 13 & above
+ JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/
/NextDropActionTest.java fails with
java.lang.RuntimeException: wrong next drop action!
+ JDK-8313710: jcmd: typo in the documentation of JFR.start
and JFR.dump
+ JDK-8314225: SIGSEGV in JavaThread::is_lock_owned
+ JDK-8314610: hotspot can't compile with the latest of
gtest because of <iomanip>
+ JDK-8314752: Use google test string comparison macros
+ JDK-8314909: tools/jpackage/windows/Win8282351Test.java
fails with java.lang.AssertionError: Expected [0]. Actual
[1618]:
+ JDK-8314975: JavadocTester should set source path if not
specified
+ JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/
/ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java
timed out
+ JDK-8315825: Open some swing tests
+ JDK-8315882: Open some swing tests 2
+ JDK-8315883: Open source several Swing JToolbar tests
+ JDK-8315952: Open source several Swing JToolbar JTooltip
JTree tests
+ JDK-8316056: Open source several Swing JTree tests
+ JDK-8316146: Open some swing tests 4
+ JDK-8316149: Open source several Swing JTree JViewport
KeyboardManager tests
+ JDK-8316218: Open some swing tests 5
+ JDK-8316371: Open some swing tests 6
+ JDK-8316559: Refactor some util/Calendar tests to JUnit
+ JDK-8316627: JViewport Test headless failure
+ JDK-8316696: Remove the testing base classes: IntlTest
and CollatorTest
+ JDK-8317631: Refactor ChoiceFormat tests to use JUnit
+ JDK-8317636: Improve heap walking API tests to verify
correctness of field indexes
+ JDK-8318442: java/net/httpclient/ManyRequests2.java fails
intermittently on Linux
+ JDK-8319567: Update java/lang/invoke tests to support vm
flags
+ JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/
/CallerAccessTest.java to accept vm flags
+ JDK-8319569: Several java/util tests should be updated to
accept VM flags
+ JDK-8319647: Few java/lang/System/LoggerFinder/modules
tests ignore vm flags
+ JDK-8319648: java/lang/SecurityManager tests ignore vm
flags
+ JDK-8319672: Several classloader tests ignore VM flags
+ JDK-8319673: Few security tests ignore VM flags
+ JDK-8319676: A couple of jdk/modules/incubator/ tests
ignore VM flags
+ JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java
should be marked as flagless
+ JDK-8319818: Address GCC 13.2.0 warnings
(stringop-overflow and dangling-pointer)
+ JDK-8320372: test/jdk/sun/security/x509/DNSName/
/LeadingPeriod.java validity check failed
+ JDK-8320676: Manual printer tests have no Pass/Fail
buttons, instructions close set 1
+ JDK-8320691: Timeout handler on Windows takes 2 hours to
complete
+ JDK-8320714: java/util/Locale/LocaleProvidersRun.java and
java/util/ResourceBundle/modules/visibility/
/VisibilityTest.java timeout after passing
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with "OutOfMemoryError: GC overhead limit exceeded"
+ JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java
failed with 'Cannot read the array length because "<local4>"
is null'
+ JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java
failed with "Events are not ordered! Reuse = false"
+ JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java
now() to be more robust
+ JDK-8324807: Manual printer tests have no Pass/Fail
buttons, instructions close set 2
+ JDK-8325024: java/security/cert/CertPathValidator/OCSP(
/OCSPTimeout.java incorrect comment information
+ JDK-8325042: Remove unused JVMDITools test files
+ JDK-8325529: Remove unused imports from `ModuleGenerator`
test file
+ JDK-8325659: Normalize Random usage by incubator vector
tests
+ JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/
/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
+ JDK-8325908: Finish removal of IntlTest and CollatorTest
+ JDK-8325937: runtime/handshake/HandshakeDirectTest.java
causes "monitor end should be strictly below the frame pointer"
assertion failure on AArch64
+ JDK-8326421: Add jtreg test for large arrayCopy disjoint
case.
+ JDK-8326525: com/sun/tools/attach/BasicTests.java does
not verify AgentLoadException case
+ JDK-8327098: GTest needs larger combination limit
+ JDK-8327476: Upgrade JLine to 3.26.1
+ JDK-8327505: Test com/sun/jmx/remote/
/NotificationMarshalVersions/TestSerializationMismatch.java
fails
+ JDK-8327857: Remove applet usage from JColorChooser tests
Test4222508
+ JDK-8327859: Remove applet usage from JColorChooser tests
Test4319113
+ JDK-8327986: ASAN reports use-after-free in
DirectivesParserTest.empty_object_vm
+ JDK-8328005: Convert java/awt/im/JTextFieldTest.java
applet test to main
+ JDK-8328085: C2: Use after free in
PhaseChaitin::Register_Allocate()
+ JDK-8328121: Remove applet usage from JColorChooser tests
Test4759306
+ JDK-8328130: Remove applet usage from JColorChooser tests
Test4759934
+ JDK-8328185: Convert java/awt/image/MemoryLeakTest/
/MemoryLeakTest.java applet test to main
+ JDK-8328227: Remove applet usage from JColorChooser tests
Test4887836
+ JDK-8328368: Convert java/awt/image/multiresolution/
/MultiDisplayTest/MultiDisplayTest.java applet test to main
+ JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java
applet test to main
+ JDK-8328380: Remove applet usage from JColorChooser tests
Test6348456
+ JDK-8328387: Convert java/awt/Frame/FrameStateTest/
/FrameStateTest.html applet test to main
+ JDK-8328403: Remove applet usage from JColorChooser tests
Test6977726
+ JDK-8328553: Get rid of JApplet in
test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java
+ JDK-8328558: Convert javax/swing/JCheckBox/8032667/
/bug8032667.java applet test to main
+ JDK-8328717: Convert javax/swing/JColorChooser/8065098/
/bug8065098.java applet test to main
+ JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html
applet test to main
+ JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html
applet test to main
+ JDK-8328753: Open source few Undecorated Frame tests
+ JDK-8328819: Remove applet usage from JFileChooser tests
bug6698013
+ JDK-8328827: Convert java/awt/print/PrinterJob/
/PrinterDialogsModalityTest/PrinterDialogsModalityTest.html
applet test to main
+ JDK-8329210: Delete Redundant Printer Dialog Modality Test
+ JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java
test
+ JDK-8329322: Convert PageFormat/Orient.java to use
PassFailJFrame
+ JDK-8329692: Add more details to FrameStateTest.java test
instructions
+ JDK-8330702: Update failure handler to don't generate
Error message if cores actions are empty
+ JDK-8331153: JFR: Improve logging of
jdk/jfr/api/consumer/filestream/TestOrdered.java
+ JDK-8331735: UpcallLinker::on_exit races with GC when
copying frame anchor
+ JDK-8331959: Update PKCS#11 Cryptographic Token Interface
to v3.1
+ JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/
/EnterExitEvents/ResizingFrameTest.java
+ JDK-8332917: failure_handler should execute gdb "info
threads" command on linux
+ JDK-8333360: PrintNullString.java doesn't use float
arguments
+ JDK-8333391: Test com/sun/jdi/InterruptHangTest.java
failed: Thread was never interrupted during sleep
+ JDK-8333403: Write a test to check various components
events are triggered properly
+ JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java
is failing on Japanese Windows
+ JDK-8334305: Remove all code for nsk.share.Log verbose
mode
+ JDK-8334490: Normalize string with locale invariant
`toLowerCase()`
+ JDK-8334777: Test javax/management/remote/mandatory/notif/
/NotifReconnectDeadlockTest.java failed with
NullPointerException
+ JDK-8335150: Test LogGeneratedClassesTest.java fails on
rpmbuild mock enviroment
+ JDK-8335172: Add manual steps to run security/auth/callback/
/TextCallbackHandler/Password.java test
+ JDK-8335789: [TESTBUG] XparColor.java test fails with
Error. Parse Exception: Invalid or unrecognized bugid: @
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8336498: [macos] [build]: install-file macro may run
into permission denied error
+ JDK-8336692: Redo fix for JDK-8284620
+ JDK-8336942: Improve test coverage for class loading
elements with annotations of different retentions
+ JDK-8337222: gc/TestDisableExplicitGC.java fails due to
unexpected CodeCache GC
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8337826: Improve logging in OCSPTimeout and
SimpleOCSPResponder to help diagnose JDK-8309754
+ JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java
fails in OEL due to a slight color difference
+ JDK-8337951: Test sun/security/validator/samedn.sh
CertificateNotYetValidException: NotBefore validation
+ JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca)))
failed: control must not be back in the loop
+ JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java
failed
+ JDK-8338430: Improve compiler transformations
+ JDK-8338571: [TestBug] DefaultCloseOperation.java test
not working as expected wrt instruction after JDK-8325851 fix
+ JDK-8338595: Add more linesize for MIME decoder in macro
bench test Base64Decode
+ JDK-8338668: Test javax/swing/JFileChooser/8080628/
/bug8080628.java doesn't test for GTK L&F
+ JDK-8339154: Cleanups and JUnit conversion of
test/jdk/java/util/zip/Available.java
+ JDK-8339261: Logs truncated in test
javax/net/ssl/DTLS/DTLSRehandshakeTest.java
+ JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java
failed with java.net.SocketException: An established
connection was aborted by the software in your host machine
+ JDK-8339524: Clean up a few ExtendedRobot tests
+ JDK-8339687: Rearrange reachabilityFence()s in
jdk.test.lib.util.ForceGC
+ JDK-8339728: [Accessibility,Windows,JAWS] Bug in the
getKeyChar method of the AccessBridge class
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339883: Open source several AWT/2D related tests
+ JDK-8339902: Open source couple TextField related tests
+ JDK-8339943: Frame not disposed in
java/awt/dnd/DropActionChangeTest.java
+ JDK-8340078: Open source several 2D tests
+ JDK-8340116: test/jdk/sun/security/tools/jarsigner/
/PreserveRawManifestEntryAndDigest.java can fail due to regex
+ JDK-8340411: open source several 2D imaging tests
+ JDK-8340480: Bad copyright notices in changes from
JDK-8339902
+ JDK-8340687: Open source closed frame tests #1
+ JDK-8340719: Open source AWT List tests
+ JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java
should be marked as flagless
+ JDK-8341037: Use standard layouts in
DefaultFrameIconTest.java and MenuCrash.java
+ JDK-8341111: open source several AWT tests including menu
shortcut tests
+ JDK-8341316: [macos] javax/swing/ProgressMonitor/
/ProgressMonitorEscapeKeyPress.java fails sometimes in macos
+ JDK-8341412: Various test failures after JDK-8334305
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8341453: java/awt/a11y/AccessibleJTableTest.java
fails in some cases where the test tables are not visible
+ JDK-8341722: Fix some warnings as errors when building on
Linux with toolchain clang
+ JDK-8341881: [REDO] java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java#tmp fails on alinux3
+ JDK-8341978: Improve JButton/bug4490179.java
+ JDK-8341982: Simplify JButton/bug4323121.java
+ JDK-8342098: Write a test to compare the images
+ JDK-8342145: File libCreationTimeHelper.c compile fails
on Alpine
+ JDK-8342270: Test sun/security/pkcs11/Provider/
/RequiredMechCheck.java needs write access to src tree
+ JDK-8342498: Add test for Allocation elimination after
use as alignment reference by SuperWord
+ JDK-8342508: Use latch in BasicMenuUI/bug4983388.java
instead of delay
+ JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java
from running on macOS
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342602: Remove JButton/PressedButtonRightClickTest
test
+ JDK-8342607: Enhance register printing on x86_64 platforms
+ JDK-8342609: jpackage test helper function incorrectly
removes a directory instead of its contents only
+ JDK-8342634: javax/imageio/plugins/wbmp/
/WBMPStreamTruncateTest.java creates temp file in src dir
+ JDK-8342635: javax/swing/JFileChooser/FileSystemView/
/WindowsDefaultIconSizeTest.java creates tmp file in src dir
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java
failed: Unexpected connection count: 5
+ JDK-8342858: Make target mac-jdk-bundle fails on chmod
command
+ JDK-8342988: GHA: Build JTReg in single step
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343100: Consolidate EmptyFolderTest and
EmptyFolderPackageTest jpackage tests into single java file
+ JDK-8343101: Rework BasicTest.testTemp test cases
+ JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/
/PrintCheckboxManualTest.java fails with Error. Can't find
HTML file PrintCheckboxManualTest.html
+ JDK-8343128: PassFailJFrame.java test result: Error. Bad
action for script: build}
+ JDK-8343129: Disable unstable check of
ThreadsListHandle.sanity_vm ThreadList values
+ JDK-8343178: Test BasicTest.java javac compile fails
cannot find symbol
+ JDK-8343378: Exceptions in javax/management
DeadLockTest.java do not cause test failure
+ JDK-8343491: javax/management/remote/mandatory/connection/
/DeadLockTest.java failing with NoSuchObjectException: no such
object in table
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343724: [PPC64] Disallow OptoScheduling
+ JDK-8343882: BasicAnnoTests doesn't handle multiple
annotations at the same position
+ JDK-8344581: [TESTBUG] java/awt/Robot/
/ScreenCaptureRobotTest.java failing on macOS
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8344646: The libjsig deprecation warning should go to
stderr not stdout
+ JDK-8345296: AArch64: VM crashes with SIGILL when prctl
is disallowed
+ JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java
fails on Windows Server 2025
+ JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15
+ JDK-8345375: Improve debuggability of
test/jdk/java/net/Socket/CloseAvailable.java
+ JDK-8345414: Google CAInterop test failures
+ JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/
/bug4865918.java fails in ubuntu22.04
+ JDK-8346055: javax/swing/text/StyledEditorKit/4506788/
/bug4506788.java fails in ubuntu22.04
+ JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java
fails in CI
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8346671: java/nio/file/Files/probeContentType/Basic.java
fails on Windows 2025
+ JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java
still fails in CI
+ JDK-8346887: DrawFocusRect() may cause an assertion failure
+ JDK-8346908: Update JDK 17 javadoc man page
+ JDK-8346972: Test java/nio/channels/FileChannel/
/LoopingTruncate.java fails sometimes with IOException: There
is not enough space on the disk
+ JDK-8347424: Fix and rewrite
sun/security/x509/DNSName/LeadingPeriod.java test
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java
failing
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old
java.awt.headless behavior on Windows
+ JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8353905: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1490=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1490=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1490=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1490=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1490=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1490=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1490=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1490=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1490=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1490=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1490=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1490=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1490=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1490=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1490=1
## Package List:
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-jmods-17.0.15.0-150400.3.54.1
* java-17-openjdk-src-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.4 (noarch)
* java-17-openjdk-javadoc-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-jmods-17.0.15.0-150400.3.54.1
* java-17-openjdk-src-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* openSUSE Leap 15.6 (noarch)
* java-17-openjdk-javadoc-17.0.15.0-150400.3.54.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-17-openjdk-devel-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debugsource-17.0.15.0-150400.3.54.1
* java-17-openjdk-demo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-debuginfo-17.0.15.0-150400.3.54.1
* java-17-openjdk-headless-17.0.15.0-150400.3.54.1
* java-17-openjdk-17.0.15.0-150400.3.54.1
* java-17-openjdk-devel-17.0.15.0-150400.3.54.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21587.html
* https://www.suse.com/security/cve/CVE-2025-30691.html
* https://www.suse.com/security/cve/CVE-2025-30698.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241274
* https://bugzilla.suse.com/show_bug.cgi?id=1241275
* https://bugzilla.suse.com/show_bug.cgi?id=1241276
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250507/24e85f8f/attachment.htm>
More information about the sle-security-updates
mailing list