SUSE-SU-2025:4287-1: important: Security update for java-25-openjdk
SLE-SECURITY-UPDATES
null at suse.de
Fri Nov 28 13:49:08 UTC 2025
# Security update for java-25-openjdk
Announcement ID: SUSE-SU-2025:4287-1
Release Date: 2025-11-28T08:23:45Z
Rating: important
References:
* bsc#1252414
* bsc#1252417
* bsc#1252418
* jsc#PED-14233
Cross-References:
* CVE-2025-53057
* CVE-2025-53066
* CVE-2025-61748
CVSS scores:
* CVE-2025-53057 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53057 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53057 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-53066 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-53066 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-53066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-61748 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-61748 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-61748 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves three vulnerabilities and contains one feature can now be
installed.
## Description:
This update for java-25-openjdk fixes the following issues:
Update to upstream tag jdk-25.0.1+8 (October 2025 CPU)
* Security fixes:
* JDK-8360937, CVE-2025-53057, bsc#1252414: Enhance certificate handling
* JDK-8356294, CVE-2025-53066, bsc#1252417: Enhance Path Factories
* JDK-8359454, CVE-2025-61748, bsc#1252418: Enhance String handling
* JDK-8352637: Enhance bytecode verification
* Other fixes:
* JDK-8367031: [backout] Change java.time month/day field types to 'byte'
* JDK-8368308: ISO 4217 Amendment 180 Update
* JDK-8366223: ZGC: ZPageAllocator::cleanup_failed_commit_multi_partition is broken
* JDK-8360647: [XWayland] [OL10] NumPad keys are not triggered
* JDK-8361212: Remove AffirmTrust root CAs
* JDK-8356587: Missing object ID X in pool jdk.types.Method
* JDK-8360679: Shenandoah: AOT saved adapter calls into broken GC barrier stub
* JDK-8362882: Update SubmissionPublisher() specification to reflect use of ForkJoinPool.asyncCommonPool()
* JDK-8315131: Clarify VarHandle set/get access on 32-bit platforms
* JDK-8362109: Change milestone to fcs for all releases
* JDK-8358819: The first year is not displayed correctly in Japanese Calendar
* JDK-8361829: [TESTBUG] RISC-V: compiler/vectorization/runner/ /BasicIntOpTest.java fails with RVV but not Zvbb
* JDK-8361532: RISC-V: Several vector tests fail after JDK-8354383
* JDK-8357826: Avoid running some jtreg tests when asan is configured
* JDK-8358577: Test serviceability/jvmti/thread/ /GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpexcted monitor object
* JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions
* JDK-8358452: JNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119)
* JDK-8359270: C2: alignment check should consider base offset when emitting arraycopy runtime call
* JDK-8359596: Behavior change when both -Xlint:options and -Xlint:-options flags are given
* JDK-8360179: RISC-V: Only enable BigInteger intrinsics when AvoidUnalignedAccess == false
* JDK-8359218: RISC-V: Only enable CRC32 intrinsic when AvoidUnalignedAccess == false
* JDK-8359059: Bump version numbers for 25.0.1
* forward port the FIPS support from OpenJDK 21
* Initial packaging of OpenJDK 25
* JEPs included:
* 470: PEM Encodings of Cryptographic Objects (Preview)
* 502: Stable Values (Preview)
* 503: Remove the 32-bit x86 Port
* 505: Structured Concurrency (Fifth Preview)
* 506: Scoped Values
* 507: Primitive Types in Patterns, instanceof, and switch (Third Preview)
* 508: Vector API (Tenth Incubator)
* 509: JFR CPU-Time Profiling (Experimental)
* 510: Key Derivation Function API
* 511: Module Import Declarations
* 512: Compact Source Files and Instance Main Methods
* 513: Flexible Constructor Bodies
* 514: Ahead-of-Time Command-Line Ergonomics
* 515: Ahead-of-Time Method Profiling
* 518: JFR Cooperative Sampling
* 519: Compact Object Headers
* 520: JFR Method Timing & Tracing
* 521: Generational Shenandoah
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4287=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* java-25-openjdk-debuginfo-25.0.1.0-150700.15.4.1
* java-25-openjdk-headless-debuginfo-25.0.1.0-150700.15.4.1
* java-25-openjdk-devel-debuginfo-25.0.1.0-150700.15.4.1
* java-25-openjdk-demo-25.0.1.0-150700.15.4.1
* java-25-openjdk-devel-25.0.1.0-150700.15.4.1
* java-25-openjdk-25.0.1.0-150700.15.4.1
* java-25-openjdk-headless-25.0.1.0-150700.15.4.1
## References:
* https://www.suse.com/security/cve/CVE-2025-53057.html
* https://www.suse.com/security/cve/CVE-2025-53066.html
* https://www.suse.com/security/cve/CVE-2025-61748.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252414
* https://bugzilla.suse.com/show_bug.cgi?id=1252417
* https://bugzilla.suse.com/show_bug.cgi?id=1252418
* https://jira.suse.com/browse/PED-14233
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20251128/6ca069a3/attachment.htm>
More information about the sle-security-updates
mailing list