Security update for java-25-openjdk SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4287-1 Final 1 1 2025-11-28T08:23:45Z current 2025-11-28T08:23:45Z 2025-11-28T08:23:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for java-25-openjdk This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.1+8 (October 2025 CPU) * Security fixes: + JDK-8360937, CVE-2025-53057, bsc#1252414: Enhance certificate handling + JDK-8356294, CVE-2025-53066, bsc#1252417: Enhance Path Factories + JDK-8359454, CVE-2025-61748, bsc#1252418: Enhance String handling + JDK-8352637: Enhance bytecode verification * Other fixes: + JDK-8367031: [backout] Change java.time month/day field types to 'byte' + JDK-8368308: ISO 4217 Amendment 180 Update + JDK-8366223: ZGC: ZPageAllocator::cleanup_failed_commit_multi_partition is broken + JDK-8360647: [XWayland] [OL10] NumPad keys are not triggered + JDK-8361212: Remove AffirmTrust root CAs + JDK-8356587: Missing object ID X in pool jdk.types.Method + JDK-8360679: Shenandoah: AOT saved adapter calls into broken GC barrier stub + JDK-8362882: Update SubmissionPublisher() specification to reflect use of ForkJoinPool.asyncCommonPool() + JDK-8315131: Clarify VarHandle set/get access on 32-bit platforms + JDK-8362109: Change milestone to fcs for all releases + JDK-8358819: The first year is not displayed correctly in Japanese Calendar + JDK-8361829: [TESTBUG] RISC-V: compiler/vectorization/runner/ /BasicIntOpTest.java fails with RVV but not Zvbb + JDK-8361532: RISC-V: Several vector tests fail after JDK-8354383 + JDK-8357826: Avoid running some jtreg tests when asan is configured + JDK-8358577: Test serviceability/jvmti/thread/ /GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpexcted monitor object + JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions + JDK-8358452: JNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119) + JDK-8359270: C2: alignment check should consider base offset when emitting arraycopy runtime call + JDK-8359596: Behavior change when both -Xlint:options and -Xlint:-options flags are given + JDK-8360179: RISC-V: Only enable BigInteger intrinsics when AvoidUnalignedAccess == false + JDK-8359218: RISC-V: Only enable CRC32 intrinsic when AvoidUnalignedAccess == false + JDK-8359059: Bump version numbers for 25.0.1 + forward port the FIPS support from OpenJDK 21 - Initial packaging of OpenJDK 25 * JEPs included: + 470: PEM Encodings of Cryptographic Objects (Preview) + 502: Stable Values (Preview) + 503: Remove the 32-bit x86 Port + 505: Structured Concurrency (Fifth Preview) + 506: Scoped Values + 507: Primitive Types in Patterns, instanceof, and switch (Third Preview) + 508: Vector API (Tenth Incubator) + 509: JFR CPU-Time Profiling (Experimental) + 510: Key Derivation Function API + 511: Module Import Declarations + 512: Compact Source Files and Instance Main Methods + 513: Flexible Constructor Bodies + 514: Ahead-of-Time Command-Line Ergonomics + 515: Ahead-of-Time Method Profiling + 518: JFR Cooperative Sampling + 519: Compact Object Headers + 520: JFR Method Timing & Tracing + 521: Generational Shenandoah The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4287,SUSE-SLE-Module-Basesystem-15-SP7-2025-4287 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254287-1/ Link for SUSE-SU-2025:4287-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023427.html E-Mail link for SUSE-SU-2025:4287-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1252414 SUSE Bug 1252414 https://bugzilla.suse.com/1252417 SUSE Bug 1252417 https://bugzilla.suse.com/1252418 SUSE Bug 1252418 https://www.suse.com/security/cve/CVE-2025-53057/ SUSE CVE CVE-2025-53057 page https://www.suse.com/security/cve/CVE-2025-53066/ SUSE CVE CVE-2025-53066 page https://www.suse.com/security/cve/CVE-2025-61748/ SUSE CVE CVE-2025-61748 page SUSE Linux Enterprise Module for Basesystem 15 SP7 java-22-openjdk-22.0.2.0-150700.15.4.2 java-22-openjdk-demo-22.0.2.0-150700.15.4.2 java-22-openjdk-devel-22.0.2.0-150700.15.4.2 java-22-openjdk-headless-22.0.2.0-150700.15.4.2 java-22-openjdk-javadoc-22.0.2.0-150700.15.4.2 java-22-openjdk-jmods-22.0.2.0-150700.15.4.2 java-22-openjdk-src-22.0.2.0-150700.15.4.2 java-23-openjdk-23.0.2.0-150700.15.4.2 java-23-openjdk-demo-23.0.2.0-150700.15.4.2 java-23-openjdk-devel-23.0.2.0-150700.15.4.2 java-23-openjdk-headless-23.0.2.0-150700.15.4.2 java-23-openjdk-javadoc-23.0.2.0-150700.15.4.2 java-23-openjdk-jmods-23.0.2.0-150700.15.4.2 java-23-openjdk-src-23.0.2.0-150700.15.4.2 java-24-openjdk-24.0.2.0-150700.15.4.2 java-24-openjdk-demo-24.0.2.0-150700.15.4.2 java-24-openjdk-devel-24.0.2.0-150700.15.4.2 java-24-openjdk-headless-24.0.2.0-150700.15.4.2 java-24-openjdk-javadoc-24.0.2.0-150700.15.4.2 java-24-openjdk-jmods-24.0.2.0-150700.15.4.2 java-24-openjdk-src-24.0.2.0-150700.15.4.2 java-25-openjdk-25.0.1.0-150700.15.4.1 java-25-openjdk-demo-25.0.1.0-150700.15.4.1 java-25-openjdk-devel-25.0.1.0-150700.15.4.1 java-25-openjdk-headless-25.0.1.0-150700.15.4.1 java-25-openjdk-javadoc-25.0.1.0-150700.15.4.1 java-25-openjdk-jmods-25.0.1.0-150700.15.4.1 java-25-openjdk-src-25.0.1.0-150700.15.4.1 java-25-openjdk-25.0.1.0-150700.15.4.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 java-25-openjdk-demo-25.0.1.0-150700.15.4.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 java-25-openjdk-devel-25.0.1.0-150700.15.4.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 java-25-openjdk-headless-25.0.1.0-150700.15.4.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 unknown CVE-2025-53057 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-demo-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-devel-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-headless-25.0.1.0-150700.15.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254287-1/ https://www.suse.com/security/cve/CVE-2025-53057.html CVE-2025-53057 https://bugzilla.suse.com/1252414 SUSE Bug 1252414 unknown CVE-2025-53066 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-demo-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-devel-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-headless-25.0.1.0-150700.15.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254287-1/ https://www.suse.com/security/cve/CVE-2025-53066.html CVE-2025-53066 https://bugzilla.suse.com/1252417 SUSE Bug 1252417 unknown CVE-2025-61748 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-demo-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-devel-25.0.1.0-150700.15.4.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:java-25-openjdk-headless-25.0.1.0-150700.15.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254287-1/ https://www.suse.com/security/cve/CVE-2025-61748.html CVE-2025-61748 https://bugzilla.suse.com/1252418 SUSE Bug 1252418