SUSE Package Hub - SUSE-PackageHub-16.0-674

Update Info

SUSE-PackageHub-16.0-674

Security update for java-25-openjdk

Type: security

Severity: important

Issued: 2026-05-04

Description:

This update for java-25-openjdk fixes the following issues:

Update to upstream tag jdk-25.0.3+9 (April 2026 CPU).

Security issues fixed:

- CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain
unauthorized read access to a subset of accessible data (bsc#1262490).
- CVE-2026-22008: Libraries: unauthenticated attacker with network access via multiple protocols can gain unauthorized
update, insert or delete access to data (bsc#1262493).
- CVE-2026-22013: JGSS: unauthenticated attacker with network access via multiple protocols can gain unauthorized
access to critical data (bsc#1262494).
- CVE-2026-22016: JAXP: unauthenticated attacker with network access via multiple protocols can gain unauthorized
to access critical data (bsc#1262495).
- CVE-2026-22018: Libraries: unauthenticated attacker with network access via multiple protocols can cause a partial
denial of service (bsc#1262496).
- CVE-2026-22021: JSSE: unauthenticated attacker with network access via HTTPS can cause a partial denial of service
(bsc#1262497).
- CVE-2026-23865: freetype2: integer overflow in the `tt_var_load_item_variation_store` function allows for an
out-of-bounds read when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts(bsc#1259118).
- CVE-2026-34268: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain
unauthorized read access to a subset of data (bsc#1262500).
- CVE-2026-34282: Networking: unauthenticated attacker with network access via multiple protocols can cause a hang or
frequently repeatable crash (bsc#1262501).

Other updates and bugfixes:

- Provide the timezone-java and tzdata-java (jsc#PED-15898).
- Migrate to the new logic of FIPS patch developed by RedHat in https://github.com/rh-openjdk/jdk/tree/fips-25u.
- Add the sources of /nss-native-fips-key-import-export-adapter.
* This native library is an adapter for OpenJDK to use the NSS PKCS #11 software token (libsoftokn3.so) in FIPS mode.
- Allow overriding of gcc name.
- Don't make missing system crypto-policies fatal.
- Add create-crypto-properties-files.bash that generates during the build the config files for different fips and
non-fips scenarios.
- Add TestSecurityProperties.java to test the loading of system security properties where applicable.

References

Packages

java-25-openjdk-25.0.3.0-160000.1.1