SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2666

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2666

Security update for java-11-openjdk

Type: security
Severity: important
Issued: 2025-08-04
Description:
This update for java-11-openjdk fixes the following issues:

Upgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU):

Security fixes:

- CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) 
- CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) 
- CVE-2025-30761: Improve scripting supports (bsc#1246580) 
- CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) 
- CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) 

Changelog:

    + JDK-8026976: ECParameters, Point does not match field size
    + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong
      value
    + JDK-8231058: VerifyOops crashes with assert(_offset >= 0)
      failed: offset for non comment?
    + JDK-8232625: HttpClient redirect policy should be more
      conservative
    + JDK-8258483: [TESTBUG] gtest
      CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
      too small
    + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are
      problematic
    + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
    + JDK-8301753: AppendFile/WriteFile has differences between make
      3.81 and 4+
    + JDK-8303770: Remove Baltimore root certificate expiring in May
      2025
    + JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender
    + JDK-8327476: Upgrade JLine to 3.26.1
    + JDK-8328957: Update PKCS11Test.java to not use hardcoded path
    + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to
      v3.1
    + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
      gtest fails on ppc64 based platforms
    + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the
      getKeyChar method of the AccessBridge class
    + JDK-8345133: Test sun/security/tools/jarsigner/
      /TsacertOptionTest.java failed: Warning found in stdout
    + JDK-8345625: Better HTTP connections
    + JDK-8346887: DrawFocusRect() may cause an assertion failure
    + JDK-8347629: Test FailOverDirectExecutionControlTest.java
      fails with -Xcomp
    + JDK-8348110: Update LCMS to 2.17
    + JDK-8348596: Update FreeType to 2.13.3
    + JDK-8348598: Update Libpng to 1.6.47
    + JDK-8348989: Better Glyph drawing
    + JDK-8349111: Enhance Swing supports
    + JDK-8349594: Enhance TLS protocol support
    + JDK-8350469: [11u] Test AbsPathsInImage.java fails
      - JDK-8239429 public clone
    + JDK-8350498: Remove two Camerfirma root CA certificates
    + JDK-8350991: Improve HTTP client header handling
    + JDK-8351099: Bump update version of OpenJDK: 11.0.28
    + JDK-8351422: Improve scripting supports
    + JDK-8352302: Test sun/security/tools/jarsigner/
      /TimestampCheck.java is failing
    + JDK-8352716: (tz) Update Timezone Data to 2025b
    + JDK-8356096: ISO 4217 Amendment 179 Update
    + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
    + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
    + JDK-8360147: Better Glyph drawing redux
References

Packages

java-11-openjdk-11.0.28.0-150000.3.129.2