openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:1525-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.2.2025.1525.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2025:1525-1)

Resumen: The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2025:1525-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2025:1525-1 advisory.

Vulnerability Insight:
This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u452 (icedtea-3.35.0)

Security issues fixed:

- CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component.
(bsc#1241274)
- CVE-2025-30691: unauthorized update, insert or delete access to a subset of Oracle Java SE data through the Compiler
component. (bsc#1241275)
- CVE-2025-30698: unauthorized access to Oracle Java SE data and unauthorized ability to cause partial DoS through the
2D component. (bsc#1241276)

Non-security issues fixed:

- JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException:
Tag mismatch.
- JDK-8261020: wrong format parameter in create_emergency_chunk_path.
- JDK-8266881: enable debug log for SSLEngineExplorerMatchedSNI.java.
- JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML.
- JDK-8309841: Jarsigner should print a warning if an entry is removed.
- JDK-8337494: clarify JarInputStream behavior.
- JDK-8339637: (tz) update Timezone Data to 2024b.
- JDK-8339644: improve parsing of Day/Month in tzdata rules
- JDK-8339810: clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract.
- JDK-8340552: harden TzdbZoneRulesCompiler against missing zone names.
- JDK-8342562: enhance Deflater operations.
- JDK-8346587: distrust TLS server certificates anchored by Camerfirma Root CAs.
- JDK-8347847: enhance jar file support.
- JDK-8347965: (tz) update Timezone Data to 2025a.
- JDK-8348211: [8u] sun/management/jmxremote/startstop/JMXStartStopTest.java fails after backport of JDK-8066708.
- JDK-8350816: [8u] update TzdbZoneRulesCompiler to ignore HST/EST/MST links.
- JDK-8352097: (tz) zone.tab update missed in 2025a backport.
- JDK-8353433: XCG currency code not recognized in JDK 8u.

Affected Software/OS:
'java-1_8_0-openjdk' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2025-21587
Common Vulnerability Exposure (CVE) ID: CVE-2025-30691
Common Vulnerability Exposure (CVE) ID: CVE-2025-30698

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2025.1525.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2025:1525-1)
Resumen:	The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2025:1525-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2025:1525-1 advisory. Vulnerability Insight: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u452 (icedtea-3.35.0) Security issues fixed: - CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component. (bsc#1241274) - CVE-2025-30691: unauthorized update, insert or delete access to a subset of Oracle Java SE data through the Compiler component. (bsc#1241275) - CVE-2025-30698: unauthorized access to Oracle Java SE data and unauthorized ability to cause partial DoS through the 2D component. (bsc#1241276) Non-security issues fixed: - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch. - JDK-8261020: wrong format parameter in create_emergency_chunk_path. - JDK-8266881: enable debug log for SSLEngineExplorerMatchedSNI.java. - JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML. - JDK-8309841: Jarsigner should print a warning if an entry is removed. - JDK-8337494: clarify JarInputStream behavior. - JDK-8339637: (tz) update Timezone Data to 2024b. - JDK-8339644: improve parsing of Day/Month in tzdata rules - JDK-8339810: clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. - JDK-8340552: harden TzdbZoneRulesCompiler against missing zone names. - JDK-8342562: enhance Deflater operations. - JDK-8346587: distrust TLS server certificates anchored by Camerfirma Root CAs. - JDK-8347847: enhance jar file support. - JDK-8347965: (tz) update Timezone Data to 2025a. - JDK-8348211: [8u] sun/management/jmxremote/startstop/JMXStartStopTest.java fails after backport of JDK-8066708. - JDK-8350816: [8u] update TzdbZoneRulesCompiler to ignore HST/EST/MST links. - JDK-8352097: (tz) zone.tab update missed in 2025a backport. - JDK-8353433: XCG currency code not recognized in JDK 8u. Affected Software/OS: 'java-1_8_0-openjdk' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2025-21587 Common Vulnerability Exposure (CVE) ID: CVE-2025-30691 Common Vulnerability Exposure (CVE) ID: CVE-2025-30698
Copyright	Copyright (C) 2025 Greenbone AG