openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:1429-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.18.2.2025.1429.1

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (SUSE-SU-2025:1429-1)

Summary: The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:1429-1 advisory.

Description: Summary:
The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:1429-1 advisory.

Vulnerability Insight:
This update for java-21-openjdk fixes the following issues:

Update to upstream tag jdk-21.0.7+6 (April 2025 CPU)

CVEs fixed:

+ CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274)
+ CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275)
+ CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276)

Changes:

+ JDK-8198237: [macos] Test java/awt/Frame/
/ExceptionOnSetExtendedStateTest/
/ExceptionOnSetExtendedStateTest.java fails
+ JDK-8211851: (ch) java/nio/channels/AsynchronousSocketChannel/
/StressLoopback.java times out (aix)
+ JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB
tab in JColorChooser
+ JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in
FileChooser Dialog
+ JDK-8227529: With malformed --app-image the error messages
are awful
+ JDK-8277240: java/awt/Graphics2D/ScaledTransform/
/ScaledTransform.java dialog does not get disposed
+ JDK-8283664: Remove jtreg tag manual=yesno for
java/awt/print/PrinterJob/PrintTextTest.java
+ JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit
access thread fields from native
+ JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism
are problematic
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8295159: DSO created with -ffast-math breaks Java
floating-point arithmetic
+ JDK-8302111: Serialization considerations
+ JDK-8304701: Request with timeout aborts later in-flight
request on HTTP/1.1 cxn
+ JDK-8309841: Jarsigner should print a warning if an entry is
removed
+ JDK-8311546: Certificate name constraints improperly
validated with leading period
+ JDK-8312570: [TESTBUG] Jtreg compiler/loopopts/superword/
/TestDependencyOffsets.java fails on 512-bit SVE
+ JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/
/NextDropActionTest.java fails with java.lang.RuntimeException:
wrong next drop action!
+ JDK-8313905: Checked_cast assert in CDS compare_by_loader
+ JDK-8314752: Use google test string comparison macros
+ JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails
with java.lang.AssertionError: Expected [0]. Actual [1618]:
+ JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/
/ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java
timed out
+ JDK-8315825: Open some swing tests
+ JDK-8315882: Open some swing tests 2
+ JDK-8315883: Open source several Swing JToolbar tests
+ JDK-8315952: Open source several Swing JToolbar JTooltip
JTree tests
+ JDK-8316056: Open source several Swing JTree tests
+ JDK-8316146: Open some swing tests 4
+ JDK-8316149: Open source several Swing JTree JViewport
KeyboardManager tests
+ JDK-8316218: Open some swing tests 5
+ JDK-8316371: Open some swing tests 6
+ JDK-8316627: JViewport Test headless failure
+ JDK-8316885: jcmd: Compiler.CodeHeap_Analytics cmd ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'java-21-openjdk' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2025-21587
Common Vulnerability Exposure (CVE) ID: CVE-2025-30691
Common Vulnerability Exposure (CVE) ID: CVE-2025-30698

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2025.1429.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2025:1429-1)
Summary:	The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:1429-1 advisory.
Description:	Summary: The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:1429-1 advisory. Vulnerability Insight: This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.7+6 (April 2025 CPU) CVEs fixed: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8211851: (ch) java/nio/channels/AsynchronousSocketChannel/ /StressLoopback.java times out (aix) + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8227529: With malformed --app-image the error messages are awful + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295159: DSO created with -ffast-math breaks Java floating-point arithmetic + JDK-8302111: Serialization considerations + JDK-8304701: Request with timeout aborts later in-flight request on HTTP/1.1 cxn + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8312570: [TESTBUG] Jtreg compiler/loopopts/superword/ /TestDependencyOffsets.java fails on 512-bit SVE + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313905: Checked_cast assert in CDS compare_by_loader + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316627: JViewport Test headless failure + JDK-8316885: jcmd: Compiler.CodeHeap_Analytics cmd ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'java-21-openjdk' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2025-21587 Common Vulnerability Exposure (CVE) ID: CVE-2025-30691 Common Vulnerability Exposure (CVE) ID: CVE-2025-30698
Copyright	Copyright (C) 2025 Greenbone AG