SUSE-SU-2025:03120-1

Описание

This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u462 (icedtea-3.36.0).

Security issues fixed:

• CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595).
• CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598).
• CVE-2025-30761: issue in Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580).
• CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584).

Other issues fixed:

• Import of OpenJDK 8 u462 build 08
  • JDK-8026976: ECParameters, Point does not match field size.
  • JDK-8071996: split_if accesses NULL region of ConstraintCast.
  • JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names.
  • JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte.
  • JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken.
  • JDK-8278472: Invalid value set to CANDIDATEFORM structure.
  • JDK-8293107: GHA: Bump to Ubuntu 22.04.
  • JDK-8303770: Remove Baltimore root certificate expiring in May 2025.
  • JDK-8309841: Jarsigner should print a warning if an entry is removed.
  • JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract.
  • JDK-8345625: Better HTTP connections.
  • JDK-8346887: DrawFocusRect() may cause an assertion failure.
  • JDK-8349111: Enhance Swing supports.
  • JDK-8350498: Remove two Camerfirma root CA certificates.
  • JDK-8352716: (tz) Update Timezone Data to 2025b.
  • JDK-8353433: XCG currency code not recognized in JDK 8u.
  • JDK-8356096: ISO 4217 Amendment 179 Update.
  • JDK-8359170: Add 2 TLS and 2 CS Sectigo roots.
• Backports
  • JDK-8358538: Update GHA Windows runner to 2025.
• JDK-8354941: Build failure with glibc 2.42 due to uabs() name collision.