Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1399-1 advisory.
Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU)
CVEs:
+ CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276)
Changes:
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8202926: Test java/awt/Focus/ /WindowUpdateFocusabilityTest/ /WindowUpdateFocusabilityTest.html fails
- JDK-8216539: tools/jar/modularJar/Basic.java timed out
- JDK-8268364: jmethod clearing should be done during unloading
- JDK-8273914: Indy string concat changes order of operations
- JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x
- JDK-8306408: Fix the format of several tables in building.md
- JDK-8309841: Jarsigner should print a warning if an entry is removed
- JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved
- JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded'
- JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8331863: DUIterator_Fast used before it is constructed
- JDK-8336012: Fix usages of jtreg-reserved properties
- JDK-8337494: Clarify JarInputStream behavior
- JDK-8337692: Better TLS connection support
- JDK-8338430: Improve compiler transformations
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract
- JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8341424: GHA: Collect hs_errs from build time failures
- JDK-8342562: Enhance Deflater operations
- JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8343007: Enhance Buffered Image handling + JDK-8343474: [updates] Customize README.md to specifics of update project + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to macos-13 and XCode 14.3.1 + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8345509: Bump update version of OpenJDK: 11.0.27 + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8354087: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected java-11-openjdk, java-11-openjdk-demo, java-11-openjdk-devel and / or java-11-openjdk-headless packages.
Plugin Details
File Name: suse_SU-2025-1399-1.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:java-11-openjdk, p-cpe:/a:novell:suse_linux:java-11-openjdk-headless, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:java-11-openjdk-devel, p-cpe:/a:novell:suse_linux:java-11-openjdk-demo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 4/29/2025
Vulnerability Publication Date: 4/15/2025