SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2025:1399-1)

high Nessus Plugin ID 235000

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1399-1 advisory.

Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU)

CVEs:

+ CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276)

Changes:

- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8202926: Test java/awt/Focus/ /WindowUpdateFocusabilityTest/ /WindowUpdateFocusabilityTest.html fails
- JDK-8216539: tools/jar/modularJar/Basic.java timed out
- JDK-8268364: jmethod clearing should be done during unloading
- JDK-8273914: Indy string concat changes order of operations
- JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x
- JDK-8306408: Fix the format of several tables in building.md
- JDK-8309841: Jarsigner should print a warning if an entry is removed
- JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved
- JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded'
- JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8331863: DUIterator_Fast used before it is constructed
- JDK-8336012: Fix usages of jtreg-reserved properties
- JDK-8337494: Clarify JarInputStream behavior
- JDK-8337692: Better TLS connection support
- JDK-8338430: Improve compiler transformations
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract
- JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8341424: GHA: Collect hs_errs from build time failures
- JDK-8342562: Enhance Deflater operations
- JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8343007: Enhance Buffered Image handling + JDK-8343474: [updates] Customize README.md to specifics of update project + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to macos-13 and XCode 14.3.1 + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8345509: Bump update version of OpenJDK: 11.0.27 + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8354087: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected java-11-openjdk, java-11-openjdk-demo, java-11-openjdk-devel and / or java-11-openjdk-headless packages.

See Also

https://bugzilla.suse.com/1241274

https://bugzilla.suse.com/1241275

https://bugzilla.suse.com/1241276

https://lists.suse.com/pipermail/sle-updates/2025-April/039103.html

https://www.suse.com/security/cve/CVE-2025-21587

https://www.suse.com/security/cve/CVE-2025-30691

https://www.suse.com/security/cve/CVE-2025-30698

Plugin Details

Severity: High

ID: 235000

File Name: suse_SU-2025-1399-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/30/2025

Updated: 4/30/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-21587

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:java-11-openjdk, p-cpe:/a:novell:suse_linux:java-11-openjdk-headless, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:java-11-openjdk-devel, p-cpe:/a:novell:suse_linux:java-11-openjdk-demo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/29/2025

Vulnerability Publication Date: 4/15/2025

Reference Information

CVE: CVE-2025-21587, CVE-2025-30691, CVE-2025-30698

SuSE: SUSE-SU-2025:1399-1