openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:0279-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.857016

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2025:0279-1)

Zusammenfassung: The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:0279-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:0279-1 advisory.

Vulnerability Insight:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)

Other changes:

- JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows
- JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8207908: JMXStatusTest.java fails assertion intermittently
- JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly.
- JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening'
- JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox
- JDK-8296787: Unify debug printing format of X.509 cert serial numbers
- JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected.
- JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures
- JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads'
- JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC
- JDK-8311301: MethodExitTest may fail with stack buffer overrun
- JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token
- JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above
- JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts
- JDK-8316428: G1: Nmethod count statistics only count last code root set iterated
- JDK-8316893: Compile without -fno-delete-null-pointer-checks
- JDK-8316895: SeenThread::print_action_queue called on a null pointer
- JDK-8316907: Fix nonnull-compare warnings
- JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
- JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result
- JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads
- JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux
- JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException
- JDK-8319673: Few security tests ignore VM flags
- JDK-8319678: Several tests from corelibs areas ignore VM flags
- JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes'
- JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(LongInteger)UnsignedDivMod.java on aarch64
- JDK-8319973: AArch64: Save and restore FPCR in the call stub
- JDK-8320192: SHAKE256 does not work correctly if n >= 137
- JDK-8320397: RISC-V: ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'java-21-openjdk' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2025-21502

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.857016
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2025:0279-1)
Zusammenfassung:	The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:0279-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'java-21-openjdk' package(s) announced via the SUSE-SU-2025:0279-1 advisory. Vulnerability Insight: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures - JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads' - JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC - JDK-8311301: MethodExitTest may fail with stack buffer overrun - JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token - JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts - JDK-8316428: G1: Nmethod count statistics only count last code root set iterated - JDK-8316893: Compile without -fno-delete-null-pointer-checks - JDK-8316895: SeenThread::print_action_queue called on a null pointer - JDK-8316907: Fix nonnull-compare warnings - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result - JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads - JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319673: Few security tests ignore VM flags - JDK-8319678: Several tests from corelibs areas ignore VM flags - JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes' - JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(LongInteger)UnsignedDivMod.java on aarch64 - JDK-8319973: AArch64: Save and restore FPCR in the call stub - JDK-8320192: SHAKE256 does not work correctly if n >= 137 - JDK-8320397: RISC-V: ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'java-21-openjdk' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2025-21502
Copyright	Copyright (C) 2025 Greenbone AG