SUSE-SU-2025:0235-1
Vulnerability from csaf_suse - Published: 2025-01-24 16:34 - Updated: 2025-01-24 16:34Summary
Security update for java-11-openjdk
Notes
Title of the patch
Security update for java-11-openjdk
Description of the patch
This update for java-11-openjdk fixes the following issues:
Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU)
Security fixes:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
- JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts
- JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64
- JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only
- JDK-8247706: Unintentional use of new Date(year...) with absolute year
- JDK-8299254: Support dealing with standard assert macro
- JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test
- JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
- JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak
- JDK-8328300: Convert PrintDialogsTest.java from Applet to main program
- JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main
- JDK-8334332: TestIOException.java fails if run by root
- JDK-8335428: Enhanced Building of Processes
- JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339470: [17u] More defensive fix for 8163921
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1
- JDK-8340815: Add SECURITY.md file
- JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails
- JDK-8342629: [11u] Properly message out that shenandoah is disabled
- JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26
Patchnames
SUSE-2025-235,SUSE-SLE-SERVER-12-SP5-LTSS-2025-235,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-235
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-11-openjdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-11-openjdk fixes the following issues:\n\nUpgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU)\n\nSecurity fixes:\n\n- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)\n\nOther changes:\n\n- JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts\n- JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64\n- JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only\n- JDK-8247706: Unintentional use of new Date(year...) with absolute year\n- JDK-8299254: Support dealing with standard assert macro\n- JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test\n- JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test\n- JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak\n- JDK-8328300: Convert PrintDialogsTest.java from Applet to main program\n- JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main\n- JDK-8334332: TestIOException.java fails if run by root\n- JDK-8335428: Enhanced Building of Processes\n- JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings\n- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files\n- JDK-8336564: Enhance mask blit functionality redux\n- JDK-8338402: GHA: some of bundles may not get removed\n- JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26\n- JDK-8339180: Enhanced Building of Processes: Follow-on Issue\n- JDK-8339470: [17u] More defensive fix for 8163921\n- JDK-8339637: (tz) Update Timezone Data to 2024b\n- JDK-8339644: Improve parsing of Day/Month in tzdata rules\n- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files\n- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names\n- JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1\n- JDK-8340815: Add SECURITY.md file\n- JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails\n- JDK-8342629: [11u] Properly message out that shenandoah is disabled\n- JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-235,SUSE-SLE-SERVER-12-SP5-LTSS-2025-235,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0235-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0235-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250235-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0235-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020198.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236278",
"url": "https://bugzilla.suse.com/1236278"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21502 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21502/"
}
],
"title": "Security update for java-11-openjdk",
"tracking": {
"current_release_date": "2025-01-24T16:34:30Z",
"generator": {
"date": "2025-01-24T16:34:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0235-1",
"initial_release_date": "2025-01-24T16:34:30Z",
"revision_history": [
{
"date": "2025-01-24T16:34:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.26.0-3.84.1.aarch64",
"product": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.aarch64",
"product_id": "java-11-openjdk-11.0.26.0-3.84.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64",
"product": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64",
"product_id": "java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64",
"product": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64",
"product_id": "java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64",
"product": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64",
"product_id": "java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.aarch64",
"product": {
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.aarch64",
"product_id": "java-11-openjdk-jmods-11.0.26.0-3.84.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.aarch64",
"product": {
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.aarch64",
"product_id": "java-11-openjdk-src-11.0.26.0-3.84.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.26.0-3.84.1.i586",
"product": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.i586",
"product_id": "java-11-openjdk-11.0.26.0-3.84.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.i586",
"product": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.i586",
"product_id": "java-11-openjdk-demo-11.0.26.0-3.84.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.i586",
"product": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.i586",
"product_id": "java-11-openjdk-devel-11.0.26.0-3.84.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.i586",
"product": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.i586",
"product_id": "java-11-openjdk-headless-11.0.26.0-3.84.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.i586",
"product": {
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.i586",
"product_id": "java-11-openjdk-jmods-11.0.26.0-3.84.1.i586"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.i586",
"product": {
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.i586",
"product_id": "java-11-openjdk-src-11.0.26.0-3.84.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-javadoc-11.0.26.0-3.84.1.noarch",
"product": {
"name": "java-11-openjdk-javadoc-11.0.26.0-3.84.1.noarch",
"product_id": "java-11-openjdk-javadoc-11.0.26.0-3.84.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.26.0-3.84.1.ppc64le",
"product": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.ppc64le",
"product_id": "java-11-openjdk-11.0.26.0-3.84.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le",
"product": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le",
"product_id": "java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le",
"product": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le",
"product_id": "java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le",
"product": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le",
"product_id": "java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.ppc64le",
"product": {
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.ppc64le",
"product_id": "java-11-openjdk-jmods-11.0.26.0-3.84.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.ppc64le",
"product": {
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.ppc64le",
"product_id": "java-11-openjdk-src-11.0.26.0-3.84.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.26.0-3.84.1.s390x",
"product": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.s390x",
"product_id": "java-11-openjdk-11.0.26.0-3.84.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.s390x",
"product": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.s390x",
"product_id": "java-11-openjdk-demo-11.0.26.0-3.84.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.s390x",
"product": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.s390x",
"product_id": "java-11-openjdk-devel-11.0.26.0-3.84.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.s390x",
"product": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.s390x",
"product_id": "java-11-openjdk-headless-11.0.26.0-3.84.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.s390x",
"product": {
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.s390x",
"product_id": "java-11-openjdk-jmods-11.0.26.0-3.84.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.s390x",
"product": {
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.s390x",
"product_id": "java-11-openjdk-src-11.0.26.0-3.84.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"product": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"product_id": "java-11-openjdk-11.0.26.0-3.84.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"product": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"product_id": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"product": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"product_id": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"product": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"product_id": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.x86_64",
"product": {
"name": "java-11-openjdk-jmods-11.0.26.0-3.84.1.x86_64",
"product_id": "java-11-openjdk-jmods-11.0.26.0-3.84.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.x86_64",
"product": {
"name": "java-11-openjdk-src-11.0.26.0-3.84.1.x86_64",
"product_id": "java-11-openjdk-src-11.0.26.0-3.84.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.aarch64"
},
"product_reference": "java-11-openjdk-11.0.26.0-3.84.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.ppc64le"
},
"product_reference": "java-11-openjdk-11.0.26.0-3.84.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.s390x"
},
"product_reference": "java-11-openjdk-11.0.26.0-3.84.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64"
},
"product_reference": "java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le"
},
"product_reference": "java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.s390x"
},
"product_reference": "java-11-openjdk-demo-11.0.26.0-3.84.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64"
},
"product_reference": "java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le"
},
"product_reference": "java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.s390x"
},
"product_reference": "java-11-openjdk-devel-11.0.26.0-3.84.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64"
},
"product_reference": "java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le"
},
"product_reference": "java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.s390x"
},
"product_reference": "java-11-openjdk-headless-11.0.26.0-3.84.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64"
},
"product_reference": "java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21502"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21502",
"url": "https://www.suse.com/security/cve/CVE-2025-21502"
},
{
"category": "external",
"summary": "SUSE Bug 1236278 for CVE-2025-21502",
"url": "https://bugzilla.suse.com/1236278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-demo-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-devel-11.0.26.0-3.84.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-11-openjdk-headless-11.0.26.0-3.84.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:34:30Z",
"details": "moderate"
}
],
"title": "CVE-2025-21502"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…