Security update for java-1_8_0-ibm

Announcement ID:	SUSE-SU-2025:03262-1
Release Date:	2025-09-18T06:42:36Z
Rating:	important
References:	bsc#1246575 bsc#1246580 bsc#1246584 bsc#1246595 bsc#1246598 bsc#1247754
Cross-References:	CVE-2025-30749 CVE-2025-30754 CVE-2025-30761 CVE-2025-50059 CVE-2025-50106
CVSS scores:	CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-30761 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2025-50059 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-50106 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Legacy Module 15-SP6 Legacy Module 15-SP7 openSUSE Leap 15.6 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 LTSS SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP5 LTSS SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves five vulnerabilities and has one security fix can now be installed.

Description:

This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 8 Fix Pack 50.

Security issues fixed:

• Oracle July 15 2025 CPU (bsc#1247754).
• CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595).
• CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598).
• CVE-2025-30761: issue in the Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580).
• CVE-2025-50059: issue in the Networking component allows unauthenticated attacker with network access to gain unauthorized access to critical data (bsc#1246575).
• CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584).

Other issues fixed:

• Class Libraries:
• Oracle Security Fix 8348989: Better Glyph drawing.
• Removal of Baltimore root certificate and TWO CAMERFIRMA root CA certificates from CACERTS.
• Update timezone information to the latest TZDATA2025B.
• Java Virtual Machine:
• Assertion failure at copyforwardscheme.cpp.
• JIT Compiler:
• GC assert due to an invalid object reference.
• SIGILL from JIT compiled method.
• Unexpected behaviour with very large arrays.
• Security:
• Deserialization of a serialized RSAPrivateCrtKey is throwing an exception.
• EDDSAsignature fails when doing multiple update.
• HTTPS channel binding support.
• IBMJCEPlus provider supports post quantum cryptography algorithms ML-KEM (key encapsulation) and ML-DSA (digital signature).
• Key certificate management: Extended key usage cannot be set without having key usage extension in certificate request.
• MessageDigest.update API does not throw the correct exception.
• Oracle Security Fix 8349594: Enhance TLS protocol support.
• Problem getting key in PKCS12 keystore on MAC.
• TLS support for the EDDSA signature algorithm.
• Wrong algorithm name returned for EDDSA keys.
• z/OS Extentions:
• IBMJCEHybridException with hybrid provider in GCM mode.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2025-3262=1
• Legacy Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-3262=1
• Legacy Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-3262=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3262=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3262=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3262=1
• SUSE Linux Enterprise Server 15 SP3 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3262=1
• SUSE Linux Enterprise Server 15 SP4 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3262=1
• SUSE Linux Enterprise Server 15 SP5 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3262=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3262=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3262=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP5
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3262=1
• SUSE Enterprise Storage 7.1
  zypper in -t patch SUSE-Storage-7.1-2025-3262=1

Package List:

• openSUSE Leap 15.6 (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• openSUSE Leap 15.6 (x86_64)
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-32bit-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-32bit-1.8.0_sr8.50-150000.3.104.1
• openSUSE Leap 15.6 (ppc64le s390x x86_64)
  • java-1_8_0-ibm-src-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-demo-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• Legacy Module 15-SP6 (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• Legacy Module 15-SP6 (ppc64le s390x x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• Legacy Module 15-SP6 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• Legacy Module 15-SP7 (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• Legacy Module 15-SP7 (ppc64le s390x x86_64)
  • java-1_8_0-ibm-src-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-demo-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• Legacy Module 15-SP7 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (nosrc x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (nosrc x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP3 LTSS (ppc64le s390x x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le s390x x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc ppc64le s390x x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP5 LTSS (ppc64le s390x x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
• SUSE Enterprise Storage 7.1 (nosrc x86_64)
  • java-1_8_0-ibm-1.8.0_sr8.50-150000.3.104.1
• SUSE Enterprise Storage 7.1 (x86_64)
  • java-1_8_0-ibm-plugin-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-alsa-1.8.0_sr8.50-150000.3.104.1
  • java-1_8_0-ibm-devel-1.8.0_sr8.50-150000.3.104.1

References:

• https://www.suse.com/security/cve/CVE-2025-30749.html
• https://www.suse.com/security/cve/CVE-2025-30754.html
• https://www.suse.com/security/cve/CVE-2025-30761.html
• https://www.suse.com/security/cve/CVE-2025-50059.html
• https://www.suse.com/security/cve/CVE-2025-50106.html
• https://bugzilla.suse.com/show_bug.cgi?id=1246575
• https://bugzilla.suse.com/show_bug.cgi?id=1246580
• https://bugzilla.suse.com/show_bug.cgi?id=1246584
• https://bugzilla.suse.com/show_bug.cgi?id=1246595
• https://bugzilla.suse.com/show_bug.cgi?id=1246598
• https://bugzilla.suse.com/show_bug.cgi?id=1247754