{"affected":[{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.28.0-3.90.1","java-11-openjdk-demo":"11.0.28.0-3.90.1","java-11-openjdk-devel":"11.0.28.0-3.90.1","java-11-openjdk-headless":"11.0.28.0-3.90.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.28.0-3.90.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-11-openjdk":"11.0.28.0-3.90.1","java-11-openjdk-demo":"11.0.28.0-3.90.1","java-11-openjdk-devel":"11.0.28.0-3.90.1","java-11-openjdk-headless":"11.0.28.0-3.90.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"java-11-openjdk","purl":"pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.28.0-3.90.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-11-openjdk fixes the following issues:\n\nUpgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU):\n\nSecurity fixes:\n\n- CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) \n- CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) \n- CVE-2025-30761: Improve scripting supports (bsc#1246580) \n- CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) \n- CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) \n\nChangelog:\n\n    + JDK-8026976: ECParameters, Point does not match field size\n    + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong\n      value\n    + JDK-8231058: VerifyOops crashes with assert(_offset >= 0)\n      failed: offset for non comment?\n    + JDK-8232625: HttpClient redirect policy should be more\n      conservative\n    + JDK-8258483: [TESTBUG] gtest\n      CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is\n      too small\n    + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are\n      problematic\n    + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts\n    + JDK-8301753: AppendFile/WriteFile has differences between make\n      3.81 and 4+\n    + JDK-8303770: Remove Baltimore root certificate expiring in May\n      2025\n    + JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender\n    + JDK-8327476: Upgrade JLine to 3.26.1\n    + JDK-8328957: Update PKCS11Test.java to not use hardcoded path\n    + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to\n      v3.1\n    + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm\n      gtest fails on ppc64 based platforms\n    + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the\n      getKeyChar method of the AccessBridge class\n    + JDK-8345133: Test sun/security/tools/jarsigner/\n      /TsacertOptionTest.java failed: Warning found in stdout\n    + JDK-8345625: Better HTTP connections\n    + JDK-8346887: DrawFocusRect() may cause an assertion failure\n    + JDK-8347629: Test FailOverDirectExecutionControlTest.java\n      fails with -Xcomp\n    + JDK-8348110: Update LCMS to 2.17\n    + JDK-8348596: Update FreeType to 2.13.3\n    + JDK-8348598: Update Libpng to 1.6.47\n    + JDK-8348989: Better Glyph drawing\n    + JDK-8349111: Enhance Swing supports\n    + JDK-8349594: Enhance TLS protocol support\n    + JDK-8350469: [11u] Test AbsPathsInImage.java fails\n      - JDK-8239429 public clone\n    + JDK-8350498: Remove two Camerfirma root CA certificates\n    + JDK-8350991: Improve HTTP client header handling\n    + JDK-8351099: Bump update version of OpenJDK: 11.0.28\n    + JDK-8351422: Improve scripting supports\n    + JDK-8352302: Test sun/security/tools/jarsigner/\n      /TimestampCheck.java is failing\n    + JDK-8352716: (tz) Update Timezone Data to 2025b\n    + JDK-8356096: ISO 4217 Amendment 179 Update\n    + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS\n    + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots\n    + JDK-8360147: Better Glyph drawing redux\n","id":"SUSE-SU-2025:02563-1","modified":"2025-07-31T02:15:52Z","published":"2025-07-31T02:15:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502563-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246575"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246580"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246584"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30749"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30761"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-50059"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-50106"}],"related":["CVE-2025-30749","CVE-2025-30754","CVE-2025-30761","CVE-2025-50059","CVE-2025-50106"],"summary":"Security update for java-11-openjdk","upstream":["CVE-2025-30749","CVE-2025-30754","CVE-2025-30761","CVE-2025-50059","CVE-2025-50106"]}