Overview

File _patchinfo of Package patchinfo.40622

<patchinfo incident="40622">
  <issue tracker="bnc" id="1247754">VUL-0: java-1_8_0-ibm: Oracle July 15 2025 CPU</issue>
  <issue tracker="bnc" id="1246584">VUL-0: CVE-2025-50106: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)</issue>
  <issue tracker="bnc" id="1246595">VUL-0: CVE-2025-30749: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: several scenarios can lead to heap corruption</issue>
  <issue tracker="bnc" id="1246575">VUL-0: CVE-2025-50059: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)</issue>
  <issue tracker="bnc" id="1246598">VUL-0: CVE-2025-30754: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: incomplete handshake may lead to weakening TLS protections</issue>
  <issue tracker="bnc" id="1246580">VUL-0: CVE-2025-30761: java-10-openjdk,java-11-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-9-openjdk: Improve scripting supports (Oracle CPU 2025-07)</issue>
  <issue tracker="cve" id="2025-30749"/>
  <issue tracker="cve" id="2025-50106"/>
  <issue tracker="cve" id="2025-30761"/>
  <issue tracker="cve" id="2025-30754"/>
  <issue tracker="cve" id="2025-50059"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-ibm</summary>
  <description>This update for java-1_8_0-ibm fixes the following issues:

Update to Java 8.0 Service Refresh 8 Fix Pack 50.

Security issues fixed:

- Oracle July 15 2025 CPU (bsc#1247754).
- CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java
  applications that load and run untrusted code (bsc#1246595).
- CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized
  update, insert, delete and read access to sensitive data (bsc#1246598).
- CVE-2025-30761: issue in the Scripting component allows unauthenticated attacker with network access to gain
  unauthorized creation, deletion or modification access to critical data (bsc#1246580).
- CVE-2025-50059: issue in the Networking component allows unauthenticated attacker with network access to gain
  unauthorized access to critical data (bsc#1246575).
- CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and
  takeover Java applications that load and run untrusted code (bsc#1246584).

Other issues fixed:

- Class Libraries:
  - Oracle Security Fix 8348989: Better Glyph drawing.
  - Removal of Baltimore root certificate and TWO CAMERFIRMA root
    CA certificates from CACERTS.
  - Update timezone information to the latest TZDATA2025B.
- Java Virtual Machine:
  - Assertion failure at copyforwardscheme.cpp.
- JIT Compiler:
  - GC assert due to an invalid object reference.
  - SIGILL from JIT compiled method.
  - Unexpected behaviour with very large arrays.
- Security:
  - Deserialization of a serialized RSAPrivateCrtKey is throwing
    an exception.
  - EDDSAsignature fails when doing multiple update.
  - HTTPS channel binding support.
  - IBMJCEPlus provider supports post quantum cryptography algorithms
    ML-KEM (key encapsulation) and ML-DSA (digital signature).
  - Key certificate management: Extended key usage cannot be set
    without having key usage extension in certificate request.
  - MessageDigest.update API does not throw the correct exception.
  - Oracle Security Fix 8349594: Enhance TLS protocol support.
  - Problem getting key in PKCS12 keystore on MAC.
  - TLS support for the EDDSA signature algorithm.
  - Wrong algorithm name returned for EDDSA keys.
- z/OS Extentions:
  - IBMJCEHybridException with hybrid provider in GCM mode.

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places