{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr8.50-30.138.1","java-1_8_0-ibm-alsa":"1.8.0_sr8.50-30.138.1","java-1_8_0-ibm-devel":"1.8.0_sr8.50-30.138.1","java-1_8_0-ibm-plugin":"1.8.0_sr8.50-30.138.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr8.50-30.138.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_8_0-ibm":"1.8.0_sr8.50-30.138.1","java-1_8_0-ibm-alsa":"1.8.0_sr8.50-30.138.1","java-1_8_0-ibm-devel":"1.8.0_sr8.50-30.138.1","java-1_8_0-ibm-plugin":"1.8.0_sr8.50-30.138.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"java-1_8_0-ibm","purl":"pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0_sr8.50-30.138.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-ibm fixes the following issues:\n\nUpdate to Java 8.0 Service Refresh 8 Fix Pack 50.\n\nSecurity issues fixed:\n\n- Oracle July 15 2025 CPU (bsc#1247754).\n- CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java\n  applications that load and run untrusted code (bsc#1246595).\n- CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized\n  update, insert, delete and read access to sensitive data (bsc#1246598).\n- CVE-2025-30761: issue in the Scripting component allows unauthenticated attacker with network access to gain\n  unauthorized creation, deletion or modification access to critical data (bsc#1246580).\n- CVE-2025-50059: issue in the Networking component allows unauthenticated attacker with network access to gain\n  unauthorized access to critical data (bsc#1246575).\n- CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and\n  takeover Java applications that load and run untrusted code (bsc#1246584).\n\nOther issues fixed.\n \n- Class Libraries:\n  - Oracle Security Fix 8348989: Better Glyph drawing.\n  - Removal of Baltimore root certificate and TWO CAMERFIRMA root\n    CA certificates from CACERTS.\n  - Update timezone information to the latest TZDATA2025B.\n- Java Virtual Machine:\n  - Assertion failure at copyforwardscheme.cpp.\n- JIT Compiler:\n  - GC assert due to an invalid object reference.\n  - SIGILL from JIT compiled method.\n  - Unexpected behaviour with very large arrays.\n- Security:\n  - Deserialization of a serialized RSAPrivateCrtKey is throwing\n    an exception.\n  - EDDSAsignature fails when doing multiple update.\n  - HTTPS channel binding support.\n  - IBMJCEPlus provider supports post quantum cryptography algorithms\n    ML-KEM (key encapsulation) and ML-DSA (digital signature).\n  - Key certificate management: Extended key usage cannot be set\n    without having key usage extension in certificate request.\n  - MessageDigest.update API does not throw the correct exception.\n  - Oracle Security Fix 8349594: Enhance TLS protocol support.\n  - Problem getting key in PKCS12 keystore on MAC.\n  - TLS support for the EDDSA signature algorithm.\n  - Wrong algorithm name returned for EDDSA keys.\n- z/OS Extentions:\n  - IBMJCEHybridException with hybrid provider in GCM mode.\n\n","id":"SUSE-SU-2025:03236-1","modified":"2025-09-16T09:11:36Z","published":"2025-09-16T09:11:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503236-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246575"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246580"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246584"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246598"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30749"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-30761"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-50059"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-50106"}],"related":["CVE-2025-30749","CVE-2025-30754","CVE-2025-30761","CVE-2025-50059","CVE-2025-50106"],"summary":"Security update for java-1_8_0-ibm","upstream":["CVE-2025-30749","CVE-2025-30754","CVE-2025-30761","CVE-2025-50059","CVE-2025-50106"]}