FERRAMENTAS LINUX: Critical Java 11 OpenJDK Security Update: Patch 3 High-Risk Vulnerabilities (CVE-2025-21587, CVE-2025-30691, CVE-2025-30698)

segunda-feira, 16 de junho de 2025

Critical Java 11 OpenJDK Security Update: Patch 3 High-Risk Vulnerabilities (CVE-2025-21587, CVE-2025-30691, CVE-2025-30698)

 

SUSE


SUSE has released an urgent security update for Java 11 OpenJDK addressing 3 critical vulnerabilities (CVSS scores up to 9.1) affecting data integrity and system access. Learn how to patch CVE-2025-21587, CVE-2025-30691, and CVE-2025-30698 across SUSE Linux, Enterprise Storage, and OpenSUSE Leap 15.6.


1. Executive Summary

A high-priority security update (SUSE-SU-2025:01487-2) was released on June 16, 2025, patching three critical vulnerabilities in Java 11 OpenJDK. These flaws could allow unauthorized data access, modification, or denial-of-service (DoS) attacks. Affected systems include:

  • SUSE Linux Enterprise Server 15 SP3-SP7

  • OpenSUSE Leap 15.6

  • SUSE Manager, Enterprise Storage, and SAP Applications

Key Risks:

  • CVE-2025-21587 (CVSS 9.1): JSSE security bypass enabling data tampering.

  • CVE-2025-30691 (CVSS 6.3): Oracle Java SE Compiler vulnerability exposing sensitive data.

  • CVE-2025-30698 (CVSS 6.3): Java 2D flaw leading to DoS or unauthorized access.

2. Vulnerability Deep Dive

2.1 Critical CVEs and Impact

CVE IDCVSS ScoreRiskAffected Component
CVE-2025-215879.1Data tamperingJSSE (Java Secure Socket Extension)
CVE-2025-306916.3Data leakageJava SE Compiler
CVE-2025-306986.3DoS/Data accessJava 2D API

Why Patch Immediately?

  • Exploits could compromise SAP applications, cloud infrastructure, and enterprise systems.

  • Financial and healthcare sectors are high-risk targets due to Java’s widespread use.

3. Patch Instructions

3.1 Recommended Update Methods

  • YaST Online Update (GUI)

  • Command Line:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-2025-1487=1

  • Manual DownloadSUSE Security Portal

3.2 Affected Packages

  • java-11-openjdk (v11.0.27+6)

  • java-11-openjdk-headless

  • java-11-openjdk-devel

Full package listSee Section 7.

4. Additional Fixes & Improvements

This update also includes 20+ upstream bug fixes, such as:

  • JDK-8337692: Enhanced TLS 1.3 support.

  • JDK-8347965: Updated timezone data (2025a).

  • JDK-8343786: macOS/Xcode compatibility fixes.

5. Frequently Asked Questions (FAQ)

Q: Is this update mandatory for compliance?
A: Yes, especially for PCI-DSS, HIPAA, or GDPR-regulated systems due to data integrity risks.

Q: How do I verify the patch is applied?
A: Run:

bash
Copy
Download
rpm -q java-11-openjdk --changelog | grep CVE-2025-21587

Q: Are containers affected?
A: Yes, if using vulnerable OpenJDK images. Update base images immediately.

7. Package List (Condensed)

ProductPackage
SUSE Linux Enterprise 15 SP5java-11-openjdk-11.0.27.0
OpenSUSE Leap 15.6java-11-openjdk-headless
SUSE Manager 4.3java-11-openjdk-devel
Full list

8. Conclusion & Next Steps

Immediate Actions:

  1. Prioritize patching systems running Java 11 OpenJDK.

  2. Audit dependencies (e.g., Docker, Kubernetes) for vulnerable images.

  3. Monitor logs for exploitation attempts.

Need enterprise support? SUSE Security Services offers vulnerability assessments and patch management.


Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)