------------------------------------------------------------------ --- Changelog.all ----------- Fri Jun 26 12:28:09 UTC 2026 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2026-6-18 - Jun 18 2026 ------------------- ------------------------------------------------------------------ ++++ containerd: - Add patch for CVE-2026-34986 (bsc#1262948) * 0003-CVE-2026-34986-Bump-go-jose-to-v3.0.5.patch - Add patch for CVE-2026-39821 (bsc#1266640) * 0004-CVE-2026-39821-idna-update-from-x-text-fix-ToUnicode.patch - Add patch for CVE-2026-33814 (bsc#1265794) * 0005-CVE-2026-33814-http2-prevent-hanging-Transport-due-t.patch ++++ python-tornado6: - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient (bsc#1268395) - CVE-2026-49854: out-of-bounds memory access via C extension (bsc#1268396) - CVE-2026-49855: AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb) (bsc#1268397) Add patches: * CVE-2026-49853.patch * CVE-2026-49854.patch * CVE-2026-49855.patch ------------------------------------------------------------------ ------------------ 2026-6-16 - Jun 16 2026 ------------------- ------------------------------------------------------------------ ++++ libarchive: - Fix CVE-2026-4424, 257-byte heap memory leak when processing a 170-byte RAR3 (CVE-2026-4424, bsc#1259928) * CVE-2026-4424.patch - Fix CVE-2026-4426, undefined behavior due to unvalidated operand in shift expression of the zisofs decompression code 3.8.1 in function apply_substitution in file tar/subst.c (CVE-2026-4426, bsc#1259931) * CVE-2026-4426.patch - Fix CVE-2026-4111, logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS (CVE-2026-4111, bsc#1259635) * CVE-2026-4111.patch - Fix CVE-2026-5121, missing validation check for pz_log2_bs can a heap buffer overflow write (CVE-2026-5121, bsc#1261186) * CVE-2026-5121.patch - Fix CVE-2025-60753, An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules (CVE-2025-60753, bsc#1253088) * CVE-2025-60753.patch ------------------------------------------------------------------ ------------------ 2026-6-15 - Jun 15 2026 ------------------- ------------------------------------------------------------------ ++++ sg3_utils: - Update to version 1.48~20221101+2.5a7572d6: * sg_inq: --export output conformance for SCSI name string and ATA fields (bsc#1267823) ------------------------------------------------------------------ ------------------ 2026-6-12 - Jun 12 2026 ------------------- ------------------------------------------------------------------ ++++ python-PyJWT: - CVE-2026-48526: JWK JSON accepted as HMAC secret (algorithm confusion) (bsc#1266802) - CVE-2026-48523: Algorithm allow-list bypass with PyJWK / PyJWKClient (bsc#1266799) - CVE-2026-48525: DoS via base64 decode of unused payload segment when b64=false (bsc#1266801) - CVE-2026-48522: PyJWKClient accepts non-HTTP(S) URIs (bsc#1266798) - CVE-2026-48524: PyJWKClient cache wiped on fetch error (bsc#1266800) - added security-fixes.patch to fix above vulnerabilities ++++ zypper: - Transactional systems: Delegate rw-commands to transactional-wrapper if available (jsc#PED-13680, jsc#PED-15607) On a transactional system where the root filesystem is mounted read-only, zypper commands that modify the system cannot be executed directly. If the system provides a transactional-wrapper utility, zypper will automatically attempt to invoke it. The wrapper transparently executes the zypper command within a new, writable snapshot and manages the lifecycle of that snapshot based on the command's exit status. On transactional systems lacking a transactional-wrapper, users must manually invoke specialized tools -such as transactional-update- to install, update, or remove software. - version 1.14.98 ------------------------------------------------------------------ ------------------ 2026-6-11 - Jun 11 2026 ------------------- ------------------------------------------------------------------ ++++ freeipmi: - Fix memory corruption in ipmi-oem-dell.c and ipmi-oem-fujitsu.c bsc#1267605 - CVE-2026-50031 A freeipmi_dell_mem_corruption.fix A freeipmi_fujitsu_buffer_overflow.fix ++++ opensc: - added patches CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation [bsc#1267246] * opensc-CVE-2026-10275.patch CVE-2026-40528: stack and heap buffer overrun in the `do_key_value()` function due to missing length check allows for memory corruption via a crafted profile configuration file [bsc#1266963] * opensc-CVE-2026-40528.patch ------------------------------------------------------------------ ------------------ 2026-6-10 - Jun 10 2026 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Add CVE-2026-10028.patch: tls: detect cycles when setting issuer property (CVE-2026-10028, bsc#1267979, glgo#GNOME/glib-networking!279) ++++ suseconnect-ng: - Update version to 1.22.1: - library: Allow clients to disable the token handling mechanism (jsc#SCC-801) - Ensure updated system certs are included when creating HTTP client connections (bsc#1268017, jsc#SCC-804) ------------------------------------------------------------------ ------------------ 2026-6-9 - Jun 9 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (CVE-2026-43413, bsc#1264671). - commit bfe6757 - ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (CVE-2026-46157 bsc#1267726). - commit f38bfb2 - Refresh patches.suse/team-avoid-NETDEV_CHANGEMTU-event-when-unregistering.patch. Added missing locking in backport (bsc#1267732). - commit a8766b2 - Bluetooth: hci_conn: fix potential UAF in create_big_sync (CVE-2026-46111 bsc#1267626). - commit 7777a50 - nfsd: never defer requests during idmap lookup (CVE-2026-45983 bsc#1266697). - Delete patches.suse/nfsd-do-not-defer-requests-during-idmap-lookup-in-v4-compo.patch. - commit 664a09a - drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209 bsc#1267663). - commit 2c841fc - libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (CVE-2026-46024 bsc#1267218). - commit e967a8f - libceph: prevent potential out-of-bounds reads in process_message_header() (CVE-2026-43406 bsc#1265073). - commit 79f8547 - rbd: fix null-ptr-deref when device_add_disk() fails (CVE-2026-46079 bsc#1266452). - commit 82a7e5e - ocfs2: handle invalid dinode in ocfs2_group_extend (CVE-2026-31596 bsc#1263319). - commit d319998 - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (CVE-2026-43407 bsc#1265020). - commit d87fc06 ------------------------------------------------------------------ ------------------ 2026-6-8 - Jun 8 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (CVE-2026-43470 bsc#1265128). - commit 9fc75a8 - af_unix: read UNIX_DIAG_VFS data under unix_state_lock (CVE-2026-31673 bsc#1263143). - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. - commit 00e1878 - ALSA: aloop: Fix peer runtime UAF during format-change stop (CVE-2026-46090 bsc#1267531). - ALSA: aloop: Use guard() for spin locks (CVE-2026-46090 bsc#1267531). - ALSA: aloop: Fix peer runtime UAF during format-change stop (CVE-2026-46090 bsc#1267531). - ALSA: aloop: Use guard() for spin locks (CVE-2026-46090 bsc#1267531). - commit d19a9e2 - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (CVE-2026-45878 bsc#1266767). - commit aa9368a - arm64: Add support for TSV110 Spectre-BHB mitigation (bsc#1264430 CVE-2026-43261) - commit ba98a63 - Input: atkbd - skip deactivate for HONOR BCC-N's internal keyboard (git-fixes). - ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams (git-fixes). - drm/imx: Fix three kernel-doc warnings in dcss-scaler.c (git-fixes). - drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 (git-fixes). - drm/amdkfd: fix NULL dereference in get_queue_ids() (git-fixes). - drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size (git-fixes). - drm/amd/display: Reject gpio_bitshift >= 32 in bios_parser_get_gpio_pin_info() (git-fixes). - drm/amd/display: Use krealloc_array() in dal_vector_reserve() (git-fixes). - drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs (git-fixes). - commit 276cfd7 ++++ graphite2: - added patches CVE-2026-50593: Out-of-bounds write via Graphite actions [bsc#1267733] * graphite2-CVE-2026-50593.patch ++++ libzypp: - A .repo files "path=" entry must not refer to a location outside the repo (bsc#1267874, CVE-2026-44942) A "path=" entry may solely denote a sub-directory of the baseurl where the metadata are located. A relative path trying to access data outside the baseurl is reported and sanitized. - version 17.38.13 (35) ------------------------------------------------------------------ ------------------ 2026-6-6 - Jun 6 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324 bsc#1255416). - commit 195217b ------------------------------------------------------------------ ------------------ 2026-6-5 - Jun 5 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (CVE-2026-43026 bsc#1263932). - commit 059378b - xfs: stop reclaim before pushing AIL during unmount (CVE-2026-31455 bsc#1262615). - commit e53a301 - xfs: save ailp before dropping the AIL lock in push callbacks (CVE-2026-31454 bsc#1262624). - commit 7159c4e - packaging: Add nvidia kernel description - commit 5f2699f - pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1263724 CVE-2026-31655) - commit 9295a19 - bpf: Fix bpf_xdp_store_bytes proto for read-only arg (CVE-2026-45886 bsc#1266810). - commit 20a9956 - bpf: Fix regsafe() for pointers to packet (CVE-2026-43030 bsc#1264000). - commit 8f3e36e - bpf: Fix tcx/netkit detach permissions when prog fd isn't given (CVE-2026-45932 bsc#1266827). - commit b648f57 - spi: fix resource leaks on device setup failure (bsc#1266696 CVE-2026-46083) - commit 742a92d - Bluetooth: MGMT: Fix backward compatibility with userspace (git-fixes). - Bluetooth: bnep: reject short frames before parsing (git-fixes). - Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend (git-fixes). - Bluetooth: RFCOMM: validate skb length in MCC handlers (git-fixes). - Bluetooth: MGMT: validate advertising TLV before type checks (git-fixes). - Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() (git-fixes). - wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap (git-fixes). - wifi: nl80211: reject oversized EMA RNR lists (git-fixes). - mmc: sdhci: add signal voltage switch in sdhci_resume_host (git-fixes). - mmc: litex_mmc: Set mandatory idle clocks before CMD0 (git-fixes). - mmc: litex_mmc: Use DIV_ROUND_UP for more accurate clock calculation (git-fixes). - mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC (git-fixes). - mmc: core: Fix host controller programming for fixed driver type (git-fixes). - commit 1ef939b - btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652,CVE-2026-46159). - commit 56f6424 ++++ openssl-3: - Security fixes: * CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357) * CVE-2026-45446: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (bsc#1266356) * CVE-2026-42770: FFC-DH Peer Validation Uses Attacker-Supplied q (bsc#1266353) * CVE-2026-45445: AES-OCB IV Ignored on EVP_Cipher() Path (bsc#1266355) * CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349) * CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages (bsc#1266344) * CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341) * CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340) * CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342) * Add patches: openssl-CVE-2026-45447.patch openssl-CVE-2026-45446.patch openssl-CVE-2026-42770.patch openssl-CVE-2026-45445.patch openssl-CVE-2026-42766.patch openssl-CVE-2026-34182.patch openssl-CVE-2026-9076.patch openssl-CVE-2026-7383.patch openssl-CVE-2026-34180.patch ++++ sqlite3: - Update to version 3.53.2: * Fixes for problems in 3.53.0 reported by users. * bsc#1268013, CVE-2026-11824: heap-based buffer overflow vulnerability in the FTS5 full-text search extension. * bsc#1268012, CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension. * See the check-in timeline for details: https://sqlite.org/src/timeline?from=version-3.53.1&to=version-3.53.2 ++++ libzypp: - Repo "keyhint" must denote a filename, no path (bsc#1267426, CVE-2026-44941) - version 17.38.12 (35) ------------------------------------------------------------------ ------------------ 2026-6-4 - Jun 4 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kabi: arm64: module: Update missing .init.text.ftrace_trampoline section message (bsc#1265579 bsc#1265170) Message was supposed to give us a hint that these KMP's will have issue when user try to ftrace them. But it turns out to be just source confusion and worry. - commit 2983ae5 - gfs2: Fix use-after-free in iomap inline data write path (CVE-2026-45984 bsc#1267214). - gfs2: Add metapath_dibh helper (CVE-2026-45984 bsc#1267214). - commit 7f4705a - mctp: route: hold key->lock in mctp_flow_prepare_output() (CVE-2026-43455 bsc#1264765). - net: mctp: Ensure keys maintain only one ref to corresponding dev (CVE-2026-43455 bsc#1264765). - commit 7c8d579 ------------------------------------------------------------------ ------------------ 2026-6-3 - Jun 3 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/mkspec: Conditionally set Rust BuildReqs (bsc#1258538) This is a further optimization of kernel packaging rust-enablement. Add the check of CONFIG_RUST at creating the spec for each kernel flavor, and set BuildRequires conditionally only for archs that have CONFIG_RUST. This avoids the unnecessary dependency chains due to unused rust. The main knob ENABLE_RUST is still needed because otherwise we can't know whether to pass the dummy-tools or not at processing run_oldconfig. - commit ccf4b93 - rpm/check-for-config-changes: ignore Rust-related configs (bsc#1258538) Those configs may be dynamically changed at the build time - commit 5251980 - rpm: Add BuildRequires for Rust enablement (bsc#1258538) Update mkspec and template to generate the spec files with BuildRequires of Rust-related packages when ENABLE_RUST=Yes is set in rpm/config.sh. - commit d0f276f - bonding: alb: fix UAF in rlb_arp_recv during bond up/down (CVE-2026-45970 bsc#1267205). - commit c7c508f - RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181 bsc#1266826). - commit 971667c - x86: shadow stacks: proper error handling for mmap lock (bsc#1264484 CVE-2026-43109). - commit fbd32de - ALSA: caiaq: Don't abort when no input device is available (CVE-2026-46004 bsc#1267222). - ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (CVE-2026-46004 bsc#1267222). - commit a3abbee - ALSA: caiaq: Handle probe errors properly (CVE-2026-46004 bsc#1267222). - commit c42211b - thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021 bsc#1267220). - commit 5b274e1 - Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (CVE-2026-43059 bsc#1264184). - commit 58f5225 - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2026-43059 bsc#1264184). - Refresh patches.kabi/hci_dev-centralize-extra-lock.patch. - commit 59594e6 ++++ rpcbind: - Tue Jun 2 11:32:51 UTC 2026 - Thomas Blume Update to rpcbind 1.2.9 (bsc#1267212) https://lore.kernel.org/linux-nfs/5cad3ab4-d24a-45fa-b1e9-d57b2c47a5e4@redhat.com/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist() * rpcbind: Stop unauthenticated oversized allocation in PMAPPROC_CALLIT decode * rpcbind: fix memory leak in read_warmstart() * rpcbind: fix memory leaks in network_init() * rpcbind: fix memory leak in init_transport() - Update to rpcbind 1.2.8 https://lore.kernel.org/linux-nfs/b553cc5a-46eb-453b-80f0-cfe69ccb7b21@redhat.com/ * Added -v (print version and compile flags) * rpcinfo: Removed a number of "old-style function definition" warnings * man/rpcbind: Update list of options * Comment out ListenStream=@/run/rpcbind.sock * [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc() * systemd/rpcbind.service.in: Add various hardenings options * man/rpcbind: Add Files section to manpage * Moved rpcbind.lock and default configs to /run instead of /var/run - systemd: Upstream added systemd EnvironmentFile: 1) /etc/rpcbind.conf 2) /etc/default/rpcbind 3) /etc/sysconfig/rpcbind (the only one originally used in openSUSE patch for boo#1117217) - systemd: Add 'systemd-tmpfiles-setup.service' into 'Wants' and 'After' targets (originally openSUSE patch for boo#1117217 added 'After=sysinit.target') - Removed patches (accepted upstream): * 0001-systemd-unit-files.patch * harden_rpcbind.service.patch * 0001-change-lockingdir-to-run.patch - Update to rpcbind 1.2.7 * rpcinfo: try connecting using abstract address * Listen on an AF_UNIX abstract address if supported * autotools/systemd: call rpcbind with -w only on enabled warm starts * rpcbind: fix double free in init_transport ------------------------------------------------------------------ ------------------ 2026-6-2 - Jun 2 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - slip: reject VJ receive packets on instances with no rstate array (CVE-2026-45842 bsc#1266400) - commit 9c6954f - media: dvb-net: fix OOB access in ULE extension header tables (CVE-2026-31405 bsc#1261700) - commit 0115edd - usb: usbtmc: Flush anchored URBs in usbtmc_release (CVE-2026-31758 bsc#1264093) - commit 862c169 - xfrm_user: fix info leak in build_report() (CVE-2026-31671 bsc#1263115) - commit e993b23 - bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (CVE-2026-45846 bsc#1266394) - commit 8489b03 - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (CVE-2026-46113 bsc#1266969). - commit 492a8ff - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (CVE-2026-43040 bsc#1264091) - commit afb5ee9 - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (CVE-2025-38549 bsc#1248235). - commit 07594aa - ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (bsc#1266927 CVE-2026-46094). - commit 7627409 - writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1263883 CVE-2026-31703). - commit afdb742 - ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (bsc#1264255 CVE-2026-43068). - commit 3900419 - ext4: avoid infinite loops caused by residual data (bsc#1262622 CVE-2026-31448). - commit 23a715f - ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (bsc#1264245 CVE-2026-43066). - commit 283732e - ext4: always drain queued discard work in ext4_mb_release() (bsc#1264243 CVE-2026-43065). - commit 01e5eec - ext4: fix use-after-free in update_super_work when racing with umount (bsc#1262619 CVE-2026-31446). - commit 2d5d4dc - arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes) - commit 0883f58 - arm64: tlb: Allow XZR argument to TLBI ops (git-fixes) - commit a27017d - RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads (CVE-2026-46114 bsc#1266972) - commit 76ec1c1 - RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (CVE-2026-45856 bsc#1266720) - commit c95a10d - auxdisplay: line-display: fix OOB read on zero-length message_store() (git-fixes). - security/keys: fix missed RCU read section on lookup (stable-fixes). - drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async (stable-fixes). - drm/amd/display: Validate GPIO pin LUT table size before iterating (stable-fixes). - drm/amd/display: Fix integer overflow in bios_get_image() (stable-fixes). - phy: marvell: mvebu-a3700-utmi: fix incorrect USB2_PHY_CTRL register access (git-fixes). - spi: ti-qspi: fix use-after-free after DMA setup failure (git-fixes). - spi: sprd: fix error pointer deref after DMA setup failure (git-fixes). - spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache() (git-fixes). - ALSA: asihpi: Fix potential OOB array access at reading cache (stable-fixes). - net: wwan: iosm: fix potential memory leaks in ipc_imem_init() (git-fixes). - drivers/base/memory: fix memory block reference leak in poison accounting (git-fixes). - HID: quirks: really enable the intended work around for appledisplay (git-fixes). - HID: uclogic: Fix regression of input name assignment (git-fixes). - string: add mem_is_zero() helper to check if memory area is all zeros (stable-fixes). - commit 55d2e55 - RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (CVE-2026-46176 bsc#1266816) - commit f587e2a ------------------------------------------------------------------ ------------------ 2026-6-1 - Jun 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mana: Expose hardware diagnostic info via debugfs (bsc#1266414). - net: mana: Use kvmalloc for large RX queue and buffer allocations (bsc#1266765). - net: mana: Use per-queue allocation for tx_qp to reduce allocation size (bsc#1266765). - net: mana: hardening: Reject zero max_num_queues from GDMA_QUERY_MAX_RESOURCES (git-fixes). - drm/hyperv: validate VMBus packet size in receive callback (git-fixes). - drm/hyperv: validate resolution_count and fix WIN8 fallback (git-fixes). - net: mana: Skip redundant detach on already-detached port (git-fixes). - net: mana: Add NULL guards in teardown path to prevent panic on attach failure (git-fixes). - RDMA/mana_ib: Report max_msg_sz in mana_ib_query_port (git-fixes). - net: mana: validate rx_req_idx to prevent out-of-bounds array access (bsc#1266402). - net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer (bsc#1265928). - commit 81225ae - net: mvpp2: guard flow control update with global_tx_fc in buffer switching (CVE-2026-23438 bsc#1261619) - commit c2bc3dd - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (CVE-2026-31546 bsc#1263006) - commit ec64778 - 9p/xen: protect xen_9pfs_front_free against concurrent calls (bsc#1264476 CVE-2026-43249). - commit efe84aa - net: macb: fix use-after-free access to PTP clock (CVE-2026-31396 bsc#1261791) - commit a390b05 - sched/rt: Skip currently executing CPU in rto_next_cpu() (bsc#1262649). - commit 239586c - RDMA/rxe: Fix race condition in QP timer handlers (CVE-2026-45910 bsc#1266889) - commit d80968b - RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852 bsc#1266711) - commit 16dd3c8 - cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() (CVE-2026-23327 bsc#1260548) - commit 27dbf08 - nfc: llcp: add missing return after LLCP_CLOSED checks (CVE-2026-31629 bsc#1263790) - commit db86873 - smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303 bsc#1260502) - commit 53c0ff0 - team: avoid NETDEV_CHANGEMTU event when unregistering slave (CVE-2026-43234 bsc#1264409). - commit 6b7c409 - tipc: fix divide-by-zero in tipc_sk_filter_connect() (CVE-2026-43411 bsc#1264672) - commit 32611e5 - net: stmmac: Prevent NULL deref when RX memory exhausted (CVE-2026-46110 bsc#1266759). - net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY() (CVE-2026-46110 bsc#1266759). - net/mlx5: lag: Check for LAG device before creating debugfs (CVE-2026-43013 bsc#1264011). - commit b15f093 - RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (CVE-2026-46043 bsc#1266901) - commit 909d78b - esp: fix skb leak with espintcp and async crypto (CVE-2026-31518 bsc#1262606) - commit f42cbf9 - packaging: Replace compute-PATCHVERSION with python implementation This script is copied by kkspec to the package directory and called from there. That means that libraries from kernel-source cannot be loaded, and that's the reason why the script is appended to the library that is most useful for it. compute-PATCHVERSION and mkspec are no longer shipped in rpm packages which means compute-PATCHVERSION could be folded into mkspec, and that in turn into tar-up. However, these are all written in different languages. - commit de458e0 - kabi: arm: io: Export ioremap_prot() symbol v2 (CVE-2026-23346 bsc#1260529 bsc#1266993) First version of this kABI fix missed that ioremap_prot() now accept only user-space mappings which breaks any out of tree KMP's which used the function for legitimate kernel IO mappings. Lets fix this by allowing kernel mappings and at same time properly handle user-space mappings [1] 9625623795d3 ("kabi: arm: io: Export ioremap_prot() symbol (CVE-2026-23346 bsc#1260529)") - commit 223d255 - btrfs: reserve enough transaction items for qgroup ioctls (CVE-2026-43338 bsc#1264716). - commit 9eef1bf - btrfs: fix transaction abort on set received ioctl due to item overflow (CVE-2026-43359 bsc#1264719). - commit 847b693 - Input: ims-pcu - fix usb_free_coherent() size in ims_pcu_buffers_free() (git-fixes). - Input: atmel_mxt_ts - fix boundary check in mxt_prepare_cfg_mem (git-fixes). - Input: xpad - fix out-of-bounds access for Share button (git-fixes). - Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (git-fixes). - commit f75d3d9 ++++ openssh: - Add patch rebased from upstream to add missing askpass check for proxy-mode multiplexing sessions (CVE-2026-35388, bsc#1261441): * openssh-cve-2026-35388-askpass-multiplexing.patch - Update patch to fix a possible information disclosure or denial of service due to uninitialized variables in gssapi patches (CVE-2026-3497, bsc#1259642) : * openssh-8.0p1-gssapi-keyex.patch ------------------------------------------------------------------ ------------------ 2026-5-31 - May 31 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - USB: serial: cypress_m8: validate interrupt packet headers (git-fixes). - USB: serial: safe_serial: fix memory corruption with small endpoint (git-fixes). - USB: serial: omninet: fix memory corruption with small endpoint (git-fixes). - USB: serial: mxuport: fix memory corruption with small endpoint (git-fixes). - USB: serial: option: add missing RSVD(5) flag for Rolling RW135R-GL (git-fixes). - USB: serial: mct_u232: fix missing interrupt-in transfer sanity check (git-fixes). - USB: serial: keyspan: fix missing indat transfer sanity check (git-fixes). - USB: serial: belkin_sa: validate interrupt status length (git-fixes). - USB: cdc-acm: Fix bit overlap and move quirk definitions to header (git-fixes). - usb: dwc2: Fix use after free in debug code (git-fixes). - usb: chipidea: core: convert ci_role_switch to local variable (git-fixes). - usb: gadget: f_fs: copy only received bytes on short ep0 read (git-fixes). - usb: gadget: dummy_hcd: Reject hub port requests for non-existent ports (git-fixes). - usbip: vudc: Fix use after free bug in vudc_remove due to race condition (git-fixes). - usb: usbtmc: reject interrupt endpoints with small wMaxPacketSize (git-fixes). - usb: usbtmc: check URB actual_length for interrupt-IN notifications (git-fixes). - usb: gadget: net2280: Fix double free in probe error path (git-fixes). - usb: gadget: f_hid: fix device reference leak in hidg_alloc() (git-fixes). - usb: cdns3: gadget: fix request skipping after clearing halt (git-fixes). - usb: cdns3: plat: fix unbalanced pm_runtime_forbid() call permanently leaks the runtime PM usage counter across bind/unbind cycles (git-fixes). - usb: gadget: composite: fix integer underflow in WebUSB GET_URL handling (git-fixes). - tty: serial: pch_uart: add check for dma_alloc_coherent() (git-fixes). - commit 2bf3f1e - thunderbolt: property: Reject dir_len < 4 to prevent size_t underflow (git-fixes). - thunderbolt: property: Reject u32 wrap in tb_property_entry_valid() (git-fixes). - serial: fsl_lpuart: fix rx buffer and DMA map leaks in start_rx_dma (git-fixes). - serial: qcom-geni: fix UART_RX_PAR_EN bit position (git-fixes). - parport: Fix race between port and client registration (git-fixes). - comedi: comedi_test: fix check for valid scan_begin_src in waveform_ai_cmdtest() (git-fixes). - comedi: comedi_test: Fix limiting of convert_arg in waveform_ai_cmdtest() (git-fixes). - iio: adc: viperboard: Fix error handling in vprbrd_iio_read_raw (git-fixes). - iio: gyro: itg3200: fix i2c read into the wrong stack location (git-fixes). - iio: dac: ad5686: acquire lock when doing powerdown control (git-fixes). - iio: temperature: tsys01: fix broken PROM checksum validation (git-fixes). - iio: buffer: hw-consumer: fix use-after-free in error path (git-fixes). - iio: dac: ad5686: fix input raw value check (git-fixes). - iio: ssp_sensors: cancel delayed work_refresh on remove (git-fixes). - iio: dac: max5821: fix return value check in powerdown sync (git-fixes). - iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer (git-fixes). - iio: light: cm3323: fix reg_conf not being initialized correctly (git-fixes). - iio: magnetometer: st_magn: fix default DRDY pin selection for LIS2MDL (git-fixes). - iio: adc: xilinx-xadc: Fix sequencer mode in postdisable for dual mux (git-fixes). - drm/hyperv: validate VMBus packet size in receive callback (git-fixes). - drm/hyperv: validate resolution_count and fix WIN8 fallback (git-fixes). - drm/amd/pm/si: Disregard vblank time when no displays are connected (git-fixes). - drm/i915: Fix potential UAF in TTM object purge (git-fixes). - commit 129155c ------------------------------------------------------------------ ------------------ 2026-5-30 - May 30 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close (git-fixes). - Bluetooth: ISO: serialize iso_sock_clear_timer with socket lock (git-fixes). - Bluetooth: ISO: fix UAF in iso_recv_frame (git-fixes). - Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp (git-fixes). - Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success (git-fixes). - Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt() (git-fixes). - Bluetooth: btusb: Allow firmware re-download when version matches (git-fixes). - Bluetooth: HIDP: fix missing length checks in hidp_input_report() (git-fixes). - Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() (git-fixes). - Bluetooth: L2CAP: fix chan ref leak in l2cap_chan_timeout() on !conn (git-fixes). - ASoC: codecs: simple-mux: Fix enum control bounds check (git-fixes). - ASoC: qcom: q6asm-dai: fix error handling in prepare and set_params (git-fixes). - ASoC: qcom: q6asm-dai: close stream only when running (git-fixes). - ASoC: qcom: q6asm-dai: do not set stream state in event and trigger callbacks (git-fixes). - HID: wacom: Fix OOB write in wacom_hid_set_device_mode() (git-fixes). - commit 5cccd97 ------------------------------------------------------------------ ------------------ 2026-5-29 - May 29 2026 ------------------- ------------------------------------------------------------------ ++++ firewalld: - CVE-2026-4948: Fix D-Bus setter authorization vulnerability that allowed local unprivileged users to modify firewall state (bsc#1260903) * CVE-2026-4948-fix-dbus-setter-authorizations.patch ++++ kernel-default: - btrfs: fix transaction abort when snapshotting received subvolumes (CVE-2026-43361 bsc#1264722). - commit 68eb967 - btrfs: fix transaction abort on file creation due to name hash collision (CVE-2026-43360 bsc#1264720). - commit 335b528 - wifi: iwlwifi: mvm: don't send a 6E related command when not supported (CVE-2026-43325 bsc#1265110). - commit 3c8b5bc - smb: client: reject userspace cifs.spnego descriptions (bsc#1266238). - commit b2ca6ab - drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (CVE-2026-31767 bsc#1264124). - commit f45f094 - KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (git-fixes). - commit 671dbfb - KVM: X86: Fix array_index_nospec protection in __pv_send_ipi (git-fixes). - commit ef45aed - Refresh patches.suse/selftests-bpf-Add-more-precision-tracking-tests-for-.patch. (CVE-2026-43009 bsc#1264014) - commit 1de8df8 - selftests/bpf: add test for nullable PTR_TO_BUF access (CVE-2026-43333 bsc#1264726). - commit 9b6669a - bpf: reject direct access to nullable PTR_TO_BUF pointers (CVE-2026-43333 bsc#1264726). - commit 8b12683 ++++ libzypp: - Fix potential crash on malformed or malicious repository metadata (fixes #740) - version 17.38.11 (35) ------------------------------------------------------------------ ------------------ 2026-5-28 - May 28 2026 ------------------- ------------------------------------------------------------------ ++++ ignition: - Add CVE-2026-33814.patch * Fixes [bsc#1265751] ++++ kernel-default: - xfrm: prevent policy_hthresh.work from racing with netns teardown (CVE-2026-31516 bsc#1262755). - commit 5ec6779 - mptcp: pm: in-kernel: always set ID as avail when rm endp (CVE-2026-43252 bsc#1264300). - commit f1372d7 - net/ipv6: ioam6: prevent schema length wraparound in trace fill (CVE-2026-43341 bsc#1265044). - commit 26ee766 - slip: bound decode() reads against the compressed packet length (CVE-2026-45843 bsc#1266395). - commit c9770c0 - s390/entry: Scrub r12 register on kernel entry (bsc#1263068). - s390/syscalls: Add spectre boundary for syscall dispatch table (bsc#1263068). - s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1263068). - commit f6cfac6 - tracing: Fix potential deadlock in cpu hotplug with osnoise (CVE-2026-31480 bsc#1262634). - tracing: Switch trace_osnoise.c code over to use guard() and __free() (bsc#1262634). - commit 6db35fe - bpf: Fix stack-out-of-bounds write in devmap (bsc#1260584 CVE-2026-23359). - commit 0fb7dc1 - wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (CVE-2026-23444 bsc#1266307). - commit a948d1e - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (CVE-2026-43206 bsc#1264551). - commit 7f880f2 - octeontx2-af: Workaround SQM/PSE stalls by disabling sticky (CVE-2026-43296 bsc#1264805). - commit f336a2d ++++ libsolv: - fix solv_chksum_free segfault when called with a NULL pointer - bump version to 0.7.39 ------------------------------------------------------------------ ------------------ 2026-5-27 - May 27 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bcache: fix uninitialized closure object (git-fixes). - commit d35dc31 - bcache: fix cached_dev.sb_bio use-after-free and crash (CVE-2026-3150 bsc#1263169). - scsi: target: tcm_loop: Drain commands in target_reset handler (CVE-2026-43054 bsc#1264063). - scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (CVE-2026-31464 bsc#1262656). - scsi: qla2xxx: Completely fix fcport double free (CVE-2026-43414 bsc#1264669). - commit b1bc3f3 - rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001 CVE-2026-43499). - commit f92fa24 - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501 bsc#1266009). - commit d86aabe - ip6_tunnel: clear skb2->cb in ip4ip6_err() (CVE-2026-43037 bsc#1263995). - commit 60e0626 - Improve compatibility with awk 2.4.0 (bsc#1266214) This was meant to match the literal '+', so it needs to be backslashed not a repetition of the '^' symbol. - commit fbbce3e - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (CVE-2026-31473 bsc#1262663). - commit 3f03cf7 - Update patches.suse/net-skbuff-propagate-shared-frag-marker-through-frag-trans.patch (CVE-2026-43503 bsc#1265960 CVE-2026-43284 bsc#1264449). - Update patches.suse/xfrm-esp-avoid-in-place-decrypt-on-shared-skb-frags.patch (CVE-2026-43284 bsc#1264449). Add references and move to the sorted section. - commit 83a3405 - RDMA/efa: Fix possible deadlock (git-fixes) - commit b9b2bbf - RDMA/efa: Fix use of completion ctx after free (CVE-2026-31493 bsc#1262668) - commit 3fa0669 - RDMA/efa: Improve admin completion context state machine (git-fixes) - commit 8e8c981 - RDMA/efa: Extend admin timeout error print (git-fixes) - commit 4d9f061 - RDMA/efa: Check stored completion CTX command ID with received one (git-fixes) - commit f0e6a90 ++++ libsoup: - Add libsoup-CVE-2026-1801.patch: Use CRLF as line boundary when parsing chunk encoding data (bsc#1257649 CVE-2026-1801 glgo#GNOME/libsoup#481). - Add libsoup-CVE-2026-4271.patch: Protect message io while reading and writing (bsc#1259767, CVE-2026-4271, glgo#GNOME/libsoup#496). ++++ libzypp: - Repo metadata: discard entries referring to a location outside the repo (bsc#1259802, CVE-2026-25707) Mirroring those data locally would refer to a location outside the repo's local cache directory. Those data entries are reported and discarded. - zypp.conf: Allow [env] section to add environment variables. This feature is designed to enable environment-specific settings or debugging options over an extended period. See zypp.conf(5). - version 17.38.10 (35) ------------------------------------------------------------------ ------------------ 2026-5-26 - May 26 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - wifi: mac80211: check tdls flag in ieee80211_tdls_oper (CVE-2026-43052 bsc#1263945). - commit e6ee8c1 - KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (CVE-2026-31590 bsc#1263152). - commit 4957e7f - openvswitch: vport: fix self-deadlock on release of tunnel ports (CVE-2026-31678 bsc#1263562). - commit 7eb6b28 - KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (CVE-2026-43483 bsc#1265240). - commit de0bf57 - smb: client: fix in-place encryption corruption in SMB2_write() (bsc#1264989 CVE-2026-43362) - commit 2633e79 - compute-PATCHVERSION: Do not append .. to default patch directories All the callers are either using . or a specific patch directory. If a caller really needs to load patches from .. it should be passed as parameter. - commit d383394 - compute-PATCHVERSION: Remove unpack logic This used to be needed when compute-PATCHVERSION was shipped as part of the rpm package where unpacked patches are not available. It is not done annymore, and the unpackinng is not needed. - commit 9a8fa0e - openvswitch: defer tunnel netdev_put to RCU release (CVE-2026-31678 bsc#1263562). - commit c40a933 - KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested [#]VMEXIT (git-fixes). - commit ec599f4 - KVM: x86: Fix Xen hypercall tracepoint argument assignment (git-fixes). - commit bee29ed - packaging: Rip out extra symbols support Extra symbols are not supported for a long time. The oldest branch we maintain is SLE 11 SP1 and it does not use patch guards to select patches. - commit 7b3d5b0 - batman-adv: fix batadv_skb_is_frag() kernel-doc (git-fixes). - commit f65d5f2 - hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe() (git-fixes). - hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe() (git-fixes). - hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors (git-fixes). - hwmon: (pmbus/adm1266) don't clobber GPIO bits before PDIO read in get_multiple (git-fixes). - hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR (git-fixes). - hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer (git-fixes). - hwmon: (pmbus/adm1266) include adapter number in GPIO line label (git-fixes). - hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer (git-fixes). - hwmon: (pmbus/adm1266) reject implausible blackbox record_count (git-fixes). - hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX (git-fixes). - hwmon: (pmbus/adm1266) seed timestamp from the real-time clock (git-fixes). - drm/virtio: use uninterruptible resv lock for plane updates (git-fixes). - drm/bridge: megachips: remove bridge when irq request fails (git-fixes). - drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe (git-fixes). - drm/bridge: it66121: acquire reset GPIO in probe (git-fixes). - drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check (git-fixes). - drm/amdgpu/vce3: Fix VCE 3 firmware size and offsets (git-fixes). - drm/amdgpu/vce2: Fix VCE 2 firmware size and offsets (git-fixes). - drm/msm/snapshot: fix dumping of the unaligned regions (git-fixes). - drm/msm/dsi: don't dump registers past the mapped region (git-fixes). - platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL (git-fixes). - platform/x86: intel-hid: Check ACPI_HANDLE() against NULL (git-fixes). - platform/x86: hp_accel: Check ACPI_COMPANION() against NULL (git-fixes). - platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL (git-fixes). - wifi: ath11k: clear shared SRNG pointer state on restart (git-fixes). - wifi: ath11k: fix use after free in ath11k_dp_rx_msdu_coalesce() (git-fixes). - wifi: ath11k: fix peer resolution on rx path when peer_id=0 (git-fixes). - wifi: ath10k: skip WMI and beacon transmission when device is wedged (git-fixes). - wifi: ath11k: fix error path leak in ath11k_tm_cmd_wmi_ftm() (git-fixes). - wifi: ath11k: fix error path leaks in some WMI calls (git-fixes). - wifi: ath11k: fix error path leaks in some WMI WOW calls (git-fixes). - wifi: mac80211: consume only present negotiated TTLM maps (git-fixes). - wifi: cfg80211: advance loop vars in cfg80211_merge_profile() (git-fixes). - efi: Allocate runtime workqueue before ACPI init (git-fixes). - firmware: arm_ffa: Skip free_pages on RX buffer alloc failure (git-fixes). - firmware: arm_ffa: Check for NULL FF-A ID table while driver registration (git-fixes). - drm/amdgpu/uvd3.1: Don't validate the firmware when already validated (git-fixes). - r8152: fix incorrect register write to USB_UPHY_XTAL (git-fixes). - drm/amdgpu: fix spelling typos (stable-fixes). - drm/i915: Loop over all active pipes in intel_mbus_dbox_update (stable-fixes). - spi: st-ssc4: switch to use modern name (stable-fixes). - commit 8b80180 - device property: set fwnode->secondary to NULL in fwnode_init() (git-fixes). - ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove() (git-fixes). - ALSA: ua101: Reject too-short USB descriptors (git-fixes). - batman-adv: bla: fix report_work leak on backbone_gw purge (git-fixes). - Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() (git-fixes). - Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (git-fixes). - Bluetooth: MGMT: validate Add Extended Advertising Data length (git-fixes). - Bluetooth: ISO: drop ISO_END frames received without prior ISO_START (git-fixes). - Bluetooth: bnep: Fix UAF read of dev->name (git-fixes). - batman-adv: frag: disallow unicast fragment in fragment (git-fixes). - batman-adv: tp_meter: avoid use of uninit sender vars (git-fixes). - batman-adv: dat: handle forward allocation error (git-fixes). - batman-adv: clear current gateway during teardown (git-fixes). - batman-adv: fix fragment reassembly length accounting (git-fixes). - batman-adv: tt: fix negative last_changeset_len (git-fixes). - batman-adv: tt: fix negative tt_buff_len (git-fixes). - batman-adv: fix tp_meter counter underflow during shutdown (git-fixes). - ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes). - ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes). - ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes). - ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes). - ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87 (stable-fixes). - ALSA: sc6000: Use standard print API (stable-fixes). - drm/i915: Extract intel_dbuf_mdclk_cdclk_ratio_update() (stable-fixes). - ASoC: SOF: Intel: hda-dai: add support for dspless mode beyond HDAudio (stable-fixes). - ASoC: SOF: Intel: hda-dai: remove dspless special case (stable-fixes). - commit b214d9a ++++ libsolv: - made repo_add_solv more robust against corrupt files [bsc#1265935] [CVE-2026-9149] - fix potential buffer overflow when verifying EdDSA signatures [bsc#1266039] [CVE-2026-48863] - added limit checks in multiple places to catch overflows - reduce the size of the language id cache - fixed Debian canon selection - fixed dbpath detection in repo_rpmdb_librpm - reduced stack usage in repo page compression (needed for musl) - bump version to 0.7.38 ------------------------------------------------------------------ ------------------ 2026-5-25 - May 25 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Fix the wrong kabi patch order at merging from SLE15-SP6-LTSS No functional changes - commit edd353b - net: gro: don't merge zcopy skbs (git-fixes). - net: skbuff: propagate shared-frag marker through frag-transfer helpers (CVE-2026-43503 bsc#1265960). - net: skbuff: preserve shared-frag marker during coalescing (CVE-2026-46300 bsc#1265209). - net: gro: don't merge zcopy skbs (git-fixes). - net: skbuff: propagate shared-frag marker through frag-transfer helpers (CVE-2026-43503 bsc#1265960). - net: skbuff: preserve shared-frag marker during coalescing (CVE-2026-46300 bsc#1265209). - commit 17348bf - Revert "net: skbuff: propagate shared-frag marker through pskb_copy()" This reverts commit 7d64bf1e8cbaf1eb308d2e84a0475b85e0129adc. - commit 44dd5e4 - packaging: compute-PATCHVERSION.sh -> compute-PATCHVERSION - commit fc624df ++++ python-idna: - CVE-2026-45409: Specially crafted inputs to idna.encode() can bypass earlier security fix(bsc#1265413) Add patch CVE-2026-45409.patch ++++ qemu: - Bug and CVE fixes: * virtio-snd: tighten read amount in in_cb (bsc#1259079, CVE-2026-3196, bsc#1259080, CVE-2026-3195) * virtio-snd: fix max_size bounds check in input cb (bsc#1259079, CVE-2026-3196, bsc#1259080, CVE-2026-3195) * virtio-snd: handle 5.14.6.2 for PCM_INFO properly (bsc#1259079, CVE-2026-3196, bsc#1259080, CVE-2026-3195:) * virtio-snd: remove TODO comments (bsc#1259079, CVE-2026-3196, bsc#1259080, CVE-2026-3195) * block/vmdk: fix OOB read in vmdk_read_extent() (bsc#1258509, CVE-2026-2243) * hyperv/syndbg: check length returned by cpu_physical_memory_map() (bsc#1262089, CVE-2026-3842) * cryptodev-builtin: Limit the maximum size (bsc#1255400, CVE-2025-14876) * hw/virtio/virtio-crypto: verify asym request size (bsc#1255400, CVE-2025-14876) * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) * [openSUSE][RPM} spec: delete old specfile constructs ++++ vim: - Update to v9.2.0530. - Fix for SG#71948, bsc#1262395: * vim-9.1.1732-fix-inc-detection.patch: Fix for incorrectly detecting scientific parameter files as bitbake recipies. - Upstream fixed the following bugs / CVEs: * bsc#1264706 CVE-2026-42307 * bsc#1265360 CVE-2026-46483 * bsc#1264708 CVE-2026-45130 * bsc#1264707 CVE-2026-44656 * bsc#1265349 CVE-2026-43961 - Changes: * 9.2.0530: WinBar row vertical separator not refreshed on window change * 9.2.0529: GTK4: clipboard returns empty after a foreign app takes the selection * 9.2.0528: possible overflow in XIM resource handling * 9.2.0527: Possible double free in fill_partial_and_closure() * 9.2.0526: missing out-of-memory check in ex_substitute() * 9.2.0525: spell: memory leak in spell_read_dic() * 9.2.0524: spell: buffer overflow with many affix or compound flags * 9.2.0523: tests: no test for using shellescape() in combination with :! * 9.2.0522: event_nr2name() in autocmd.c can be improved * 9.2.0521: GTK4: cannot resize shell after the window is shown * 9.2.0520: Reversed text opacity in popup when termguicolor is set * 9.2.0519: GTK4: GUI tabline is not displayed correctly * 9.2.0518: GTK4: input method cannot compose text * 9.2.0517: quickfix: can set quickfixtextfunc in restricted/sandbox mode * 9.2.0516: socketserver: spurious error when servername is taken * 9.2.0515: virtualedit=insert doesn't work during change operation * 9.2.0514: GTK4: build errors when socketserver is enabled * 9.2.0513: [security]: memory safety issues in spellfile.c * 9.2.0512: clientserver uses binary protocol * 9.2.0511: configure: when GTK4 is used also links in X11 libs * 9.2.0510: setline() mapping may trigger autoindent * 9.2.0509: term.c: compile error when LOG_TRN is enabled * 9.2.0508: completion: cannot complete user cmd :K with 'ignorecase' * 9.2.0507: Vim9 class: public/protected member name clash uses same error * 9.2.0506: home_replace() function can be improved * 9.2.0505: GTK4: text looks blurry on HiDPI displays * 9.2.0504: configure: requires X11 libraries for GTK4 build * 9.2.0503: Makefile: Missing dependencies for new GTK4 source files * 9.2.0502: runtime(netrw): bookmark handling can be improved * 9.2.0501: GTK4: there is no GTK4 UI available * 9.2.0500: filetype: some html files wrongly recognized as htmlangular * 9.2.0499: modeline: allow to disable modelines with modelinestrict * 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c * 9.2.0497: Cannot jump to remote tags * 9.2.0496: [security]: Code Injection in cucumber filetype plugin * 9.2.0495: [security]: runtime(netrw): code injection via NetrwBookHistSave() * 9.2.0494: User commands cannot handle single args with spaces * 9.2.0493: popup: missing Popup, PopupBorder and PopupTitle hi groups * 9.2.0492: popup: decoration wrongly drawn with clipping on border * 9.2.0491: VMS: various build issues * 9.2.0490: matchfuzzy() can crash on long multi-word patterns * 9.2.0489: filetype: some Objective-C files are not recognized * 9.2.0488: statusline: status line highlight blends into adjacent vsep cells * 9.2.0487: viminfo: possible signed int overflow in register array * 9.2.0486: out-of-bound read when recovering swap files * 9.2.0485: clipboard provider callback can be called recursively * 9.2.0484: TextPutPre triggers clipboard provider callback twice * 9.2.0483: popup: terminal embedded in an opacity popup freezes Vim on input * 9.2.0482: runtime(osc52): triggered twice with TextPutPoste autocmd * 9.2.0481: runtime(netrw): command injection possible via maps * 9.2.0480: [security]: runtime(netrw): code injection via mf command * 9.2.0479: [security]: runtime(tar): command injection in tar plugin * 9.2.0478: channel: redundant str/length assignments in channel_part_info() * 9.2.0477: popup: leftover content after popup_free under layout change * 9.2.0476: pattern completion leaks memory on alloc failures * 9.2.0475: runtime(netrw): bookmark paths not normalized * 9.2.0474: MS-Windows: hard to tell which Visual Studio version was selected with MSVC * 9.2.0473: Pasting ". register without autocommands breaks TextPut* * 9.2.0472: popup: column jitters when scrolled outside viewport * 9.2.0471: vimvars di_key initialized at runtime * 9.2.0470: No way to hook into put commands * 9.2.0469: popup: textprop-anchored popups bleed past host window edges * 9.2.0468: popups: not correctly updated from a CmdlineChanged autocommand * 9.2.0467: multi-line statusline loses highlighting attributes * 9.2.0466: popup: redraw can use stale blended cells * 9.2.0465: modeline: foldmarker cannot be set with modelinestrict * 9.2.0464: runtime(netrw): bookmarking directory uses current dir * 9.2.0463: Not able to use legacy expression evaluation in a vim9script maps * 9.2.0462: MS-Windows: workaround for assert error on GUI * 9.2.0461: Corrupted undofile causes use-after-free * 9.2.0460: did_set_shellpipe_redir() in wrong file * 9.2.0459: tests: test_termcodes fails (after v9.2.0456) * 9.2.0458: Crash with invalid shellredir/shellpipe value * 9.2.0457: Compile warning about unused variable * 9.2.0456: stray p character displayed on some terms * 9.2.0455: 'findfunc' only allows extra info for cmdline completion * 9.2.0454: tests: no test that "abbr" in customlist completion is shown * 9.2.0453: vertical separator of statusline blend into active statusline * 9.2.0452: screen.c popup opacity blend logic is duplicated * 9.2.0451: 'findfunc' can't return extra info for cmdline completion * 9.2.0450: [security]: heap buffer overflow in spellfile.c read_compound() * 9.2.0449: Make proto fails in non GTK builds * 9.2.0448: Vim9: dangling cmdline pointer after skip_expr_cctx() * 9.2.0447: cindent does not ignore comments * 9.2.0446: runtime(netrw): off-by-one bug in s:NetrwUnMarkFile() * 9.2.0445: win_fix_scroll() called before win_comp_pos() in command_height() * 9.2.0444: Cannot set 'path' option via modeline * 9.2.0443: GUI: cancelling save dialog overwrites or discards unnamed buffer * 9.2.0442: completion: i_CTRL-X_CTRL-V doesn't use dict from customlist * 9.2.0441: statusline: click handler not called on multi-line statusline * 9.2.0440: MS-Windows: cursor flicker during update_screen() * 9.2.0439: completion: info popup not removed in cmdline mode * 9.2.0438: tests: test_plugin_termdebug is flaky * 9.2.0437: MS-Windows: cursor flicker in vtp mode * 9.2.0436: Buffer overflow when parsing overlong errorformat lines * 9.2.0435: [security]: backticks in 'path' may cause shell execution on completion * 9.2.0434: cscope: filename interpreted by /bin/sh * 9.2.0433: customlist completion cannot supply pum metadata * 9.2.0432: blob to string conversion can be improved * 9.2.0431: blob encoding can be improved * 9.2.0430: tests: Test_shortmess_F3() is flaky on MS-Windows * 9.2.0429: tests: flaky screendump Test_smoothscroll_incsearch() * 9.2.0428: popup: no opacity support for completepopup/previewpopup * 9.2.0427: popup: opacity blend may leaks white bg color * 9.2.0426: tests: still some flaky screendump tests * 9.2.0425: Cannot silence undo/redo messages * 9.2.0424: popup: flicker when wildtrigger() refreshes the popup menu * 9.2.0423: popup: wrapped cmdline truncated with wildoptions=pum * 9.2.0422: popup: leave stray char when scrollbar changes * 9.2.0421: vimball: can smuggle Vimscript into VimballRecord file * 9.2.0420: channel: cannot handle binary data via channel callbacks * 9.2.0419: popup: rendering issues * 9.2.0418: wildcards in expanded env vars reinterpreted by glob * 9.2.0417: completion: no support for "noinsert" with 'wildmode' * 9.2.0416: Unix: filename completion splits at space for single-file Ex commands * 9.2.0415: Wrong behavior when executing register that ends in Insert mode * 9.2.0414: Flicker when drawing window separator and pum is shown * 9.2.0413: Scrolling wrong with 'splitkeep' when changing 'cmdheight' * 9.2.0412: channel: term_start() out_cb/err_cb no longer deliver raw chunks * 9.2.0411: tabpanel: no Vim script functions for the tabpanel * 9.2.0410: test suite races when run with parallel make * 9.2.0409: memory leaks in copy_substring_from_pos() * 9.2.0408: Insert-mode edits can corrupt undo * 9.2.0407: tabpanel: A few issues with the tabpanel * 9.2.0406: VisualNOS not used when Wayland selection ownership lost * 9.2.0405: when jumping to tags, will open URLs * 9.2.0404: redraw_listener_add() does not check secure flag * 9.2.0403: Vim9: def function sandbox bypass * 9.2.0402: pum: opacity not applied to wildmenu pum * 9.2.0401: tests: still a few flaky tests * 9.2.0400: sandbox callbacks selected through 'complete' * 9.2.0399: MS-Windows: compile warning in strptime.c ------------------------------------------------------------------ ------------------ 2026-5-21 - May 21 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kernel-binary: Only apply vmlinux workaround on SLE15 and later To create debuginfo for vmlinux the file needs to be present even if it's not packaged because a compressed file is packaged insteand. To accomplish that the file is marked as ghost in the file list. Then rpm does not complain that the file exists but does not package it. However, rpm still reserves space for ghost files when installing a package. To avoid reserving space for a file that is not used the file is truncated. That works on SLE 15 but on SLE 12 rpm then fails packaging the debuginfo complaiing that extra debuginfo files are present. Limit the workaround to SLE 15 and later. Fixes: 222edac2a18 (kernel-binary: prevent uncompressed vmlinux from inflating rpm size requirements) - commit 1ef7451 - scsi: target: iscsi: validate CHAP_R length before base64 decode (bsc#1265449). - commit 9997c88 - Refresh patches.suse/io-wq-check-that-the-predecessor-is-hashed-in-io_wq_remove_pending.patch. - commit af6de0d - net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR (bsc#1265846). - net: mana: remove double CQ cleanup in mana_create_rxq error path (git-fixes). - net: mana: Skip WQ object destruction for uninitialized RXQ (git-fixes). - net: mana: check xdp_rxq registration before unreg in mana_destroy_rxq() (git-fixes). - RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (git-fixes). - RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() (git-fixes). - RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (git-fixes). - RDMA/mana: Validate rx_hash_key_len (git-fixes). - hv_sock: fix ARM64 support (git-fixes). - commit 18c2af9 - Kernel-binary: Do not truncate vmlinux when it's the boot image Some architectures use vmlinux to boot. Truncating vmlinux on those architectures causes signing failure during build. Also if the signing was disabled a brokne kernel would be produced. Fixes: 222edac2a18 (kernel-binary: prevent uncompressed vmlinux from inflating rpm size requirements) - commit d3cf603 ++++ unbound: - Add security patch unbound-patch_combined-1.25.1_v3.diff: * CVE-2026-33278, bsc#1265587: Possible remote code execution during DNSSEC validation * CVE-2026-42944, bsc#1265578: Heap overflow and crash with multiple nsid, cookie, padding EDNS options * CVE-2026-42959, bsc#1265586: Crash during DNSSEC validation of malicious content * CVE-2026-32792, bsc#1265583: Packet of death with DNSCrypt * CVE-2026-40622, bsc#1265581: "Ghost domain name" variant * CVE-2026-41292, bsc#1265580: Parsing a long list of incoming EDNS options degrades performance * CVE-2026-42534, bsc#1265585: Jostle logic bypass degrades resolution performance * CVE-2026-42923, bsc#1265589: Degradation of service with unbounded NSEC3 hash calculations * CVE-2026-42960, bsc#1265588: Possible cache poisoning attack while following delegation * CVE-2026-44390, bsc#1265584: Unbounded name compression in certain cases causes degradation of service * CVE-2026-44608, bsc#1265582: Use after free and crash in RPZ code. ------------------------------------------------------------------ ------------------ 2026-5-20 - May 20 2026 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add CVE-2026-4802.patch to backport upstreams fix for bsc#1265040/CVE-2026-4802 ++++ kernel-default: - perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018 CVE-2026-23271). - commit d05430f - xfs: avoid dereferencing log items after push callbacks (CVE-2026-31404 bsc#1261628). - commit bed0ec1 - kernel-binary: prevent uncompressed vmlinux from inflating rpm size requirements define %__spec_install_post to truncate the uncompressed vmlinux to 0 bytes after find-debuginfo.sh and brp-* scripts run. This prevents rpmbuild from baking the %ghost file size into the FILESIZES header, which can cause installation failures on smaller /boot partitions. Fixes: bsc#1265456 - commit 222edac - net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626, CVE-2026-43494). - net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626). - commit b66d9fc ++++ openssh: - Add patch to fix a potential issue when validating mac or ciphers (bsc#1264568): * fix-mac-validation-strsep-logic-bug.patch ++++ salt: - Use non vendored tornado with Python 3.11 (bsc#1257583, bsc#1259700) - Added: * use-non-vendored-tornado-with-python-3.11.patch ------------------------------------------------------------------ ------------------ 2026-5-19 - May 19 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - perf: Make sure to use pmu_ctx->pmu for groups (bsc#1263001 CVE-2026-31528). - commit 2f72854 - RDMA/irdma: Fix deadlock during netdev reset with active connections (CVE-2026-31565 bsc#1263064) - commit e3d01c8 ++++ libzypp: - Prevent configured scripts from escaping the sigcheck directory (bsc#1265223, CVE-2026-44933) - StringV: guard hasPrefix/hasPrefixCI against reading past the view end (fixes #735) - version 17.38.9 (35) ++++ rsync: - Security update: - CVE-2025-10158, bsc#1254441: Out of bounds array access via negative index - CVE-2026-41035, bsc#1262223: count of entries mismatch can lead to a use-after-free - CVE-2026-43617, bsc#1264515: Authorization Bypass via Hostname Resolution - CVE-2026-29518, bsc#1264512: Integer Overflow Information Disclosure - CVE-2026-43618, bsc#1264512: Integer Overflow Information Disclosure - CVE-2026-43619, bsc#1264514: Symlink Race Condition via Path-Based Syscalls - CVE-2026-43620, bsc#1264513: Out-of-Bounds Array Read via recv_files() - CVE-2026-45232, bsc#1265296: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing - List of patches added + hardening pre-requisite patches: - rsync-hardening-0001-bool-is-a-keyword-in-C23.patch - rsync-hardening-0002-syscall-fix-a-Y2038-bug-by-replacing-Int32x32To64-wi.patch - rsync-hardening-0003-options.c-Fix-segv-if-poptGetContext-returns-NULL.patch - rsync-hardening-0004-Using-a-correct-time-in-log-file.patch - rsync-hardening-0005-configure.ac-check-for-xattr-support-both-in-libc-an.patch - rsync-hardening-0006-util-fixed-issue-in-clean_fname.patch - rsync-hardening-0007-testsuite-added-clean-fname-underflow-test.patch - rsync-hardening-0008-CVE-2025-10158-fixed-an-invalid-access-to-files-array.patch - rsync-hardening-0009-fix-uninitialized-buf1-in-get_checksum2-MD4-path.patch - rsync-hardening-0010-reject-negative-token-values-in-compressed-stream-re.patch - rsync-hardening-0011-acl-fixed-ACL-ID-mapping-for-non-root.patch - rsync-hardening-0012-fix-uninitialized-mul_one-in-AVX2-checksum-and-add-S.patch - rsync-hardening-0013-Fix-glibc-2.43-constness-warnings.patch - rsync-hardening-0015-fix-signed-integer-overflow-in-proxy-protocol-v2-hea.patch - rsync-hardening-0016-zero-all-new-memory-from-allocations.patch - rsync-hardening-0017-CVE-2026-41035-xattrs-fixed-count-in-qsort.patch - rsync-hardening-0018-call-tzset-before-chroot-to-cache-timezone-data.patch - rsync-hardening-0019-testsuite-xattrs-ignore-SUNWattr_-in-the-Solaris-xls.patch - rsync-hardening-0020-syscall-use-openat2-RESOLVE_BENEATH-on-Linux-for-sec.patch - rsync-hardening-0021-syscall-also-use-O_RESOLVE_BENEATH-on-FreeBSD-and-Ma.patch - rsync-hardening-0022-testsuite-skip-symlink-dirlink-basis-on-platforms-wi.patch - rsync-hardening-0023-CVE-2026-29518-syscall-clientserver-am_chrooted-and-use_secure_syml.patch - rsync-hardening-0024-CVE-2026-29518-sender-fix-read-path-TOCTOU-by-opening-from-module-r.patch - rsync-hardening-0025-CVE-2026-43619-syscall-receiver-secure-receiver-side-do_chmod-again.patch - rsync-hardening-0026-CVE-2026-43619-util1-secure-change_dir-against-symlink-race-chdir-e.patch - rsync-hardening-0027-CVE-2026-43619-syscall-add-symlink-race-safe-do_-_at-wrappers-and-h.patch - rsync-hardening-0028-CVE-2026-43619-util1-syscall-secure-copy_file-source-dest-opens-bar.patch - rsync-hardening-0029-CVE-2026-43619-testsuite-end-to-end-regression-test-for-chdir-symli.patch - rsync-hardening-0030-CVE-2026-43618-token-harden-compressed-token-decoding-against-integ.patch - rsync-hardening-0031-CVE-2026-43618-testsuite-cover-refuse-options-compress-for-the-daem.patch - rsync-hardening-0032-CVE-2026-43620-receiver-add-parent_ndx-0-guard-mirroring-797e17f.patch - rsync-hardening-0033-CVE-2026-43617-clientserver-fix-hostname-ACL-bypass-when-using-daem.patch - rsync-hardening-0034-CVE-2026-43618-defence-in-depth-bound-wire-supplied-counts-and-leng.patch - rsync-hardening-0035-CVE-2026-43618-defence-in-depth-guard-cumulative-snprintf-against-l.patch - rsync-hardening-0036-CVE-2026-43620-defence-in-depth-receiver-block-index-bounds-read_de.patch - rsync-hardening-0037-ci-add-Ubuntu-22.04-and-AlmaLinux-8-workflows-for-ba.patch - rsync-hardening-0039-Fix-flaky-hardlinks-test.patch - rsync-hardening-0040-rsync.h-lower-MAX_WIRE_DEL_STAT-to-avoid-signed-int-.patch - rsync-hardening-0041-CVE-2026-45232-socket-reject-over-long-proxy-response-line.patch - rsync-hardening-0042-main-reject-hyphen-prefixed-remote-shell-hostnames.patch - rsync-hardening-0043-util1-handle-out-of-range-times-in-timestring.patch - Replaced patches: - rsync-no-libattr.patch - > rsync-hardening-0005-configure.ac-check-for-xattr-support-both-in-libc-an.patch - rsync-CVE-2025-10158.patch - > rsync-hardening-0008-CVE-2025-10158-fixed-an-invalid-access-to-files-array.patch - rsync-CVE-2026-41035.patch - > rsync-hardening-0017-CVE-2026-41035-xattrs-fixed-count-in-qsort.patch - Patches not applied/required for openSUSE (left for reference, they are NOT missing neither it was a mistake not to include them): - rsync-hardening-0014-zlib-convert-K-R-function-definitions-to-ANSI-style - rsync-hardening-0038-CI-fix-workflows-for-backport-testing ++++ timezone: - Update to 2026b: * British Columbia moved to permanent -07 on 2026-03-09. (bsc#1264965) * Some more overflow bugs have been fixed in zic. - Refresh revert-philippines-historical-data.patch ------------------------------------------------------------------ ------------------ 2026-5-18 - May 18 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net/sched: fix pedit partial COW leading to page cache corruption (bsc#1265421). - commit a756c69 - RDMA/irdma: Fix double free related to rereg_user_mr (CVE-2026-43120) - commit c514796 - spi: zynq-qspi: switch to use modern name (stable-fixes). - Refresh patches.suse/spi-zynq-qspi-Add-check-for-clk_enable.patch. - commit 79d17cd - USB: serial: option: add Telit Cinterion LE910Cx compositions (stable-fixes). - usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl (stable-fixes). - usb: usblp: fix heap leak in IEEE 1284 device ID via short response (stable-fixes). - platform/x86: hp-wmi: Ignore backlight and FnLock events (stable-fixes). - mtd: spi-nor: sst: Fix write enable before AAI sequence (git-fixes). - mtd: docg3: fix use-after-free in docg3_release() (git-fixes). - spi: uniphier: fix controller deregistration (git-fixes). - spi: syncuacer: fix controller deregistration (git-fixes). - spi: sun4i: fix controller deregistration (git-fixes). - spi: omap2-mcspi: fix controller deregistration (git-fixes). - spi: mtk-nor: fix controller deregistration (git-fixes). - spi: microchip-core-qspi: fix controller deregistration (git-fixes). - spi: uniphier: Simplify clock handling with devm_clk_get_enabled() (stable-fixes). - wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (git-fixes). - wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (stable-fixes). - mtd: spi-nor: sst: Fix SST write failure (git-fixes). - mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()` (stable-fixes). - spi: uniphier: switch to use modern name (stable-fixes). - spi: synquacer: switch to use modern name (stable-fixes). - spi: sun4i: switch to use modern name (stable-fixes). - spi: spi-ti-qspi: Convert to platform remove callback returning void (stable-fixes). - spi: microchip-core-qspi: Use helper function devm_clk_get_enabled() (stable-fixes). - commit 401263c - drm/amdkfd: Add upper bound check for num_of_nodes (stable-fixes). - commit 46b01e2 - HID: playstation: Clamp num_touch_reports (git-fixes). - drm/amdgpu: zero-initialize GART table on allocation (stable-fixes). - drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in KIQ (stable-fixes). - fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free (stable-fixes). - ipmi: Add limits to event and receive message requests (git-fixes). - crypto: authencesn - reject short ahash digests during instance creation (git-fixes). - drm/amdgpu/vcn4: Avoid overflow on msg bound check (git-fixes). - drm/amdgpu/vcn3: Avoid overflow on msg bound check (git-fixes). - drm/amdkfd: validate SVM ioctl nattr against buffer size (stable-fixes). - drm/amdgpu: fix zero-size GDS range init on RDNA4 (stable-fixes). - drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (stable-fixes). - drm/amdgpu/vcn4: Prevent OOB reads when parsing IB (stable-fixes). - drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg (stable-fixes). - drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg (stable-fixes). - drm/amdgpu/vce: Prevent partial address patches (stable-fixes). - drm/amdgpu: Add bounds checking to ib_{get,set}_value (stable-fixes). - mtd: docg3: Convert to platform remove callback returning void (stable-fixes). - commit 8bb0040 - ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table (stable-fixes). - ALSA: core: Serialize deferred fasync state checks (git-fixes). - ACPI: video: force native backlight on HP OMEN 16 (8A44) (stable-fixes). - ACPI: scan: Use acpi_dev_put() in object add error paths (git-fixes). - ALSA: aoa: i2sbus: clear stale prepared state (git-fixes). - ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (stable-fixes). - ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (git-fixes). - crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit (git-fixes). - ALSA: misc: Use guard() for spin locks (stable-fixes). - ALSA: aoa: Use guard() for mutex locks (stable-fixes). - ALSA: seq: Notify client and port info changes (stable-fixes). - commit fd79ce9 ++++ xz: - Fix buffer overflow in lzma_index_append (bsc#1261280, CVE-2026-34743) * CVE-2026-34743.patch ++++ python-urllib3: - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects (bsc#1265267) Add patch CVE-2026-44431.patch ------------------------------------------------------------------ ------------------ 2026-5-16 - May 16 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init (git-fixes). - drm/gma500/oaktrail_lvds: fix hang on init failure (git-fixes). - drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup (git-fixes). - accel/qaic: Add overflow check to remap_pfn_range during mmap (git-fixes). - drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout() (git-fixes). - drm/i915/dp: Fix VSC dynamic range signaling for RGB formats (git-fixes). - drm/i915: skip __i915_request_skip() for already signaled requests (git-fixes). - commit a143ec8 ------------------------------------------------------------------ ------------------ 2026-5-15 - May 15 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kabi assert ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). - kabi ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). - kabi assert ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). - kabi ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). - commit 7939970 - batman-adv: bla: put backbone reference on failed claim hash insert (git-fixes). - batman-adv: bla: only purge non-released claims (git-fixes). - batman-adv: bla: prevent use-after-free when deleting claims (git-fixes). - batman-adv: stop caching unowned originator pointers in BAT IV (git-fixes). - batman-adv: reject new tp_meter sessions during teardown (git-fixes). - batman-adv: fix integer overflow on buff_pos (git-fixes). - net: wan: fsl_ucc_hdlc: free tx_skbuff in uhdlc_memclean (git-fixes). - hwmon: (ads7871) Fix endianness bug in 16-bit register reads (git-fixes). - hwmon: (lm63) Add locking to avoid TOCTOU (git-fixes). - hwmon: (corsair-psu) Close HID device on probe errors (git-fixes). - hwmon: (ltc2992) Fix u32 overflow in power read path (git-fixes). - hwmon: (ltc2992) Clamp threshold writes to hardware range (git-fixes). - staging: vme_user: fix root device leak on init failure (git-fixes). - usb: ulpi: fix memory leak on ulpi_register() error paths (git-fixes). - USB: omap_udc: DMA: Don't enable burst 4 mode (git-fixes). - i2c: smbus: reject oversized block transfers in the common path (git-fixes). - i2c: stub: Reject I2C block transfers with invalid length (git-fixes). - i2c: stm32f7: reinit_completion() per transfer not per msg (git-fixes). - drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission (git-fixes). - drm/radeon: add missing revision check for CI (git-fixes). - drm/amdgpu/pm: align Hawaii mclk workaround with radeon (git-fixes). - drm/amdgpu/pm: add missing revision check for CI (git-fixes). - drm/etnaviv: Fix armed job not being pushed to the DRM scheduler (git-fixes). - drm/fb-helper: Fix clipping when damage area spans a single scanline (git-fixes). - Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem (git-fixes). - Bluetooth: RFCOMM: pull credit byte with skb_pull_data() (git-fixes). - Bluetooth: virtio_bt: validate rx pkt_type header length (git-fixes). - Bluetooth: virtio_bt: clamp rx length before skb_put (git-fixes). - Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() (git-fixes). - Bluetooth: SCO: hold sk properly in sco_conn_ready (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() (git-fixes). - Bluetooth: l2cap: fix MPS check in l2cap_ecred_reconf_req (git-fixes). - Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (git-fixes). - Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt (git-fixes). - Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready (git-fixes). - wifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST usage (git-fixes). - wifi: mac80211: remove station if connection prep fails (git-fixes). - wifi: ath5k: do not access array OOB (git-fixes). - wifi: libertas: notify firmware load wait on disconnect (git-fixes). - wifi: cw1200: Revert "Fix locking in error paths" (git-fixes). - wifi: rsi: fix kthread lifetime race between self-exit and external-stop (git-fixes). - wifi: mac80211: drop stray 'static' from fast-RX rx_result (git-fixes). - wifi: mac80211: check ieee80211_rx_data_set_link return in pubsta MLO path (git-fixes). - wifi: nl80211: require admin perm on SET_PMK / DEL_PMK (git-fixes). - wifi: b43legacy: enforce bounds check on firmware key index in RX path (git-fixes). - wifi: b43: enforce bounds check on firmware key index in b43_rx() (git-fixes). - net: usb: asix: ax88772: re-add usbnet_link_change() in phylink callbacks (git-fixes). - net: wan: fsl_ucc_hdlc: fix ucc_hdlc_remove (git-fixes). - net: wan: fsl_ucc_hdlc: fix uhdlc_memclean (git-fixes). - ASoC: cs35l56: Destroy workqueue in probe error path (git-fixes). - ASoC: cs35l56: Don't use devres to unregister component (git-fixes). - ASoC: fsl_xcvr: Fix event generation for cached controls (git-fixes). - ALSA: usb-audio: midi2: Restart output URBs on resume (git-fixes). - ALSA: firewire-tascam: Do not drop unread control events (git-fixes). - staging: vme_user: added bound check to geoid (stable-fixes). - commit 59f26f5 - efi: pstore: Drop efivar lock when efi_pstore_open() returns with an error (git-fixes). - commit 5e02074 - ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). - commit a7c7176 - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (CVE-2026-31668 bsc#1263140). - bridge: br_nd_send: linearize skb before parsing ND options (CVE-2026-31682 bsc#1263595). - commit 001a6c2 - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (CVE-2026-31662 bsc#1263131). - ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038 bsc#1264097). - iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (CVE-2026-31505 bsc#1263093). - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (CVE-2026-31570 bsc#1263065). - atm: lec: fix use-after-free in sock_def_readable() (CVE-2026-43050 bsc#1264082). - commit 1116ef5 - ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (CVE-2026-43437 bsc#1265126). - commit 3fdd8bf - Bluetooth: SMP: force responder MITM requirements before building the pairing response (CVE-2026-43334 bsc#1265090). - commit dc24bd4 - ALSA: mixer: oss: Add card disconnect checkpoints (CVE-2026-43126 bsc#1264634). - commit 2dc845f - wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110 bsc#1264482). - commit c50a71a - drm/amd/display: Do not skip unrelated mode changes in DSC validation (CVE-2026-31488 bsc#1262746). - commit 7991223 - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (CVE-2026-31512 bsc#1262734). - commit 5ce5473 - netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685 bsc#1263668). - commit ecee315 - netfilter: ctnetlink: ignore explicit helper on new expectations (CVE-2026-43025 bsc#1263931). - commit 96c1319 - netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027 bsc#1263933). - commit 652688a - netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190 bsc#1264848). - commit 0b53f94 - net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-43441 bsc#1264674). - commit 3361ec7 - netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329 bsc#1265085). - commit 28f800b - vxlan: validate ND option lengths in vxlan_na_create (CVE-2026-31738 bsc#1264059). - commit 1854232 - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (bsc#1263170 CVE-2026-31656) - commit 5344cae - selftests/bpf: Add more precision tracking tests for atomics (CVE-2026-43009 bsc#1264014). - commit 1c3f25f - bpf: Fix incorrect pruning due to atomic fetch precision tracking (CVE-2026-43009 bsc#1264014). - commit 7f14444 ++++ util-linux-systemd: - loopdev: Prevent unauthorized read access to symlinked filesystem images (bsc#1261606, CVE-2026-27456, util-linux-CVE-2026-27456.patch). ++++ util-linux: - loopdev: Prevent unauthorized read access to symlinked filesystem images (bsc#1261606, CVE-2026-27456, util-linux-CVE-2026-27456.patch). ------------------------------------------------------------------ ------------------ 2026-5-14 - May 14 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - netfilter: xt_multiport: validate range encoding in checkentry (CVE-2026-31681 bsc#1263593). - commit 7b212df - netfilter: nft_ct: drop pending enqueued packets on removal (CVE-2026-43060 bsc#1264183). - commit d1173bc - netfilter: nf_conntrack_expect: skip expectations in other netns via proc (CVE-2026-31496 bsc#1262673). - commit 74f2ac3 - net: af_key: zero aligned sockaddr tail in PF_KEY exports (CVE-2026-43088 bsc#1264469). - commit 341f2a8 - io_uring/kbuf: check if target buffer list is still legacy on recycle (CVE-2026-43366 bsc#1265116). - commit 8443276 - btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (CVE-2026-31519 bsc#1263012). - commit 84e52ca - ceph: fix memory leaks in ceph_mdsc_build_path() (CVE-2026-43419 bsc#1264661). - commit 1ad98c2 - KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (git-fixes). - commit 9bb4bde - KVM: x86: check for nEPT/nNPT in slow flush hypercalls (git-fixes). - commit a8658e7 - pmdomain: bcm: bcm2835-power: Increase ASB control timeout (CVE-2026-31550 bsc#1263104) - commit de9c81c - x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013 CVE-2025-54518). - commit f788381 - io-wq: check that the predecessor is hashed in io_wq_remove_pending() (git-fixes). - commit fcb4942 ------------------------------------------------------------------ ------------------ 2026-5-13 - May 13 2026 ------------------- ------------------------------------------------------------------ ++++ docker: - Update to Docker 29.4.0. See upstream changelog online at - Update to buildx 0.33.0. See upstream changelog online at - Rebased patches: * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * cli-0001-openSUSE-point-users-to-docker-buildx-package.patch * cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch - Removed patch * 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch (applicable only when docker version < v29.1.0) ++++ iproute2: - update to a copy of SLE15 SP6 package * update to upstream 6.4 release - bridge: mdb: added underlay destination IP support, UDP destination port support, destination VNI support, source VNI support, outgoing interface support - macvlan: added the "bclim" parameter * existing patches moved to patches.tar.xz: - adjust-installation-directories-for-openSUSE-SLE.patch - use-sysconf-_SC_CLK_TCK-if-HZ-undefined.patch - add-explicit-typecast-to-avoid-gcc-warning.patch - split-link-and-compile-steps-for-binaries.patch - support display of bound but unconnected sockets (bsc#1204562) * ss-Add-support-for-dumping-TCP-bound-inactive-socket.patch - avoid spurious cgroup warning (bsc#1234383): - ss-Tone-down-cgroup-path-resolution.patch - add post-6.4 follow-up fixes (bsc#1243005): * bond-fix-stack-smash-in-xstats.patch * bpf-fix-warning-from-basename.patch * bridge-fdb-add-an-error-print-for-unknown-command.patch * bridge-vni-Accept-del-command.patch * bridge-vni-Fix-duplicate-group-and-remote-error-mess.patch * bridge-vni-Fix-vni-filter-help-strings.patch * bridge-vni-Remove-dead-code-in-group-argument-parsin.patch * bridge-vni-Report-duplicate-vni-argument-using-dupar.patch * f_flower-Treat-port-0-as-valid.patch * genl-ctrl.c-spelling-fix-in-error-message.patch * ip-Add-missing-echo-option-to-usage.patch * ip-Add-missing-stats-command-to-usage.patch * ip-ipmroute-use-preferred_family-to-get-prefix.patch * ip-remove-non-existent-amt-subcommand-from-usage.patch * iplink-fix-fd-leak-when-playing-with-netns.patch * iplink_bridge-fix-incorrect-root-id-dump.patch * iplink_xstats-spelling-fix-in-error-message.patch * iproute2-fix-type-incompatibility-in-ifstat.c.patch * iproute2-prevent-memory-leak.patch * libnetlink-validate-nlmsg-header-length-first.patch * man-devlink-resource-add-missing-words-in-the-exampl.patch * mnl_utils-sanitize-incoming-netlink-payload-size-in-.patch * rdma-Fix-help-information-of-rdma-resource.patch * rdma-Fix-the-error-of-accessing-string-variable-outs.patch * rdma-use-print_XXX-instead-of-COLOR_NONE.patch * ss-Fix-socket-type-check-in-packet_show_line.patch * ss-fix-directory-leak-when-T-option-is-used.patch * ss-mptcp-display-info-counters-as-unsigned.patch * ss-prevent-Process-column-from-being-printed-unless-.patch * ss-show-extra-info-when-processes-is-not-used.patch * tc-gred-fix-debug-print.patch * tc-taprio-don-t-print-netlink-attributes-which-weren.patch * tc-taprio-fix-JSON-output-when-TCA_TAPRIO_ATTR_ADMIN.patch * tc-taprio-fix-parsing-of-fp-option-when-it-doesn-t-a.patch * vdpa-consume-device_features-parameter.patch - devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660) * add devlink-Support-setting-port-function-ipsec_crypto-c.patch * add devlink-Support-setting-port-function-ipsec_packet-c.patch * refresh ss-Tone-down-cgroup-path-resolution.patch - sync UAPI header copies with SLE15-SP6 kernel * sync-UAPI-header-copies-with-SLE15-SP6.patch - add CVE fix (CVE-2024-58251 bsc#1254324) * ss-escape-characters-in-command-name.patch ++++ kernel-default: - net: skbuff: propagate shared-frag marker through pskb_copy() (CVE-2026-46300 bsc#1265209). - commit 7c5b30e - crypto: caam - fix overflow on long hmac keys (CVE-2026-43330 bsc#1264801). - commit ff3f6e1 - KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (CVE-2026-43214 bsc#1264651). - commit 6e4d171 - KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (CVE-2026-43265 bsc#1264427). - commit f25583e - smb: client: fix OOB reads parsing symlink error response (bsc#1263769 CVE-2026-31613) - commit b4021f9 - smb: client: correctly handle ErrorContextData as a flexible array (git-fixes) - commit df3ad57 - Refresh patches.suse/x86-CPU-AMD-Prevent-improper-isolation-of-shared-resources.patch. - commit 672c4f5 - nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397 bsc#1260728). - commit d44e384 - usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607 bsc#1263600). - commit 6b244db - xfs: fix undersized l_iclog_roundoff values (CVE-2026-43365 bsc#1265119). - commit 053332c - net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684 bsc#1263596). - commit 3f23f03 - net/sched: cls_fw: fix NULL dereference of "old" filters before change() (git-fixes). - commit 37b93f7 - ipv6: avoid overflows in ip6_datagram_send_ctl() (CVE-2026-31415 bsc#1262099). - net/sched: cls_fw: fix NULL pointer dereference on shared blocks (CVE-2026-31421 bsc#1262061). - ip6_tunnel: clear skb2->cb in ip4ip6_err() (CVE-2026-43037 bsc#1263995). - af_key: validate families in pfkey_send_migrate() (CVE-2026-31515 bsc#1262752). - openvswitch: validate MPLS set/set_masked payload length (CVE-2026-31679 bsc#1263592). - commit 787e11b - net/sched: sch_netem: fix out-of-bounds access in packet corruption (CVE-2026-31675 bsc#1263556). - commit 8380a87 - ibmveth: Disable GSO for packets with small MSS (bsc#1265144). - commit f85e566 - net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (CVE-2026-31700 bsc#1263882). - commit 554d459 ++++ openssh: - Improve %prep LDAP regex to preserve subdirectories (e.g., ope- nbsd-compat/) and handle optional [ab]/ prefixes. ++++ zypper: - Add --filter-version-change to zypper lu. Adds filtering by version change significance to reduce noise in update listings. Supports levels: rebuild (hides rebuild-only changes) and package (hides all release-only changes). - version 1.14.97 ------------------------------------------------------------------ ------------------ 2026-5-12 - May 12 2026 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - Update to security release 2.92rel2: * CVE-2026-2291, bsc#1258251: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect. Obsoletes dnsmasq-CVE-2026-2291.patch . * CVE-2026-4890, bsc#1265001: DoS vulnerability in the DNSSEC validation. * CVE-2026-4891, bsc#1265002: heap-based out-of-bounds read vulnerability in the DNSSEC validation. * CVE-2026-4892, bsc#1265003: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation. * CVE-2026-4893, bsc#1265004: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks. * CVE-2026-5172, bsc#1265006: buffer overflow in dnsmasq’s extract_addresses() function. ++++ kernel-default: - smb: client: fix off-by-8 bounds check in check_wsl_eas() (bsc#1263774 CVE-2026-31614) - commit 1cd0d33 - ice: set max queues in alloc_etherdev_mqs() (git-fixes). - commit 45beb20 - gtp: disable BH before calling udp_tunnel_xmit_skb() (git-fixes). - commit 2bd1644 ++++ libzypp: - Mandatory signature verification plugin support (PED#11922) - version 17.38.8 (35) ------------------------------------------------------------------ ------------------ 2026-5-11 - May 11 2026 ------------------- ------------------------------------------------------------------ ++++ glibc: - ungetwc-byte-stream.patch: libio: Fix ungetwc operating on byte stream (CVE-2026-5928, bsc#1262464, BZ #33998) - scanf-mc-buffer-overflow.patch: stdio-common: Fix buffer overflow in scanf %mc (CVE-2026-5450, bsc#1262465, BZ #34008) ++++ kernel-default: - nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers (git-fixes). - commit 6e4ed54 - mkspec: Add signature to source list only when it exists - commit e496e84 - config: s390x/ppc64le: disable unsupported CONFIG_AFS_FS and CONFIG_AF_RXRPC References: bsc#1264450 - commit 280b978 ++++ lcms2: - Fix CVE-2026-41254 (bsc#1264994), integer overflow in CubeSize in cmslut.c * CVE-2026-41254.patch * CVE-2026-41254-2.patch - Fix CVE-2026-42798 (bsc#1263703), integer overflow in ParseCube in cmscgats.c * CVE-2026-42798.patch ------------------------------------------------------------------ ------------------ 2026-5-8 - May 8 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: macb: use the current queue number for stats (CVE-2026-31494 bsc#1262671). - net: cadence: macb: Synchronize stats calculations (CVE-2026-31494 bsc#1262671). - commit 5471a37 - disable unsupported CONFIG_AFS_FS and CONFIG_AF_RXRPC Yousaf: Removed CONFIG_AFS_DEBUG from config/arm64/debug and config/x86_64/debug - disable unsupported CONFIG_AFS_FS and CONFIG_AF_RXRPC - commit ae0ebb1 ++++ openssh: - Added openssh-cve-2026-35385-scp-setuid-modes.patch (CVE-2026-35385, bsc#1261427), ensuring setuid bits default to being masked out by scp. - Added openssh-cve-2026-35414-mishandled-ca-commas.patch (CVE-2026-35414, bsc#1261430), fixing mishandling of comma characters in CA in certain situations. ------------------------------------------------------------------ ------------------ 2026-5-7 - May 7 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - supported.conf: drop rxrpc and afs_fs (bsc#1264450) - commit e146a57 - dm init: ensure device probing has finished in dm-mod.waitfor= (git-fixes). - commit 8556eb6 - xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449). - commit e2cf3b5 - fuse: reject oversized dirents in page cache (CVE-2026-31694 bsc#1263901). - commit a96975d - kABI fix after KVM: x86: Use scratch field in MMIO fragment to hold small write values (CVE-2026-31588 bsc#1263165). - commit 3f577a5 - KVM: x86: Use scratch field in MMIO fragment to hold small write values (CVE-2026-31588 bsc#1263165). - commit da2d350 - ALSA: ctxfi: Limit PTP to a single page (CVE-2026-31602 bsc#1263723). - commit 7aede2c - Xarray: do not return sibling entries from xas_find_marked() (bsc#1263815). - commit cc4d1b2 - crypto: caam - fix DMA corruption on long hmac keys (CVE-2026-43044 bsc#1264087). - commit 7ca9379 ++++ rsync: - Security update (CVE-2026-41035, bsc#1262223): rsync: count of entries mismatch can lead to a use-after-free - Add rsync-CVE-2026-41035.patch ------------------------------------------------------------------ ------------------ 2026-5-6 - May 6 2026 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Security fixes: * CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705) * CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708) * CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704) * CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup (bsc#1263709) * CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive (bsc#1263707) * CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints (bsc#1263710) * CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback (bsc#1263711) * CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712) * CVE-2026-42014: pkcs11_write: fix UAF and leak in gnutls_pkcs11_token_set_pin (bsc#1263713) * CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds check (bsc#1263714) * CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short ciphertexts (bsc#1263715) * CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free (bsc#1263716) * Add patches: gnutls-CVE-2026-33846.patch gnutls-CVE-2026-42009.patch gnutls-CVE-2026-33845.patch gnutls-CVE-2026-42010.patch gnutls-CVE-2026-3833.patch gnutls-CVE-2026-42011.patch gnutls-CVE-2026-42012.patch gnutls-CVE-2026-42013.patch gnutls-CVE-2026-42014.patch gnutls-CVE-2026-5260.patch gnutls-CVE-2026-42015.patch gnutls-CVE-2026-5419.patch ++++ kernel-default: - KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (git-fixes). - commit 48ffbc3 - KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN (git-fixes). - commit f2fdc97 - selftests/bpf: Add tests for sdiv32/smod32 with INT_MIN dividend (CVE-2026-31525 bsc#1262725). - commit 0ba5380 - bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (CVE-2026-31525 bsc#1262725). - commit f9373c2 ++++ krb5: - Fix Fix two NegoEx parsing vulnerabilities: * CVE-2026-40355, bsc#1263366 * CVE-2026-40356, bsc#1263367 - Add patch 0011-Fix-two-NegoEx-parsing-vulnerabilities.patch ------------------------------------------------------------------ ------------------ 2026-5-5 - May 5 2026 ------------------- ------------------------------------------------------------------ ++++ glibc: - ibm139x-pending-char-state.patch: Use pending character state in IBM1390, IBM1399 character sets (CVE-2026-4046, bsc#1261206, BZ #33980) ++++ kernel-default: - mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263176 CVE-2026-31586). - commit 4d6e307 - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (git-fixes). - commit a7f35f1 - KVM: x86: Ignore cpuid faulting in SMM (git-fixes). - commit 5237a47 - KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (git-fixes). - commit 4aad3ae - mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669 bsc#1263141). - commit 99d5df9 - net: fix fanout UAF in packet_release() via NETDEV_UP race (CVE-2026-31504 bsc#1263085). - commit 249d605 - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (CVE-2026-31533 bsc#1262758). - commit 6cd641f - x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013 CVE-2025-54518). - commit 37dfa14 - ipmi:si: Return state to normal if message allocation fails (git-fixes). - ipmi: Check event message buffer response for bad data (git-fixes). - commit ed7a5de - NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (CVE-2026-31622 bsc#1263797). - commit aaf3f00 - net: stmmac: fix integer underflow in chain mode (CVE-2026-31649 bsc#1263582). - commit 218af5d - net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (CVE-2026-31507 bsc#1263095). - commit a24ca79 ++++ sqlite3: - Update to version 3.53.1: * Fixes for problems in 3.53.0 reported by users. * See the check-in timeline for details: https://sqlite.org/src/timeline?from=version-3.53.0&to=version-3.53.1 ++++ python-lxml: - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read (bsc#1263254) Add patches: * CVE-2026-41066.patch * disable-external-entity-resolution.patch - Add upstream patch to fix tests with libexpat 2.6, gh#lxml/lxml@3ccc7d583, libexpat-2.6.patch ------------------------------------------------------------------ ------------------ 2026-5-4 - May 4 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/tracing-net_sched-NULL-pointer-dereference-in-perf_trace_qdisc_reset.patch (git-fixes bsc#1263149). Add the same check for qdisc_dev(q) being NULL to TP_fast_assign() in the definition of the qdisc_reset event, since the codestream doesn't have mainline commit c1fa617caeb0 ("tracing: Rework __assign_str() and __string() to not duplicate getting the string"). - commit 8327a2b - rds: ib: reject FRMR registration before IB connection is established (CVE-2026-31425 bsc#1262074). - bridge: mrp: reject zero test interval to avoid OOM panic (CVE-2026-31420 bsc#1262055). - net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (CVE-2026-31411 bsc#1261752). - commit 942ce54 - drm/amd/display: Read EDID from VBIOS embedded panel info (git-fixes). - drm/amd/display: Allow DCE link encoder without AUX registers (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.5 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v4.0.5 enc ring (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v4.0 enc ring (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings (git-fixes). - drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs (v2) (git-fixes). - drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG (git-fixes). - drm/amdgpu/gmc: Fix AMDGPU_GART_PLACEMENT_LOW to not overlap with VRAM (git-fixes). - drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (git-fixes). - net: phy: dp83869: fix setting CLK_O_SEL field (git-fixes). - NFC: trf7970a: Ignore antenna noise when checking for RF field (git-fixes). - net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit (git-fixes). - net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit() (git-fixes). - ASoC: codecs: ab8500: Fix casting of private data (git-fixes). - sound: ua101: fix division by zero at probe (git-fixes). - commit 150c3ab - ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error (git-fixes). - ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams (git-fixes). - ALSA: caiaq: Don't abort when no input device is available (git-fixes). - ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (git-fixes). - ALSA: caiaq: fix usb_dev refcount leak on probe failure (git-fixes). - ALSA: usb-audio: Fix UAC3 cluster descriptor size check (git-fixes). - commit 49c4aad ++++ python-pyOpenSSL: - CVE-2026-40475: improper input handling of null bytes can lead to silent data truncation and security-state inconsistency (bsc#1262803) * CVE-2026-40475.patch ------------------------------------------------------------------ ------------------ 2026-5-3 - May 3 2026 ------------------- ------------------------------------------------------------------ ++++ nvidia-open-driver-G06-signed: - fix-objtool-warnings.patch (not applied on aarch64) * Get rid of "'naked' return found in MITIGATION_RETHUNK build" objtool warnings (boo#1212841, boo#1263834) - remove again disable-objtool-override.patch ------------------------------------------------------------------ ------------------ 2026-5-1 - May 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - crypto: authencesn - Fix src offset when decrypting in-place (bsc#1262573 CVE-2026-31431). - commit 00dc708 - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (bsc#1262573 CVE-2026-31431). - commit 3756951 - crypto: authenc - use memcpy_sglist() instead of null skcipher (bsc#1262573 CVE-2026-31431). - Refresh patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch - commit ce64565 ------------------------------------------------------------------ ------------------ 2026-4-30 - Apr 30 2026 ------------------- ------------------------------------------------------------------ ++++ containerd: - Add patch for CVE-2026-33186 (bsc#1260296): * 0002-CVE-2026-33186-containerd-google.golang.org-grpc-aut.patch ++++ kernel-default: - kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573 CVE-2026-31431). - commit 6b01c90 - crypto: algif_aead - Revert to operating out-of-place (bsc#1262573 CVE-2026-31431). - commit 6bcb58c - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (bsc#1262573 CVE-2026-31431). - commit ad83acd - crypto: scatterwalk - Fix memcpy_sglist() to always succeed (bsc#1262573 CVE-2026-31431). - commit 18a46ad - crypto: scatterwalk - Add memcpy_sglist (bsc#1262573 CVE-2026-31431). - commit 174b840 - net: mana: Fix EQ leak in mana_remove on NULL port (git-fixes). - net: mana: Don't overwrite port probe error with add_adev result (git-fixes). - net: mana: Guard mana_remove against double invocation (git-fixes). - net: mana: Init gf_stats_work before potential error paths in probe (git-fixes). - net: mana: Init link_change_work before potential error paths in probe (git-fixes). - scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (git-fixes). - RDMA/mana_ib: Support memory windows (git-fixes). - RDMA/mana_ib: Disable RX steering on RSS QP destroy (git-fixes). - RDMA/mana_ib: cleanup the usage of mana_gd_send_request() (git-fixes). - net: mana: Use pci_name() for debugfs directory naming (git-fixes). - net: mana: hardening: Validate adapter_mtu from MANA_QUERY_DEV_CONFIG (git-fixes). - net: mana: Use at least SZ_4K in doorbell ID range check (git-fixes). - net: mana: Set default number of queues to 16 (bsc#1261648). - net: mana: hardening: Validate doorbell ID from GDMA_REGISTER_DEVICE response (git-fixes). - net: mana: Add MAC address to vPort logs and clarify error messages (git-fixes). - add mainline tag to mana patch - PCI: hv: Set default NUMA node to 0 for devices without affinity info (git-fixes). - net: mana: Fix RX skb truesize accounting (bsc#1248754). - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes). - commit fecbcc4 - Update patches.suse/virt-tdx-guest-Fix-handling-of-host-controlled-quote.patch (git-fixes CVE-2026-31470 bsc#1262665). - commit d89b60e - virt: tdx-guest: Return error for GetQuote failures (git-fixes). - commit ce01521 - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (CVE-2026-31470 bsc#1262665). - commit c143766 - ext4: validate p_idx bounds in ext4_ext_correct_indexes (bsc#1262616 CVE-2026-31449). - commit 815f45c - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (CVE-2026-31436 bsc#1262602). - commit 907f228 - Move misplaced upstreamed patches into sorted section - commit 7e931bc ------------------------------------------------------------------ ------------------ 2026-4-28 - Apr 28 2026 ------------------- ------------------------------------------------------------------ ++++ cups: - Version upgrade to 2.4.19: See https://github.com/openprinting/cups/releases Release 2.4.19 contains another hotfix after CVE-2026-27447 fix: * Fixed a regression in shared printing from non-local accounts (Issue #1557) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.19 - Added 'Michael R Sweet' key to cups.keyring because cups-2.4.19-source.tar.gz.sig belongs to him. ++++ kernel-default: - xen/privcmd: fix double free via VMA splitting (XSA-487 CVE-2026-31787 bsc#1262181). - commit 8c1d428 - Buffer overflow in drivers/xen/sys-hypervisor.c (XSA-485 git-fixes bsc#1262179). - commit 11c17f6 - ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (stable-fixes). - commit fec6f12 - ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (stable-fixes). - commit 66d1870 - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (stable-fixes). - commit 02a0607 - USB: serial: option: add Telit Cinterion FN990A MBIM composition (stable-fixes). - usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() (stable-fixes). - USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen (stable-fixes). - usb: storage: Expand range of matched versions for VL817 quirks entry (stable-fixes). - i2c: s3c24xx: check the size of the SMBUS message before using it (stable-fixes). - HID: core: clamp report_size in s32ton() to avoid undefined shift (stable-fixes). - checkpatch: add support for Assisted-by tag (stable-fixes). - drm/vc4: platform_get_irq_byname() returns an int (stable-fixes). - fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (stable-fixes). - pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer) (stable-fixes). - ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (stable-fixes). - wifi: brcmfmac: validate bsscfg indices in IF events (stable-fixes). - platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug (stable-fixes). - HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3 (stable-fixes). - HID: roccat: fix use-after-free in roccat_report_event (stable-fixes). - ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (stable-fixes). - wifi: wl1251: validate packet IDs before indexing tx_frames (stable-fixes). - ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (stable-fixes). - ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (stable-fixes). - ALSA: hda/realtek: add quirk for Framework F111:000F (stable-fixes). - ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (stable-fixes). - ASoC: SOF: topology: reject invalid vendor array size in token parser (stable-fixes). - ALSA: asihpi: avoid write overflow check warning (stable-fixes). - ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (stable-fixes). - can: mcp251x: add error handling for power enable in open and resume (stable-fixes). - crypto: testmgr - Hide ENOENT errors better (git-fixes). - crypto: testmgr - Hide ENOENT errors (stable-fixes). - commit e3c1ee0 - Drop cfg80211 patch that may cause a deadlock Deleted: patches.suse/wifi-cfg80211-stop-NAN-and-P2P-in-cfg80211_leave.patch - commit 49e0b7d - x86/boot: Don't add the EFI stub to targets, again (git-fixes). - commit 287d079 - x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 (git-fixes). - commit 34eec49 - ocfs2: split transactions in dio completion to avoid credit exhaustion (bsc#1258718). - ocfs2: fix possible deadlock between unlink and dio_end_io_write (bsc#1258718). - commit 7fe4156 ++++ nvidia-open-driver-G06-signed: - update CUDA variant to 580.159.03 ------------------------------------------------------------------ ------------------ 2026-4-27 - Apr 27 2026 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add avahi-CVE-2026-34933.patch: refuse to accept publish flags where both wide_area and multicast are set. (CVE-2026-34933, bsc#1261546) ++++ kernel-default: - rtc: abx80x: Disable alarm feature if no interrupt attached (git-fixes). - rtc: ntxec: fix OF node reference imbalance (git-fixes). - tpm: tpm_tis: stop transmit if retries are exhausted (git-fixes). - tpm: tpm_tis: add error logging for data transfer (git-fixes). - tpm: avoid -Wunused-but-set-variable (git-fixes). - commit 9b73710 - dt-bindings: net: Fix Tegra234 MGBE PTP clock (git-fixes) - commit b338f86 - net: stmmac: Fix PTP ref clock for Tegra234 (git-fixes) - commit d31823a - drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (CVE-2026-23468 bsc#1261692). - commit 55e6fc0 ++++ tiff: - * CVE-2026-4775: Signed integer overflow in putcontig8bitYCbCr44tile (bsc#1260411) Add tiff-CVE-2026-4775.patch ++++ libzypp: - Fix purge-kernel -rc kernel handling (bsc#1239718) - Explicitly_set_pool_DISTTYPE_RPM (fixes #726) - version 17.38.7 (35) ++++ salt: - BDSA-2025-60810: Harden Tornado from invalid HTTP reason phrases - Read full URI from ldap pillar config (bsc#1254900) - Added: * bdsa-2025-60810-harden-against-invalid-http-reason-p.patch * read-full-uri-from-ldap-pillar-config-753.patch ------------------------------------------------------------------ ------------------ 2026-4-26 - Apr 26 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fbdev: offb: fix PCI device reference leak on probe failure (git-fixes). - commit 4e96a2a ++++ vim: - Fix bsc#1261833 / CVE-2026-39881. - Update to 9.2.0398. - Changes: * 9.2.0398: MS-Windows: missing strptime() support * 9.2.0397: tabpanel: double-click opens a new tab * 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS * 9.2.0395: tests: Test_backupskip() may read from $HOME * 9.2.0394: xxd: offsets greater than LONG_MAX print as negative * 9.2.0393: MS-Windows: link error with XPM support on UCRT64 * 9.2.0392: tests: Some tests are flaky * 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting * 9.2.0390: filetype: some Beancount files are not recognized * 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app * 9.2.0388: strange indent in update_topline() * 9.2.0387: DECRQM request may leave stray chars in terminal * 9.2.0386: No scroll/scrollbar support in the tabpanel * 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff' * 9.2.0384: stale Insstart after cursor move breaks undo * 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs * 9.2.0382: Wayland: focus-stealing is non-working * 9.2.0381: Vim9: Missing check_secure() in exec_instructions() * 9.2.0380: completion: a few issues in completion code * 9.2.0379: gui.color_approx is never used * 9.2.0378: Using int as bool type in win_T struct * 9.2.0377: Using int as bool type in gui_T struct * 9.2.0376: Vim9: elseif condition compiled in dead branch * 9.2.0375: prop_find() does not find a virt text in starting line * 9.2.0374: c_CTRL-{G,T} does not handle offset * 9.2.0373: Ctrl-R mapping not triggered during completion * 9.2.0372: pum: rendering issues with multibyte text and opacity * 9.2.0371: filetype: ghostty config files are not recognized * 9.2.0370: duplicate code with literal string_T assignment * 9.2.0369: multiple definitions of STRING_INIT macro * 9.2.0368: too many strlen() calls when adding strings to dicts * 9.2.0367: runtime(netrw): ~ note expanded on MS Windows * 9.2.0366: pum: flicker when updating pum in place * 9.2.0365: using int as bool * 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails * 9.2.0363: Vim9: variable shadowed by script-local function * 9.2.0362: division by zero with smoothscroll and small windows * 9.2.0361: tests: no tests for ch_listen() with IPs * 9.2.0360: Cannot handle mouse-clicks in the tabpanel * 9.2.0359: wrong VertSplitNC highlighting on winbar * 9.2.0358: runtime(vimball): still path traversal attacks possible * 9.2.0357: [security]: command injection via backticks in tag files * 9.2.0356: Cannot apply 'scrolloff' context lines at end of file * 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract() * 9.2.0354: filetype: not all Bitbake include files are recognized * 9.2.0353: Missing out-of-memory check in register.c * 9.2.0352: 'winhighlight' of left window blends into right window * 9.2.0351: repeat_string() can be improved * 9.2.0350: Enabling modelines poses a risk * 9.2.0349: cannot style non-current window separator * 9.2.0348: potential buffer underrun when setting statusline like option * 9.2.0347: Vim9: script-local variable not found * 9.2.0346: Wrong cursor position when entering command line window * 9.2.0345: Wrong autoformatting with 'autocomplete' * 9.2.0344: channel: ch_listen() can bind to network interface * 9.2.0343: tests: test_clientserver may fail on slower systems * 9.2.0342: tests: test_excmd.vim leaves swapfiles behind * 9.2.0341: some functions can be run from the sandbox * 9.2.0340: pum_redraw() may cause flicker * 9.2.0339: regexp: nfa_regmatch() allocates and frees too often * 9.2.0338: Cannot handle mouseclicks in the tabline * 9.2.0337: list indexing broken on big-endian 32-bit platforms * 9.2.0336: libvterm: no terminal reflow support * 9.2.0335: json_encode() uses recursive algorithm * 9.2.0334: GTK: window geometry shrinks with with client-side decorations * 9.2.0333: filetype: PklProject files are not recognized * 9.2.0332: popup: still opacity rendering issues * 9.2.0331: spellfile: stack buffer overflows in spell file generation * 9.2.0330: tests: some patterns in tar and zip plugin tests not strict enough * 9.2.0329: tests: test_indent.vim leaves swapfiles behind * 9.2.0328: Cannot handle mouseclicks in the statusline * 9.2.0327: filetype: uv scripts are not detected * 9.2.0326: runtime(tar): but with dotted path * 9.2.0325: runtime(tar): bug in zstd handling * 9.2.0324: 0x9b byte not unescaped in mapping * 9.2.0323: filetype: buf.lock files are not recognized * 9.2.0322: tests: test_popupwin fails * 9.2.0321: MS-Windows: No OpenType font support * 9.2.0320: several bugs with text properties * 9.2.0319: popup: rendering issues with partially transparent popups * 9.2.0318: cannot configure opacity for popup menu * 9.2.0317: listener functions do not check secure flag * 9.2.0316: [security]: command injection in netbeans interface via defineAnnoType * 9.2.0315: missing bound-checks * 9.2.0314: channel: can bind to all network interfaces * 9.2.0313: Callback channel not registered in GUI * 9.2.0312: C-type names are marked as translatable * 9.2.0311: redrawing logic with text properties can be improved * 9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys() * 9.2.0309: Missing out-of-memory check to may_get_cmd_block() * 9.2.0308: Error message E1547 is wrong * 9.2.0307: more mismatches between return types and documentation * 9.2.0306: runtime(tar): some issues with lz4 support * 9.2.0305: mismatch between return types and documentation * 9.2.0304: tests: test for 9.2.0285 doesn't always fail without the fix * 9.2.0303: tests: zip plugin tests don't check for warning message properly * 9.2.0302: runtime(netrw): RFC2396 decoding double escaping spaces * 9.2.0301: Vim9: void function return value inconsistent * 9.2.0300: The vimball plugin needs some love * 9.2.0299: runtime(zip): may write using absolute paths * 9.2.0298: Some internal variables are not modified * 9.2.0297: libvterm: can improve CSI overflow code * 9.2.0296: Redundant and incorrect integer pointer casts in drawline.c * 9.2.0295: 'showcmd' shows wrong Visual block size with 'linebreak' * 9.2.0294: if_lua: lua interface does not work with lua 5.5 * 9.2.0293: :packadd may lead to heap-buffer-overflow * 9.2.0292: E340 internal error when using method call on void value * 9.2.0291: too many strlen() calls * 9.2.0290: Amiga: no support for AmigaOS 3.x * 9.2.0289: 'linebreak' may lead to wrong Visual block highlighting * 9.2.0288: libvterm: signed integer overflow parsing long CSI args * 9.2.0287: filetype: not all ObjectScript routines are recognized * 9.2.0286: still some unnecessary (int) casts in alloc() * 9.2.0285: :syn sync grouphere may go beyond end of line * 9.2.0284: tabpanel: crash when tabpanel expression returns variable line count * 9.2.0283: unnecessary (int) casts before alloc() calls * 9.2.0282: tests: Test_viminfo_len_overflow() fails * 9.2.0281: tests: Test_netrw_FileUrlEdit.. fails on Windows ------------------------------------------------------------------ ------------------ 2026-4-25 - Apr 25 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - extcon: ptn5150: handle pending IRQ events during system resume (git-fixes). - iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned() (git-fixes). - iio: adc: ad7768-1: fix one-shot mode data acquisition (git-fixes). - spi: fix controller cleanup() documentation (git-fixes). - spi: orion: fix clock imbalance on registration failure (git-fixes). - spi: orion: fix runtime pm leak on unbind (git-fixes). - spi: imx: fix runtime pm leak on probe deferral (git-fixes). - spi: mpc52xx: fix use-after-free on unbind (git-fixes). - spi: cadence: fix controller deregistration (git-fixes). - ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (git-fixes). - ALSA: usb-audio: Avoid false E-MU sample-rate notifications (git-fixes). - ALSA: core: Fix potential data race at fasync handling (git-fixes). - ALSA: caiaq: Fix control_put() result and cache rollback (git-fixes). - ALSA: 6fire: Fix input volume change detection (git-fixes). - ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (git-fixes). - ALSA: caiaq: Handle probe errors properly (git-fixes). - drm/nouveau: fix u32 overflow in pushbuf reloc bounds check (git-fixes). - drm/arcpgu: fix device node leak (git-fixes). - drm/amd/display: Disable 10-bit truncation and dithering on DCE 6.x (git-fixes). - commit 83142e0 ------------------------------------------------------------------ ------------------ 2026-4-24 - Apr 24 2026 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fixes: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631) * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632) * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635) * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636) * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638) * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362) * Add patches: - curl-CVE-2026-4873.patch - curl-CVE-2026-5545.patch - curl-CVE-2026-6253.patch - curl-CVE-2026-6276.patch - curl-CVE-2026-6429.patch - curl-CVE-2026-1965-disable-ntlm-fix.patch ++++ kernel-default: - virt: tdx-guest: Return error for GetQuote failures (git-fixes). - commit be3ba0d - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (git-fixes). - commit bca30e2 - powerpc/crash: fix backup region offset update to elfcorehdr (bsc#1259535). - commit a257031 - Drop NFC patch that may cause a boot problem (bsc#1262731) Delete patches.suse/nfc-nxp-nci-remove-interrupt-trigger-type.patch - commit e754db6 - netfilter: conntrack: add missing netlink policy validations (CVE-2026-31407 bsc#1261632). - commit cfb8d63 - netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457 bsc#1261686). - commit 757d462 - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (CVE-2026-31424 bsc#1262053). - commit cad22db - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (CVE-2026-31427 bsc#1262086). - commit 174d896 - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (CVE-2026-31428 bsc#1262087). - commit 0305838 - netfilter: nfnetlink_log: account for netlink header size (CVE-2026-31416 bsc#1262100). - commit 9c0a9d9 ++++ mozilla-nss: - update to NSS 3.112.5 * bmo#2033783 - reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max. * bmo#2034185 - update to version 2.84 of builtins module. ++++ freeipmi: - bsc#1260414 - CVE-2026-33554: freeipmi: improper memory handling and data validation can lead A ipmi-oem-fix-several-memory-out-of-bounds-errors.patch ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to 580.159.03 (boo#1262749) ------------------------------------------------------------------ ------------------ 2026-4-23 - Apr 23 2026 ------------------- ------------------------------------------------------------------ ++++ cups: - Version upgrade to 2.4.18: See https://github.com/openprinting/cups/releases The new release 2.4.18 contains hotfix after CVE-2026-27447 fix: * Fixed cupsd crash if user does not exist (Issue #1555) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.18 ++++ kernel-default: - kabi: arm: io: Export ioremap_prot() symbol (CVE-2026-23346 bsc#1260529) - commit 017493b - Update patches.suse/0001-apparmor-validate-DFA-start-states-are-in-bounds-in-.patch (bsc#1258849 CVE-2026-23269 bsc#1259857). - Update patches.suse/0002-apparmor-fix-memory-leak-in-verify_header.patch (bsc#1258849 CVE-2026-23403 bsc#1261287). - Update patches.suse/0003-apparmor-replace-recursive-profile-removal-with-iter.patch (bsc#1258849 CVE-2026-23404 bsc#1258854). - Update patches.suse/0004-apparmor-fix-limit-the-number-of-levels-of-policy-na.patch (bsc#1258849 CVE-2026-23405 bsc#1261295). - Update patches.suse/0005-apparmor-fix-side-effect-bug-in-match_char-macro-usa.patch (bsc#1258849 CVE-2026-23406 bsc#1258855). - Update patches.suse/0006-apparmor-fix-missing-bounds-check-on-DEFAULT-table-i.patch (bsc#1258849 CVE-2026-23407 bsc#1258855). - Update patches.suse/0007-apparmor-Fix-double-free-of-ns_name-in-aa_replace_pr.patch (bsc#1258849 CVE-2026-23408 bsc#1258857). - Update patches.suse/0008-apparmor-fix-unprivileged-local-user-can-do-privileg.patch (bsc#1258849 CVE-2026-23268 bsc#1258850). - Update patches.suse/0009-apparmor-fix-differential-encoding-verification.patch (bsc#1258849 CVE-2026-23409 bsc#1258857). - Update patches.suse/0010-apparmor-fix-race-on-rawdata-dereference.patch (bsc#1258849 CVE-2026-23410 bsc#1258856). - Update patches.suse/0011-apparmor-fix-race-between-freeing-data-and-fs-access.patch (bsc#1258849 CVE-2026-23411 bsc#1258856). - Update patches.suse/macvlan-observe-an-RCU-grace-period-in-macvlan_commo.patch (CVE-2026-23209 bsc#1258518 CVE-2026-23273 bsc#1260010). - commit d5ee582 - Update patches.suse/ACPI-EC-clean-up-handlers-on-probe-failure-in-acpi_e.patch (git-fixes CVE-2026-31426 bsc#1262078). - Update patches.suse/ACPI-processor-Fix-previous-acpi_processor_errata_pi.patch (git-fixes CVE-2026-23443 bsc#1261679). - Update patches.suse/ALSA-usb-audio-Use-correct-version-for-UAC3-header-v.patch (git-fixes CVE-2026-23318 bsc#1260536). - Update patches.suse/Bluetooth-L2CAP-Validate-L2CAP_INFO_RSP-payload-leng.patch (git-fixes CVE-2026-31393 bsc#1261719). - Update patches.suse/HID-Add-HID_CLAIMED_INPUT-guards-in-raw_event-callba.patch (stable-fixes CVE-2026-23382 bsc#1260551). - Update patches.suse/PCI-IOV-Fix-race-between-SR-IOV-enable-disable-and-h.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PM-runtime-Fix-a-race-condition-related-to-device-re.patch (git-fixes CVE-2026-23452 bsc#1261618). - Update patches.suse/Revert-drm-amd-Check-if-ASPM-is-enabled-from-PCIe-su.patch (git-fixes CVE-2026-23264 bsc#1259869). - Update patches.suse/btrfs-log-new-dentries-when-logging-parent-dir-of-a-.patch (git-fixes CVE-2026-23465 bsc#1261685). - Update patches.suse/can-bcm-fix-locking-for-bcm_op-runtime-updates.patch (git-fixes CVE-2026-23362 bsc#1260489). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-check-the-pro.patch (git-fixes CVE-2026-23307 bsc#1260541). - Update patches.suse/can-mcp251x-fix-deadlock-in-error-path-of-mcp251x_op.patch (git-fixes CVE-2026-23357 bsc#1260532). - Update patches.suse/can-ucan-Fix-infinite-loop-from-zero-length-messages.patch (git-fixes CVE-2026-23298 bsc#1260485). - Update patches.suse/can-usb-etas_es58x-correctly-anchor-the-urb-in-the-r.patch (git-fixes CVE-2026-23324 bsc#1260507). - Update patches.suse/drm-logicvc-Fix-device-node-reference-leak-in-logicv.patch (git-fixes CVE-2026-23426 bsc#1261504). - Update patches.suse/fbdev-rivafb-fix-divide-error-in-nv3_arb.patch (git-fixes CVE-2026-23266 bsc#1259868). - Update patches.suse/fbdev-smscufx-properly-copy-ioctl-memory-to-kernelsp.patch (stable-fixes CVE-2026-23236 bsc#1259199). - Update patches.suse/media-dvb-core-fix-wrong-reinitialization-of-ringbuf.patch (git-fixes CVE-2026-23253 bsc#1259878). - Update patches.suse/media-dvb-net-fix-OOB-access-in-ULE-extension-header.patch (git-fixes CVE-2026-31405 bsc#1261700). - Update patches.suse/mtd-Avoid-boot-crash-in-RedBoot-partition-table-pars.patch (git-fixes CVE-2026-23474 bsc#1261602). - Update patches.suse/mtd-rawnand-serialize-lock-unlock-against-other-NAND.patch (git-fixes CVE-2026-23434 bsc#1261601). - Update patches.suse/net-rose-fix-NULL-pointer-dereference-in-rose_transm.patch (git-fixes CVE-2026-23460 bsc#1261582). - Update patches.suse/net-usb-aqc111-Do-not-perform-PM-inside-suspend-call.patch (git-fixes CVE-2026-23446 bsc#1261778). - Update patches.suse/net-usb-cdc_ncm-add-ndpoffset-to-NDP16-nframes-bound.patch (git-fixes CVE-2026-23448 bsc#1261750). - Update patches.suse/net-usb-cdc_ncm-add-ndpoffset-to-NDP32-nframes-bound.patch (git-fixes CVE-2026-23447 bsc#1261751). - Update patches.suse/net-usb-kalmia-validate-USB-endpoints.patch (git-fixes CVE-2026-23365 bsc#1260800). - Update patches.suse/net-usb-kaweth-validate-USB-endpoints.patch (git-fixes CVE-2026-23312 bsc#1260561). - Update patches.suse/net-usb-pegasus-validate-USB-endpoints.patch (stable-fixes CVE-2026-23290 bsc#1260533). - Update patches.suse/net-x25-Fix-overflow-when-accumulating-packets.patch (git-fixes CVE-2026-31417 bsc#1262101). - Update patches.suse/nfc-nci-free-skb-on-nci_transceive-early-error-paths.patch (git-fixes CVE-2026-23339 bsc#1260581). - Update patches.suse/nfc-pn533-properly-drop-the-usb-interface-reference-.patch (git-fixes CVE-2026-23291 bsc#1260483). - Update patches.suse/nfc-rawsock-cancel-tx_work-before-socket-teardown.patch (git-fixes CVE-2026-23372 bsc#1260484). - Update patches.suse/pinctrl-equilibrium-fix-warning-trace-on-load.patch (git-fixes CVE-2026-23308 bsc#1260553). - Update patches.suse/platform-x86-classmate-laptop-Add-missing-NULL-point.patch (stable-fixes CVE-2026-23237 bsc#1259222). - Update patches.suse/platform-x86-dell-wmi-sysman-Don-t-hex-dump-plaintex.patch (git-fixes CVE-2026-23370 bsc#1260504). - Update patches.suse/regmap-maple-free-entry-on-mas_store_gfp-failure.patch (stable-fixes CVE-2026-23260 bsc#1259873). - Update patches.suse/scsi-qla2xxx-Fix-bsg_done-causing-double-free.patch (bsc#1256863 CVE-2025-71238 bsc#1259186). - Update patches.suse/soc-fsl-qbman-fix-race-condition-in-qman_destroy_fq.patch (git-fixes CVE-2026-23463 bsc#1261713). - Update patches.suse/spi-fix-statistics-allocation.patch (git-fixes CVE-2026-23475 bsc#1261644). - Update patches.suse/spi-fix-use-after-free-on-controller-registration-fa.patch (git-fixes CVE-2026-31389 bsc#1261789). - Update patches.suse/usb-gadget-f_mass_storage-Fix-potential-integer-over.patch (git-fixes CVE-2026-31412 bsc#1261896). - Update patches.suse/wifi-cfg80211-cancel-rfkill_block-work-in-wiphy_unre.patch (git-fixes CVE-2026-23336 bsc#1260552). - Update patches.suse/wifi-mac80211-bounds-check-link_id-in-ieee80211_ml_r.patch (git-fixes CVE-2026-23246 bsc#1259806). - Update patches.suse/wifi-mac80211-fix-NULL-deref-in-mesh_matches_local.patch (git-fixes CVE-2026-23396 bsc#1260729). - Update patches.suse/wifi-mac80211-fix-NULL-pointer-dereference-in-mesh_r.patch (git-fixes CVE-2026-23279 bsc#1260468). - Update patches.suse/wifi-mt76-Fix-possible-oob-access-in-mt76_connac2_ma.patch (git-fixes CVE-2026-23315 bsc#1260549). - Update patches.suse/wifi-mt76-mt7925-Fix-possible-oob-access-in-mt7925_m.patch (git-fixes CVE-2026-23363 bsc#1260572). - Update patches.suse/wifi-mt76-mt7996-Fix-possible-oob-access-in-mt7996_m.patch (git-fixes CVE-2026-23325 bsc#1260537). - Update patches.suse/wifi-radiotap-reject-radiotap-with-unknown-bits.patch (git-fixes CVE-2026-23367 bsc#1260731). - Update patches.suse/wifi-rsi-Don-t-default-to-EOPNOTSUPP-in-rsi_mac80211.patch (git-fixes CVE-2026-23373 bsc#1260528). - Update patches.suse/wifi-wlcore-Fix-a-locking-bug.patch (git-fixes CVE-2026-23420 bsc#1261503). - commit 61fa16a ++++ libsolv: - fix parsing of sha512 checksums in debian repositories [bsc#1265938] [CVE-2026-9150] - improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast - fix parsing of recommends in the old Mandriva synthesis format - bump version to 0.7.37 ++++ nvidia-open-driver-G06-signed: - disable-objtool-override.patch * get rid of confusing objtool warnings (boo#1212841) - -> from https://github.com/joanbm/nvidia-470xx-linux-mainline ++++ ovmf: - Update mbedtls to 3.6.6 to fix CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, CVE-2026-34874 (bsc#1261476, bsc#1261477, bsc#1261478, bsc#1261469) - Requires Mbed TLS 3.6.6 or higher to mitigate vulnerability. ------------------------------------------------------------------ ------------------ 2026-4-22 - Apr 22 2026 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - bsc#1262487, CVE-2026-6507, dnsmasq-CVE-2026-6507.patch: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service. ++++ kernel-default: - mm: ioremap: allow ARCH to have its own ioremap method definition (CVE-2026-23346 bsc#1260529) - commit 66ac8d8 - arm64: io: Extract user memory type in ioremap_prot() (CVE-2026-23346 bsc#1260529) - commit 21a529a - arm64: io: Rename ioremap_prot() to __ioremap_prot() (CVE-2026-23346 bsc#1260529) - commit 2422d1b - arm64 : mm: add wrapper function ioremap_prot() (CVE-2026-23346 bsc#1260529) - commit c722530 - mm/ioremap: define generic_ioremap_prot() and generic_iounmap() (CVE-2026-23346 bsc#1260529) - commit c04cc3b - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (CVE-2026-31423 bsc#1262063). - commit 7a85231 - net/sched: cls_flow: fix NULL pointer dereference on shared blocks (CVE-2026-31422 bsc#1262054). - commit e8f4814 - net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449 bsc#1261779). - commit 3f941ea - espintcp: Fix race condition in espintcp_close() (CVE-2026-23239 bsc#1259485). - commit fad2a85 - tls: Fix race condition in tls_sw_cancel_work_tx() (CVE-2026-23240 bsc#1259484). - commit 8f20aa3 - drm/i915/wm: Verify the correct plane DDB entry (git-fixes). - crypto: ccp - copy IV using skcipher ivsize (git-fixes). - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (git-fixes). - crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (git-fixes). - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (git-fixes). - crypto: pcrypt - Fix handling of MAY_BACKLOG requests (git-fixes). - crypto: sa2ul - Fix AEAD fallback algorithm names (git-fixes). - commit 96a5ab8 - KVM: x86: hyper-v: Validate all GVAs during PV TLB flush (git-fixes). - commit a9d8238 ------------------------------------------------------------------ ------------------ 2026-4-21 - Apr 21 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/KVM-x86-mmu-Drop-zap-existing-present-SPTE-even-when.patch. - commit a2808d6 - x86/boot: Fix page table access in 5-level to 4-level paging transition (git-fixes). - commit 4526872 - x86/boot/sev: Avoid shared GHCB page for early memory acceptance (git-fixes). - commit 4109e10 - Refresh patches.suse/kdump-wait-for-dma-to-time-out-when-using-cma.patch. Update to the version that was actually committed upstream. - commit eac6225 - Refresh patches.suse/selftests-powerpc-Suppress-Wmaybe-uninitialized-with-GCC-15.patch. - commit 30a517c - sunrpc: fix cache_request leak in cache_release (CVE-2026-31400 bsc#1261645). - commit 881c7a1 - Update tags in patches.suse/ext4-use-optimized-mballoc-scanning-regardless-of-in.patch. - commit ec46e56 - ext4: fix fsync(2) for nojournal mode (git-fixes). - commit 238bddf - ext4: make recently_deleted() properly work with lazy itable initialization (git-fixes). - commit 9897a6f - ext4: reject mount if bigalloc with s_first_data_block != 0 (git-fixes). - commit 7f5229b - lib/hexdump: print_hex_dump_bytes() calls print_hex_dump_debug() (git-fixes). - platform/x86: dell-wmi-sysman: bound enumeration string aggregation (git-fixes). - platform/x86: dell_rbu: avoid uninit value usage in packet_size_write() (git-fixes). - platform/x86: panasonic-laptop: Fix OPTD notifier registration and cleanup (git-fixes). - platform/surface: surfacepro3_button: Drop wakeup source on remove (git-fixes). - leds: lgm-sso: Remove duplicate assignments for priv->mmap (git-fixes). - mfd: mc13xxx-core: Fix memory leak in mc13xxx_add_subdevice_pdata() (git-fixes). - commit afede1d ++++ opensuse-migration-tool: - Update to version 20260421.e72b645: * Update ports temp repo url for Tumbleweed ------------------------------------------------------------------ ------------------ 2026-4-20 - Apr 20 2026 ------------------- ------------------------------------------------------------------ ++++ cups: - Version upgrade to 2.4.17: See https://github.com/openprinting/cups/releases The new release 2.4.17 contains the following security fixes: * CVE-2026-27447: The scheduler treated local user and group names as case-insensitive (bsc#1261572) * CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory (bsc#1261571) * CVE-2026-34980: The scheduler did not filter control characters from option values (bsc#1261569) * CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string (bsc#1261570) * CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface (bsc#1261568) * CVE-2026-39314: Fixed the range check for job password strings (bsc#1261743) * CVE-2026-39316: Fixed a printer subscription bug in the scheduler (bsc#1261742) * CVE-2026-41079: Fixed a SNMP string conversion bug in the backends (bsc#1263116) - The release includes other fixes as well, listed in CHANGES.md. Issues are those at https://github.com/OpenPrinting/cups/issues Detailed list (from CHANGES.md): * The scheduler followed symbolic links when cleaning out its temporary directory (Issue #1448) * Updated `cupsFileGetConf` and `cupsFilePutConf` to escape more characters. * Updated man page `cancel` (Issue #984) * Updated `cupsRasterReadHeader` to validate more of the page header values (Issue #1501) * Fixed an issue with the class/printer CGI name checking. * Fixed infinite loop in `http_write()` on busy print servers (Issue #827) * Fixed potential TLS blocking issues (Issue #1128) * Fixed a job history bug in the scheduler (Issue #1440) * Fixed notifier logging bug that would result in nul bytes getting into the log (Issue #1450) * Fixed possible use-after-free in `cupsdReadClient()` (Issue #1454) * Fixed a document format bug in the IPP backend (Issue #1457) * Fixed DRAIN_OUTPUT race condition (Issue #1461) * Fixed a bug when then `ippFindXxx` and `ippSetXxx` functions were mixed. * Fixed the mapping of supply type keywords to SNMP names. * Fixed a bug in the IPP backend when SNMP was disabled. * Fixed a crash bug in the rastertoepson filter. * Fixed a bug in cgiCheckVariables. * Fixed handling read/write errors with OpenSSL (Issue #1506) * Fixed handling rehandshake error in `_httpTLSRead` (Issue #1508) * Fixed a debug printf bug on Windows (Issue #1529) * Fixed a recursion issue with encoding of nested collections (Issue #1539) * Fixed parsing of the `LimitRequestBody`, `MaxLogSize`, and `MaxRequestSize` directives in "cupsd.conf" (Issue #1540) * Fixed a parsing bug in `ipptool` (Issue #1542) * Fixed blank line detection in the `rastertolabel` filter (Issue #1545) * Fixed `httpPeek` edge case on compressed streams Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.17 ++++ dnsmasq: - Fix FTBFS with libnettle 4.0: (boo#1257934) * dnsmasq: missed hash->digest calls in 4070a74 (1eab169) * Add dnsmasq-Fix-FTBFS-nettle-4.0.patch and merge 4070a748.patch ++++ haproxy: - VUL-0: CVE-2026-33555: haproxy: Request smuggling via HTTP/3 parser desynchronization (bsc#1262103) Add upstream patch 0001-BUG-MAJOR-h3-check-body-size-with-content-length-on-.patch ++++ kernel-default: - i40e: Fix preempt count leak in napi poll tracepoint (CVE-2026-23313 bsc#1260555) - commit 2e9a394 - nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399 bsc#1261020). - commit 6b85bc1 - modpost: Amend ppc64 save/restfpr symnames for -Os build (bsc#1215199). - commit 5b6f69e - netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456 bsc#1261703). - commit a6df659 - NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403 bsc#1261796). - commit fbf8b70 - staging: sm750fb: fix division by zero in ps_to_hz() (git-fixes). - staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() (git-fixes). - usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() (git-fixes). - usbip: validate number_of_packets in usbip_pack_ret_submit() (git-fixes). - usb: gadget: renesas_usb3: validate endpoint index in standard request handlers (git-fixes). - usb: chipidea: otg: not wait vbus drop if use role_switch (git-fixes). - usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change (git-fixes). - usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable() (git-fixes). - usb: port: add delay after usb_hub_set_port_power() (git-fixes). - commit 82d354e - x86/CPU: Fix FPDSS on Zen1 (bsc#1243603 CVE-2023-2058). - commit 7fc9cd2 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402 bsc#1261638). - commit 7c57216 ++++ libzypp: - Check for trusted key updates when updating the general keyring (bsc#1259706) - Support multiple MirroredOrigin authorities (bsc#1253193) - Workaround doxygen bug: doxygen/doxygen#12057 - libzypp.spec: Add missing graphviz-gd BuildRequires (boo#1259842) - version 17.38.6 (35) ++++ zypper: - Autorefresh ris-services the way as plugin-services (bsc#1246504) It's actually wrong to treat service refreshes different depending on the service type. For the purpose of a service it makes no difference how the data about the repos to use are acquired. - version 1.14.96 ------------------------------------------------------------------ ------------------ 2026-4-19 - Apr 19 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - pinctrl: abx500: Fix type of 'argument' variable (git-fixes). - pinctrl: pinctrl-pic32: Fix resource leak (git-fixes). - pinctrl: pic32: use consistent spacing around '+' (git-fixes). - pinctrl: pic32: change all cases of bare 'unsigned' to 'unsigned int' (git-fixes). - pinctrl: Fix spelling problem (git-fixes). - i3c: mipi-i3c-hci: fix IBI payload length calculation for final status (git-fixes). - i3c: master: Fix error codes at send_ccc_cmd (git-fixes). - ipmi: ssif_bmc: change log level to dbg in irq callback (git-fixes). - ipmi: ssif_bmc: fix message desynchronization after truncated response (git-fixes). - ipmi: ssif_bmc: fix missing check for copy_to_user() partial failure (git-fixes). - Input: uinput - take event lock when submitting FF request "event" (stable-fixes). - commit 84d3fa4 - Drop PCI ACS patch that caused a regression (bsc#1261348) It was reverted on stable trees as well Deleted: patches.suse/PCI-Enable-ACS-after-configuring-IOMMU-for-OF-platfo.patch - commit 47c1816 ------------------------------------------------------------------ ------------------ 2026-4-18 - Apr 18 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/kdump-add-crashkernel-cma-suffix.patch. - kdump, documentation: describe craskernel CMA reservation (jsc#PED-7249). - Refresh patches.suse/kdump-implement-reserve_crashkernel_cma.patch. - Refresh patches.suse/kdump-wait-for-dma-to-time-out-when-using-cma.patch. - Refresh patches.suse/kdump-x86-implement-crashkernel-cma-reservation.patch. Add upstream references and move to the sorted section. - commit e895108 - remoteproc: xlnx: Only access buffer information if IPI is buffered (git-fixes). - soundwire: cadence: Clear message complete before signaling waiting thread (git-fixes). - soundwire: bus: demote UNATTACHED state warnings to dev_dbg() (git-fixes). - soc: qcom: aoss: compare against normalized cooling state (git-fixes). - soc: qcom: llcc: fix v1 SB syndrome register offset (git-fixes). - soc/tegra: cbb: Set ERD on resume for err interrupt (git-fixes). - commit caf3df8 - mtd: rawnand: sunxi: fix sunxi_nfc_hw_ecc_read_extra_oob (git-fixes). - mtd: spi-nor: swp: check SR_TB flag when getting tb_mask (git-fixes). - mtd: spi-nor: core: correct the op.dummy.nbytes when check read operations (git-fixes). - mtd: parsers: ofpart: call of_node_get() for dedicated subpartitions (git-fixes). - mtd: parsers: ofpart: call of_node_put() only in ofpart_fail path (git-fixes). - mtd: physmap_of_gemini: Fix disabled pinctrl state check (git-fixes). - power: supply: axp288_charger: Do not cancel work before initializing it (git-fixes). - power: supply: max17042: avoid overflow when determining health (git-fixes). - HID: asus: do not abort probe when not necessary (git-fixes). - HID: asus: make asus_resume adhere to linux kernel coding standards (git-fixes). - HID: usbhid: fix deadlock in hid_post_reset() (git-fixes). - HID: alps: fix NULL pointer dereference in alps_raw_event() (git-fixes). - dmaengine: mxs-dma: Fix missing return value from of_dma_controller_register() (git-fixes). - dmaengine: dw-axi-dmac: Remove unnecessary return statement from void function (git-fixes). - memory: tegra30-emc: Fix dll_change check (git-fixes). - memory: tegra124-emc: Fix dll_change check (git-fixes). - commit 095efd4 ------------------------------------------------------------------ ------------------ 2026-4-17 - Apr 17 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/netfilter-nft_set_pipapo-split-gc-into-unlink-and-reclaim-.patch. This is fixing the following warning: * discarded-qualifiers (pipapo_gc_queue) in ../net/netfilter/nft_set_pipapo.c in nft_pipapo_commit In file included from ../fs/smb/client/cifsproto.h:10:0, ../include/linux/nls.h:50:26: note: expected 'char *' but argument is of type 'const char *' ../net/netfilter/nft_set_pipapo.c: In function 'nft_pipapo_commit': ../net/netfilter/nft_set_pipapo.c:1768:18: warning: passing argument 1 of 'pipapo_gc_queue' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] ../net/netfilter/nft_set_pipapo.c:1666:13: note: expected 'struct nft_set *' but argument is of type 'const struct nft_set *' - commit 418ea5e - efi/capsule-loader: fix incorrect sizeof in phys array reallocation (git-fixes). - commit 278e952 ++++ opensc: - Security fix: * CVE-2025-66037: crafted input can cause an out-of-bounds read (bsc#1261218) * CVE-2025-66038: improper compact-TLV length validation can lead to crash or unexpected behavior (bsc#1261219) * CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses (bsc#1261214) * CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer-overflow write (bsc#1261220) * Added opensc-CVE-2025-49010.patch * Added opensc-CVE-2025-66037.patch * Added opensc-CVE-2025-66038.patch * Added opensc-CVE-2025-66215.patch ++++ podman: - Add patch for CVE-2025-47914 (bsc#1253993), CVE-2025-47913 (bsc#1253542): * 0006-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch - Add patch for CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 (bsc#1252376): * 0005-CVE-2025-52881-backport-subset-of-patch-from-runc.patch - Rebase patches: * 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch * 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch * 0003-CVE-2025-6032-machine-init-fix-tls-check.patch * 0004-CVE-2025-9566-kube-play-don-t-follow-volume-symlinks.patch ++++ salt: - Fix testsuite failures - Backport of the CVE-2026-31958 fix (bsc#1259554) - Add x86_64_v2 as a possible rpm package architecture - Make users with backslash working for salt-ssh (bsc#1254629) - Fix ansible.playbooks extra-vars quoting (bsc#1257831) - Fix virtualenv call in test helper to use proper python version - Added: * fix-test-failures-754.patch * backport-of-the-cve-2026-31958-fix-bsc-1259554.patch * add-x86_64_v2-as-a-possible-rpm-package-architecture.patch * make-users-with-backslash-working-for-salt-ssh-bsc-1.patch * fix-ansible.playbooks-extra-vars-quoting-bsc-1257831.patch * fix-virtualenv-call-in-test-helper-to-use-proper-pyt.patch ------------------------------------------------------------------ ------------------ 2026-4-16 - Apr 16 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ipv6: add NULL checks for idev in SRv6 paths (CVE-2026-23442 bsc#1261581). - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300 bsc#1260538). - commit b424281 - net/sched: act_gate: snapshot parameters with RCU on replace (CVE-2026-23245 bsc#1259799). - commit cea08bb - sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1253754). - sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1253754). - sched/balancing: Switch the 'DEFINE_SPINLOCK(balancing)' spinlock into an 'atomic_t sched_balance_running' flag (bsc#1253754). - commit 7f3daec - Bluetooth: HIDP: Fix possible UAF (CVE-2026-23462 bsc#1261710). - commit c2fcff0 - check-for-config-changes: Exclude CC_MS_EXTENSIONS - commit c04d7e7 - Refresh patches.suse/ice-use-netif_get_num_default_rss_queues.patch. - Refresh patches.suse/mm-page_alloc-thp-prevent-reclaim-for-__GFP_THISNODE-THP-a.patch. - Refresh patches.suse/powerpc-eeh-fix-recursive-pci_lock_rescan_remove-locking-in-EEH-event-handling.patch. Move merged patches to sorted section. - commit 471a61e - blktrace: fix __this_cpu_read/write in preemptible context (bsc#1260811 CVE-2026-23374). - commit 357b0af - flex_proportions: make fprop_new_period() hardirq safe (bsc#1258826 CVE-2026-23168). - commit 4572c85 - sched/fair: Remove nohz.nr_cpus and use weight of cpumask instead (bsc#1234634, bsc#1258961). - sched/fair: Change likelyhood of nohz.nr_cpus (bsc#1234634, bsc#1258961). - sched/fair: Move checking for nohz cpus after time check (bsc#1234634, bsc#1258961). - commit 76eeda0 - Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (CVE-2026-23461 bsc#1261707). - commit dba279b - PCI: mediatek-gen3: Prevent leaking IRQ domains when IRQ not found (git-fixes). - spi: mtk-snfi: unregister ECC engine on probe failure and remove() callback (git-fixes). - spi: zynqmp-gqspi: fix controller deregistration (git-fixes). - spi: sprd: fix controller deregistration (git-fixes). - spi: sh-hspi: fix controller deregistration (git-fixes). - spi: rspi: fix controller deregistration (git-fixes). - spi: atmel: fix controller deregistration (git-fixes). - spi: at91-usart: fix controller deregistration (git-fixes). - spi: rockchip: fix controller deregistration (git-fixes). - spi: imx: fix use-after-free on unbind (git-fixes). - spi: hisi-kunpeng: prevent infinite while() loop in hisi_spi_flush_fifo (git-fixes). - spi: fix misleading controller deregistration kernel-doc (git-fixes). - spi: fix misleading controller registration kernel-doc (git-fixes). - spi: fsl-qspi: Use reinit_completion() for repeated operations (git-fixes). - regulator: bd9571mwv: fix OF node reference imbalance (git-fixes). - regulator: act8945a: fix OF node reference imbalance (git-fixes). - regulator: mt6357: fix OF node reference imbalance (git-fixes). - regulator: max77650: fix OF node reference imbalance (git-fixes). - platform/chrome: chromeos_tbmc: Drop wakeup source on remove (git-fixes). - commit 152f382 - PCI: dwc: Apply ECRC workaround to DesignWare 5.00a as well (git-fixes). - PCI: tegra194: Use DWC IP core version (git-fixes). - PCI: tegra194: Allow system suspend when the Endpoint link is not up (git-fixes). - PCI: tegra194: Set LTR message request before PCIe link up in Endpoint mode (git-fixes). - PCI: tegra194: Disable direct speed change for Endpoint mode (git-fixes). - PCI: tegra194: Use devm_gpiod_get_optional() to parse "nvidia,refclk-select" (git-fixes). - PCI: tegra194: Disable PERST# IRQ only in Endpoint mode (git-fixes). - PCI: tegra194: Disable LTSSM after transition to Detect on surprise link down (git-fixes). - PCI: tegra194: Increase LTSSM poll time on surprise link down (git-fixes). - PCI: tegra194: Fix polling delay for L2 state (git-fixes). - PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown (git-fixes). - PCI: Enable AtomicOps only if Root Port supports them (git-fixes). - PCI/AER: Stop ruling out unbound devices as error source (git-fixes). - PCI/AER: Clear only error bits in PCIe Device Status (git-fixes). - mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration (git-fixes). - media: i2c: ov08d10: fix image vertical start setting (git-fixes). - commit b381137 - media: staging: imx: configure src_mux in csi_start (git-fixes). - media: staging: imx: request mbus_config in csi_start (git-fixes). - media: uvcvideo: Enable VB2_DMABUF for metadata stream (git-fixes). - media: i2c: ov8856: free control handler on error in ov8856_init_controls() (git-fixes). - media: amphion: Fix race between m2m job_abort and device_run (git-fixes). - media: mtk-jpeg: fix use-after-free in release path due to uncancelled work (git-fixes). - media: rc: xbox_remote: heed DMA restrictions (git-fixes). - media: rc: streamzap: Error handling in probe (git-fixes). - media: as102: fix to not free memory after the device is registered in as102_usb_probe() (git-fixes). - media: hackrf: fix to not free memory after the device is registered in hackrf_probe() (git-fixes). - media: saa7164: add ioremap return checks and cleanups (git-fixes). - media: pci: zoran: fix potential memory leak in zoran_probe() (git-fixes). - media: em28xx: fix use-after-free in em28xx_v4l2_open() (git-fixes). - media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (git-fixes). - media: vidtv: fix nfeeds state corruption on start_streaming failure (git-fixes). - media: vidtv: fix pass-by-value structs causing MSAN warnings (git-fixes). - media: dib8000: avoid division by 0 in dib8000_set_dds() (git-fixes). - media: videobuf2: Set vma_flags in vb2_dma_sg_mmap (git-fixes). - media: omap3isp: drop the use count of v4l2 pipeline (git-fixes). - commit 6696721 - net/sched: act_ife: Fix metalist update behavior (CVE-2026-23378 bsc#1260546). - commit 1bdc011 - drm/vram: remove DRM_VRAM_MM_FILE_OPERATIONS from docs (git-fixes). - drm/msm/a6xx: Use barriers while updating HFI Q headers (git-fixes). - drm/msm/a6xx: Fix dumping A650+ debugbus blocks (git-fixes). - drm/msm/shrinker: Fix can_block() logic (git-fixes). - drm/msm/a6xx: Fix HLSQ register dumping (git-fixes). - drm/msm/dsi: rename MSM8998 DSI version from V2_2_0 to V2_0_0 (git-fixes). - drm/msm/dsi: fix hdisplay calculation for CMD mode panel (git-fixes). - drm/msm/dsi: fix bits_per_pclk (git-fixes). - drm/msm/dsi: add the missing parameter description (git-fixes). - drm/msm/dpu: fix mismatch between power and frequency (git-fixes). - drm/amd/pm/smu7: Add SCLK cap for quirky Hawaii board (git-fixes). - drm/amd/pm/ci: Fill DW8 fields from SMC (git-fixes). - drm/amd/pm/ci: Clear EnabledForActivity field for memory levels (git-fixes). - drm/amd/pm/ci: Fix powertune defaults for Hawaii 0x67B0 (git-fixes). - drm/amd/pm/smu7: Fix SMU7 voltage dependency on display clock (git-fixes). - drm/amd/pm/ci: Disable MCLK DPM on problematic CI ASICs (git-fixes). - drm/amd/pm/ci: Use highest MCLK on CI when MCLK DPM is disabled (git-fixes). - drm/amd/display: Add NULL check for integrated_info in clk_mgr_construct (git-fixes). - drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths (git-fixes). - drm/panel: simple: Correct G190EAN01 prepare timing (git-fixes). - drm/panel: sharp-ls043t1le01: make use of prepare_prev_first (git-fixes). - drm/amdgpu/gfx10: look at the right prop for gfx queue priority (git-fixes). - drm/sun4i: Fix resource leaks (git-fixes). - drm/bridge: cadence: cdns-mhdp8546-core: Handle HDCP state in bridge atomic check (git-fixes). - fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (git-fixes). - fbdev: matroxfb: Mark variable with __maybe_unused to avoid W=1 build break (git-fixes). - media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe() (git-fixes). - staging: media: atomisp: Disallow all private IOCTLs (git-fixes). - media: i2c: imx412: Assert reset GPIO during probe (git-fixes). - commit 654981a - drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable() (git-fixes). - commit 1effbc1 - crypto: hisilicon - Fix dma_unmap_single() direction (git-fixes). - crypto: talitos - fix SEC1 32k ahash request limitation (git-fixes). - crypto: jitterentropy - replace long-held spinlock with mutex (git-fixes). - crypto: ccree - fix a memory leak in cc_mac_digest() (git-fixes). - crypto: qat - use swab32 macro (git-fixes). - crypto: qat - fix type mismatch in RAS sysfs show functions (git-fixes). - drm/bridge: cadence: cdns-mhdp8546-core: Add mode_valid hook to drm_bridge_funcs (git-fixes). - drm/sun4i: backend: fix error pointer dereference (git-fixes). - drm/komeda: fix integer overflow in AFBC framebuffer size check (git-fixes). - commit 361b735 - crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (git-fixes). - crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (git-fixes). - crypto: simd - reject compat registrations without __ prefixes (git-fixes). - crypto: atmel-tdes - fix DMA sync direction (git-fixes). - crypto: atmel-ecc - Release client on allocation failure (git-fixes). - ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (git-fixes). - ALSA: hda/realtek - fixed speaker no sound update (git-fixes). - ASoC: SOF: Don't allow pointer operations on unconfigured streams (git-fixes). - ASoC: SOF: compress: return the configured codec from get_params (git-fixes). - ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens (git-fixes). - ASoC: qcom: qdsp6: topology: check widget type before accessing data (git-fixes). - ASoC: qcom: q6apm: remove child devices when apm is removed (git-fixes). - ASoC: qcom: q6apm: move component registration to unmanaged version (git-fixes). - ASoC: fsl_easrc: Change the type for iec958 channel status controls (git-fixes). - ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits() (git-fixes). - ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits() (git-fixes). - ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put() (git-fixes). - ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put() (git-fixes). - ASoC: fsl_micfil: Fix event generation in micfil_quality_set() (git-fixes). - ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state() (git-fixes). - ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode() (git-fixes). - ASoC: fsl_micfil: Fix event generation in hwvad_put_enable() (git-fixes). - ASoC: fsl_micfil: Add access property for "VAD Detected" (git-fixes). - ASoC: SOF: Intel: hda: Place check before dereference (git-fixes). - ASoC: fsl_easrc: fix comment typo (git-fixes). - ASoC: sti: use managed regmap_field allocations (git-fixes). - ASoC: sti: Return errors from regmap_field_alloc() (git-fixes). - ALSA: caiaq: take a reference on the USB device in create_card() (git-fixes). - ALSA: 6fire: fix use-after-free on disconnect (git-fixes). - ALSA: fireworks: bound device-supplied status before string array lookup (git-fixes). - ALSA: ctxfi: Add fallback to default RSR for S/PDIF (git-fixes). - ALSA: ctxfi: Limit PTP to a single page (git-fixes). - ALSA: scarlett2: Add missing sentinel initializer field (git-fixes). - ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}') (git-fixes). - ALSA: aoa: i2sbus: fix OF node lifetime handling (git-fixes). - ALSA: core: Validate compress device numbers without dynamic minors (git-fixes). - Revert "ALSA: usb: Increase volume range that triggers a warning" (git-fixes). - ALSA: usb-audio: Evaluate packsize caps at the right place (git-fixes). - commit a0feb51 - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (CVE-2026-23450 bsc#1261584). - commit 5c35d92 ++++ ncurses: - Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720) * Backport from ncurses-6.5-20251213.patch ++++ libpng16: - added patches CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957] * libpng16-CVE-2026-34757.patch ------------------------------------------------------------------ ------------------ 2026-4-15 - Apr 15 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sctp: disable BH before calling udp_tunnel_xmit_skb() (CVE-2026-23276 bsc#1260012). - net: increase IP_TUNNEL_RECURSION_LIMIT to 5 (CVE-2026-23276 bsc#1260012). - net: prevent NULL deref in iptunnel_xmit() (CVE-2026-23276 bsc#1260012). - commit ecf9d21 - net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (CVE-2026-23340 bsc#1260523). - commit 525ca44 - mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321 bsc#1260505). - commit 46ae7ff - net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276 bsc#1260012). - net: move dev_xmit_recursion() helpers to net/core/dev.h (CVE-2026-23276 bsc#1260012). - refresh patches.suse/netdev-prevent-accessing-NAPI-instances-from-another.patch - commit 84e7397 - espintcp: Fix race condition in espintcp_close() (CVE-2026-23239 bsc#1259485). - commit 1e0a523 - tls: Fix race condition in tls_sw_cancel_work_tx() (CVE-2026-23240 bsc#1259484). - commit 87d5eb8 - bridge: cfm: Fix race condition in peer_mep deletion (CVE-2026-23393 bsc#1260522). - commit 09373eb - wifi: mt76: mt7915: fix use_cts_prot support (git-fixes). - commit 6b5af82 - net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() (git-fixes). - NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (git-fixes). - nfc: llcp: add missing return after LLCP_CLOSED checks (git-fixes). - can: raw: fix ro->uniq use-after-free in raw_rcv() (git-fixes). - can: ucan: fix devres lifetime (git-fixes). - Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (git-fixes). - Bluetooth: SCO: check for codecs->num_codecs == 1 before assigning to sco_pi(sk)->codec (git-fixes). - Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (git-fixes). - Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (git-fixes). - Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error (git-fixes). - Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU (git-fixes). - wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap() (git-fixes). - wifi: rtw88: fix device leak on probe failure (git-fixes). - wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet (git-fixes). - wifi: rtw88: check for PCI upstream bridge existence (git-fixes). - wifi: brcmfmac: Fix error pointer dereference (git-fixes). - wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() (git-fixes). - wifi: mt76: mt7996: fix struct mt7996_mcu_uni_event (git-fixes). - wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work (git-fixes). - wifi: mt76: mt7921: fix a potential clc buffer length underflow (git-fixes). - wifi: mt76: mt7996: fix FCS error flag check in RX descriptor (git-fixes). - wifi: mt76: mt7925: fix incorrect length field in txpower command (git-fixes). - wifi: mt76: mt7615: fix use_cts_prot support (git-fixes). - wifi: mt76: mt7921: Reset ampdu_state state in case of failure in mt76_connac2_tx_check_aggr() (git-fixes). - wifi: ath9k: Fix typo (git-fixes). - wifi: mwifiex: Fix memory leak in mwifiex_11n_aggregate_pkt() (git-fixes). - ACPI: AGDI: fix missing newline in error message (git-fixes). - firmware: dmi: Correct an indexing error in dmi.h (git-fixes). - irqchip/irq-pic32-evic: Address warning related to wrong printf() formatter (git-fixes). - docs: path-lookup: fix unrenamed WALK_GET (git-fixes). - commit 4311357 - io_uring/poll: improve readability of poll reference decrementing (CVE-2026-23473 bsc#1261694). - commit c3cd3d2 - io_uring/poll: fix multishot recv missing EOF on wakeup race (CVE-2026-23473 bsc#1261694). - commit 3ff4020 ++++ mozilla-nss: - Added "Suggests: p11-kit-nss-trust" to favor over mozilla-nss-certs (Jira: PED-15633) ++++ python311-core: - Add CVE-2026-3446-base64-padding.patch preventing ignoring excess Base64 data after the first padded quad (bsc#1261970, CVE-2026-3446, gh#python/cpython#145264). ++++ python311: - Add CVE-2026-3446-base64-padding.patch preventing ignoring excess Base64 data after the first padded quad (bsc#1261970, CVE-2026-3446, gh#python/cpython#145264). ++++ sed: - Add CVE-2026-5958.patch * Fix CVE-2026-5958 (bsc#1262144): A TOCTOU race can allow to read attacker-controlled content and write it to an unintended file ------------------------------------------------------------------ ------------------ 2026-4-14 - Apr 14 2026 ------------------- ------------------------------------------------------------------ ++++ Mesa: - bsc1261998-CVE-2026-40393-nir-Use-STACK_ARRAY-instead-of-NIR_VLA.patch bsc1261998-CVE-2026-40393-spirv-Use-STACK_ARRAY-instead-of-NIR_VLA.patch * Mesa: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998, CVE-2026-40393) ++++ Mesa-drivers: - bsc1261998-CVE-2026-40393-nir-Use-STACK_ARRAY-instead-of-NIR_VLA.patch bsc1261998-CVE-2026-40393-spirv-Use-STACK_ARRAY-instead-of-NIR_VLA.patch * Mesa: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998, CVE-2026-40393) ++++ kernel-default: - netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458 bsc#1261781). - commit dad7401 - netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391 bsc#1260566). - commit 382f8ac - netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392 bsc#1260531). - commit fd33c16 - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455 bsc#1261687). - commit 154c998 - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351 bsc#1260526). - commit fea5651 - tty: tty_io: update timestamps on all device nodes (bsc#1262020). - commit 3c38985 - workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() (bsc#1260522). - commit 74437ad - kABI: Include pool_id bits from work_bits into kABI tracking (bsc#1260522). - commit 3492b48 - net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441 bsc#1261768). - Refresh patches.suse/net-mlx5e-Fix-race-condition-during-IPSec-ESN-update.patch. - commit 66528df - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408 bsc#1261797). - commit 9e9c97a - Update patches.suse/Bluetooth-SCO-Fix-use-after-free-in-sco_recv_frame-d.patch (CVE-2026-31408 bsc#1261797 git-fixes). - commit 57943d2 - thermal/drivers/spear: Fix error condition for reading st,thermal-flags (git-fixes). - thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp (git-fixes). - thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata (git-fixes). - devres: fix missing node debug info in devm_krealloc() (git-fixes). - commit 7864913 ++++ mozilla-nss: - update to NSS 3.112.4 * bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey. * bmo#2029462 - store email on subject cache_entry in NSS trust domain. * bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * bmo#2029323 - Improve size calculations in CMS content buffering. * bmo#2028001 - avoid integer overflow while escaping RFC822 Names. * bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder. * bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile. * bmo#2027345 - Improve input validation in DSAU signature decoding. * bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS. * bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash. * bmo#2026156 - Add a maximum cert uncompressed len and tests. * bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes. * bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * bmo#2019224 - Remove invalid PORT_Free(). * bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie. ++++ timezone: - Update to 2026a: * Moldova has used EU transition times since 2022. * The "right" TZif files are no longer installed by default. * -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds. * TZif files are no longer limited to 50 bytes of abbreviations. * zic is no longer limited to 50 leap seconds. * Several integer overflow bugs have been fixed. - Changes from 2025c: * update Baja California DST rules in 1953, 1961-1975 * An unset TZ is no longer invalid when /etc/localtime is missing, and is abbreviated "UTC" not "-00". This reverts to 2024b behavior * tzset etc. are now more cautious about questionable TZ settings. * tzset etc. now treat ' ' like '_' in time zone abbreviations * tzfree now preserves errno, consistently with POSIX.1-2024 ‘free’. * zic has new options inspired by FreeBSD. ‘-D’ skips creation of output ancestor directories, ‘-m MODE’ sets output files’ mode, and ‘-u OWNER[:GROUP]’ sets output files’ owner and group. * multiple changes visible to developers - Use "REDO=posix_right" to keep installing "right" TZif files. ------------------------------------------------------------------ ------------------ 2026-4-13 - Apr 13 2026 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * 0001-Mandatory-install-device-check-for-PowerPC.patch ++++ kernel-default: - net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440 bsc#1261641). - net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368 bsc#1260530). - commit f87eed8 - btrfs: always detect conflicting inodes when logging inode refs (bsc#1257631 CVE-2025-71183). - commit a3da7f8 - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - commit f390ffd - check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC} - commit ba5597d - crypto: algif_aead - Fix minimum RX size check for decryption (git-fixes). - X.509: Fix out-of-bounds access when parsing extensions (git-fixes). - commit 1e6b871 - btrfs: replace BUG() with error handling in __btrfs_balance() (git-fixes). - commit 8ae6b6d - btrfs: reject root items with drop_progress and zero drop_level (git-fixes). - commit f1b2a6e ++++ openvswitch: - Fix CVE-2026-34956 [bsc#1261273] -- Invalid memory access in conntrack FTP alg * Add CVE-2026-34956.patch ------------------------------------------------------------------ ------------------ 2026-4-12 - Apr 12 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: uinput - fix circular locking dependency with ff-core (git-fixes). - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (git-fixes). - drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock (git-fixes). - drm/vc4: Fix a memory leak in hang state error path (git-fixes). - drm/vc4: Fix memory leak of BO array in hang state (git-fixes). - drm/vc4: Release runtime PM reference after binding V3D (git-fixes). - comedi: dt2815: add hardware detection to prevent crash (stable-fixes). - iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() (git-fixes). - USB: serial: option: add MeiG Smart SRM825WN (stable-fixes). - USB: serial: io_edgeport: add support for Blackbox IC135A (stable-fixes). - USB: serial: option: add support for Rolling Wireless RW135R-GL (stable-fixes). - usb: gadget: f_uac1_legacy: validate control request size (stable-fixes). - USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (stable-fixes). - usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (stable-fixes). - usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (stable-fixes). - cdc-acm: new quirk for EPSON HMD (stable-fixes). - Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode (stable-fixes). - Input: xpad - add support for Razer Wolverine V3 Pro (stable-fixes). - Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (stable-fixes). - wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes). - ALSA: ctxfi: Fix missing SPDIFI1 index handling (stable-fixes). - HID: multitouch: Check to ensure report responses match the request (stable-fixes). - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (stable-fixes). - wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation (stable-fixes). - wifi: ath11k: skip status ring entry processing (stable-fixes). - commit f015666 ------------------------------------------------------------------ ------------------ 2026-4-11 - Apr 11 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: tegra: fix irq_release_resources calling enable instead of disable (git-fixes). - mmc: vub300: fix NULL-deref on disconnect (git-fixes). - nfc: pn533: allocate rx skb before consuming bytes (git-fixes). - wifi: rt2x00usb: fix devres lifetime (git-fixes). - wifi: brcmsmac: Fix dma_free_coherent() size (git-fixes). - batman-adv: hold claim backbone gateways by reference (git-fixes). - batman-adv: reject oversized global TT response buffers (git-fixes). - nfc: s3fwrn5: allocate rx skb before consuming bytes (git-fixes). - commit 6ac4a49 ------------------------------------------------------------------ ------------------ 2026-4-10 - Apr 10 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI: workqueue: Implement disable/enable for (delayed) work items (bsc#1260522). - commit 0192af1 - workqueue: Implement disable/enable for (delayed) work items (bsc#1260522). - commit a8b1159 - workqueue: Preserve OFFQ bits in cancel[_sync] paths (bsc#1260522). - commit b464c41 - workqueue: Make @flags handling consistent across set_work_data() and friends (bsc#1260522). - commit 02f8d34 - workqueue: Factor out work_grab_pending() from __cancel_work_sync() (bsc#1260522). - commit 0b98d92 - workqueue: Introduce work_cancel_flags (bsc#1260522). - commit 305ef18 - workqueue: Reorganize flush and cancel[_sync] functions (bsc#1260522). - commit 0226729 - workqueue: Rename __cancel_work_timer() to __cancel_timer_sync() (bsc#1260522). - commit 32cb828 - serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (CVE-2026-23472 bsc#1261636). - commit ebf8f3c - workqueue: Clean up enum work_bits and related constants (bsc#1260522). - commit 1fa3104 - workqueue: Break up enum definitions and give names to the types (bsc#1260522). - commit 479a1d6 ++++ libcap: - CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809) 0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch: ------------------------------------------------------------------ ------------------ 2026-4-9 - Apr 9 2026 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - Update dependencies to fix bsc#1257836/CVE-2026-25547 bsc#1258641/CVE-2026-26996 ++++ gdk-pixbuf: - Add gdk-pixbuf-CVE-2026-5201.patch: jpeg: Reject unsupported number of components (bsc#1261210 CVE-2026-5201 glgo#GNOME/gdk-pixbuf#266). ++++ grub2: - Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch ++++ kernel-default: - Delete patches.suse/docs-vfio-Add-vfio-device-cdev-description-09467130. Remove duplicate patch - commit aa4fe2a - scsi: pm8001: Fix use-after-free in pm8001_queue_command() (CVE-2026-23306 bsc#1260501). - commit 57106d4 - bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (CVE-2026-23383 bsc#1260497). - commit 62599f7 ++++ sqlite3: - Update to version 3.53.0: * https://sqlite.org/releaselog/3_53_0.html * Add the Query Result Formatter (QRF) library for formatting the results of SQL queries for human readability on a fixed-pitch font screen. * Enhance ALTER TABLE to permit adding and removing NOT NULL and CHECK constraints. * The REINDEX EXPRESSIONS statement rebuilds expression indexes. * The body of TEMP triggers may now modify and/or query tables in the main schema. * Enhance VACUUM INTO so that if a URI filename is used as the target and that filename has a reserve=N query parameter with N between 0 and 255, then the reserve amount for the generated database copy is set to N. * New SQL functions json_array_insert() and jsonb_array_insert(). * Renovations to the CLI. * New C-language interfaces: sqlite3_str_truncate(), sqlite3_str_free(), sqlite3_carray_bind_v2(). * Add the SQLITE_PREPARE_FROM_DDL option to sqlite3_prepare_v3(). * Added the SQLITE_UTF8_ZT constant which can be used as the encoding parameter to sqlite3_result_text64() or sqlite3_bind_text64() to indicate that the value is UTF-8 encoded and zero terminated. * The SQLITE_LIMIT_PARSER_DEPTH option is added to sqlite3_limit(). * The SQLITE_DBCONFIG_FP_DIGITS option is added to sqlite3_db_config(). * Query planner improvements. * Add new interfaces to the session extension that enable an application to add changes one at a time to the sqlite3_changegroup object. * Improvements to floating-point ↔ text conversions. * Added the self-healing index feature to deal with the stale expression index problem. * Add the "-p|--port" option to sqlite3_rsync. * Add the "opfs-wl" VFS, functionally identical to the "opfs" VFS but using Web Locks for locking, which can promise fairer lock sharing than the "opfs" bespoke protocol can. "opfs-wl" requires Atomics.waitAsync(), so requires newer browsers than "opfs" does. ------------------------------------------------------------------ ------------------ 2026-4-8 - Apr 8 2026 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Update dependencies to fix bsc#1257836/CVE-2026-25547 bsc#1258641/CVE-2026-26996 ++++ kernel-default: - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304 bsc#1260544). - commit 0e2cfb3 - selftests/powerpc: make sub-folders buildable on their own (bsc#1261669 ltc#212590). - Refresh patches.suse/selftests-powerpc-dexcr-Add-no-pie-to-hashchk-tests.patch. - commit b39cae9 - selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669 ltc#212590). - commit cdc7ba4 - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). - commit 875a091 ++++ openssl-3: - Security fix: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678) * Add openssl-CVE-2026-28390.patch ++++ opensuse-migration-tool: - Update to version 20260408.218e5ee: * Add support for Leap Micro to Leap migration * Add quick start guide for git installation * Use .tar.xz for some reason obs service tar fails on 15.6 ------------------------------------------------------------------ ------------------ 2026-4-7 - Apr 7 2026 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * grub2-btrfs-09-get-default-subvolume.patch ++++ kernel-default: - xdp: produce a warning when calculated tailroom is negative (CVE-2026-23343 bsc#1260527). - commit 3ff31fa - tg3: Fix race for querying speed/duplex (bsc#1257183). - commit 50cbd22 - net/rds: Fix circular locking dependency in rds_tcp_tune (CVE-2026-23419 bsc#1261507). - commit 5d48507 - RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (CVE-2026-23335 bsc#1260550) - commit 9fa90c7 - gve: Fix stats report corruption on queue count change (CVE-2026-23262 bsc#1259870). - commit 56ed553 - netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412 bsc#1261412). - commit 1299d5b - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (CVE-2026-23395 bsc#1260580). - commit 942ba6f - soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes). - commit df6cd61 - net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277 bsc#1259997). - commit 852cc2c - scsi: target: Fix recursive locking in __configfs_open_file() (CVE-2026-23292 bsc#1260500). - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193 bsc#1258414). - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216 bsc#1258447). - commit e7b5dcd - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CVE-2026-23270 bsc#1259886). - commit 00821f1 ++++ sudo: - CVE-2026-35535: potential privilege escalation when running the mailer (bsc#1261420) * fix-CVE-2026-35535.patch ------------------------------------------------------------------ ------------------ 2026-4-6 - Apr 6 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381 bsc#1260471). - commit 21aa5bd - clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413 bsc#1261498). - commit eaf3b22 - icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398 bsc#1260730). - net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293 bsc#1260486). - commit 05f5f64 - net/sched: ets: fix divide by zero in the offload path (CVE-2026-23379 bsc#1260481). - commit 3672900 - tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414 bsc#1261496). - commit 1058925 - usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes). - commit 4a9ee96 - misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). - comedi: Reinit dev->spinlock between attachments to low-level drivers (git-fixes). - comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). - comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). - iio: accel: fix ADXL355 temperature signature value (git-fixes). - iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). - iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). - iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). - iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). - iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes). - iio: gyro: mpu3050: Fix irq resource leak (git-fixes). - iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). - usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes). - usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes). - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). - usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). - usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). - usb: ehci-brcm: fix sleep during atomic (git-fixes). - USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). - USB: dummy-hcd: Fix locking/synchronization error (git-fixes). - usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes). - thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). - commit 4e3d5c2 ++++ suseconnect-ng: - Update version to 1.22: - InstallReleasePackage should consider zypperFilesystemRoot (jsc#SCC-630). - Restore exit code 71 handling when attempting keepalive and not registered (bsc#1263772) - Add collector support for gathering RKE2 & K3s kubernetes provider info if enabled on a system (jsc#TEL-317) - Add email address validation to SUSEConnect -e/--email option. (bsc#1197231) - Add collector support for detecting if system is running pacemaker (jsc#SCC-693) - Avoid double slash at start of request URL path component. (jsc#SCC-775) - Use product identifier when finding product packages during migrations. (jsc#SCC=758 bsc#1265410) - Add opt in/out support for collectors (jsc#TEL-312) - Update config parser for suseconnect to be YAML based (jsc#SCC-730) ------------------------------------------------------------------ ------------------ 2026-4-5 - Apr 5 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). - hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). - hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). - hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes). - commit 08cee84 ------------------------------------------------------------------ ------------------ 2026-4-4 - Apr 4 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). - drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). - drm/ast: dp501: Fix initialization of SCU2C (git-fixes). - accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). - drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). - crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). - crypto: caam - fix overflow on long hmac keys (git-fixes). - crypto: caam - fix DMA corruption on long hmac keys (git-fixes). - commit 376a907 ------------------------------------------------------------------ ------------------ 2026-4-3 - Apr 3 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes). - commit 2d1bac8 - net/x25: Fix overflow when accumulating packets (git-fixes). - net/x25: Fix potential double free of skb (git-fixes). - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). - Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). - Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). - Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). - Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). - Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). - Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes). - NFC: pn533: bound the UART receive buffer (git-fixes). - wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). - wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes). - ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). - ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). - dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). - Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). - hwmon: axi-fan: don't use driver_override as IRQ name (git-fixes). - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). - ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). - HID: mcp2221: cancel last I2C command on read error (stable-fixes). - HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes). - HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). - mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). - Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes). - Bluetooth: Remove 3 repeated macro definitions (stable-fixes). - hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). - hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). - dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - commit a6c10e6 ------------------------------------------------------------------ ------------------ 2026-4-2 - Apr 2 2026 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ++++ kernel-default: - net: add proper RCU protection to /proc/net/ptype (CVE-2026-23255 bsc#1259891). - commit 970622a - netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274 bsc#1260005). - commit b61cf0b - netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278 bsc#1259998). - commit bde2f22 ++++ python311-core: - Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has the same security model as open(). The documented limitations ensure compatibility with non-filesystem loaders; Python doesn't check that. (bsc#1259989, CVE-2026-3479, gh#python/cpython#146121). ++++ python311: - Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has the same security model as open(). The documented limitations ensure compatibility with non-filesystem loaders; Python doesn't check that. (bsc#1259989, CVE-2026-3479, gh#python/cpython#146121). ++++ vim: - Fix bsc#1261191 / CVE-2026-34714. - Fix bsc#1261271 / CVE-2026-34982. - Fix bsc#1259985 / CVE-2026-33412. - Update to 9.2.0280: * patch 9.2.0280: [security]: path traversal issue in zip.vim * patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list * patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file * patch 9.2.0277: tests: test_modeline.vim fails * patch 9.2.0276: [security]: modeline security bypass * patch 9.2.0275: tests: test_options.vim fails * patch 9.2.0274: BSU/ESU are output directly to the terminal * patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns * patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline * patch 9.2.0271: buffer underflow in vim_fgets() * patch 9.2.0270: test: trailing spaces used in tests * patch 9.2.0269: configure: Link error on Solaris * patch 9.2.0268: memory leak in call_oc_method() * patch 9.2.0267: 'autowrite' not triggered for :term * patch 9.2.0266: typeahead buffer overflow during mouse drag event * patch 9.2.0265: unnecessary restrictions for defining dictionary function names * patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal * patch 9.2.0263: hlset() cannot handle attributes with spaces * patch 9.2.0262: invalid lnum when pasting text copied blockwise * patch 9.2.0261: terminal: redraws are slow * patch 9.2.0260: statusline not redrawn after closing a popup window * patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker * patch 9.2.0258: memory leak in add_mark() * patch 9.2.0257: unnecessary memory allocation in set_callback() * patch 9.2.0256: visual selection size not shown in showcmd during test * patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal * patch 9.2.0254: w_locked can be bypassed when setting recursively * patch 9.2.0253: various issues with wrong b_nwindows after closing buffers * patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded * patch 9.2.0251: Link error when building without channel feature * patch 9.2.0250: system() does not support bypassing the shell * patch 9.2.0249: clipboard: provider reacts to autoselect feature * patch 9.2.0248: json_decode() is not strict enough * patch 9.2.0247: popup: popups may not wrap as expected * patch 9.2.0246: memory leak in globpath() * patch 9.2.0245: xxd: color output detection is broken * patch 9.2.0244: memory leak in eval8() * patch 9.2.0243: memory leak in change_indent() * patch 9.2.0242: memory leak in check_for_cryptkey() * patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky * patch 9.2.0240: syn_name2id() is slow due to linear search * patch 9.2.0239: signcolumn may cause flicker * patch 9.2.0238: showmode message may not be displayed * patch 9.2.0237: filetype: ObjectScript routines are not recognized * patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode() * patch 9.2.0235: filetype: wks files are not recognized. * patch 9.2.0234: test: Test_close_handle() is flaky * patch 9.2.0233: Compiler warning in strings.c * patch 9.2.0232: fileinfo not shown after :bd of last listed buffer * patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H * patch 9.2.0230: popup: opacity not working accross vert splits * patch 9.2.0229: keypad keys may overwrite keycode for another key * patch 9.2.0228: still possible flicker * patch 9.2.0227: MS-Windows: CSI sequences may be written to screen * patch 9.2.0226: No 'incsearch' highlighting support for :uniq * patch 9.2.0225: runtime(compiler): No compiler plugin for just * patch 9.2.0224: channel: 2 issues with out/err callbacks * patch 9.2.0223: Option handling for key:value suboptions is limited * patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold * patch 9.2.0221: Visual selection drawn incorrectly with "autoselect" * patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw * patch 9.2.0219: call stack can be corrupted * patch 9.2.0218: visual selection highlighting in X11 GUI is wrong. * patch 9.2.0217: filetype: cto files are not recognized * patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX * patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI. * patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky * patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider * patch 9.2.0212: MS-Windows: version packing may overflow * patch 9.2.0211: possible crash when setting 'winhighlight' * patch 9.2.0210: tests: Test_xxd tests are failing * patch 9.2.0209: freeze during wildmenu completion * patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=! * patch 9.2.0207: MS-Windows: freeze on second :hardcopy * patch 9.2.0206: MS-Window: stripping all CSI sequences * patch 9.2.0205: xxd: Cannot NUL terminate the C include file style * patch 9.2.0204: filetype: cps files are not recognized * patch 9.2.0203: Patch v9.2.0185 was wrong * patch 9.2.0202: [security]: command injection via newline in glob() * patch 9.2.0201: filetype: Wireguard config files not recognized * patch 9.2.0200: term: DECRQM codes are sent too early * patch 9.2.0199: tests: test_startup.vim fails * patch 9.2.0198: cscope: can escape from restricted mode * patch 9.2.0197: tabpanel: frame width not updated for existing tab pages * patch 9.2.0196: textprop: negative IDs and can cause a crash * patch 9.2.0195: CI: test-suite gets killed for taking too long * patch 9.2.0194: tests: test_startup.vim leaves temp.txt around * patch 9.2.0193: using copy_option_part() can be improved * patch 9.2.0192: not correctly recognizing raw key codes * patch 9.2.0191: Not possible to know if Vim was compiled with Android support * patch 9.2.0190: Status line height mismatch in vertical splits * patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console * patch 9.2.0188: Can set environment variables in restricted mode * patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer * patch 9.2.0186: heap buffer overflow with long generic function name * patch 9.2.0185: buffer overflow when redrawing custom tabline * patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell * patch 9.2.0183: channel: using deprecated networking APIs * patch 9.2.0182: autocmds may leave windows with w_locked set * patch 9.2.0181: line('w0') moves cursor in terminal-normal mode * patch 9.2.0180: possible crash with winminheight=0 * patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int * patch 9.2.0178: DEC mode requests are sent even when not in raw mode * patch 9.2.0177: Vim9: Can set environment variables in restricted mode * patch 9.2.0176: external diff is allowed in restricted mode * patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes * patch 9.2.0174: diff: inline word-diffs can be fragmented * patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky * patch 9.2.0172: Missing semicolon in os_mac_conv.c * patch 9.2.0171: MS-Windows: version detection is deprecated * patch 9.2.0170: channel: some issues in ch_listen() * patch 9.2.0169: assertion failure in syn_id2attr() * patch 9.2.0168: invalid pointer casting in string_convert() arguments * patch 9.2.0167: terminal: setting buftype=terminal may cause a crash * patch 9.2.0166: Coverity warning for potential NULL dereference * patch 9.2.0165: tests: perleval fails in the sandbox * patch 9.2.0164: build error when XCLIPBOARD is not defined * patch 9.2.0163: MS-Windows: Compile warning for unused variable * patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix * patch 9.2.0161: intro message disappears on startup in some terminals * patch 9.2.0160: terminal DEC mode handling is overly complex * patch 9.2.0159: Crash when reading quickfix line * patch 9.2.0158: Visual highlighting might be incorrect * patch 9.2.0157: Vim9: concatenation can be improved * patch 9.2.0156: perleval() and rubyeval() ignore security settings * patch 9.2.0155: filetype: ObjectScript are not recognized * patch 9.2.0154: if_lua: runtime error with lua 5.5 * patch 9.2.0153: No support to act as a channel server * patch 9.2.0152: concatenating strings is slow * patch 9.2.0151: blob_from_string() is slow for long strings * patch 9.2.0150: synchronized terminal update may cause display artifacts * patch 9.2.0149: Vim9: segfault when unletting an imported variable * patch 9.2.0148: Compile error when FEAT_DIFF is not defined * patch 9.2.0147: blob: concatenation can be improved * patch 9.2.0146: dictionary lookups can be improved * patch 9.2.0145: UTF-8 decoding and length calculation can be improved * patch 9.2.0144: 'statuslineopt' is a global only option * patch 9.2.0143: termdebug: no support for thread and condition in :Break * patch 9.2.0142: Coverity: Dead code warning * patch 9.2.0141: :perl ex commands allowed in restricted mode * patch 9.2.0140: file reading performance can be improved * patch 9.2.0139: Cannot configure terminal resize event * patch 9.2.0138: winhighlight option handling can be improved * patch 9.2.0137: [security]: crash with composing char in collection range * patch 9.2.0136: memory leak in add_interface_from_super_class() * patch 9.2.0135: memory leak in eval_tuple() * patch 9.2.0134: memory leak in socket_server_send_reply() * patch 9.2.0133: memory leak in netbeans_file_activated() * patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems * patch 9.2.0131: potential buffer overflow in regdump() * patch 9.2.0130: missing range flags for the :tab command * patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0 * patch 9.2.0128: Wayland: using _Boolean instead of bool type * patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal * patch 9.2.0126: String handling can be improved * patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind * patch 9.2.0124: auto-format may swallow white space * patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data() * patch 9.2.0122: Vim still supports compiling on NeXTSTEP * patch 9.2.0120: tests: test_normal fails * patch 9.2.0119: incorrect highlight initialization in win_init() * patch 9.2.0118: memory leak in w_hl when reusing a popup window * patch 9.2.0117: tests: test_wayland.vim fails * patch 9.2.0116: terminal: synchronized output sequences are buffered * patch 9.2.0115: popup: screen flickering possible during async callbacks * patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal * patch 9.2.0113: winhighlight pointer may be used uninitialized * patch 9.2.0112: popup: windows flicker when updating text * patch 9.2.0111: 'winhighlight' option not always applied ------------------------------------------------------------------ ------------------ 2026-4-1 - Apr 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - netfilter: nf_tables: unconditionally bump set->nelems before insertion (CVE-2026-23272 bsc#1260009). - commit 4898783 - btrfs: fix zero size inode with non-zero size after log replay (git-fixes). - commit f810098 - btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes). - commit 2a2fe4a - bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (CVE-2026-23319 bsc#1260735). - commit afdc54a - bpf: export bpf_link_inc_not_zero (CVE-2026-23319 bsc#1260735). - commit 3c0dee1 - net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). - net: mana: fix use-after-free in add_adev() error path (git-fixes). - commit dd3433a ++++ python-cryptography: - CVE-2026-34073: X.509 bypass of name constraints on wildcard SANs with matching peer names (bsc#1260876) Add patch CVE-2026-34073.patch ++++ suseconnect-ng: - Update version to 1.21.1: - Fix nil token handling (bsc#1261155) - Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). ------------------------------------------------------------------ ------------------ 2026-3-31 - Mar 31 2026 ------------------- ------------------------------------------------------------------ ++++ ignition: - Add CVE-2026-33186.patch * Fixes [bsc#1260251] ++++ kernel-default: - btrfs: fix reservation leak in some error paths when inserting inline extent (CVE-2025-71268 bsc#1259865). - commit f586cfb - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (CVE-2025-71269 bsc#1259889). - commit 2f2ec59 - kABI fix for ipvlan: Make the addrs_lock be per port (CVE-2026-23103 bsc#1257773). - ipvlan: Make the addrs_lock be per port (CVE-2026-23103 bsc#1257773). - commit 546f802 ------------------------------------------------------------------ ------------------ 2026-3-30 - Mar 30 2026 ------------------- ------------------------------------------------------------------ ++++ glibc: - resolv-count-resource-records.patch: resolv: Count records correctly (CVE-2026-4437, bsc#1260078, BZ #34014) - resolv-check-hostname.patch: resolv: Check hostname for validity (CVE-2026-4438, bsc#1260082, BZ #34015) ++++ kernel-default: - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). - commit 5f963b7 - rename Hyper-v patch files to simplify further SP6-SP7 merges - commit aa72668 - net/mlx5: Fix crash when moving to switchdev mode (git-fixes). - bonding: do not set usable_slaves for broadcast mode (git-fixes). - idpf: nullify pointers after they are freed (git-fixes). - gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (CVE-2026-23386 bsc#1260799). - commit 1051a48 - xen/privcmd: unregister xenstore notifier on module exit (git-fixes). - commit 0c94fec - xen/privcmd: restrict usage in unprivileged domU (bsc#1259707 CVE-2026-31788). - commit 0c51260 - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). - dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). - dmaengine: idxd: Fix leaking event log memory (git-fixes). - dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). - dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). - commit f22ea44 - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (CVE-2026-23317 bsc#1260562). - commit 62d1ba3 - PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (CVE-2026-23361 bsc#1260732). - commit e28de60 ++++ libtpms: - CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528) 0001-tpm2-Fix-potential-out-of-bound-access-abort-due-to-.patch ++++ python-requests: - CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589) Add patch CVE-2026-25645.patch ------------------------------------------------------------------ ------------------ 2026-3-28 - Mar 28 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Delete patches.suse/scsi-Fix-sas_user_scan-to-handle-wildcard-and-multi-channe.patch. See bsc#1257506. The git-fix being removed had issues and needs to be redesigned. In the mean time, reverting this addresses the problem. See: > https://bugzilla.suse.com/show_bug.cgi?id=1257506#c47 - commit 14d63c6 - hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes). - hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). - hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). - hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). - drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes). - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). - regmap: Synchronize cache for the page selector (git-fixes). - ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes). - ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). - ASoC: Intel: catpt: Fix the device initialization (git-fixes). - ALSA: firewire-lib: fix uninitialized local variable (git-fixes). - commit a2172e0 ------------------------------------------------------------------ ------------------ 2026-3-27 - Mar 27 2026 ------------------- ------------------------------------------------------------------ ++++ dpdk: - Update to version 22.11.11 - upstream bugfix release https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id29 - Summary: * app/testpmd: fix conntrack action query, fix DCB Rx queues, fix DCB Tx port, fix flex item link parsing * common/cnxk: fix async event handling * common/mlx5: release unused mempool entries * crypto/ipsec_mb: fix QP release in secondary * dmadev: fix debug build with tracepoints * dma/hisilicon: fix stop with pending transfers * doc: improve documentation for conntrack state inspect command, device argument in txgbe and ionic * eal: fix DMA mask validation with IOVA mode option * efd: fix AVX2 support * event/cnxk: fix Rx offload flags * eventdev: fix listing timer adapters with telemetry * fib6: fix tbl8 allocation check logic * graph: fix unaligned access in stats * hash: fix unaligned access in predictable RSS * net/af_packet: fix crash in secondary process * net/ark: remove double mbuf free * net/bonding: fix MAC address propagation in 802.3ad mode * net/dpaa2: fix duplicate call of close * net/dpaa2: fix L3/L4 checksum results * net/dpaa2: receive packets with additional parse errors * net/dpaa: fix resource leak * net/ena/base: fix unsafe memcpy on invalid memory * net/ena: fix PCI BAR mapping on 64K page size * net/enetfec: fix checksum flag handling and error return * net/enetfec: fix file descriptor leak on read error * net/enetfec: fix memory leak in Rx buffer cleanup * net/enetfec: fix out-of-bounds access in UIO mapping * net/enetfec: fix Tx queue free * net: fix L2 length for GRE packets * net/hns3: fix VLAN resources freeing * net/hns3: fix VLAN tag loss for short tunnel frame * net/i40e: fix symmetric Toeplitz hashing for SCTP * net/ice/base: fix integer overflow on NVM init * net/ice/base: fix memory leak in HW profile handling * net/ice/base: fix memory leak in recipe handling * net/ice: fix initialization with 8 ports * net/ice: fix memory leak in raw pattern parse * net/ice: fix path selection for QinQ Tx offload * net/ice: fix vector Rx VLAN offload flags * net/mlx5: fix connection tracking state item validation * net/mlx5: fix control flow leakage for external SQ * net/mlx5: fix ESP header match after UDP for group 0 * net/mlx5: fix flow aging race condition * net/mlx5: fix min and max MTU reporting * net/mlx5/hws: fix buddy memory allocation * net/ngbe: reduce memory size of ring descriptors * net/tap: fix interrupt callback crash after failed start * net/txgbe: various FDIR fixes * net/vmxnet3: fix mapping of mempools to queues * test/crypto: fix vector initialization * test/debug: fix crash with mlx5 devices * test/debug: fix IOVA mode on PPC64 without huge pages * vfio: fix custom containers in multiprocess * vhost: fix double fetch when dequeue offloading - Add libarchive as dependency, avoid errors like '/lib/firmware/... cannot be decompressed' (bsc#1260007) ++++ kernel-default: - libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303). - commit 7606f01 - wifi: libertas: fix use-after-free in lbs_free_adapter() (CVE-2026-23281 bsc#1260464). - commit 43b8c42 - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). - serial: 8250_pci: add support for the AX99100 (stable-fixes). - serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). - serial: 8250: Fix TX deadlock when using DMA (git-fixes). - spi: fix statistics allocation (git-fixes). - spi: fix use-after-free on controller registration failure (git-fixes). - wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). - wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). - wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes). - soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). - USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). - usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes). - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). - usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes). - usb: image: mdc800: kill download URB on timeout (stable-fixes). - usb: mdc800: handle signal and read racing (stable-fixes). - usb: yurex: fix race in probe (stable-fixes). - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes). - wifi: mac80211: set default WMM parameters on all links (stable-fixes). - usb: cdns3: fix role switching during resume (git-fixes). - USB: serial: f81232: fix incomplete serial port generation (stable-fixes). - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes). - usb: cdns3: remove redundant if branch (stable-fixes). - commit 9cd434e - nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). - pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes). - pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). - platform/x86: ISST: Correct locked bit width (git-fixes). - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). - mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). - mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). - mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). - mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes). - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). - mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). - NFC: nxp-nci: allow GPIOs to sleep (git-fixes). - net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). - net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). - PM: runtime: Fix a race condition related to device removal (git-fixes). - regulator: pca9450: Correct interrupt type (git-fixes). - platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). - pinctrl: equilibrium: fix warning trace on load (git-fixes). - pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). - net: usb: pegasus: validate USB endpoints (stable-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - regulator: pca9450: Make IRQ optional (stable-fixes). - PCI: Update BAR # and window messages (stable-fixes). - mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). - commit ec2548e - can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes). - i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). - i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). - drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). - drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). - drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). - drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). - firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes). - drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). - drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). - drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes). - drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes). - drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes). - drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). - mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). - media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes). - i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). - commit 19fcdc7 - Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes). - Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). - Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). - commit d4b4294 - ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes). - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). - Bluetooth: HIDP: Fix possible UAF (git-fixes). - Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes). - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes). - ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). - ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes). - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). - ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). - commit d930c45 - ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337 CVE-2026-23201). - commit c1d531a ++++ libpng16: - added patches CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754) * libpng16-CVE-2026-33416-1.patch * libpng16-CVE-2026-33416-2.patch * libpng16-CVE-2026-33416-3.patch * libpng16-CVE-2026-33416-4.patch CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755) * libpng16-CVE-2026-33636.patch ++++ polkit: - avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859) 0001-CVE-2026-4897-getline-string-overflow.patch ++++ python311-core: - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). ++++ python311: - Add CVE-2026-4519-webbrowser-open-dashes.patch to reject leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519, gh#python/cpython#143930). ------------------------------------------------------------------ ------------------ 2026-3-26 - Mar 26 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - libceph: make calc_target() set t->paused, not just clear it (bsc#1257682 CVE-2026-23047). - commit 9134bbf ++++ expat: - security update: * CVE-2026-32776: expat: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726) - Added patch expat-CVE-2026-32776.patch * CVE-2026-32777: expat: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259711) - Added patch expat-CVE-2026-32777.patch * CVE-2026-32778: expat: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729) - Added patch expat-CVE-2026-32778.patch ++++ openssl-3: - Security fixes: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441) * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta (bsc#1260442) * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443) * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444) * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445) * NULL pointer dereference when processing an OCSP response (bsc#1260446) * Add patches: openssl-CVE-2026-28387.patch openssl-CVE-2026-28388.patch openssl-CVE-2026-28388-tests.patch openssl-CVE-2026-28389.patch openssl-CVE-2026-31789.patch openssl-CVE-2026-31790.patch openssl-CVE-2026-31790-tests.patch openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch ------------------------------------------------------------------ ------------------ 2026-3-25 - Mar 25 2026 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - boo#1257934, 4070a748.patch: Fix build with nettle 4.0. ++++ kernel-default: - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). - commit f09c977 ++++ python311-core: - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). ++++ nvidia-open-driver-G06-signed: - adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again ... ++++ python311: - Add CVE-2025-13462-tarinfo-header-parse.patch which skips TarInfo DIRTYPE normalization during GNU long name handling (bsc#1259611, CVE-2025-13462). ------------------------------------------------------------------ ------------------ 2026-3-24 - Mar 24 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797) - commit b964f1d - RDMA/siw: Fix potential NULL pointer dereference in header processing (CVE-2026-23242 bsc#1259795) - commit b14d408 ------------------------------------------------------------------ ------------------ 2026-3-23 - Mar 23 2026 ------------------- ------------------------------------------------------------------ ++++ util-linux-systemd: - Recognize fuse "portal" as a virtual file system (boo#1234736, util-linux-libmount-fuse-portal.patch). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (boo#1222465, util-linux-libfdisk-ebr-missing-gap-1.patch, util-linux-tests-fdisk-ebr-missing-gap-1.patch, util-linux-tests-fdisk-ebr-missing-gap-2.patch, util-linux-libfdisk-ebr-missing-gap-2.patch, util-linux-tests-fdisk-ebr-missing-gap-3.patch). ++++ util-linux: - Recognize fuse "portal" as a virtual file system (boo#1234736, util-linux-libmount-fuse-portal.patch). - fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (boo#1222465, util-linux-libfdisk-ebr-missing-gap-1.patch, util-linux-tests-fdisk-ebr-missing-gap-1.patch, util-linux-tests-fdisk-ebr-missing-gap-2.patch, util-linux-libfdisk-ebr-missing-gap-2.patch, util-linux-tests-fdisk-ebr-missing-gap-3.patch). ++++ python311-core: - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ++++ python311: - Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding unbound C recursion in conv_content_model in pyexpat.c (bsc#1259735, CVE-2026-4224). - Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644). ++++ python-pyOpenSSL: - CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808) Add patch CVE-2026-27459.patch - CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804) Add patch CVE-2026-27448.patch ++++ tar: - Fix bsc#1246399 / CVE-2025-45582. - Add patch: * CVE-2025-45582.patch ------------------------------------------------------------------ ------------------ 2026-3-22 - Mar 22 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf, test_run: Subtract size of xdp_frame from allowed metadata size (CVE-2026-23140 bsc#1258305). - commit 2fff83a ------------------------------------------------------------------ ------------------ 2026-3-20 - Mar 20 2026 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 11.0.2 (bsc#1260421) + Add iputils as a dependency to make automatic NVIDIA repo enablement work - Update to version 11.0.1 + Fix attempt to read a deleted file resulting in an error. Refresh the file list for repos and services for each pass over the server domains we are looking to clean up the registration. + Update user visible messages only showing messages for the application configuration file. ++++ cockpit: - Update dependencies to fix bsc#1258641/CVE-2026-26996, bsc#1257836/CVE-2026-25547 ++++ nghttp2: - added patches CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845) * nghttp2-CVE-2026-27135.patch ++++ rust-keylime: - Suggests only the IMA policy package, and keep it as example (bsc#1259963) - Add Cargo_toml.patch to re-generate TSS bindings - Update to version 0.2.9+8: * build(deps): bump thiserror from 2.0.17 to 2.0.18 * build(deps): bump docker/login-action from 3 to 4 * build(deps): bump docker/metadata-action from 5 to 6 * Remove generate-bindings feature from tss-esapi * Use port constants instead of hardcoded values in tests * push-attestation: Use registrar TLS port when TLS is enabled * build(deps): bump docker/build-push-action from 6 to 7 * build(deps): bump actions/upload-artifact from 6 to 7 * dist: Make the services to conflict with each other * Bump version to 0.2.9 * build(deps): bump mockoon/cli-action from 2 to 3 * cargo: Bump tracing_subscriber to version 0.3.20 * cargo: Bump time to version 0.3.47 * build(deps): bump http from 1.3.1 to 1.4.0 * Update reqwest from 0.12 to 0.13 * build(deps): bump serde from 1.0.219 to 1.0.228 * auth: Load CA certificate in authentication client * packit: Add missing e2e tests * registrar: Rename insecure option to disable_tls * push-attestation: Drop self-signed mTLS certificate generation * config: Add missing config options to keylime-agent.conf * config: Add support for "default" in registrar_api_versions option * config: Add support for "default" in registrar_tls_ca_cert option * config: Drop unused config options and constants * push-attestation: Drop support for mTLS to registrar * push-attestation: Drop mTLS support and require PoP authentication * build(deps): bump clap from 4.5.45 to 4.5.54 * build(deps): bump actix-web from 4.11.0 to 4.12.1 * auth: Reuse existing ContextInfo to avoid duplicate TPM objects * resilient_client: Reauthenticate if a 403 error is received ------------------------------------------------------------------ ------------------ 2026-3-19 - Mar 19 2026 ------------------- ------------------------------------------------------------------ ++++ crypto-policies: - Add PQC support for OpenSSH (bsc#1258311, bsc#1259825) * Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default * Add crypto-policies-OpenSSH-PQC.patch ++++ kernel-default: - netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (CVE-2026-23231 bsc#1259188). - netfilter: nf_tables: register hooks last when adding new chain/flowtable (CVE-2026-23231 bsc#1259188). - commit fd540e6 ++++ systemd: - Import commit a943e3ce2f655b8509038e31f03f5ded18f24683 a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) 71593f77db udev: fix review mixup 73a89810b4 udev-builtin-net-id: print cescaped bad attributes 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX 40905232e2 udev: ensure tag parsing stays within bounds 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697) ++++ python-PyJWT: - Add format-license.patch to work with older setuptools. ------------------------------------------------------------------ ------------------ 2026-3-18 - Mar 18 2026 ------------------- ------------------------------------------------------------------ ++++ python311-core: - Fix changelog ++++ libzypp: - Fix preloader not caching packages from arch specific subrepos (bsc#1253740) - Deprioritize invalid mirrors (fixes openSUSE/zypper#636) - version 17.38.5 (35) ++++ nvidia-open-driver-G06-signed: - do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) - improved RPM description for -cuda and non-cuda variant ++++ python311: - Fix changelog ++++ python-PyJWT: - Skip failing tests (gh#jpadilla/pyjwt#1153) - Update to 2.12.1: - Add missing typing_extensions dependency for Python < 3.11 in [#1150] - Update to 2.12.0: - Fixed - Annotate PyJWKSet.keys for pyright by @tamird in #1134 - Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in #1133 - Do not keep algorithms dict in PyJWK instances by @akx in [#1143] - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f (bsc#1259616, CVE-2026-32597). - Use PyJWK algorithm when encoding without explicit algorithm in #1148 - Added - Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). v2.11.0 - Fixed - Enforce ECDSA curve validation per RFC 7518 Section 3.4. - Fix build system warnings by @kurtmckee in #1105 - Validate key against allowed types for Algorithm family in [#964] - Add iterator for JWKSet in #1041 - Validate iss claim is a string during encoding and decoding by @pachewise in #1040 - Improve typing/logic for options in decode, decode_complete by @pachewise in #1045 - Declare float supported type for lifespan and timeout by @nikitagashkov in #1068 - Fix SyntaxWarnings/DeprecationWarnings caused by invalid escape sequences by @kurtmckee in #1103 - Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in #1114 - Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in #1112 - Added - Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in #1104 - Development: Migrate to build to test package building in CI by @kurtmckee in #1108 - Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in #1115 - Docs: Standardize CHANGELOG links to PRs by @kurtmckee in [#1110] - Docs: Fix Read the Docs builds by @kurtmckee in #1111 - Docs: Add example of using leeway with nbf by @djw8605 in [#1034] - Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in #1045 - Docs: Documentation improvements for "sub" and "jti" claims by @cleder in #1088 - Development: Add pyupgrade as a pre-commit hook by @kurtmckee in #1109 - Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead. - Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions. ------------------------------------------------------------------ ------------------ 2026-3-17 - Mar 17 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: target: target_core_configfs: Add length check to avoid buffer overflow (CVE-2025-39998 bsc#1252073). - commit dff8745 - l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280) - commit 975023c - pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (CVE-2026-23187 bsc#1258330) - commit 4b333af - phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (CVE-2026-23030 bsc#1257561) - commit 4c335f0 - Use unified maintainers' email address - commit a7ec874 - Use unified maintainers' email address - commit e7955e0 - Use unified maintainers' email address - commit 3c803fb ++++ python-tornado6: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553) * added CVE-2026-31958.patch - VUL-0: incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630) * added VUL-0-cookie-attribute-validation.patch ++++ ovmf: - Update mbedtls to 3.6.5 to fix CVE-2025-59438 (bsc#1252441) - Requires Mbed TLS 3.6.5 or higher to mitigate vulnerability. ------------------------------------------------------------------ ------------------ 2026-3-16 - Mar 16 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net/mana: Null service_wq on setup error to prevent double destroy (git-fix). - commit 4b21ba9 - iomap: adjust read range correctly for non-block-aligned positions (CVE-2025-68794 bsc#1256647) - commit bad6b8a ++++ nvidia-open-driver-G06-signed: - add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open-driver-G06-signed-kmp-meta for TW ... (boo#1259740) ++++ pcr-oracle: - Update to 0.6.0 + Initial support for CI tests + Fix additional arguments following the PCR index + CI: Shutdown the swtpm instance after tests + Fix stop event check crash for grub-command (bsc#1258119) + Print PCR values during signing or sealing ------------------------------------------------------------------ ------------------ 2026-3-15 - Mar 15 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes). - usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). - usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). - usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes). - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). - USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes). - USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). - usb: core: don't power off roothub PHYs if phy_set_mode() fails (git-fixes). - iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes). - iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes). - iio: dac: ds4424: reject -128 RAW value (git-fixes). - iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes). - iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). - iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). - commit 4702653 ------------------------------------------------------------------ ------------------ 2026-3-14 - Mar 14 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). - ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). - ASoC: detect empty DMI strings (git-fixes). - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). - ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes). - ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). - ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). - commit 1a186d1 ------------------------------------------------------------------ ------------------ 2026-3-13 - Mar 13 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (CVE-2025-71231 bsc#1258424). - commit f8a95c7 - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125 bsc#1258293). - commit 6e65546 - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). - commit 042631f - ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). - can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). - net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). - net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes). - qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). - remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). - commit 5d32ac9 - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). - commit 9f31a2e ++++ python311-core: - Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch ensuring that `SourcelessFileLoader` uses `io.open_code` when opening `.pyc` files (bsc#1259240, CVE-2026-2297). ++++ sqlite3: - Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. ++++ python311: - Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch ensuring that `SourcelessFileLoader` uses `io.open_code` when opening `.pyc` files (bsc#1259240, CVE-2026-2297). ------------------------------------------------------------------ ------------------ 2026-3-12 - Mar 12 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). - commit 4fde182 - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - net: mana: Support HW link state events (bsc#1253049). - Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). - Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes). - Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). - scsi: storvsc: Remove redundant ternary operators (git-fixes). - RDMA/mana_ib: Extend modify QP (git-fixes). - RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). - net: mana: Reduce waiting time if HWC not responding (bsc#1252266). - RDMA/mana_ib: add support of multiple ports (bsc#1251135). - RDMA/mana_ib: add additional port counters (bsc#1251135). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: Add device statistics support (git-fixes). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). - net: mana: Handle unsupported HWC commands (git-fixes). - net: mana: Fix warnings for missing export.h header inclusion (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - net: mana: Add support for auxiliary device servicing events (bsc#1251971). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: support of the zero based MRs (bsc#1251135). - RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). - RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). - RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). - net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). - RDMA/mana_ib: Use safer allocation function() (bsc#1251135). - RDMA/mana_ib: Implement DMABUF MR support (git-fixes). - RDMA/mana_ib: Fix error code in probe() (git-fixes). - RDMA/mana_ib: Add port statistics support (git-fixes). - RDMA/mana_ib: request error CQEs when supported (git-fixes). - RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). - RDMA/mana_ib: indicate CM support (git-fixes). - RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). - RDMA/mana_ib: extend mana QP table (git-fixes). - RDMA/mana_ib: implement req_notify_cq (git-fixes). - RDMA/mana_ib: UD/GSI work requests (git-fixes). - RDMA/mana_ib: create/destroy AH (git-fixes). - RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). - RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). - RDMA/mana_ib: create kernel-level CQs (git-fixes). - RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). - RDMA/mana_ib: implement get_dma_mr (git-fixes). - RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). - PCI: hv: Correct a comment (git-fixes). - net: mana: Add metadata support for xdp mode (git-fixes). - tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). - tools/hv: add a .gitignore file (git-fixes). - tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). - hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). - net: mana: use ethtool string helpers (git-fixes). - tools: hv: lsvmbus: change shebang to use python3 (git-fixes). - RDMA/mana_ib: Set correct device into ib (git-fixes). - RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). - RDMA/mana_ib: extend query device (git-fixes). - RDMA/mana_ib: set node_guid (git-fixes). - RDMA/mana_ib: Modify QP state (git-fixes). - RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). - RDMA/mana_ib: Create and destroy RC QP (git-fixes). - net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). - RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). - RDMA/mana_ib: boundary check before installing cq callbacks (git-fixes CVE-2024-38542 bsc#1226591). - RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). - RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). - RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). - RDMA/mana_ib: Fix missing ret value (git-fixes). - RDMA/mana_ib: Configure mac address in RNIC (git-fixes). - RDMA/mana_ib: Adding and deleting GIDs (git-fixes). - RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). - RDMA/mana_ib: Implement port parameters (git-fixes). - RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). - RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). - RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). - RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). - RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes). - hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes). - RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). - RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). - RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). - commit 8690084 ++++ libsolv: - respect the "default" attribute in environment optionlist in the comps parser - support suse namespace deps in boolean dependencies [bsc#1258193] - support for the Elbrus2000 (e2k) architecture - support language() suse namespace rewriting - bump version to 0.7.36 ++++ libssh: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377) Added libssh-CVE-2026-3731.patch ++++ suseconnect-ng: - Update version to 1.21: - Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). - Support new profile based metric collection - Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) - Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). - Removed backport patch: fix-libsuseconnect-and-pci.patch - Add missing product id to allow yast2-registration to not break (bsc#1257825) - Fix libsuseconnect APIError detection logic (bsc#1257825) ------------------------------------------------------------------ ------------------ 2026-3-11 - Mar 11 2026 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add NetworkManager-CVE-2025-9615.patch: avoid that non-admin user using other users' certificates (bsc#1257359, CVE-2025-9615, glfd#NetworkManager/NetworkManager!2324). ++++ kernel-default: - s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084). - commit a33e581 ++++ libsoup: - Refresh some patches to match the output from gitlab.gnome.org. ++++ vim: * Update Vim to version 9.2.0110 (from 9.2.0045). * Specifically, this fixes bsc#1259051 / CVE-2026-28417. ------------------------------------------------------------------ ------------------ 2026-3-10 - Mar 10 2026 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 11.0.0 (bsc#1254960, bsc#1254982, bsc#1253777) + Major version bump for main package and plugin sub-packages due to interpreter change in SLE 15 SP4+ from Python 3.6 to Python 3.11 + Create cache directory in code and drop from package (jsc#PED-14732) + Fix race condition between license watcher timer and registration (bsc#1254984) + Fix cleanup issue in hosts (bsc#1254702) + Fix cache clean up + Fix exit condition from container registry setup + Lock the registration process to ensure single execution (bsc#1254984) + Fix traceback on FP and cert mismatch + Switch remaining code to updated logging implementation + Increase loggin information in log to help with issue debugging + Fix exit code on partial registration success + Remove obsolete switchcloudguestservices ++++ kernel-default: - Update config files (bsc#1254306). - commit 3c7bab7 - s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). - commit 165c4b3 ++++ libzypp: - Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. - version 17.38.4 (35) ------------------------------------------------------------------ ------------------ 2026-3-9 - Mar 9 2026 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fixes: * CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362) * CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363) * CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364) * CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365) * Add patches: - curl-CVE-2026-1965.patch - curl-CVE-2026-3783.patch - curl-CVE-2026-3784.patch - curl-CVE-2026-3805.patch ++++ kernel-default: - KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (bsc#1253122). - Refresh patches.suse/KVM-x86-mmu-Move-private-vs.-shared-check-above-slot.patch. - commit 1f79320 ------------------------------------------------------------------ ------------------ 2026-3-8 - Mar 8 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). - hwmon: (it87) Check the it87_lock() return value (git-fixes). - commit 29de358 ------------------------------------------------------------------ ------------------ 2026-3-7 - Mar 7 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). - drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes). - commit 76161b1 ------------------------------------------------------------------ ------------------ 2026-3-6 - Mar 6 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tracing: Fix crash on synthetic stacktrace field usage (CVE-2026-23088 bsc#1257814). - commit 5950c9c - tracing: Do not register unsupported perf events (CVE-2025-71125 bsc#1256784). - commit 83b1b69 - nfc: rawsock: cancel tx_work before socket teardown (git-fixes). - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes). - nfc: nci: free skb on nci_transceive early error paths (git-fixes). - net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). - can: ucan: Fix infinite loop from zero-length messages (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). - can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). - can: bcm: fix locking for bcm_op runtime updates (git-fixes). - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). - wifi: wlcore: Fix a locking bug (git-fixes). - wifi: cw1200: Fix locking in error paths (git-fixes). - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). - batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). - commit 502e268 ++++ python311-core: - Update to 3.11.15: - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead (bsc#1254997, CVE-2025-12084). - gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser. - gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran. - gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974, CVE-2025-6075). - gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400). - gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes. - gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (bsc#1254401, CVE-2025-13837). - Library - gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed. - gh-144363: Update bundled libexpat to 2.7.4 - gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bénédikt Tran. - Core and Builtins - gh-120384: Fix an array out of bounds crash in list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it. - gh-120298: Fix use-after free in list_richcompare_impl which can be invoked via some specificly tailored evil input. Remove upstreamed patches: - CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2025-12084-minidom-quad-search.patch - CVE-2025-13836-http-resp-cont-len.patch - CVE-2025-13837-plistlib-mailicious-length.patch - CVE-2025-6075-expandvars-perf-degrad.patch - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - CVE-2026-0865-wsgiref-ctrl-chars.patch - CVE-2025-15282-urllib-ctrl-chars.patch ++++ libzypp: - specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined (fixes #693) This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. - Fall back to a writable location when precaching packages without root (bsc#1247948) - version 17.38.3 (35) ++++ python311: - Update to 3.11.15: - Security - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead (bsc#1254997, CVE-2025-12084). - gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser. - gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran. - gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974, CVE-2025-6075). - gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400). - gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes. - gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (bsc#1254401, CVE-2025-13837). - Library - gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed. - gh-144363: Update bundled libexpat to 2.7.4 - gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bénédikt Tran. - Core and Builtins - gh-120384: Fix an array out of bounds crash in list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it. - gh-120298: Fix use-after free in list_richcompare_impl which can be invoked via some specificly tailored evil input. Remove upstreamed patches: - CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2025-12084-minidom-quad-search.patch - CVE-2025-13836-http-resp-cont-len.patch - CVE-2025-13837-plistlib-mailicious-length.patch - CVE-2025-6075-expandvars-perf-degrad.patch - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - CVE-2026-0865-wsgiref-ctrl-chars.patch - CVE-2025-15282-urllib-ctrl-chars.patch ++++ zypper: - Report download progress for command line rpms (fixes #613) - Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) - Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. - Keep repo data when updating the service settings (bsc#1252744) - info: Enhance pattern content table (bsc#1158038) Alternatives (multiple packages providing the same requirement) are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Listing all potential alternatives was miss leading, especially if the alternatives were mutual exclusive. It looked like an installed pattern had not-installed requirements and it was not possible to install all requirements at the same time. - version 1.14.95 ------------------------------------------------------------------ ------------------ 2026-3-5 - Mar 5 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ASoC: nau8821: Cancel pending work before suspend (git-fixes). - ASoC: nau8821: Cancel delayed work on component remove (git-fixes). - commit b862c94 - spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes). - thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes). - watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes). - wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes). - wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes). - wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes). - wifi: ath12k: fix preferred hardware mode calculation (stable-fixes). - wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes). - wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes). - wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes). - wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes). - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes). - wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes). - wifi: libertas: fix WARNING in usb_tx_block (stable-fixes). - spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (stable-fixes). - spi: spi-mem: Limit octal DTR constraints to octal DTR situations (stable-fixes). - spi: stm32: fix Overrun issue at < 8bpw (stable-fixes). - spi-geni-qcom: initialize mode related registers to 0 (stable-fixes). - spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes). - tools/power cpupower: Reset errno before strtoull() (stable-fixes). - spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes). - commit 9ae9cd6 - PCI: Add defines for bridge window indexing (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 7f99d8e - PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros (stable-fixes). - Refresh patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch. - commit 8b1fafb - media: dvb-net: fix OOB access in ULE extension header tables (git-fixes). - rtc: zynqmp: correct frequency value (stable-fixes). - ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes). - ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes). - net: usb: catc: enable basic endpoint checking (git-fixes). - phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes). - phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes). - soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes). - serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (stable-fixes). - serial: 8250_dw: handle clock enable errors in runtime_resume (stable-fixes). - staging: rtl8723bs: fix memory leak on failure path (stable-fixes). - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes). - iio: Use IRQF_NO_THREAD (stable-fixes). - Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" (git-fixes). - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes). - misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes). - misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes). - net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() (git-fixes). - nfc: nxp-nci: remove interrupt trigger type (stable-fixes). - myri10ge: avoid uninitialized variable use (stable-fixes). - net: usb: sr9700: remove code to drive nonexistent multicast filter (stable-fixes). - net: usb: r8152: fix transmit queue timeout (stable-fixes). - PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port (stable-fixes). - PCI: Enable ACS after configuring IOMMU for OF platforms (stable-fixes). - PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes). - PCI: Fix pci_slot_lock () device locking (stable-fixes). - PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes). - PCI: Mark ASM1164 SATA controller to avoid bus reset (stable-fixes). - media: rkisp1: Fix filter mode register configuration (stable-fixes). - media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes). - media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes). - media: solo6x10: Check for out of bounds chip_id (stable-fixes). - media: adv7180: fix frame interval in progressive mode (stable-fixes). - media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes). - media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes). - media: omap3isp: set initial format (stable-fixes). - media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes). - media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes). - HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes). - HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes). - HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes). - HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes). - HID: magicmouse: Do not crash on missing msc->input (stable-fixes). - HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes). - hwmon: (f71882fg) Add F81968 support (stable-fixes). - hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes). - gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes). - PCI/MSI: Unmap MSI-X region on error (stable-fixes). - i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes). - spi: wpcm-fiu: Fix uninitialized res (git-fixes). - spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname() (stable-fixes). - PCI: Log bridge info when first enumerating bridge (stable-fixes). - PCI: Log bridge windows conditionally (stable-fixes). - PCI: Supply bridge device, not secondary bus, to read window details (stable-fixes). - PCI: Move pci_read_bridge_windows() below individual window accessors (stable-fixes). - commit 291a680 - ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes). - drm/amdgpu: Add HAINAN clock adjustment (stable-fixes). - drm/radeon: Add HAINAN clock adjustment (stable-fixes). - drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes). - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes). - drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes). - drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes). - dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes). - dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes). - fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes). - fix it87_wdt early reboot by reporting running timer (stable-fixes). - fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes). - ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes). - Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes). - Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes). - Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes). - Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes). - drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts (stable-fixes). - drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes). - drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes). - drm: Account property blob allocations to memcg (stable-fixes). - drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes). - drm/amdgpu: avoid a warning in timedout job handler (stable-fixes). - drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes). - drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes). - drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes). - drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes). - ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes). - ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes). - ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug (stable-fixes). - ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes). - ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes). - char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes). - docs: fix WARNING document not included in any toctree (stable-fixes). - drm/amdkfd: fix debug watchpoints for logical devices (stable-fixes). - commit 0c8127e - ASoC: nau8821: Consistently clear interrupts before unmasking (git-fixes). - Refresh patches.suse/ASoC-nau8821-Add-DMI-quirk-to-bypass-jack-debounce-c.patch. - commit abf4286 - ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes). - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes). - ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes). - APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes). - ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes). - ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes). - ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes). - commit d3af28a - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169 bsc#1258389). - commit fdf82e1 - net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154 bsc#1258286). - commit fa03082 - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit bd83957 ++++ libsoup: - Update libsoup-CVE-2026-0716.patch to incorporate glgo#GNOME/libsoup!518. The original fix was incomplete (bsc#1256418 CVE-2026-0716 glgo#GNOME/libsoup#476). ++++ nvidia-open-driver-G06-signed: - adjusted logic for %suse_version bump with SLE16.1 Beta2 (jsc#PED-15826) ------------------------------------------------------------------ ------------------ 2026-3-4 - Mar 4 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069). - Refresh patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch. - commit aab63d9 - net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204 bsc#1258340). In addition backport 13e00fdc9236b which introduces skb_header_pointer_careful() helper which is required. - commit 926e136 ++++ salt: - Make syntax in httputil_test compatible with Python 3.6 - Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Speed up wheel key.finger call (bsc#1240532) - Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) - Simplify and speed up utils.find_json function (bsc#1246130) - Extend warn_until period to 2027 - Added: * fix-tornado-s-httputil_test-syntax-for-python-3.6.patch * backport-add-maintain-m-privilege-to-postgres-module.patch * use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch * speedup-wheel-key.finger-call-bsc-1240532-713.patch * fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch * simplify-utils.json.find_json-function.patch * extend-fails-to-warnings-until-2027-742.patch ++++ suseconnect-ng: - Regressions found during QA test runs: - Ignore product in announce call (bsc#1257490) - Registration to SMT server with failed (bsc#1257625) - Backported by PATCH: fix-libsuseconnect-and-pci.patch ++++ tar: - Add tar-fix-deletion-from-archive.patch * Fixes tar creating invalid tarballs when used with --delete (bsc#1246607) * Add makeinfo build requirement, needed after the addition of the patch ++++ vim: * Update Vim to version 9.2.0045 (from 9.1.1629). * Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed upstream). * Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed upstream). * Drop obsolete or upstreamed patches: - vim-7.3-filetype_spec.patch - vim-7.4-filetype_apparmor.patch - vim-8.2.2411-globalvimrc.patch * Refresh the following patches: - vim-7.3-filetype_changes.patch - vim-7.3-filetype_ftl.patch - vim-7.3-sh_is_bash.patch - vim-9.1.1134-revert-putty-terminal-colors.patch * Remove autoconf from BuildRequires and drop the autoconf call in %build. * Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8) during %install. ------------------------------------------------------------------ ------------------ 2026-3-3 - Mar 3 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cifs: add xid to query server interface call (git-fixes). - Refresh patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch. - Refresh patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch (bsc#1258928,bsc#1259070). - Refresh patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch. - Refresh patches.suse/cifs-add-xid-to-query-server-interface-call.patch. - commit e67e831 - iommu/mediatek: fix use-after-free on probe deferral (CVE-2025-71071 bsc#1256802). - commit 0b777d9 - bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748 bsc#1249587). - commit 9bb0920 - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998 CVE-2025-39817). - commit ccf2d31 ++++ freetype2: - update to 2.14.2 - Important changes * Several changes related to LCD filtering are implemented to achieve better performance and encourage sound practices. + Instead of blanket LCD filtering over the entire bitmap, it is now applied only to non-zero spans using direct rendering. This speeds up the ClearType-like rendering by more than 40% at sizes above 32 ppem. + Setting the filter weights with FT_Face_Properties is no longer supported. The default and light filters are optimized to work with any face. + The legacy libXft LCD filter algorithm is no longer provided. - Important bug fixes * A bunch of potential security problems have been found (bsc#1259118, CVE-2026-23865). All users should update. * The italic angle in `PS_FontInfo` is now stored as a fixed-point value in degrees for all Type 1 fonts and their derivatives, consistent with CFF fonts and common practices. The broken underline position and thickness values are fixed for CFF fonts. - Miscellaneous * The `x` field in the `FT_Span` structure is now unsigned. * Demo program `ftgrid` got an option `-m` to select a start character to display. * Similarly, demo program `ftmulti` got an option `-m` to select a text string for rendering. * Option `-d` in the demo program `ttdebug` is now called `-a`, expecting a comma-separated list of axis values. The user interface is also slightly improved. * The `ftinspect` demo program can now be compiled with Qt6, too. ------------------------------------------------------------------ ------------------ 2026-3-2 - Mar 2 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (CVE-2026-23113 bsc#1258278). - commit 2e91927 - libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379). - commit 1c35b41 - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (CVE-2026-23179 bsc#1258394). - commit 63de389 - btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683 CVE-2025-68778). - commit 0cd8ff8 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (CVE-2026-23112 bsc#1258184). - commit e38d2c3 - landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698). - commit cdf3815 - landlock: Optimize file path walks and prepare for audit support (bsc#1255698). - commit 5db1b51 - pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (CVE-2026-23116 bsc#1258277). - commit 1905ad8 - Add bugnumber to existing mana change (bsc#1251971). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - commit 425b20d - bonding: fix use-after-free due to enslave fail after slave array update (CVE-2026-23171 bsc#1258349). - bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119 bsc#1258273). - fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083 bsc#1257745). - bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099 bsc#1257816). - net: bonding: update the slave array for broadcast mode (CVE-2026-23171 bsc#1258349). - commit d461cd4 - Update patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch (stable-fixes CVE-2026-23157 bsc#1258376). - Update patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch (bsc#1257473 CVE-2026-23054 bsc#1257732). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-handler.patch (bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_combined.patch (bsc#1257952 CVE-2026-23202 bsc#1258338). - commit 9f4fee7 - Update patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch (git-fixes CVE-2025-71192 bsc#1257679). - Update patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch (stable-fixes CVE-2026-23076 bsc#1257788). - Update patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch (git-fixes CVE-2026-23078 bsc#1257789). - Update patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch (git-fixes CVE-2026-23190 bsc#1258397). - Update patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch (git-fixes CVE-2026-23151 bsc#1258237). - Update patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch (git-fixes CVE-2026-23146 bsc#1258234). - Update patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch (stable-fixes CVE-2026-23178 bsc#1258358). - Update patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch (git-fixes CVE-2026-23221 bsc#1258660). - Update patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch (git-fixes CVE-2026-23058 bsc#1257739). - Update patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch (git-fixes CVE-2026-23037 bsc#1257554). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch (git-fixes CVE-2026-23155 bsc#1258313). - Update patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch (git-fixes CVE-2026-23082 bsc#1257715). - Update patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch (stable-fixes CVE-2025-71182 bsc#1257586). - Update patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch (git-fixes CVE-2026-23061 bsc#1257776). - Update patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23080 bsc#1257714). - Update patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch (git-fixes CVE-2026-23108 bsc#1257770). - Update patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch (git-fixes CVE-2025-71231 bsc#1258424). - Update patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch (git-fixes CVE-2026-23222 bsc#1258484). - Update patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch (git-fixes CVE-2026-23229 bsc#1258429). - Update patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch (git-fixes CVE-2025-71191 bsc#1257579). - Update patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch (git-fixes CVE-2025-71190 bsc#1257580). - Update patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch (git-fixes CVE-2025-71189 bsc#1257573). - Update patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch (git-fixes CVE-2025-71188 bsc#1257576). - Update patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch (git-fixes CVE-2026-23033 bsc#1257570). - Update patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch (git-fixes CVE-2026-23026 bsc#1257562). - Update patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch (git-fixes CVE-2025-71185 bsc#1257560). - Update patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch (git-fixes CVE-2025-71195 bsc#1257704). - Update patches.suse/dpll-Prevent-duplicate-registrations.patch (git-fixes CVE-2026-23129 bsc#1258299). - Update patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch (git-fixes CVE-2026-23163 bsc#1258544). - Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch (git-fixes CVE-2026-23170 bsc#1258379). - Update patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch (git-fixes CVE-2026-23049 bsc#1257723). - Update patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch (git-fixes CVE-2026-23156 bsc#1258317). - Update patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch (git-fixes CVE-2026-23145 bsc#1258326). - Update patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch (git-fixes CVE-2025-71199 bsc#1257750). - Update patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch (git-fixes CVE-2025-71198 bsc#1257741). - Update patches.suse/intel_th-fix-device-leak-on-output-open.patch (git-fixes CVE-2026-23091 bsc#1257813). - Update patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch (git-fixes CVE-2026-23101 bsc#1257768). - Update patches.suse/mISDN-annotate-data-race-around-dev-work.patch (git-fixes CVE-2026-23121 bsc#1258309). - Update patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch (git-fixes CVE-2025-71200 bsc#1258222). - Update patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch (git-fixes CVE-2026-23021 bsc#1257557). - Update patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch (git-fixes CVE-2026-23172 bsc#1258519). - Update patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch (git-fixes CVE-2026-23150 bsc#1258354). - Update patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch (git-fixes CVE-2026-23167 bsc#1258374). - Update patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch (git-fixes CVE-2025-71196 bsc#1257716). - Update patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch (git-fixes CVE-2026-23176 bsc#1258256). - Update patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch (git-fixes CVE-2026-23071 bsc#1257706). - Update patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch (bsc#1256863 CVE-2025-71235 bsc#1258469). - Update patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch (bsc#1256863 CVE-2025-71232 bsc#1258422). - Update patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch (bsc#1256863 CVE-2025-71236 bsc#1258442). - Update patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch (git-fixes CVE-2026-23090 bsc#1257759). - Update patches.suse/spi-spi-sprd-adi-Fix-double-free-in-probe-error-path.patch (git-fixes CVE-2026-23068 bsc#1257805). - Update patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch (git-fixes CVE-2026-23182 bsc#1258259). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch (git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524). - Update patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch (git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338). - Update patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch (git-fixes CVE-2026-23063 bsc#1257722). - Update patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch (git-fixes CVE-2026-23096 bsc#1257809). - Update patches.suse/uacce-fix-isolate-sysfs-check-condition.patch (git-fixes CVE-2026-23094 bsc#1257811). - Update patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch (git-fixes CVE-2026-23056 bsc#1257729). - Update patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch (git-fixes CVE-2025-71197 bsc#1257743). - Update patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23133 bsc#1258249). - Update patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch (git-fixes CVE-2026-23135 bsc#1258245). - Update patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch (git-fixes CVE-2026-23152 bsc#1258252). - Update patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch (stable-fixes CVE-2025-71224 bsc#1258824). - Update patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch (git-fixes CVE-2026-23073 bsc#1257707). - Update patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch (git-fixes CVE-2025-71234 bsc#1258419). - Update patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch (git-fixes CVE-2025-71229 bsc#1258415). - Update patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch (stable-fixes CVE-2025-71222 bsc#1258279). - commit 30080c1 - smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924, CVE-2025-40103). - commit 2028384 - cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911, CVE-2025-40099). - commit 821259f - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit 1325cd1 - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CVE-2026-23166 bsc#1258272). - net/mlx5e: TC, delete flows only for existing peers (CVE-2026-23173 bsc#1258520). - commit 1315a36 ++++ openssh: - Add openssh-7.7p1-gssapi-new-unique.patch (bsc#1258166). This allows using SSSD with a non-file backend. ++++ virtiofsd: - Add CVE-2026-25727.patch: Avoid denial of service when parsing Rfc2822(bsc#1257912 CVE-2026-25727). ------------------------------------------------------------------ ------------------ 2026-3-1 - Mar 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes). - commit 13b0bcb ++++ util-linux-systemd: - Use full hostname for PAM to ensure correct access control for "login -h" (bsc#1258859, CVE-2026-3184, util-linux-CVE-2026-3184.patch). ++++ util-linux: - Use full hostname for PAM to ensure correct access control for "login -h" (bsc#1258859, CVE-2026-3184, util-linux-CVE-2026-3184.patch). ------------------------------------------------------------------ ------------------ 2026-2-28 - Feb 28 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes). - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes). - commit 94dd673 - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes). - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes). - ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes). - ALSA: usb-audio: Use inclusive terms (git-fixes). - ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes). - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes). - drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes). - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes). - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes). - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes). - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes). - commit b1fa310 ------------------------------------------------------------------ ------------------ 2026-2-27 - Feb 27 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110 bsc#1257761). - commit 59f5efa - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 3cd007f - btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635 CVE-2025-71184). - commit 5bf422c - netfilter: nf_conncount: update last_gc only when GC has been performed (CVE-2026-23139 bsc#1258304). - commit 9a70b26 - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181). - commit 56db8af - ipmi: ipmb: initialise event handler read bytes (git-fixes). - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes). - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes). - wifi: radiotap: reject radiotap with unknown bits (git-fixes). - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes). - wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes). - net: usb: kaweth: validate USB endpoints (git-fixes). - net: usb: kalmia: validate USB endpoints (git-fixes). - nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes). - Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes). - Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes). - net: usb: pegasus: enable basic endpoint checking (git-fixes). - net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes). - net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes). - net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes). - commit d2c7de0 ++++ systemd: - Import commit aef6e11921f8c46a2b7ee8cfab024c9c641d74d8 aef6e11921 core/cgroup: avoid one unnecessary strjoina() cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements 26a748f727 core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs ------------------------------------------------------------------ ------------------ 2026-2-26 - Feb 26 2026 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Fix spec file for SLFO 1.1 target glibc-gconv-modules-extra does not exist in SLFO 1.1 ++++ kernel-default: - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687 CVE-2025-71194). - commit 2e0cb69 - drm/amdgpu: ensure no_hw_access is visible before MMIO (CVE-2026-23213 bsc#1258465). - commit bec3979 - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (CVE-2026-23213 bsc#1258465). - commit 3b81ead - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes). - commit ba51966 ++++ nvidia-open-driver-G06-signed: - updated CUDA variant to version 580.126.20 - supersedes kernel-6.19.patch ------------------------------------------------------------------ ------------------ 2026-2-25 - Feb 25 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053 bsc#1257718). - commit 492ba43 - KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198 bsc#1258321). - commit e973f50 - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810 bsc#1256679). - commit a9c2c12 ++++ libsoup: - Add libsoup-CVE-2026-1760.patch: server: close the connection after responsing a request containing... (bsc#1257597, CVE-2026-1760, glgo#GNOME/libsoup#475). - Add libsoup-CVE-2026-1467.patch: uri-utils: do host validation when checking if a GUri is valid (bsc#1257398, CVE-2026-1467, glgo#GNOME/libsoup#488). - Add libsoup-CVE-2026-1539.patch: Also remove Proxy-Authorization header on cross origin redirect (bsc#1257441, CVE-2026-1539, glgo#GNOME/libsoup#489). ++++ qemu: - Bug and CVE fixes: * cryptodev-builtin: Limit the maximum size (bsc#1255400, CVE-2025-14876) * hw/virtio/virtio-crypto: verify asym request size (bsc#1255400, CVE-2025-14876) * hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665) ------------------------------------------------------------------ ------------------ 2026-2-24 - Feb 24 2026 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Fix upstream merge README ++++ gnutls: - Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. * (bsc#1258083, jsc#PED-15752, jsc#PED-15753) * lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2 * tests/psk-file: Add testing for _credentials2 functions * lib/psk: add null check for binder algo * pre_shared_key: fix memleak when retrying with different binder algo * pre_shared_key: add null check on pskcred * Add patches: - gnutls-PSK-hash.patch - gnutls-PSK-hash-tests.patch - gnutls-PSK-hash-NULL-check.patch - gnutls-PSK-hash-NULL-check-pskcred.patch - gnutls-PSK-hash-fix-memleak.patch ++++ kernel-default: - md: suspend array while updating raid_disks via sysfs (CVE-2025-71225, bsc#1258411). - commit 22f1953 - smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129, CVE-2025-68295). - commit 069aa1f - Refresh patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch. - commit f42de87 - Move upstreamed mm and SCSI patches into sorted section - commit 2b576e9 - btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141). - commit b93c18b - btrfs: reject new transactions if the fs is fully read-only (bsc#1258464 CVE-2026-23214). - commit c375a48 ------------------------------------------------------------------ ------------------ 2026-2-23 - Feb 23 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979 bsc#1257228). - commit 59160d7 - rpm/check-for-config-changes: add OPENSSL_SUPPORTS_ to IGNORED_CONFIGS_RE Config option OPENSSL_SUPPORTS_ML_DSA was introduced by mainline commit 0ad9a71933e7 ("modsign: Enable ML-DSA module signing") in 7.0-rc1 - commit 21b4616 - macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23209 bsc#1258518). - macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209 bsc#1258518). - commit eaf1535 - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - commit 0b66a07 - rtc: interface: Alarm race handling should not discard preceding error (git-fixes). - commit f96272c ------------------------------------------------------------------ ------------------ 2026-2-22 - Feb 22 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes). - commit 269c576 ------------------------------------------------------------------ ------------------ 2026-2-21 - Feb 21 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: usb-audio: Use the right limit for PCM OOB check (CVE-2026-23208 bsc#1258468). - ALSA: usb-audio: Prevent excessive number of frames (CVE-2026-23208 bsc#1258468). - commit 895c473 - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes). - drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes). - drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/i915/acpi: free _DSM package when no connectors (git-fixes). - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes). - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes). - efi: Fix reservation of unaccepted memory table (git-fixes). - commit 2183b13 ------------------------------------------------------------------ ------------------ 2026-2-20 - Feb 20 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861 bsc#1243055). - commit 807000c - net: nfc: nci: Fix parameter validation for packet data (git-fixes). - atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes). - USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes). - fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes). - bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes). - ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes). - ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes). - platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes). - platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes). - platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes). - gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes). - drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes). - bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes). - commit 436dcdb ++++ mozilla-nss: - update to NSS 3.112.3 * bmo#2009552 - avoid integer overflow in platform-independent ghash ------------------------------------------------------------------ ------------------ 2026-2-19 - Feb 19 2026 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Add patch for CVE-2025-62725 (bsc#1252752) 0002-CVE-2025-62725-fix-Enforce-compose-files-from-OCI-ar.patch ++++ kernel-default: - config.conf: Drop armv7hl builds commit 09ee386c4ae dropped support for armv7hl in SLE15-SP7, SUSE-2024 never supported it, therefore, no branch downstream of fixes/linux-6.4 supports this arch (bsc#1255265). - commit 5dc5aaf - ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191 bsc#1258395). - commit 114f0d2 - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes). - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes). - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - commit 700df2d ++++ libsoup: - Add more CVE fixes: + libsoup-CVE-2025-32049.patch (bsc#1240751 CVE-2025-32049 glgo#GNOME/libsoup#390) + libsoup-CVE-2026-2443.patch (bsc#1258170 CVE-2026-2443 glgo#GNOME/libsoup#487) + libsoup-CVE-2026-2369.patch (bsc#1258120 CVE-2026-2369 glgo#GNOME/libsoup!508) + libsoup-CVE-2026-2708.patch (bsc#1258508 CVE-2026-2708 glgo#GNOME/libsoup#500) ++++ libvirt: - rpc: avoid leak of GSource in use for interrupting main loop bsc#1258345 ------------------------------------------------------------------ ------------------ 2026-2-18 - Feb 18 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735 CVE-2026-23060). - commit 9347d8b - crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716 CVE-2025-71113). - commit 449e0ae - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992 CVE-2023-53817). - commit f8259ad - gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095 bsc#1257808). - commit e8190a1 - vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086 bsc#1257757). - commit 2a01723 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (bsc#1251966 CVE-2025-39964). - commit 2a9a19a - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966 CVE-2025-39964). Refresh patches.suse/crypto-add-suse_kabi_padding.patch. - commit a6b1063 - Workaround for hybrid git workflow in SLFO 1.0/1.1 - commit 7ab5a74 - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes). - usb: dwc2: fix resume failure if dr_mode is host (git-fixes). - usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes). - usb: bdc: fix sleep during atomic (git-fixes). - serial: SH_SCI: improve "DMA support" prompt (git-fixes). - serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes). - staging: rtl8723bs: fix null dereference in find_network (git-fixes). - iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes). - iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes). - drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes). - fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes). - commit e89b2ea ++++ zlib: - Fix CVE-2026-27171, infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths (bsc#1258392) * CVE-2026-27171.patch ------------------------------------------------------------------ ------------------ 2026-2-17 - Feb 17 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (CVE-2026-23084 bsc#1257830). - commit 27fe347 - leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes). - backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes). - backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes). - mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes). - mfd: core: Add locking around 'mfd_of_node_list' (git-fixes). - mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes). - Revert "mfd: da9052-spi: Change read-mask to write-mask" (stable-fixes). - pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes). - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes). - pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes). - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes). - commit 516fe60 ++++ python-cryptography: - CVE-2026-26007: Subgroup Attack Due to Missing Subgroup Validation for SECT Curves (bsc#1258074) * added CVE-2026-26007.patch ------------------------------------------------------------------ ------------------ 2026-2-16 - Feb 16 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: stmfts - make comments correct (git-fixes). - Input: stmfts - correct wording for the warning message (git-fixes). - clk: qcom: gfx3d: add parent to parent request map (git-fixes). - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes). - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes). - clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes). - clk: mediatek: Fix error handling in runtime PM setup (git-fixes). - clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes). - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes). - clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes). - clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes). - clk: renesas: rzg2l: Select correct div round macro (git-fixes). - clk: renesas: rzg2l: Fix intin variable size (git-fixes). - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes). - fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes). - fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes). - fbcon: check return value of con2fb_acquire_newinfo() (git-fixes). - fbdev: rivafb: fix divide error in nv3_arb() (git-fixes). - rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes). - commit b135afb - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - commit 2fe2c66 ------------------------------------------------------------------ ------------------ 2026-2-14 - Feb 14 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - crypto: ccp - Add an S4 restore flow (git-fixes). - tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes). - mtd: rawnand: pl353: Fix software ECC support (git-fixes). - mtd: spinand: Fix kernel doc (git-fixes). - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes). - mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes). - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes). - commit 766aa67 ------------------------------------------------------------------ ------------------ 2026-2-13 - Feb 13 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763). - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035 bsc#1257559). - idpf: fix error handling in the init_task on load (CVE-2026-23017 bsc#1257552). - commit fb93c36 - power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes). - power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes). - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes). - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes). - power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes). - power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes). - ata: pata_ftide010: Fix some DMA timings (git-fixes). - rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes). - commit 46137a2 - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004 bsc#1257231). - commit 75a3dd5 ++++ libxml2: - CVE-2026-0990: call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811) * Add patch libxml2-CVE-2026-0990.patch - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `` elements (bsc#1256808, bsc#1256809, bsc#1256812) * Add patch libxml2-CVE-2026-0992.patch - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) * Add patch libxml2-CVE-2025-8732.patch ++++ libxml2-python: - CVE-2026-0990: call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811) * Add patch libxml2-CVE-2026-0990.patch - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `` elements (bsc#1256808, bsc#1256809, bsc#1256812) * Add patch libxml2-CVE-2026-0992.patch - CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) * Add patch libxml2-CVE-2025-8732.patch ------------------------------------------------------------------ ------------------ 2026-2-12 - Feb 12 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064 bsc#1257765). - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775). - commit a17643b - Update upstreamed net and powerpc patch references and sorting - commit 638a424 - KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104). - commit 1d88ad6 - vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057). - commit 09262b6 - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209). - commit f5cd5c5 - wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes). - wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes). - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes). - wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes). - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes). - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes). - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes). - soc: qcom: smem: handle ENOMEM error during probe (git-fixes). - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (stable-fixes). - wifi: mac80211: correctly check if CSA is active (stable-fixes). - wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes). - wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes). - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes). - wifi: wlcore: ensure skb headroom before skb_push (stable-fixes). - commit 7dd6fbf - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes). - PCI: Fix pci_slot_trylock() error handling (git-fixes). - PCI/portdrv: Fix potential resource leak (git-fixes). - PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes). - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes). - PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes). - Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (git-fixes). - PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes). - PCI: Initialize RCB from pci_configure_device() (git-fixes). - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes). - regulator: core: move supply check earlier in set_machine_constraints() (git-fixes). - regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes). - platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes). - platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev (git-fixes). - soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes). - soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes). - regmap: maple: free entry on mas_store_gfp() failure (stable-fixes). - commit 5d29d16 - nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes). - PCI: Do not attempt to set ExtTag for VFs (git-fixes). - PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes). - media: uvcvideo: Fix allocation for small frame sizes (git-fixes). - media: venus: vdec: fix error state assignment for zero bytesused (git-fixes). - media: ccs: Accommodate C-PHY into the calculation (git-fixes). - media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes). - media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes). - media: i2c: ov5647: Sensor should report RAW color space (git-fixes). - media: i2c: ov5647: Correct minimum VBLANK value (git-fixes). - media: i2c: ov5647: Correct pixel array offset (git-fixes). - media: i2c: ov5647: Initialize subdev before controls (git-fixes). - media: ccs: Avoid possible division by zero (git-fixes). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes). - media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes). - media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes). - media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes). - media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes). - net: usb: sr9700: support devices with virtual driver CD (stable-fixes). - commit b9e0ae7 - drm/msm/a2xx: fix pixel shader start on A225 (git-fixes). - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes). - drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes). - drm/tegra: dsi: fix device leak on probe (git-fixes). - media: radio-keene: fix memory leak in error path (git-fixes). - media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes). - media: mtk-mdp: Fix error handling in probe function (git-fixes). - HID: hid-pl: handle probe errors (git-fixes). - HID: playstation: Add missing check for input_ff_create_memless (git-fixes). - Revert "hwmon: (ibmpex) fix use-after-free in high/low store" (git-fixes). - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes). - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes). - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes). - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes). - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes). - HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes). - commit a4d4518 - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes). - ASoC: amd: drop unused Kconfig symbols (git-fixes). - ASoC: pxa: drop unused Kconfig symbol (git-fixes). - ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes). - ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes). - ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes). - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes). - ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes). - ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes). - ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes). - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes). - commit cd7803f ++++ libpng16: - added patches CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020) * libpng16-CVE-2026-25646.patch ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to version 580.126.18 (boo#1258154) - updated CUDA variant to version 580.126.16 ------------------------------------------------------------------ ------------------ 2026-2-11 - Feb 11 2026 ------------------- ------------------------------------------------------------------ ++++ gpg2: - Fix Y2K38 FTBFS: * gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214) * Upstream issue: dev.gnupg.org/T8096 * Add gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch ++++ grub2: - Backport upstream's commit to prevent BIOS assert (bsc#1258022) * 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch ++++ kernel-default: - net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074 bsc#1257749). - commit 476e9b8 - mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes). - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes). - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes). - crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes). - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes). - crypto: octeontx - fix dma_free_coherent() size (git-fixes). - crypto: cavium - fix dma_free_coherent() size (git-fixes). - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes). - crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes). - crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes). - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes). - Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes). - commit ef8920f ++++ python311-core: - CVE-2025-11468: preserving parens when folding comments in email headers (bsc#1257029, gh#python/cpython#143935). CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2026-0672: rejects control characters in http cookies. (bsc#1257031, gh#python/cpython#143919) CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which could be abused for injecting false HTTP headers. (bsc#1257042, gh#python/cpython#143916) CVE-2026-0865-wsgiref-ctrl-chars.patch - CVE-2025-15366: basically the same as the previous patch for IMAP protocol. (bsc#1257044, gh#python/cpython#143921) CVE-2025-15366-imap-ctrl-chars.patch - CVE-2025-15282: basically the same as the previous patch for urllib library. (bsc#1257046, gh#python/cpython#143925) CVE-2025-15282-urllib-ctrl-chars.patch - CVE-2025-15367: basically the same as the previous patch for poplib library. (bsc#1257041, gh#python/cpython#143923) CVE-2025-15367-poplib-ctrl-chars.patch - CVE-2025-12781: fix decoding with non-standard Base64 alphabet (bsc#1257108, gh#python/cpython#125346) CVE-2025-12781-b64decode-alt-chars.patch ++++ libssh: - Security fixes: * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049) * CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045) * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054) * CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081) * CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080) * Add patches: - libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch - libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch - libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch - libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch - libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch - libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch - libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch ++++ python311: - CVE-2025-11468: preserving parens when folding comments in email headers (bsc#1257029, gh#python/cpython#143935). CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2026-0672: rejects control characters in http cookies. (bsc#1257031, gh#python/cpython#143919) CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which could be abused for injecting false HTTP headers. (bsc#1257042, gh#python/cpython#143916) CVE-2026-0865-wsgiref-ctrl-chars.patch - CVE-2025-15366: basically the same as the previous patch for IMAP protocol. (bsc#1257044, gh#python/cpython#143921) CVE-2025-15366-imap-ctrl-chars.patch - CVE-2025-15282: basically the same as the previous patch for urllib library. (bsc#1257046, gh#python/cpython#143925) CVE-2025-15282-urllib-ctrl-chars.patch - CVE-2025-15367: basically the same as the previous patch for poplib library. (bsc#1257041, gh#python/cpython#143923) CVE-2025-15367-poplib-ctrl-chars.patch - CVE-2025-12781: fix decoding with non-standard Base64 alphabet (bsc#1257108, gh#python/cpython#125346) CVE-2025-12781-b64decode-alt-chars.patch ------------------------------------------------------------------ ------------------ 2026-2-10 - Feb 10 2026 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.84 state (bsc#1258002) - Removed: - Baltimore CyberTrust Root - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - DigiNotar Root CA - Added: - e-Szigno TLS Root CA 2023 - OISTE Client Root ECC G1 - OISTE Client Root RSA G1 - OISTE Server Root ECC G1 - OISTE Server Root RSA G1 - SwissSign RSA SMIME Root CA 2022 - 1 - SwissSign RSA TLS Root CA 2022 - 1 - TrustAsia SMIME ECC Root CA - TrustAsia SMIME RSA Root CA - TrustAsia TLS ECC Root CA - TrustAsia TLS RSA Root CA ++++ gnutls: - Security fix: * CVE-2025-14831: DoS via excessive resource consumption during certificate verification (bsc#1257960) * Add gnutls-CVE-2025-14831.patch ++++ kernel-default: - irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085) - commit e3370c0 - arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107) - commit c430300 - arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102) - commit 6759c0c - arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772 CVE-2026-23102) - commit 1baf93e - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 3935902 - vxlan: Pull inner IP header in vxlan_xmit_one() (bsc#1257942 bsc#1257246 CVE-2026-23003). - commit 8097957 - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952) - commit 54f273c - spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952) - commit 1da9508 - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952) - commit 25ff6b8 - spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952) - commit e3d34f8 - spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952) - commit 4658841 - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952) - commit 997844c - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes). - PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes). - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes). - tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes). - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes). - i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes). - i3c: Move device name assignment after i3c_bus_init (git-fixes). - auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes). - commit b423671 - workqueue: mark power efficient workqueue as unbounded if (bsc#1257891) - commit a0e31fb ++++ nvidia-open-driver-G06-signed: - kernel-6.19.patch: fixes build against kernel 6.19 ------------------------------------------------------------------ ------------------ 2026-2-9 - Feb 9 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (CVE-2026-23089 bsc#1257790). - commit c09ea34 ++++ rust-keylime: - Update vendored crates (bsc#1257908, CVE-2026-25727) * time 0.3.47 - Update to version 0.2.8+116: * build(deps): bump bytes from 1.7.2 to 1.11.1 * api: Modify /version endpoint output in version 2.5 * Add API v2.5 with backward-compatible /v2.5/quotes/integrity * tests: add unit test for resolve_agent_id (#1182) * (pull-model): enable retry logic for registration * rpm: Update specfiles to apply on master * workflows: Add test to detect unused crates * lib: Drop unused crates * push-model: Drop unused crates * keylime-agent: Drop unused crates * build(deps): bump uuid from 1.18.1 to 1.19.0 * Update reqwest-retry to 0.8, retry-policies to 0.5 * rpm: Fix cargo_build macro usage on CentOS Stream * fix(push-model): resolve hash_ek uuid to actual EK hash * build(deps): bump thiserror from 2.0.16 to 2.0.17 * workflows: Separate upstream test suite from e2e coverage * Send UEFI measured boot logs as raw bytes (#1173) * auth: Add unit tests for SecretToken implementation * packit: Enable push-attestation tests * resilient_client: Prevent authentication token leakage in logs ------------------------------------------------------------------ ------------------ 2026-2-8 - Feb 8 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes). - spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes). - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes). - spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes). - spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes). - spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes). - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes). - commit 95b4070 ------------------------------------------------------------------ ------------------ 2026-2-7 - Feb 7 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes). - ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes). - ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes). - ALSA: hda/realtek - fixed speaker no sound (stable-fixes). - commit e53fbb8 - ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes). - drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes). - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" (git-fixes). - drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes). - efivarfs: fix error propagation in efivar_entry_get() (git-fixes). - ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes). - gpio: pca953x: mask interrupts in irq shutdown (stable-fixes). - drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes). - drm/amdgpu/soc21: fix xclk for APUs (stable-fixes). - pinctrl: meson: mark the GPIO controller as sleeping (git-fixes). - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes). - commit 1cabea4 ------------------------------------------------------------------ ------------------ 2026-2-6 - Feb 6 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785 bsc#1256640). - commit 3dbef50 - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345). - commit 6736e91 - clocksource: Print durations for sync check unconditionally (bsc#1241345). - commit 79738b2 ------------------------------------------------------------------ ------------------ 2026-2-5 - Feb 5 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - iomap: account for unaligned end offsets when truncating read range (git-fixes). - blacklist.conf: Blacklist 40a71b53d5a6 and 524c3853831c - commit 6f0c964 - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - commit c2e8303 - mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126 bsc#1256755). - mptcp: reset fallback status gracefully at disconnect() time (CVE-2025-71126 bsc#1256755). - commit 3b7ecc1 ++++ read-only-root-fs: - Add patch to fix workaround for read-only / subvolumes (bsc#1252892): * 0001-Fix-workaround-for-read-only-subvolumes-by-remountin.patch ++++ regionServiceClientConfigGCE: - Update to version 5.2.0 + Drop the if condition for gcemetdata requirement ------------------------------------------------------------------ ------------------ 2026-2-4 - Feb 4 2026 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update dependencies for bsc#1257324/CVE-2025-13465 ++++ cockpit-machines: - Update dependencies for bsc#1257325/CVE-2025-13465 ++++ docker: - Places a hard cap on the amount of mechanisms that can be specified and encoded in the payload. (bcs#1253904, CVE-2025-58181) * 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch ++++ kernel-default: - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003 bsc#1257246). - commit 2b67457 - geneve: Fix incorrect inner network header offset when innerprotoinherit is set (CVE-2026-23003 bsc#1257246). - commit 167d4d3 - platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes). - platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes). - platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes). - commit 41b7ff7 - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - commit b2c29ef ++++ libxslt: - CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553] - deleted patches * libxslt-CVE-2025-10911.patch ++++ libxml2: - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595) * Add patch libxml2-CVE-2026-1757.patch - CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553) * Add patch libxml2-CVE-2025-10911.patch ++++ opensuse-migration-tool: - Update to version 20260204.2cf77a3: * Drop requires on update-bootloader as it's not available on 15.6. Install it in post-script on target of migration instead. boo#1255897 * Refine post-scritps * Ensure update bootloader is installed in post scripts * don't install selinux-policy-targeted-gaming by default ++++ libxml2-python: - CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595) * Add patch libxml2-CVE-2026-1757.patch - CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553) * Add patch libxml2-CVE-2025-10911.patch ------------------------------------------------------------------ ------------------ 2026-2-3 - Feb 3 2026 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Add patch for CVE-2025-47914 (bsc#1254041), CVE-2025-47913 (bsc#1253584): 0001-CVE-2025-47913-CVE-2025-47914-ssh-agent-fixes.patch ++++ kernel-default: - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221). - commit 0a3e886 - libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220). - commit 2e431bc - libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218). - commit 518f909 - libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217). - commit 7474e34 - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - commit e90ec28 - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - commit 3124f7b ++++ expat: - security update - added patches CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser * expat-CVE-2026-24515.patch CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow * expat-CVE-2026-25210.patch ++++ libsoup: - Add libsoup-CVE-2026-1536.patch: Always validate the headers value when coming from untrusted source (bsc#1257440, CVE-2026-1536, glgo#GNOME/libsoup/commit/5c1a2e9c). - Add libsoup-CVE-2026-1761.patch: multipart: check length of bytes read soup_filter_input_stream_read_until() (bsc#1257598, CVE-2026-1761, glgo#GNOME/libsoup!496). ------------------------------------------------------------------ ------------------ 2026-2-2 - Feb 2 2026 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - Update dependencies for bsc#1257324/CVE-2025-13465 ++++ kernel-default: - smb: client: short-circuit in open_cached_dir_by_dentry() if !dentry (git-fixes). - commit 82d6911 - smb: client: ensure open_cached_dir_by_dentry() only returns valid cfid (git-fixes). - commit d1feafe - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - commit e7ce4ba - scripts/python/git_sort/git_sort.yaml: add cifs for-next repository - commit 0d24c51 - smb: improve directory cache reuse for readdir operations (bsc#1252712). - commit 20c0243 - smb: client: remove unused fid_lock (git-fixes). - commit ed3cf07 - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - commit 1962196 - cifs: add new field to track the last access time of cfid (git-fixes). - commit 7328aa8 - smb: change return type of cached_dir_lease_break() to bool (git-fixes). - commit da8604d - ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010 bsc#1257332). - commit 0f213a3 - net: mscc: ocelot: Fix crash when adding interface under a lag (CVE-2026-22982 bsc#1257179). - net/handshake: restore destructor on submit failure (CVE-2025-71148 bsc#1257159). - commit 08069be - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 16880ae - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - commit b3a8e60 - x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005 bsc#1257245). - commit 4fcc2d5 - Update patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch (git-fixes CVE-2025-40097 bsc#1252900). - Update patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch (git-fixes CVE-2025-71081 bsc#1256609). - Update patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch (git-fixes CVE-2025-71147 bsc#1257158). - Update patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch (git-fixes CVE-2024-42103 bsc#1228490). - Update patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch (git-fixes CVE-2025-38243 bsc#1246184). - Update patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 bsc#1254465). - Update patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch (git-fixes CVE-2025-71083 bsc#1256610). - Update patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). - Update patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch (git-fixes CVE-2025-71111 bsc#1256728). - Update patches.suse/ipmi-Rework-user-message-limit-handling.patch (git-fixes CVE-2025-40202 bsc#1253451). - Update patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch (git-fixes CVE-2025-71136 bsc#1256759). - Update patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch (git-fixes CVE-2025-68819 bsc#1256664). - Update patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch (git-fixes CVE-2025-68808 bsc#1256682). - Update patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch (git-fixes CVE-2025-38322 bsc#1246447). - Update patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch (git-fixes CVE-2025-68804 bsc#1256617). - Update patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). - Update patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch (git-fixes CVE-2025-38379 bsc#1247030). - Update patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch (bsc#1250705 CVE-2025-39913). - Update patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). - Update patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch (git-fixes CVE-2024-53070 bsc#1233563). - Update patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch (git-fixes CVE-2024-53149 bsc#1234842). - Update patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch (git-fixes CVE-2025-37813 bsc#1242909). - Update patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch (bsc#1256528 CVE-2025-22047 bsc#1241437). - commit fbc3d71 - Update patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch (stable-fixes CVE-2025-71118 bsc#1256763). - Update patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch (git-fixes CVE-2025-68783 bsc#1256650). - Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch (git-fixes CVE-2026-23006 bsc#1257208). - Update patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch (git-fixes CVE-2025-71082 bsc#1256611). - Update patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch (git-fixes CVE-2025-68777 bsc#1256655). - Update patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). - Update patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch (bsc#1255569 CVE-2025-68725). - Update patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch (stable-fixes CVE-2025-68797 bsc#1256660). - Update patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch (stable-fixes CVE-2025-40106 bsc#1252891). - Update patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch (git-fixes CVE-2025-71131 bsc#1256742). - Update patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch (git-fixes CVE-2025-71163 bsc#1257215). - Update patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch (git-fixes CVE-2025-71162 bsc#1257204). - Update patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch (git-fixes CVE-2025-71130 bsc#1256741). - Update patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch (git-fixes CVE-2025-71138 bsc#1256785). - Update patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch (git-fixes CVE-2025-68789 bsc#1256781). - Update patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). - Update patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). - Update patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch (git-fixes CVE-2026-22997 bsc#1257202). - Update patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch (git-fixes CVE-2025-71079 bsc#1256619). - Update patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch (git-fixes CVE-2025-71086 bsc#1256625). - Update patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch (git-fixes CVE-2025-71154 bsc#1257163). - Update patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 bsc#1256730). - Update patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch (git-fixes CVE-2025-71132 bsc#1256737). - Update patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch (git-fixes CVE-2025-68773 bsc#1256586). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch (stable-fixes CVE-2025-68254 bsc#1255140). - Update patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch (stable-fixes CVE-2025-68256 bsc#1255138). - Update patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch (git-fixes CVE-2025-71145 bsc#1257155). - Update patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch (stable-fixes CVE-2025-71108 bsc#1256774). - Update patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch (stable-fixes CVE-2025-71114 bsc#1256752). - Update patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch (git-fixes CVE-2026-22978 bsc#1257227). - Update patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch (git-fixes CVE-2025-71100 bsc#1256593). - commit 856d20b - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - commit b73475a - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996). - net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000 bsc#1257234). - commit 46ccefc - macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001 bsc#1257232). - commit bcf0129 - gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes). - commit 8cea9c9 ++++ pcr-oracle: - Update to 0.5.9 + Fix event skipping due to double increment + Add '--persistent-srk' to make SRK persistent (bsc#1248516) ------------------------------------------------------------------ ------------------ 2026-2-1 - Feb 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - commit b83c55a - ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes). - ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes). - commit 6d4f48b ------------------------------------------------------------------ ------------------ 2026-1-31 - Jan 31 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes). - commit 4d9fa09 - gpio: omap: do not register driver in probe() (git-fixes). - drm/imx/tve: fix probe device leak (git-fixes). - drm/amd/pm: fix race in power state check before mutex lock (git-fixes). - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes). - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes). - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes). - spi: spi-sprd-adi: Fix double free in probe error path (git-fixes). - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes). - phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes). - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable (stable-fixes). - USB: serial: option: add Telit LE910 MBIM composition (stable-fixes). - USB: OHCI/UHCI: Add soft dependencies on ehci_platform (stable-fixes). - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor (stable-fixes). - usb: dwc3: Check for USB4 IP_NAME (stable-fixes). - drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes). - drm/amd: Clean up kfd node on surprise disconnect (stable-fixes). - ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes). - HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes). - ASoC: codecs: wsa881x: Drop unused version readout (stable-fixes). - spi: sprd-adi: switch to use spi_alloc_host() (stable-fixes). - spi: sprd: adi: Use devm_register_restart_handler() (stable-fixes). - commit 81840a7 ------------------------------------------------------------------ ------------------ 2026-1-30 - Jan 30 2026 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Add fde-tools-bsc1248516-tpm-Support-persistent-SRK.patch to support persistent SRK (bsc#1248516) ++++ kernel-default: - io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149 bsc#1257164). - commit e38f4cf - libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744). - commit 37c126f - scripts: obsapi: Support URL trailing / in oscrc - commit 596ed59 - scripts: uploader: Handle missing upstream in is_pr_open - commit e7d7408 - net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977 bsc#1257053). - ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097 bsc#1256607). - net: stmmac: fix the crash issue for zero copy XDP_TX action (CVE-2025-71095 bsc#1256605). - ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795 bsc#1256688). - bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584). - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800 bsc#1256646). - mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801 bsc#1256653). - lan966x: Fix sleeping in atomic context (CVE-2025-68320 bsc#1255172). - commit 6580707 - net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999 bsc#1257236). - commit d911768 - ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011 bsc#1257207). - commit dcc6c91 - wifi: mac80211: correctly decode TTLM with default link map (git-fixes). - nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes). - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes). - net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes). - Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes). - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes). - commit 6907fd9 ------------------------------------------------------------------ ------------------ 2026-1-29 - Jan 29 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - smack: fix bug: unprivileged task can create labels (CVE-2025-68733 bsc#1255615). - commit 4193ba7 - shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564). - commit 1a156a1 - idpf: Fix RSS LUT NULL ptr issue after soft reset (CVE-2026-22993 bsc#1257180). - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (CVE-2026-22993 bsc#1257180). - commit bb6b853 - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). - commit 35a165f - kabi: export inet_frag_rbtree_purge() function again (CVE-2025-68768 bsc#1256579). - commit d066c8d - inet: frags: flush pending skbs in fqdir_pre_exit() (CVE-2025-68768 bsc#1256579). - inet: frags: add inet_frag_queue_flush() (CVE-2025-68768 bsc#1256579). - commit 3c0c564 - mptcp: fallback earlier on simult connection (CVE-2025-71088 bsc#1256630). - commit daab93c - scripts: uploader: Fix no change condition for _maintainership.json - commit 792d98c - =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?= =?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?= (CVE-2025-71094 bsc#1256597). - commit b3acbda - net/sched: ets: Remove drr class from the active list if it changes to strict (CVE-2025-68815 bsc#1256680). - commit f0fee57 - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645). - commit 8f4860d ++++ libzypp: - Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. - Fix runtime check for broken rpm --runposttrans (bsc#1257068) - version 17.38.2 (35) ++++ nvidia-open-driver-G06-signed: - apply kernel-5.14.patch also on sle15-sp5 in order to fix build and adjusted it to sle15-sp5 kernel ++++ podman: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) ------------------------------------------------------------------ ------------------ 2026-1-28 - Jan 28 2026 ------------------- ------------------------------------------------------------------ ++++ gpg2: - Security fix [bsc#1257396, CVE-2026-24882] * gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys * Added gnupg-CVE-2026-24882.patch - Security fix [bsc#1256389] (gpg.fail/filename) * Added gnupg-accepts-path-separators-literal-data.patch * GnuPG Accepts Path Separators and Path Traversals in Literal Data ++++ kernel-default: - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976 bsc#1257035). - commit 1b89834 - usb: renesas_usbhs: Fix synchronous external abort on unbind (CVE-2025-68327 bsc#1255488). - commit a41f3aa - net: usb: asix: validate PHY address before use (CVE-2025-71094 bsc#1256597). - net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094 bsc#1256597). - commit addbe43 - net: tcp: allow zero-window ACK update the window (bsc#1254767). - commit b6299d5 - scripts: uploader: Only reset branch when there is no open PR Resetting the branch closes any PR which is disruptive. With project repositories that get a lot of changes this would reset too often if reset was enabled causing unmergeable PRs. Yet it is necessary to reset to be able to get up-to-date state for a new PR. With this branch reset can be enabled for maintainership update. - commit 60e8156 - selftests/bpf: use simply-expanded variables for libpcap flags (bsc#1255552 CVE-2025-68363). - commit 2c7feb9 - selftests/bpf: ns_current_pid_tgid: Rename the test function (bsc#1255552 CVE-2025-68363). - commit 4f40cc9 - selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test (bsc#1255552 CVE-2025-68363). - Refresh patches.suse/selftests-bpf-Clean-up-open-coded-gettid-syscall-inv.patch. - commit 0d13544 - selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552 CVE-2025-68363). - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 5773a45 ++++ libpng16: - security update - added patches CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage` CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage` * libpng16-CVE-2025-28162,28164.patch ++++ regionServiceClientConfigGCE: - Update to version 5.1.0 (jsc#PCT-590) + Add licenses info in the metdata - Accomodate build setup ------------------------------------------------------------------ ------------------ 2026-1-27 - Jan 27 2026 ------------------- ------------------------------------------------------------------ ++++ glib2: - Add CVE fixes: + glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484 glgo#GNOME/glib!4979). + glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485 glgo#GNOME/glib!4981). + glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489 glgo#GNOME/glib!4984). ++++ kernel-default: - perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689 CVE-2025-68798). - commit 122c93e - selftests/bpf: Optionally open a dedicated namespace to run test in it (CVE-2025-68363 bsc#1255552). - commit 7fc3edd - selftests/bpf: Monitor traffic for select_reuseport (CVE-2025-68363 bsc#1255552). - commit 7687d07 - selftests/bpf: Monitor traffic for sockmap_listen (CVE-2025-68363 bsc#1255552). - commit 200e7d4 - selftests/bpf: Monitor traffic for tc_redirect (CVE-2025-68363 bsc#1255552). - commit ef95f02 - selftests/bpf: netns_new() and netns_free() helpers (CVE-2025-68363 bsc#1255552). - Refresh patches.suse/selftests-bpf-Fix-backtrace-printing-for-selftests-c.patch. - commit 6ac10b7 - selftests/bpf: Add the traffic monitor option to test_progs (CVE-2025-68363 bsc#1255552). - commit 24382fe - selftests/bpf: Add traffic monitor functions (CVE-2025-68363 bsc#1255552). - commit c7346b8 - blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178 bsc#1255266). - commit 3f4a2e3 - bpf: Add bpf_prog_run_data_pointers() (bsc#1255241 CVE-2025-68200). - commit 3454614 - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - remove an Intel CPU model change which is already part of the base kernel - remove a bpf CVE change which is already part of the base kernel - commit 6def8a1 ------------------------------------------------------------------ ------------------ 2026-1-26 - Jan 26 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093 bsc#1256777). - net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816 bsc#1256674). - commit 53c77db - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a - x86: make page fault handling disable interrupts properly (git-fixes). - commit e28ac6a - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). - commit 3382537 - libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388). - commit 592067a - kABI workaround for tpm_chip changes (CVE-2025-71077 bsc#1256613). - commit 66e0457 - tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613). - commit 727f4b1 - w1: fix redundant counter decrement in w1_attach_slave_device() (git-fixes). - w1: therm: Fix off-by-one buffer overflow in alarms_store (git-fixes). - comedi: dmm32at: serialize use of paged registers (git-fixes). - uacce: ensure safe queue release with state management (git-fixes). - uacce: implement mremap in uacce_vm_ops to return -EPERM (git-fixes). - uacce: fix isolate sysfs check condition (git-fixes). - uacce: fix cdev handling in the cleanup path (git-fixes). - slimbus: core: fix of_slim_get_device() kernel doc (git-fixes). - slimbus: core: fix device reference leak on report present (git-fixes). - slimbus: core: fix runtime PM imbalance on report present (git-fixes). - slimbus: core: fix OF node leak on registration failure (git-fixes). - intel_th: fix device leak on output open() (git-fixes). - comedi: Fix getting range information for subdevices 16 to 255 (git-fixes). - iio: accel: iis328dq: fix gain values (git-fixes). - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes). - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes). - iio: adc: ad9467: fix ad9434 vref mask (git-fixes). - iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes). - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes). - serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes). - comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes). - commit 50f3b9f - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - commit 1df0a4e ++++ opensuse-migration-tool: - Add dependency on update-bootloader to fix boo#1255897 pattern-base-selinux could be skipped if update-bootloader was missing ++++ pcr-oracle: - Enable build on %{arm} as it is required by sdbootutil ++++ python-urllib3: - Add security patches: * CVE-2025-66471.patch (bsc#1254867) * CVE-2025-66418.patch (bsc#1254866) ------------------------------------------------------------------ ------------------ 2026-1-24 - Jan 24 2026 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - update to 2.92 * Redesign the interaction between DNSSEC validation and per-domain servers, specified as --server=//. This should just work in all cases now. If the normal chain-of-trust exists into the delegated domain then whether the domain is signed or not, DNSSEC validation will function normally. In the case the delegated domain is an "overlay" on top of the global DNS and no NS and/or DS records exist connecting it to the global dns, then if the domain is unsigned the situation will be handled by synthesising a proof-of-non-existence-of-DS for the domain and queries will be answered unvalidated; this action will be logged. A signed domain without chain-of-trust can be validated if a suitable trust-anchor is provided using --trust-anchor. This change should be backwards compatible for all existing working configurations; it extends the space of possible configurations which are functional. * Fix a couple of problems with DNSSEC validation and DNAME. One could cause validation failure on correct domains, and the other would fail to spot an invalid domain. Thanks to Graham Clinch for spotting the problem. * Add --log-queries=auth option to only log replies from the auth DNS facility. * Fix some edge-cases with domains and --address and --server. There has been some regressions with this in previous releases. This change fixes the priority order from lower to highest as: - -address with a IPv4 or IPv6 address (as long as the query matches the type) - -address with # for all-zeros, as long as the query is A or AAAA) - -address with no address, which returns NXDOMAIN or NOERROR for all types. - -server with address set to # to use the unqualified servers. - -server with matching domain. - -server without domain or from /etc/resolv.conf. * Fix problems with ipset or nftset and TCP DNS transport. Previously this was racy, and insertion of addresses could fail on a busy server when DNS-over-TCP transport was involved. * DNSSEC validation change for reverse lookups in RFC-1918 ranges and friends. The large public DNS services seem not to return proof-of-nonexistence for DS records at the start of RFC-1918 in-addr.arpa domains and the their IPv6 equivalents. 10.in-addr.arpa, 168.192.in-addr.arpa etc. Since dnsmasq already has an option which instructs it not bother upstream servers with pointless queries about these address ranges, namely --bogus-priv, we extend that to enable behaviour which allows dnsmasq to assume that insecure NXDOMAIN replies for these domains are expected and to assume that the domains are legitimately unsigned. This behaviour only matters when some address range is directed to another upstream server using --rev-server. In that case it allows replies from that server to pass DNSSEC validation. Without such a server configured, queries are never sent upstream so they are never validated and the new behaviour is moot. * Add support for leasequery to the dnsmasq DHCPv4 server. This has to be specifically enabled with the --leasequery option. Many thanks to JAXPORT, Jacksonville Port Authority for sponsoring this enhancement to dnsmasq. * Fix failure to cache PTR RRs when a reply contains more than one answer. Thanks to Dmitry for spotting this. * Add TFTP options windowsize (RFC 7440) and timeout (RFC 2349). * Change the behaviour of the DHCPv6 server when a REBIND message is received but no lease exists. Under these circumstances a new lease is created _only_ when the --dhcp-authoritative option is set. This matches the behavior of the DHCPv4 server. * Add --dhcp-split-relay option. This makes a DHCPv4 relay which is functional when client and server networks aren't mutually route-able. * Fix failure to add client MAC address to queries in TCP mode. The options which cause dnsmasq to decorate a DNS query with the MAC address on the originating client can fail when the query is sent using TCP. Thanks to Bruno Ravara for spotting and characterising this bug. ++++ kernel-default: - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes). - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes). - regmap: Fix race condition in hwspinlock irqsave routine (git-fixes). - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes). - ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes). - ALSA: usb: Increase volume range that triggers a warning (git-fixes). - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes). - drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes). - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes). - drm/nouveau: add missing DCB connector types (git-fixes). - commit 03d895b ------------------------------------------------------------------ ------------------ 2026-1-23 - Jan 23 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814 bsc#1256651). - commit 4d3284d - octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760) - commit f080c28 - net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654) - commit d8f982b - macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547) - commit 31c810e - team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773) - commit fb6bd76 - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 - iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 bsc#1256612). - commit 74dac8b - net: hns3: add VLAN id validation before using (CVE-2025-71112 bsc#1256726). - net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775 bsc#1256665). - commit 5f03ae0 - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes). - dpll: Prevent duplicate registrations (git-fixes). - wifi: ath12k: fix dma_free_coherent() pointer (git-fixes). - wifi: ath10k: fix dma_free_coherent() pointer (git-fixes). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - wifi: rsi: Fix memory corruption due to not set vif driver data size (git-fixes). - usbnet: limit max_mtu based on device's hard_mtu (git-fixes). - mISDN: annotate data-race around dev->work (git-fixes). - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes). - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes). - Revert "nfc/nci: Add the inconsistency check between the input data length and count" (git-fixes). - net: usb: dm9601: remove broken SR9700 support (git-fixes). - leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes). - dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes). - dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes). - dpll: fix return value check for kmemdup (git-fixes). - dpll: indent DPLL option type by a tab (git-fixes). - commit 0acacf9 - drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339) - commit 42c8fa8 - drm/amdgpu: update mappings not managed by KFD (bsc#1255428) - commit 2f69405 ------------------------------------------------------------------ ------------------ 2026-1-22 - Jan 22 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257 bsc#1254842). - commit 83400eb - fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638 CVE-2025-68788). - commit 6b6945d - ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754 CVE-2025-68820). - commit 8f80a8b - ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757 CVE-2025-71123). - commit bd1f757 - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261). - commit 835edb6 - nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372). - commit 4a0d1d2 - nbd: defer config unlock in nbd_genl_connect (bsc#1255622 CVE-2025-68366). - commit 7dc2ba0 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482 CVE-2025-68337). - commit dea6220 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325 bsc#1255417). - commit 0e9df03 - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188 bsc#1255269). - commit 36ba28e ++++ sqlite3: - Update to version 3.51.2: * bsc#1259619, CVE-2025-70873: zipfile extension may disclose uninitialized heap memory during inflation. * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. * Other minor bug fixes. ++++ libxml2: - CVE-2026-0989: call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256804, bsc#1256805, bsc#1256810) * Add patch libxml2-CVE-2026-0989.patch * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 ++++ libxml2-python: - CVE-2026-0989: call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256804, bsc#1256805, bsc#1256810) * Add patch libxml2-CVE-2026-0989.patch * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 ++++ suseconnect-ng: - Update version to 1.20: - Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) - Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) - Fixed modules and extension link to point to version less documentation. (bsc#1239439) - Fixed SAP instance detection (bsc#1244550) - Remove link to extensions documentation (bsc#1239439) - Migrate to the public library ------------------------------------------------------------------ ------------------ 2026-1-21 - Jan 21 2026 ------------------- ------------------------------------------------------------------ ++++ cups: - Version upgrade to 2.4.16: See https://github.com/openprinting/cups/releases The hotfix release 2.4.16 includes fix for infinite loop in GTK, which was caused by change of internal behavior in libcups on which GTK depended on, and workaround for stopping the scheduler if configuration includes unknown directives. Detailed list (from CHANGES.md): * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.15: See https://github.com/openprinting/cups/releases The release CUPS 2.4.15 brings two CVE fixes: Fix various cupsd issues which cause local DoS (CVE-2025-61915 bsc#1253783) Fix unresponsive cupsd process caused by slow client (CVE-2025-58436 bsc#1244057) and several bug fixes described in CHANGES.md. Detailed list (from CHANGES.md): * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) Issues are those at https://github.com/OpenPrinting/cups/issues - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16 - Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017" which contained needless UTF-8 Unicode characters that are now replaced by plain ASCII text in "... line - the ..." to fix a rpmlint "non-break-space" warning. - Adapted and enhanced 'tmpfiles.d' related things in cups.spec to "Fix packages for Immutable Mode - cups" (implementation task jsc#PED-14775 from epic jsc#PED-14688) ++++ glib2: - Add glib2-CVE-2026-0988.patch: fix a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988 glgo#GNOME/glib#3851). ++++ kernel-default: - net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363 bsc#1255102). - commit b54ffd4 - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241 bsc#1255157). - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245 bsc#1255268). - commit f673593 - Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch Fix the missing cleanup, folding the upsteram stable 6.12.y fix (commit d28c1b1566a1) into the backport patch itself. - commit d2ae2ac - of: fix reference count leak in of_alias_scan() (git-fixes). - of: platform: Use default match table for /firmware (git-fixes). - ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes). - commit 403f41b ------------------------------------------------------------------ ------------------ 2026-1-20 - Jan 20 2026 ------------------- ------------------------------------------------------------------ ++++ grub2: - Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch * 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch * 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch ++++ kernel-default: - NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803 bsc#1256770). - commit cae9b7a - nfsd: set security label during create operations (CVE-2025-68803 bsc#1256770). - commit 8ee0c2b - RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733) - commit c4b2e81 - RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622) - commit 695ad1f - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779). - commit 400a381 - scsi: sg: Do not sleep in atomic context (CVE-2025-40259 bsc#1254845). - commit 386a47a ++++ nvidia-open-driver-G06-signed: - updated CUDA variant to version 580.126.09 - supersedes kernel-6.18.patch ------------------------------------------------------------------ ------------------ 2026-1-19 - Jan 19 2026 ------------------- ------------------------------------------------------------------ ++++ glibc: - memalign-overflow-check.patch: memalign: reinstate alignment overflow check (CVE-2026-0861, bsc#1256766, BZ #33796) - nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915, bsc#1256822, BZ #33802) - wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281, bsc#1257005, BZ #33814) ++++ kernel-default: - arp: do not assume dev_hard_header() does not change skb->head (CVE-2025-71098 bsc#1256591). - ip6_gre: make ip6gre_header() robust (CVE-2025-71098 bsc#1256591). - commit 0de7076 - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit 4190209 - dmaengine: apple-admac: Add "apple,t8103-admac" compatible (git-fixes). - dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes). - dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes). - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes). - dmaengine: xilinx_dma: Fix uninitialized addr_width when "xlnx,addrwidth" property is missing (git-fixes). - dmaengine: tegra-adma: Fix use-after-free (git-fixes). - dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes). - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes). - dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes). - dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes). - dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes). - dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes). - dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes). - dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes). - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes). - phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes). - phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes). - phy: stm32-usphyc: Fix off by one in probe() (git-fixes). - commit c2d8602 - Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch - commit 462d775 ++++ openssl-3: - Security fixes: * Missing ASN1_TYPE validation in PKCS#12 parsing - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795] * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796] * Missing ASN1_TYPE validation in TS_RESP_verify_response() function - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420] * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421] * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419] * Heap out-of-bounds write in BIO_f_linebuffer on short writes - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160] * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418] * Stack buffer overflow in CMS AuthEnvelopedData parsing - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467] - openssl-CVE-2025-15467-comments.patch - openssl-CVE-2025-15467-test.patch ------------------------------------------------------------------ ------------------ 2026-1-18 - Jan 18 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: pca953x: fix wrong error probe return value (git-fixes). - commit df5f5f1 - gpio: pca953x: Utilise temporary variable for struct device (stable-fixes). - Refresh patches.suse/gpio-pca953x-log-an-error-when-failing-to-get-the-re.patch. - commit b07f679 - lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes). - mei: me: add nova lake point S DID (stable-fixes). - gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes). - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes). - ASoC: fsl_sai: Add missing registers to cache default (stable-fixes). - ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes). - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - drm/amd/display: Fix DP no audio issue (stable-fixes). - powercap: fix sscanf() error return value handling (stable-fixes). - powercap: fix race condition in register_control_type() (stable-fixes). - can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes). - mei: me: add wildcat lake P DID (stable-fixes). - gpio: pca953x: Add support for level-triggered interrupts (stable-fixes). - gpio: pca953x: Utilise dev_err_probe() where it makes sense (stable-fixes). - commit 46ebab7 - ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582 CVE-2025-68771). - commit fae1ed0 ------------------------------------------------------------------ ------------------ 2026-1-17 - Jan 17 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes). - commit 9ad50cc - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes). - drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes). - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes). - drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes). - ASoC: tlv320adcx140: fix word length (git-fixes). - ASoC: tlv320adcx140: fix null pointer (git-fixes). - ASoC: codecs: wsa884x: fix codec initialisation (git-fixes). - commit b212696 ------------------------------------------------------------------ ------------------ 2026-1-16 - Jan 16 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764 bsc#1255930). - commit 84f3f58 - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659) - commit 86f02f8 - fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365 bsc#1255548) - commit 354fd40 - ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728 bsc#1255539) - commit 3c62fa0 - iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087 bsc#1256628). - commit 8d4da32 - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695) - commit 8aea2cc - Fix KABI for "md: fix rcu protection in md_wakeup_thread" (CVE-2025-68374 bsc#1255530). - commit 4078c1e - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - commit eb0fac0 - md: fix rcu protection in md_wakeup_thread (CVE-2025-68374 bsc#1255530). - commit 1b0738f - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256863). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256863). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256863). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256863). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256863). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256863). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256863). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256863). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256863). - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256861). - commit da9bd89 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839). - commit 95251dd - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544). - commit fea667d - ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813 bsc#1256641). - commit 238038b - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296) - commit b6c7c30 - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes). - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes). - can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes). - commit 6e93ffe ------------------------------------------------------------------ ------------------ 2026-1-15 - Jan 15 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727 bsc#1255568) - commit 97681c7 - libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401). - commit fdc5baf - interconnect: Don't access req_list while it's being manipulated (CVE-2023-54013 bsc#1256280). - commit 397aee1 - interconnect: Fix locking for runpm vs reclaim (CVE-2023-54013 bsc#1256280). - commit bacbc82 - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606) - commit 7a5edbb - mptcp: Fix proto fallback detection with BPF (CVE-2025-68227 bsc#1255216). - commit 557d74c - sysfs: check visibility before changing group attribute ownership (CVE-2025-40355 bsc#1255261). - commit 7b1e9ed - x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171 bsc#1255255). - commit 265a09f ++++ libpng16: - security update - added patches CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read * libpng16-CVE-2026-22695.patch CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_* * libpng16-CVE-2026-22801.patch ------------------------------------------------------------------ ------------------ 2026-1-14 - Jan 14 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sched: Increase sched_tick_remote timeout (bsc#1254510). - commit 87d4295 - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134 CVE-2025-68230) - commit 19b936b - net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301 bsc#1255120). - be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264 bsc#1254835). - net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254 bsc#1254852). - net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238 bsc#1254871). - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350 bsc#1255260). - commit 07231fa - drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095 CVE-2025-40360) - commit adae9ca - amd/amdkfd: enhance kfd process check in switch partition (CVE-2025-68174 bsc#1255327). - commit 9e3bffb - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131). - commit a195e39 - selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when transport_header is not set (CVE-2025-68363 bsc#1255552). - commit 742de98 - bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363 bsc#1255552). - commit f6cdd52 - drm/amdgpu: remove two invalid BUG_ON()s (CVE-2025-68201 bsc#1255136) - commit 9a27d5e ++++ libzypp: - Avoid libcurl-mini4 when building as it does not support ftp protocol. - Translation: updated .pot file. - version 17.38.1 (35) ------------------------------------------------------------------ ------------------ 2026-1-13 - Jan 13 2026 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add avahi-CVE-2025-68276.patch: Backport 0c013e2 from upstream, refuse to create wide-area record browsers when wide-area is off. (CVE-2025-68276, bsc#1256498) - Add avahi-CVE-2025-68471.patch: Backport 9c6eb53 from upstream, fix DoS bug by changing assert to return. (CVE-2025-68471, bsc#1256500) - Add avahi-CVE-2025-68468.patch: Backport f66be13 from upstream, fix DoS bug by removing incorrect assertion. (CVE-2025-68468, bsc#1256499) ++++ kernel-default: - Refresh patches.suse/cifs-after-disabling-multichannel-mark-tcon-for-reconnect.patch. - Refresh patches.suse/cifs-avoid-redundant-calls-to-disable-multichannel.patch. - Refresh patches.suse/cifs-cifs_pick_channel-should-try-selecting-active-channels.patch. - Refresh patches.suse/cifs-deal-with-the-channel-loading-lag-while-picking-channels.patch. - Refresh patches.suse/cifs-dns-resolution-is-needed-only-for-primary-channel.patch. - Refresh patches.suse/cifs-do-not-search-for-channel-if-server-is-terminating.patch. - Refresh patches.suse/cifs-fix-a-pending-undercount-of-srv_count.patch. - Refresh patches.suse/cifs-fix-lock-ordering-while-disabling-multichannel.patch. - Refresh patches.suse/cifs-fix-stray-unlock-in-cifs_chan_skip_or_disable.patch. - Refresh patches.suse/cifs-fix-use-after-free-for-iface-while-disabling-secondary-channel.patch. - Refresh patches.suse/cifs-handle-when-server-stops-supporting-multichannel.patch. - Refresh patches.suse/cifs-reconnect-worker-should-take-reference-on-server-struct-uncond.patch. - Refresh patches.suse/cifs-reset-connections-for-all-channels-when-reconnect-requested.patch. - Refresh patches.suse/cifs-reset-iface-weights-when-we-cannot-find-a-candidate.patch. - Refresh patches.suse/smb-client-fix-cifs_pick_channel-when-channel-needs-reconnect.patch. - Refresh patches.suse/smb-client-introduce-close_cached_dir_locked-.patch. - Refresh patches.suse/smb3-add-missing-null-server-pointer-check.patch. - commit 966613b - cifs: fix use after free for iface while disabling secondary channels (git-fixes). - commit dfe1d44 - cifs: reconnect worker should take reference on server struct unconditionally (git-fixes). - Refresh patches.suse/cifs-handle-servers-that-still-advertise-multichannel-after-disabli.patch. - Refresh patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch. - commit a6f7e74 - Refresh patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch. - commit f14b40c - cifs: avoid redundant calls to disable multichannel (git-fixes). - smb3: add missing null server pointer check (git-fixes). - Refresh patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch. - Refresh patches.suse/cifs-serialize-other-channels-when-query-server-interfaces-is-pendi.patch. - commit 6f71d7c - cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes). - commit 9d297d5 - cifs: do not search for channel if server is terminating (git-fixes). - commit 1796cf0 - cifs: handle servers that still advertise multichannel after disabling (git-fixes). - cifs: serialize other channels when query server interfaces is pending (git-fixes). - Refresh patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch. - Refresh patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch. - Refresh patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch. - Refresh patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch. - Refresh patches.suse/smb3-fix-for-slab-out-of-bounds-on-mount-to-ksmbd.patch. - commit e76704e - smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes). - commit 59edbd9 - cifs: cifs_pick_channel should try selecting active channels (git-fixes). - commit 3f9ba92 - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - commit 7e74f80 - supported.conf: Mark lan 743x supported (jsc#PED-14571) - commit c174efd - mlx5: Fix default values in create CQ (CVE-2025-68209 bsc#1255230). - commit e7dee05 - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - Refresh patches.suse/x86-microcode-AMD-Handle-the-case-of-no-BIOS-microcode.patch. - commit dca6829 - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - commit 4e60c5e - bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742 bsc#1255707). - commit 53d4b3c - bpf: Improve program stats run-time calculation (CVE-2025-68742 bsc#1255707). - commit 4ed738f ++++ libsoup: - Add libsoup-CVE-2026-0716.patch: Fix out-of-bounds read for websocket (bsc#1256418, CVE-2026-0716, glgo#GNOME/libsoup!494). - Add libsoup-CVE-2026-0719.patch: Fix overflow for password md4sum (bsc#1256399, CVE-2026-0719, glgo#GNOME/libsoup!493). ++++ systemd: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081 bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - Import commit 8bbac1d508acb8aa4e7262f47c7f4076b8350f72 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) ++++ linuxptp: - Move to DevicePolicy=closed instead of -PrivateDevices=true to allow access to devices (bsc#1256059) ++++ nvidia-open-driver-G06-signed: - kernel-5.14.patch * fixes build for sle15-sp4 ++++ python-urllib3: - Add CVE-2026-21441.patch to fix excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331, CVE-2026-21441) ------------------------------------------------------------------ ------------------ 2026-1-12 - Jan 12 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520). - commit 46a797f - tracing: Fix access to trace_event_file (bsc#1254373). - commit 768b257 - virtio_console: fix order of fields cols and rows (stable-fixes). - commit 0d412d7 - drm/amdgpu: Forward VMID reservation errors (git-fixes). - commit a7344a2 - pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling (stable-fixes). - Refresh patches.suse/pinctrl-single-fix-bias-pull-up-down-handling-in-pin.patch. - commit bc41b99 - usb: ohci-nxp: fix device leak on probe failure (git-fixes). - usb: usb-storage: Maintain minimal modifications to the bcdDevice range (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (stable-fixes). - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (stable-fixes). - ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (git-fixes). - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (stable-fixes). - platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (stable-fixes). - pinctrl: single: Fix incorrect type for error return variable (git-fixes). - i3c: fix refcount inconsistency in i3c_master_register (git-fixes). - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (stable-fixes). - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (stable-fixes). - USB: serial: option: move Telit 0x10c7 composition in the right place (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 new compositions (stable-fixes). - USB: serial: option: add Foxconn T99W760 (stable-fixes). - USB: serial: ftdi_sio: match on interface number for jtag (stable-fixes). - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive (stable-fixes). - usb: dwc2: fix hang during shutdown if set as peripheral (git-fixes). - usb: xhci: limit run_graceperiod for only usb 3.0 devices (stable-fixes). - usb: typec: ucsi: Handle incorrect num_connectors capability (stable-fixes). - usbip: Fix locking bug in RT-enabled kernels (stable-fixes). - serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (stable-fixes). - serial: add support of CPCI cards (stable-fixes). - char: applicom: fix NULL pointer dereference in ac_ioctl (stable-fixes). - iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (stable-fixes). - fbdev: gbefb: fix to use physical address instead of dma address (stable-fixes). - via_wdt: fix critical boot hang due to unnamed resource allocation (stable-fixes). - ipmi: Fix __scan_channels() failing to rescan channels (stable-fixes). - ipmi: Fix the race between __scan_channels() and deliver_response() (stable-fixes). - reset: fix BIT macro reference (stable-fixes). - firmware: imx: scu-irq: Init workqueue before request mbox channel (stable-fixes). - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (stable-fixes). - mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (stable-fixes). - ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr (git-fixes). - media: amphion: Remove vpu_vb_is_codecconfig (git-fixes). - media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (stable-fixes). - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (stable-fixes). - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 (stable-fixes). - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (stable-fixes). - ACPICA: Avoid walking the Namespace if start_node is NULL (stable-fixes). - pinctrl: qcom: msm: Fix deadlock in pinmux configuration (stable-fixes). - platform/x86: acer-wmi: Ignore backlight event (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list (stable-fixes). - platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally (stable-fixes). - platform/x86: huawei-wmi: add keys for HONOR models (stable-fixes). - HID: elecom: Add support for ELECOM M-XT3URBK (018F) (stable-fixes). - HID: hid-input: Extend Elan ignore battery quirk to USB (stable-fixes). - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list (stable-fixes). - drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes). - spi: xilinx: increase number of retries before declaring stall (stable-fixes). - spi: imx: keep dma request disabled before dma transfer setup (stable-fixes). - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series (stable-fixes). - Bluetooth: btrtl: Avoid loading the config file on security chips (stable-fixes). - media: amphion: Make some vpu_v4l2 functions static (stable-fixes). - usb: dwc2: disable platform lowlevel hw resources during shutdown (stable-fixes). - media: amphion: Add a frame flush mode for decoder (stable-fixes). - usb: ohci-nxp: Use helper function devm_clk_get_enabled() (stable-fixes). - drm/tilcdc: request and mapp iomem with devres (stable-fixes). - media: verisilicon: g2: Use common helpers to compute chroma and mv offsets (stable-fixes). - media: verisilicon: Store chroma and motion vectors offset (stable-fixes). - i3c: master: Inherit DMA masks and parameters from parent device (stable-fixes). - commit bc3be49 - supported.conf: mark ksmbd unsupported Based on discussion with Enzo Matsumiya it has tuned out that ksmbd module is unsupported but the supported.conf entry is incorrect. Fix that. - commit c800e3f - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - commit daa4104 - Update patches.suse/1260-drm-amdkfd-Add-missing-gfx11-MQD-manager-callbacks.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54261 bsc#1255879). - Update patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch (git-fixes CVE-2025-40211 bsc#1254126). - Update patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch (git-fixes CVE-2025-68346 bsc#1255603). - Update patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch (git-fixes CVE-2025-68753 bsc#1256238). - Update patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch (git-fixes CVE-2025-68347 bsc#1255706). - Update patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch (git-fixes CVE-2025-68345 bsc#1255601). - Update patches.suse/ALSA-pcm-Fix-potential-data-race-at-PCM-memory-.patch (bsc#1012628 CVE-2023-54072 bsc#1256291). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch (git-fixes CVE-2025-40275 bsc#1254829). - Update patches.suse/ALSA-usb-audio-Fix-potential-memory-leaks-at-error-p.patch (jsc#PED-6045 jsc#PED-6036 jsc#PED-6104 jsc#PED-6114 jsc#PED-6067 jsc#PED-6123 CVE-2023-54022 bsc#1255545). - Update patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch (stable-fixes CVE-2025-40269 bsc#1255035). - Update patches.suse/ASoC-codecs-wcd-mbhc-v2-fix-resource-leaks-on-c.patch (bsc#1012628 CVE-2023-53842 bsc#1254690). - Update patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch (git-fixes CVE-2025-40282 bsc#1254850). - Update patches.suse/Bluetooth-ISO-fix-iso_conn-related-locking-and-.patch (bsc#1012628 CVE-2023-54164 bsc#1256071). - Update patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch (git-fixes CVE-2025-40284 bsc#1254860). - Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch (stable-fixes CVE-2025-40309 bsc#1255065). - Update patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch (stable-fixes CVE-2025-40308 bsc#1255064). - Update patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch (git-fixes CVE-2025-40283 bsc#1254858). - Update patches.suse/Bluetooth-hci_conn-return-ERR_PTR-instead-of-NU.patch (bsc#1012628 CVE-2023-54038 bsc#1255540). - Update patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch (git-fixes CVE-2025-40301 bsc#1255193). - Update patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch (git-fixes CVE-2025-68305 bsc#1255169). - Update patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-.patch (bsc#1012628 CVE-2023-54210 bsc#1255955). - Update patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-for-h.patch (git-fixes CVE-2023-53828 bsc#1254623). - Update patches.suse/Bluetooth-hci_sync-Fix-UAF-in-hci_disconnect_all_syn.patch (git-fixes CVE-2023-53762 bsc#1254606). - Update patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch (git-fixes CVE-2025-40318 bsc#1254798). - Update patches.suse/FS-JFS-Check-for-read-only-mounted-filesystem-i.patch (bsc#1012628 CVE-2023-53766 bsc#1255005). - Update patches.suse/HID-hidraw-fix-data-race-on-device-refcount.patch (bsc#1012628 CVE-2023-53759 bsc#1254663). - Update patches.suse/HID-uclogic-Correct-devm-device-reference-for-hidinp.patch (git-fixes CVE-2023-54207 bsc#1255961). - Update patches.suse/HID-wacom-Use-ktime_t-rather-than-int-when-deal.patch (bsc#1012628 CVE-2023-53797 bsc#1254733). - Update patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch (stable-fixes CVE-2025-40263 bsc#1255077). - Update patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch (git-fixes CVE-2025-40262 bsc#1254840). - Update patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch (git-fixes CVE-2025-68217 bsc#1255221). - Update patches.suse/KVM-SVM-Get-source-vCPUs-from-source-VM-for-SEV-ES-i.patch (git-fixes CVE-2023-54296 bsc#1255793). - Update patches.suse/KVM-s390-pv-fix-index-value-of-replaced-ASCE.patch (bsc#1012628 CVE-2023-54092 bsc#1256370). - Update patches.suse/MIPS-KVM-Fix-NULL-pointer-dereference.patch (bsc#1012628 CVE-2023-54241 bsc#1255838). - Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch (git-fixes CVE-2025-40324 bsc#1254791). - Update patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch (git-fixes CVE-2025-40273 bsc#1254828). - Update patches.suse/PCI-DOE-Fix-destroy_work_on_stack-race.patch (git-fixes CVE-2023-54235 bsc#1255921). - Update patches.suse/PCI-Free-released-resource-after-coalescing.patch (git-fixes CVE-2023-53743 bsc#1254782). - Update patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch (git-fixes CVE-2025-40219 bsc#1254518). - Update patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch (stable-fixes CVE-2025-68176 bsc#1255329). - Update patches.suse/RDMA-bnxt_re-Prevent-handling-any-completions-a.patch (bsc#1012628 CVE-2023-54048 bsc#1256395). - Update patches.suse/RDMA-efa-Fix-wrong-resources-deallocation-order.patch (git-fixes CVE-2023-54201 bsc#1255964). - Update patches.suse/RDMA-irdma-Fix-data-race-on-CQP-completion-stat.patch (bsc#1012628 CVE-2023-54302 bsc#1255792). - Update patches.suse/RDMA-irdma-Fix-data-race-on-CQP-request-done.patch (bsc#1012628 CVE-2023-54292 bsc#1255800). - Update patches.suse/Revert-IB-isert-Fix-incorrect-release-of-isert-conne.patch (git-fixes CVE-2023-54219 bsc#1256231). - Update patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch (stable-fixes CVE-2025-40311 bsc#1255068). - Update patches.suse/accel-qaic-Clean-up-integer-overflow-checking-.patch (bsc#1012628 CVE-2023-53778 bsc#1254761). - Update patches.suse/af_unix-Fix-data-race-around-unix_tot_inflight.patch (git-fixes CVE-2023-54006 bsc#1255591). - Update patches.suse/amba-bus-fix-refcount-leak.patch (git-fixes CVE-2023-54230 bsc#1255925). - Update patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch (stable-fixes CVE-2025-40310 bsc#1255041). - Update patches.suse/amdgpu-validate-offset_in_bo-of-drm_amdgpu_gem_.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53819 bsc#1254712). - Update patches.suse/arm64-mm-fix-VA-range-sanity-check.patch (bsc#1012628 CVE-2023-53989 bsc#1256302). - Update patches.suse/arm64-set-__exception_irq_entry-with-__irq_entr.patch (bsc#1012628 CVE-2023-54322 bsc#1255763). - Update patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch (git-fixes CVE-2025-68339 bsc#1255505). - Update patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch (git-fixes CVE-2023-54045 bsc#1256285). - Update patches.suse/autofs-fix-memory-leak-of-waitqueues-in-autofs_catat.patch (git-fixes CVE-2023-54134 bsc#1256106). - Update patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch (git-fixes CVE-2025-68758 bsc#1255944). - Update patches.suse/bcache-fixup-btree_cache_wait-list-damage.patch (bsc#1012628 CVE-2023-54293 bsc#1255801). - Update patches.suse/binder-fix-memory-leak-in-binder_init.patch (bsc#1012628 CVE-2023-54005 bsc#1255629). - Update patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch (bsc#1216062 CVE-2023-54271 bsc#1255902). - Update patches.suse/blk-cgroup-hold-queue_lock-when-removing-blkg-.patch (bsc#1012628 CVE-2023-54088 bsc#1256263). - Update patches.suse/blk-mq-fix-tags-leak-when-shrink-nr_hw_queues.patch (bsc#1216436 CVE-2023-54227 bsc#1255952). - Update patches.suse/block-fix-blktrace-debugfs-entries-leakage.patch (bsc#1012628 CVE-2023-54209 bsc#1255963). - Update patches.suse/block-rq_qos-protect-rq_qos-apis-with-a-new-loc.patch (bsc#1012628 CVE-2023-53823 bsc#1254691). - Update patches.suse/bpf-Address-KCSAN-report-on-bpf_lru_list.patch (bsc#1012628 CVE-2023-54283 bsc#1255809). - Update patches.suse/bpf-Disable-preemption-in-bpf_event_output.patch (bsc#1012628 CVE-2023-54173 bsc#1255996). - Update patches.suse/bpf-Disable-preemption-in-bpf_perf_event_outpu.patch (bsc#1012628 CVE-2023-54303 bsc#1255785). - Update patches.suse/bpf-Fix-issue-in-verifying-allow_ptr_leaks.patch (jsc#PED-6811 CVE-2023-54181 bsc#1255988). - Update patches.suse/bpf-Silence-a-warning-in-btf_type_id_size.patch (bsc#1012628 CVE-2023-54247 bsc#1255892). - Update patches.suse/bpf-bpf_sk_storage-Fix-invalid-wait-context-lockdep-.patch (jsc#PED-6811 CVE-2023-53857 bsc#1254648). - Update patches.suse/bpf-drop-unnecessary-user-triggerable-WARN_ONCE.patch (bsc#1012628 CVE-2023-54145 bsc#1256090). - Update patches.suse/bpf-sockmap-Fix-skb-refcnt-race-after-locking-change.patch (jsc#PED-6811 CVE-2023-53836 bsc#1254693). - Update patches.suse/btrfs-fix-incorrect-splitting-in-btrfs_drop_ex.patch (bsc#1012628 CVE-2023-54121 bsc#1256267). - Update patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch (git-fixes CVE-2023-54224 bsc#1255951). - Update patches.suse/btrfs-fix-race-between-balance-and-cancel-pause.patch (bsc#1012628 CVE-2023-54023 bsc#1256301). - Update patches.suse/btrfs-fix-race-when-deleting-free-space-root-fr.patch (bsc#1012628 CVE-2023-54067 bsc#1256369). - Update patches.suse/btrfs-fix-race-when-deleting-quota-root-from-th.patch (bsc#1012628 CVE-2023-54032 bsc#1255617). - Update patches.suse/btrfs-fix-warning-when-putting-transaction-with.patch (bsc#1012628 CVE-2023-53865 bsc#1254762). - Update patches.suse/btrfs-release-path-before-inode-lookup-during-the-in.patch (git-fixes CVE-2023-54281 bsc#1255820). - Update patches.suse/btrfs-remove-BUG_ON-s-in-add_new_free_space.patch (bsc#1012628 CVE-2023-54185 bsc#1255984). - Update patches.suse/btrfs-set-page-extent-mapped-after-read_folio-in-rel.patch (git-fixes CVE-2023-54253 bsc#1255891). - Update patches.suse/btrfs-zoned-fix-memory-leak-after-finding-block.patch (bsc#1012628 CVE-2023-54297 bsc#1255795). - Update patches.suse/btrfs-zoned-skip-splitting-and-logical-rewriting-on-.patch (bsc#1223731 CVE-2024-26944 CVE-2023-54080 bsc#1256367). - Update patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch (git-fixes CVE-2025-68307 bsc#1255146). - Update patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch (git-fixes CVE-2025-68308 bsc#1255149). - Update patches.suse/cifs-fix-potential-oops-in-cifs_oplock_break.patch (bsc#1012628 CVE-2023-54258 bsc#1255886). - Update patches.suse/cifs-fix-session-state-check-in-reconnect-to-a.patch (bsc#1012628 CVE-2023-53794 bsc#1255163). - Update patches.suse/clk-clocking-wizard-Fix-Oops-in-clk_wzrd_regist.patch (bsc#1012628 CVE-2023-53807 bsc#1254724). - Update patches.suse/clk-imx93-fix-memory-leak-and-missing-unwind-go.patch (bsc#1012628 CVE-2023-54221 bsc#1255842). - Update patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch (git-fixes CVE-2025-68332 bsc#1255483). - Update patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch (git-fixes CVE-2025-68257 bsc#1255167). - Update patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch (git-fixes CVE-2025-68258 bsc#1255182). - Update patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch (git-fixes CVE-2025-68335 bsc#1255480). - Update patches.suse/crypto-api-Use-work-queue-in-crypto_destroy_instance.patch (git-fixes CVE-2023-53799 bsc#1254732). - Update patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch (git-fixes CVE-2025-68172 bsc#1255253). - Update patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch (git-fixes CVE-2025-68724 bsc#1255550). - Update patches.suse/dccp-Fix-out-of-bounds-access-in-DCCP-error-handler.patch (bsc#1220419 CVE-2023-53782 bsc#1254758). - Update patches.suse/dccp-fix-data-race-around-dp-dccps_mss_cache.patch (bsc#1012628 CVE-2023-53839 bsc#1254655). - Update patches.suse/devlink-report-devlink_port_type_warn-source-de.patch (bsc#1012628 CVE-2023-53841 bsc#1255009). - Update patches.suse/dm-don-t-attempt-to-queue-IO-under-RCU-protection-a9ce.patch (jsc#PED-7514 CVE-2023-53860 bsc#1254626). - Update patches.suse/dm-fix-a-race-condition-in-retrieve_deps-f600.patch (jsc#PED-7514 CVE-2023-54324 bsc#1255759). - Update patches.suse/driver-soc-xilinx-use-_safe-loop-iterator-to-av.patch (bsc#1012628 CVE-2023-54101 bsc#1256153). - Update patches.suse/drm-amd-display-Check-NULL-before-accessing.patch (stable-fixes CVE-2025-68286 bsc#1255351). - Update patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch (git-fixes CVE-2025-68180 bsc#1255252). - Update patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch (stable-fixes CVE-2025-40288 bsc#1255057). - Update patches.suse/drm-bridge-dw_hdmi-fix-connector-access-for-scd.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53784 bsc#1254765). - Update patches.suse/drm-client-Fix-memory-leak-in-drm_client_target.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54091 bsc#1256274). - Update patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch (git-fixes CVE-2025-68244 bsc#1255190). - Update patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch (git-fixes CVE-2025-40316 bsc#1254797). - Update patches.suse/drm-msm-dp-Drop-aux-devices-together-with-DP-co.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53851 bsc#1254695). - Update patches.suse/drm-mxsfb-Disable-overlay-plane-in-mxsfb_plane_overl.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53864 bsc#1254754). - Update patches.suse/drm-nouveau-kms-nv50-init-hpd_irq_lock-for-PIOR.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54263 bsc#1255883). - Update patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch (git-fixes CVE-2025-40329 bsc#1254621). - Update patches.suse/drm-tegra-Add-call-to-put_pid.patch (git-fixes CVE-2025-68233 bsc#1255206). - Update patches.suse/drm-ttm-Don-t-leak-a-resource-on-eviction-error.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54254 bsc#1255890). - Update patches.suse/drm-ttm-Don-t-leak-a-resource-on-swapout-move-e.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53844 bsc#1254649). - Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (git-fixes CVE-2025-68757 bsc#1255943). - Update patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch (git-fixes CVE-2025-40277 bsc#1254894). - Update patches.suse/erofs-kill-hooked-chains-to-avoid-loops-on-dedu.patch (bsc#1012628 CVE-2023-53777 bsc#1254749). - Update patches.suse/exfat-use-kvmalloc_array-kvfree-instead-of-kma.patch (bsc#1012628 CVE-2023-54194 bsc#1255974). - Update patches.suse/ext4-correct-grp-validation-in-ext4_mb_good_group.patch (bsc#1234163 CVE-2023-53861 bsc#1254678). - Update patches.suse/ext4-fix-BUG-in-ext4_mb_new_inode_pa-due-to-overflow.patch (bsc#1219165 CVE-2023-54069 bsc#1256371). - Update patches.suse/ext4-fix-rbtree-traversal-bug-in-ext4_mb_use_pr.patch (bsc#1012628 CVE-2023-53813 bsc#1254717). - Update patches.suse/ext4-turn-quotas-off-if-mount-failed-after-enab.patch (bsc#1012628 CVE-2023-54153 bsc#1256081). - Update patches.suse/f2fs-fix-to-do-sanity-check-on-direct-node-in-.patch (bsc#1012628 CVE-2023-53846 bsc#1254983). - Update patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch (stable-fixes CVE-2025-40323 bsc#1255094). - Update patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch (stable-fixes CVE-2025-40304 bsc#1255034). - Update patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (stable-fixes CVE-2025-40322 bsc#1255092). - Update patches.suse/firmware-meson_sm-fix-to-avoid-potential-NULL-pointe.patch (git-fixes CVE-2023-54304 bsc#1255786). - Update patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch (git-fixes CVE-2025-68328 bsc#1255489). - Update patches.suse/fs-Protect-reconfiguration-of-sb-read-write-fr.patch (bsc#1012628 CVE-2023-54099 bsc#1256197). - Update patches.suse/fs-jfs-prevent-double-free-in-dbUnmount-after-failed-jfs_remount.patch (git-fixes CVE-2023-54127 bsc#1256119). - Update patches.suse/fs-ntfs3-Return-error-for-inconsistent-extende.patch (bsc#1012628 CVE-2023-54125 bsc#1256117). - Update patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-b.patch (bsc#1012628 CVE-2023-54264 bsc#1255872). - Update patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch (git-fixes CVE-2025-68732 bsc#1255688). - Update patches.suse/gtp-Fix-use-after-free-in-__gtp_encap_destroy.patch (bsc#1012628 CVE-2023-54142 bsc#1256095). - Update patches.suse/hfs-validate-record-offset-in-hfsplus_bmap_alloc.patch (git-fixes CVE-2025-40349 bsc#1255280). - Update patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-__hfsplus_ext_cache_extent.patch (git-fixes CVE-2025-40244 bsc#1255033). - Update patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-hfsplus_delete_cat.patch (git-fixes CVE-2025-40351 bsc#1255281). - Update patches.suse/hwrng-virtio-Fix-race-on-data_avail-and-actual-.patch (bsc#1012628 CVE-2023-53998 bsc#1255578). - Update patches.suse/iavf-use-internal-state-to-free-traffic-IRQs.patch (bsc#1012628 CVE-2023-53850 bsc#1254677). - Update patches.suse/ice-prevent-NULL-pointer-deref-during-reload.patch (bsc#1012628 CVE-2023-54037 bsc#1255557). - Update patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch (jsc#PED-4866 CVE-2023-54070 bsc#1256364). - Update patches.suse/igc-Fix-Kernel-Panic-during-ndo_tx_timeout-call.patch (bsc#1012628 CVE-2023-54166 bsc#1256074). - Update patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch (stable-fixes CVE-2025-68330 bsc#1255493). - Update patches.suse/iio-adc-ina2xx-avoid-NULL-pointer-dereference-.patch (bsc#1012628 CVE-2023-53834 bsc#1254660). - Update patches.suse/iio-core-Prevent-invalid-memory-access-when-th.patch (bsc#1012628 CVE-2023-54027 bsc#1255579). - Update patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch (git-fixes CVE-2025-68740 bsc#1255812). - Update patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch (stable-fixes CVE-2025-68183 bsc#1255251). - Update patches.suse/io_uring-net-don-t-overflow-multishot-recv.patch (bsc#1215211 CVE-2023-54030 bsc#1255691). - Update patches.suse/iomap-Fix-possible-overflow-condition-in-iomap_write_delalloc_scan.patch (jsc#PED-5453 CVE-2023-54285 bsc#1255807). - Update patches.suse/iommufd-IOMMUFD_DESTROY-should-not-increase-the.patch (bsc#1012628 CVE-2023-53795 bsc#1254737). - Update patches.suse/iommufd-Set-end-correctly-when-doing-batch-carr.patch (bsc#1012628 CVE-2023-54060 bsc#1256379). - Update patches.suse/ionic-remove-WARN_ON-to-prevent-panic_on_warn.patch (bsc#1012628 CVE-2023-53994 bsc#1255570). - Update patches.suse/ip6_vti-fix-slab-use-after-free-in-decode_sess.patch (bsc#1012628 CVE-2023-53821 bsc#1254669). - Update patches.suse/ipmi-ssif-Fix-a-memory-leak-when-scanning-for-an-ada.patch (git-fixes CVE-2023-54064 bsc#1256375). - Update patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch (git-fixes CVE-2025-68766 bsc#1255932). - Update patches.suse/isdn-mISDN-hfcsusb-fix-memory-leak-in-hfcsusb_probe.patch (git-fixes CVE-2025-68734 bsc#1255538). - Update patches.suse/jfs-Verify-inode-mode-when-loading-from-disk.patch (git-fixes CVE-2025-40312 bsc#1255046). - Update patches.suse/jfs-fix-uninitialized-waitqueue-in-transaction-manager.patch (git-fixes CVE-2025-68168 bsc#1255100). - Update patches.suse/kcm-Fix-error-handling-for-SOCK_DGRAM-in-kcm_sendmsg.patch (bsc#1220419 CVE-2023-53825 bsc#1254707). - Update patches.suse/kcm-Fix-memory-leak-in-error-path-of-kcm_sendmsg.patch (bsc#1220419 CVE-2023-54112 bsc#1256354). - Update patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s.patch (bsc#1012628 CVE-2023-54170 bsc#1256045). - Update patches.suse/maple_tree-fix-potential-out-of-bounds-access-i.patch (bsc#1012628 CVE-2023-54135 bsc#1256107). - Update patches.suse/md-fix-warning-for-holder-mismatch-from-export_rdev.patch (git-fixes CVE-2023-53791 bsc#1254742). - Update patches.suse/md-raid5-cache-fix-a-deadlock-in-r5l_exit_log-a705.patch (jsc#PED-7542 CVE-2023-53848 bsc#1254753). - Update patches.suse/media-af9005-Fix-null-ptr-deref-in-af9005_i2c_xfer.patch (git-fixes CVE-2023-54314 bsc#1255776). - Update patches.suse/media-anysee-fix-null-ptr-deref-in-anysee_master_xfe.patch (git-fixes CVE-2023-54093 bsc#1256273). - Update patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch (git-fixes CVE-2023-54266 bsc#1255875). - Update patches.suse/media-dvb-usb-v2-gl861-Fix-null-ptr-deref-in-gl861_i.patch (git-fixes CVE-2023-54066 bsc#1256373). - Update patches.suse/media-imon-make-send_packet-more-robust.patch (stable-fixes CVE-2025-68194 bsc#1255325). - Update patches.suse/media-mediatek-vcodec-fix-resource-leaks-in-vdec_msg.patch (git-fixes CVE-2023-54143 bsc#1256096). - Update patches.suse/media-tuners-qt1010-replace-BUG_ON-with-a-regular-er.patch (git-fixes CVE-2023-54282 bsc#1255810). - Update patches.suse/media-v4l2-core-Fix-a-potential-resource-leak-in-v4l.patch (git-fixes CVE-2023-54183 bsc#1255990). - Update patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch (git-fixes CVE-2025-68252 bsc#1255197). - Update patches.suse/misc-pci_endpoint_test-Free-IRQs-before-removin.patch (bsc#1012628 CVE-2023-54326 bsc#1255758). - Update patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch (git-fixes CVE-2025-40272 bsc#1254832). - Update patches.suse/mmc-sunplus-fix-return-value-check-of-mmc_add_.patch (bsc#1012628 CVE-2023-54204 bsc#1255967). - Update patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch (git-fixes CVE-2025-40223 bsc#1254957). - Update patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch (git-fixes CVE-2025-68290 bsc#1255154). - Update patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch (git-fixes CVE-2025-68249 bsc#1255233). - Update patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch (git-fixes CVE-2025-68765 bsc#1255931). - Update patches.suse/mt76-mt7921-don-t-assume-adequate-headroom-for-SDIO-.patch (git-fixes CVE-2023-53785 bsc#1254918). - Update patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch (git-fixes CVE-2025-68238 bsc#1255202). - Update patches.suse/mtd-rawnand-fsl_upm-Fix-an-off-by-one-test-in-.patch (bsc#1012628 CVE-2023-54104 bsc#1256145). - Update patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch (git-fixes CVE-2025-68237 bsc#1255203). - Update patches.suse/net-core-remove-unnecessary-frame_sz-check-in-.patch (bsc#1012628 CVE-2023-54155 bsc#1256083). - Update patches.suse/net-deal-with-integer-overflows-in-kmalloc_reserve.patch (bsc#1215146 CVE-2023-42752 CVE-2023-53752 bsc#1254613). - Update patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_.patch (bsc#1012628 CVE-2023-54051 bsc#1256394). - Update patches.suse/net-dsa-avoid-suspicious-RCU-usage-for-synced-V.patch (bsc#1012628 CVE-2023-54149 bsc#1256085). - Update patches.suse/net-dsa-ocelot-call-dsa_tag_8021q_unregister-u.patch (bsc#1012628 CVE-2023-53855 bsc#1254688). - Update patches.suse/net-ethernet-mtk_eth_soc-fix-possible-NULL-pointer-d.patch (git-fixes CVE-2023-54240 bsc#1255918). - Update patches.suse/net-hns3-fix-deadlock-issue-when-externel_lb-a.patch (bsc#1012628 CVE-2023-54000 bsc#1255564). - Update patches.suse/net-ipa-only-reset-hashed-tables-when-supported.patch (bsc#1012628 CVE-2023-54225 bsc#1256234). - Update patches.suse/net-ipv4-fix-one-memleak-in-__inet_del_ifa.patch (bsc#1220419 CVE-2023-53995 bsc#1255616). - Update patches.suse/net-mlx5-fix-potential-memory-leak-in-mlx5e_in.patch (bsc#1012628 CVE-2023-54106 bsc#1256358). - Update patches.suse/net-mlx5e-Move-representor-neigh-cleanup-to-pr.patch (bsc#1012628 CVE-2023-54148 bsc#1256084). - Update patches.suse/net-mlx5e-TC-Fix-internal-port-memory-leak.patch (bsc#1012628 CVE-2023-53999 bsc#1255621). - Update patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_ptp_open.patch (bsc#1012628 CVE-2023-54169 bsc#1256050). - Update patches.suse/net-mlx5e-xsk-Fix-invalid-buffer-access-for-le.patch (bsc#1012628 CVE-2023-54223 bsc#1256233). - Update patches.suse/net-openvswitch-reject-negative-ifindex.patch (bsc#1012628 CVE-2023-53843 bsc#1254705). - Update patches.suse/net-prevent-skb-corruption-on-frag-list-segment.patch (bsc#1012628 CVE-2023-54094 bsc#1256292). - Update patches.suse/net-read-sk-sk_family-once-in-sk_mc_loop.patch (bsc#1220419 CVE-2023-53831 bsc#1254701). - Update patches.suse/net-sched-taprio-Limit-TCA_TAPRIO_ATTR_SCHED_C.patch (bsc#1012628 CVE-2023-54251 bsc#1255888). - Update patches.suse/net-smc-use-smc_lgr_list.lock-to-protect-smc_lgr_lis.patch (git-fixes CVE-2023-54318 bsc#1255772). - Update patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch (git-fixes CVE-2025-68192 bsc#1255246). - Update patches.suse/netfilter-nf_tables-fix-underflow-in-chain-refe.patch (bsc#1012628 CVE-2023-54035 bsc#1255563). - Update patches.suse/netlink-do-not-hard-code-device-address-lenth-i.patch (bsc#1012628 CVE-2023-53863 bsc#1254657). - Update patches.suse/nfp-clean-mc-addresses-in-application-firmware-.patch (bsc#1012628 CVE-2023-54133 bsc#1256104). - Update patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch (git-fixes CVE-2025-68185 bsc#1255135). - Update patches.suse/nfsd-move-init-of-percpu-reply_cache_stats-coun.patch (bsc#1012628 CVE-2023-54276 bsc#1255907). - Update patches.suse/nilfs2-fix-WARNING-in-mark_buffer_dirty-due-to.patch (bsc#1012628 CVE-2023-54140 bsc#1256093). - Update patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch (git-fixes CVE-2025-68235 bsc#1255209). - Update patches.suse/nvme-core-fix-memory-leak-in-dhchap_ctrl_secret.patch (bsc#1012628 CVE-2023-53792 bsc#1254743). - Update patches.suse/nvme-core-fix-memory-leak-in-dhchap_secret_stor.patch (bsc#1012628 CVE-2023-53852 bsc#1254653). - Update patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch (bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274). - Update patches.suse/nvme-multipath-fix-lockdep-WARN-due-to-partition-sca.patch (git-fixes bsc#1233640 CVE-2024-53093 CVE-2025-68218 bsc#1255245). - Update patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch (bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276). - Update patches.suse/of-overlay-Call-of_changeset_init-early.patch (git-fixes CVE-2023-53856 bsc#1254661). - Update patches.suse/of-unittest-fix-null-pointer-dereferencing-in-of_uni.patch (git-fixes CVE-2023-54178 bsc#1255992). - Update patches.suse/opp-Fix-use-after-free-in-lazy_opp_tables-after.patch (bsc#1012628 CVE-2023-54026 bsc#1255549). - Update patches.suse/orangefs-fix-xattr-related-buffer-overflow.patch (git-fixes CVE-2025-40306 bsc#1255062). - Update patches.suse/ovl-fix-null-pointer-dereference-in-ovl_get_acl.patch (bsc#1012628 CVE-2023-54313 bsc#1255775). - Update patches.suse/pcmcia-rsrc_nonstatic-Fix-memory-leak-in-nonst.patch (bsc#1012628 CVE-2023-54115 bsc#1256121). - Update patches.suse/perf-tool-x86-Fix-perf_env-memory-leak.patch (bsc#1012628 CVE-2023-53793 bsc#1254739). - Update patches.suse/phy-tegra-xusb-Clear-the-driver-reference-in-us.patch (bsc#1012628 CVE-2023-54083 bsc#1256368). - Update patches.suse/pinctrl-at91-pio4-check-return-value-of-devm_ka.patch (bsc#1012628 CVE-2023-54319 bsc#1255760). - Update patches.suse/pinctrl-freescale-Fix-a-memory-out-of-bounds-wh.patch (bsc#1012628 CVE-2023-53750 bsc#1254611). - Update patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch (git-fixes CVE-2025-68222 bsc#1255218). - Update patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch (git-fixes CVE-2025-68303 bsc#1255122). - Update patches.suse/posix-timers-Prevent-RT-livelock-in-itimer_dele.patch (bsc#1012628 CVE-2023-53815 bsc#1254715). - Update patches.suse/powerpc-64s-Fix-VAS-mm-use-after-free.patch (bsc#1012628 CVE-2023-54042 bsc#1255702). - Update patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch (bsc#1065729 CVE-2023-54095 bsc#1256271). - Update patches.suse/powerpc-powernv-sriov-perform-null-check-on-iov.patch (bsc#1012628 CVE-2023-54315 bsc#1255769). - Update patches.suse/powerpc-pseries-Rework-lppaca_shared_proc-to-avoid-D.patch (bsc#1194869 CVE-2023-54267 bsc#1255899). - Update patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch (bsc#1194869 CVE-2023-54017 bsc#1255605). - Update patches.suse/pstore-ram-Add-check-for-kstrdup.patch (bsc#1012628 CVE-2023-54189 bsc#1255978). - Update patches.suse/quota-fix-warning-in-dqgrab.patch (bsc#1012628 CVE-2023-54177 bsc#1255993). - Update patches.suse/rcu-dump-vmalloc-memory-info-safely.patch (git-fixes CVE-2023-54113 bsc#1256351). - Update patches.suse/rcuscale-Move-rcu_scale_writer-schedule_timeout_unin.patch (git-fixes CVE-2023-54246 bsc#1255915). - Update patches.suse/refscale-Fix-uninitalized-use-of-wait_queue_head_t.patch (git-fixes CVE-2023-54316 bsc#1255770). - Update patches.suse/regmap-irq-Fix-out-of-bounds-access-when-alloca.patch (bsc#1012628 CVE-2023-53768 bsc#1254599). - Update patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch (git-fixes CVE-2025-40317 bsc#1254796). - Update patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch (git-fixes CVE-2025-68354 bsc#1255553). - Update patches.suse/regulator-da9063-fix-null-pointer-deref-with-pa.patch (bsc#1012628 CVE-2023-53787 bsc#1254750). - Update patches.suse/rpmsg-glink-Add-check-for-kstrdup.patch (git-fixes CVE-2023-54049 bsc#1256396). - Update patches.suse/s390-dcssblk-fix-kernel-crash-with-list_add-corruption.patch (git-fixes bsc#1215344 CVE-2023-54117 bsc#1256348). - Update patches.suse/s390-vmem-split-pages-when-debug-pagealloc-is-.patch (bsc#1012628 CVE-2023-54278 bsc#1255911). - Update patches.suse/samples-bpf-Fix-buffer-overflow-in-tcp_basertt.patch (bsc#1012628 CVE-2023-54312 bsc#1255774). - Update patches.suse/sched-psi-use-kernfs-polling-functions-for-PSI-.patch (bsc#1012628 CVE-2023-54019 bsc#1255636). - Update patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handlin.patch (bsc#1012628 CVE-2023-54289 bsc#1255806). - Update patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch (bsc#1012628 CVE-2023-54179 bsc#1255994). - Update patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_b.patch (bsc#1012628 CVE-2023-54014 bsc#1256300). - Update patches.suse/scsi-target-core-Fix-target_cmd_counter-leak.patch (bsc#1214847 CVE-2023-54154 bsc#1256082). - Update patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_chang.patch (bsc#1012628 CVE-2023-54220 bsc#1255949). - Update patches.suse/serial-sprd-Fix-DMA-buffer-leak-issue.patch (git-fixes CVE-2023-54136 bsc#1256099). - Update patches.suse/sfc-fix-crash-when-reading-stats-while-NIC-is-r.patch (bsc#1012628 CVE-2023-54156 bsc#1255704). - Update patches.suse/sh-dma-Fix-DMA-channel-offset-calculation.patch (bsc#1012628 CVE-2023-54255 bsc#1255884). - Update patches.suse/smb-client-fix-missed-ses-refcounting.patch (bsc#1012628 CVE-2023-54076 bsc#1256335). - Update patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch (bsc#1248886 CVE-2025-40320 bsc#1254793). - Update patches.suse/soundwire-fix-enumeration-completion.patch (bsc#1012628 CVE-2023-54096 bsc#1256178). - Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch (bsc#1253155 CVE-2025-68746 bsc#1255722). - Update patches.suse/staging-r8712-Fix-memory-leak-in-_r8712_init_xm.patch (bsc#1012628 CVE-2023-54001 bsc#1255628). - Update patches.suse/thermal-of-fix-double-free-on-unregistration.patch (bsc#1012628 CVE-2023-53997 bsc#1255632). - Update patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-.patch (bsc#1012628 CVE-2023-54309 bsc#1255780). - Update patches.suse/tracing-Fix-memory-leak-of-iter-temp-when-readi.patch (bsc#1012628 CVE-2023-54171 bsc#1256034). - Update patches.suse/tracing-Fix-warning-in-trace_buffered_event_dis.patch (bsc#1012628 CVE-2023-54211 bsc#1255843). - Update patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c.patch (bsc#1012628 CVE-2023-53858 bsc#1254704). - Update patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch (stable-fixes CVE-2025-40314 bsc#1255072). - Update patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch (git-fixes CVE-2025-68287 bsc#1255152). - Update patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch (git-fixes CVE-2025-68289 bsc#1255155). - Update patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch (stable-fixes CVE-2025-40315 bsc#1255083). - Update patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch (stable-fixes CVE-2025-68750 bsc#1255814). - Update patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_.patch (bsc#1012628 CVE-2023-53847 bsc#1254698). - Update patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch (stable-fixes CVE-2025-40345 bsc#1255279). - Update patches.suse/usb-typec-bus-verify-partner-exists-in-typec_altmode.patch (git-fixes CVE-2023-54299 bsc#1255789). - Update patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch (git-fixes CVE-2025-68331 bsc#1255495). - Update patches.suse/usbnet-Prevents-free-active-kevent.patch (git-fixes CVE-2025-68312 bsc#1255171). - Update patches.suse/vdpa-Add-queue-index-attr-to-vdpa_nl_policy-fo.patch (bsc#1012628 CVE-2023-54031 bsc#1255583). - Update patches.suse/vduse-fix-NULL-pointer-dereference.patch (bsc#1012628 CVE-2023-54291 bsc#1255798). - Update patches.suse/vfio-type1-fix-cap_migration-information-leak (jsc#PED-7779 jsc#PED-7780 CVE-2023-54137 bsc#1256100). - Update patches.suse/virtio-vdpa-Fix-cpumask-memory-leak-in-virtio_.patch (bsc#1012628 CVE-2023-54215 bsc#1255957). - Update patches.suse/virtio_pmem-add-the-missing-REQ_OP_WRITE-for-flush-b.patch (git-fixes CVE-2023-54089 bsc#1256268). - Update patches.suse/virtio_vdpa-build-affinity-masks-conditionally.patch (git-fixes CVE-2023-54008 bsc#1255630). - Update patches.suse/wifi-ath11k-Add-missing-hw_ops-get_ring_selecto.patch (bsc#1012628 CVE-2023-54141 bsc#1256094). - Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch (git-fixes CVE-2025-68380 bsc#1255580). - Update patches.suse/wifi-ath11k-fix-registration-of-6Ghz-only-phy-w.patch (bsc#1012628 CVE-2023-54229 bsc#1255924). - Update patches.suse/wifi-ath12k-Fix-memory-leak-in-rx_desc-and-tx_desc.patch (git-fixes CVE-2023-54016 bsc#1256279). - Update patches.suse/wifi-ath9k-avoid-referencing-uninit-memory-in-a.patch (bsc#1012628 CVE-2023-54300 bsc#1255790). - Update patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch (git-fixes CVE-2025-40321 bsc#1254795). - Update patches.suse/wifi-cfg80211-ocb-don-t-leave-if-not-joined.patch (git-fixes CVE-2023-53992 bsc#1256058). - Update patches.suse/wifi-mt76-mt7921-fix-skb-leak-by-txs-missing-i.patch (bsc#1012628 CVE-2023-54052 bsc#1256387). - Update patches.suse/wifi-mwifiex-fix-memory-leak-in-mwifiex_histogram_re.patch (git-fixes CVE-2023-53808 bsc#1254723). - Update patches.suse/wifi-rsi-Do-not-configure-WoWlan-in-shutdown-ho.patch (bsc#1012628 CVE-2023-54025 bsc#1255558). - Update patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch (git-fixes CVE-2025-68759 bsc#1255934). - Update patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch (git-fixes CVE-2025-68362 bsc#1255611). - Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch (git-fixes CVE-2025-68313 bsc#1255415). - Update patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_microco.patch (git-fixes CVE-2025-68195 bsc#1255259). - Update patches.suse/x86-hyperv-Disable-IBT-when-hypercall-page-lac.patch (bsc#1012628 CVE-2023-54172 bsc#1256033). - Update patches.suse/x86-sev-Make-enc_dec_hypercall-accept-a-size-instead-of-npages (bsc#1214635 CVE-2023-53996 bsc#1255618). - Update patches.suse/xen-speed-up-grant-table-reclaim.patch (bsc#1012628 CVE-2023-54081 bsc#1256361). - Update patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch (CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851). - commit c2db288 - Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch (CVE-2025-40287 bsc#1255030 CVE-2025-68351 bsc#1255567). - Update patches.suse/net-enetc-fix-the-deadlock-of-enetc_mdio_lock.patch (CVE-2025-40337 bsc#1255081 CVE-2025-40347 bsc#1255262). - commit 8022326 ++++ kernel-firmware: - Update AMD ucode to 20251203 (bsc#1256483) ++++ net-snmp: - Fix snmptrapd buffer overflow (bsc#1255491, CVE-2025-68615). Add net-snmp-5.9.4-fix-out-of-bounds-trapOid-access.patch ------------------------------------------------------------------ ------------------ 2026-1-11 - Jan 11 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - docs: ABI: sysfs-devices-soc: Fix swapped sample values (git-fixes). - commit 208252e ++++ util-linux-systemd: - Fix heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666, CVE-2025-14104, util-linux-CVE-2025-14104-1.patch, util-linux-CVE-2025-14104-2.patch). ++++ util-linux: - Fix heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666, CVE-2025-14104, util-linux-CVE-2025-14104-1.patch, util-linux-CVE-2025-14104-2.patch). ++++ libzypp: - zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. - cmake: correctly detect rpm6 (fixes #689) - Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) - zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) - version 17.38.0 (35) ------------------------------------------------------------------ ------------------ 2026-1-10 - Jan 10 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: rockchip: mark the GPIO controller as sleeping (git-fixes). - drm/pl111: Fix error handling in pl111_amba_probe (git-fixes). - crypto: qat - fix duplicate restarting msg during AER error (git-fixes). - commit db7c5b1 ------------------------------------------------------------------ ------------------ 2026-1-9 - Jan 9 2026 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Fixed ramdisk sysroot generator Do not use a custom _dev name and stick with the UUID representation of the disk image in RAM after deployment. Former versions of udev did not create a by-uuid device representation which now seems to have changed. This then leads to the device name RamDisk_rootfs not being created the and respective .device unit times out. In addition the timer unit for the standard device representation changed to infinity. This fixes bsc#1254116 ++++ kernel-default: - cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082, CVE-2025-40268). - commit 1547549 - ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366). - commit 73f54be - selftests/bpf: Add test to verify freeing the special fields in pcpu maps (CVE-2025-68744 bsc#1255709). - commit 7a07150 - bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744 bsc#1255709). - commit 5246440 - pmdomain: arm: scmi: Fix genpd leak on provider registration failure (CVE-2025-68204 bsc#1255224). - commit 51ed7f6 - wifi: mac80211: restore non-chanctx injection behaviour (git-fixes). - pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping (git-fixes). - wifi: avoid kernel-infoleak from struct iw_point (git-fixes). - atm: Fix dma_free_coherent() size (git-fixes). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() (git-fixes). - HID: quirks: work around VID/PID conflict for appledisplay (git-fixes). - ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks (git-fixes). - ALSA: ac97: fix a double free in snd_ac97_controller_register() (git-fixes). - commit 31818ae - binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272 CVE-2025-68239). - commit 40d7043 - fs/proc: fix uaf in proc_readdir_de() (bsc#1255297 CVE-2025-40271). - commit e033d9a - ext4: refresh inline data size before write operations (bsc#1255380 CVE-2025-68264). - commit eb0de51 - ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623 CVE-2025-40190). - commit 7ad9fff - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259 bsc#1255199). - commit bca135e ++++ libtasn1: - Security fix: [bsc#1256341, CVE-2025-13151] * Stack-based buffer overflow. The function asn1_expend_octet_string() fails to validate the size of input data resulting in a buffer overflow. * Add libtasn1-CVE-2025-13151.patch ------------------------------------------------------------------ ------------------ 2026-1-8 - Jan 8 2026 ------------------- ------------------------------------------------------------------ ++++ SL-Micro-release: - fix issue generator.conf bsc#1256098 ++++ gpg2: - Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy) * gpg: Fix possible memory corruption in the armor parser [T7906] * Add gnupg-CVE-2025-68973.patch - Security fix: [bsc#1256246] (gpg.fail/sha1) * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904] * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch - Security fix: [bsc#1256244] (gpg.fail/detached) * gpg: Error out on unverified output for non-detached signatures [T7903] * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch - Security fix: [bsc#1256243] * gpg2 agent: Fix a memory leak * Add patch gnupg-agent-memleak.patch - Security fix: [bsc#1256390] (gpg.fail/notdash) * gpg2: Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG * Add patch gnupg-notdash-escape.patch ++++ kernel-default: - smb: client: introduce close_cached_dir_locked() (git-fixes). - commit f4f985c - smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328 bsc#1254624). - commit e0eb1d9 - cifs: after disabling multichannel, mark tcon for reconnect (git-fixes). - Refresh patches.suse/cifs-cifs_chan_is_iface_active-should-be-called-with-chan_lock-held.patch. - Refresh patches.suse/cifs-handle-cases-where-multiple-sessions-share-connection.patch. - Refresh patches.suse/smb-client-fix-UAF-in-smb2_reconnect_server-.patch. - commit 5105d2e - cifs: fix a pending undercount of srv_count (git-fixes). - Refresh patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch. - commit f2eddbf - cifs: fix lock ordering while disabling multichannel (git-fixes). - commit 897a8e5 - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318) - commit 24256b7 - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (CVE-2025-40278 bsc#1254825). - commit 34ab5ba - bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378 bsc#1255614). - commit f957faa - bpf: Refactor stack map trace depth calculation into helper function (CVE-2025-68378 bsc#1255614). - commit 89dceec ++++ libsodium: - Security fix: [bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277] * check Y==Z in addition to X==0 * Add patch libsodium-CVE-2025-15444.patch ++++ libsoup: - Refresh libsoup-CVE-2025-14523.patch: Follow the update of upstream (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!491). ++++ opensuse-migration-tool: - Update to version 20260106.d2cfd39: * Update scripts/20_pulse2pipewire.sh * Update scripts/20_ia32.sh * Update scripts/20_pulse2pipewire.sh * Consistent no-use of sudo in migration scripts * Update scripts/10_keepapparmor.sh * Update scripts/10_keepselinux.sh * Update scripts/10_keepapparmor.sh * Update scripts/10_keepapparmor.sh * Update opensuse-migration-tool * Update scripts/10_keepselinux.sh * Improve DRYRUN option to work well even from scripts * Enable migration to SElinux with proper dryrun * Update 10_keepselinux.sh * Update 10_keepapparmor.sh * Update 10_keepapparmor.sh ------------------------------------------------------------------ ------------------ 2026-1-7 - Jan 7 2026 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1256105, CVE-2025-14017] * call ldap_init() before setting the options * Add patch curl-CVE-2025-14017.patch ++++ kernel-default: - cifs: make sure server interfaces are requested only for SMB3+ (git-fixes). - Refresh patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch. - commit 850b9c8 - iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293 bsc#1255179). - commit 8fb40bc ++++ rust-keylime: - Use tmpfiles.d for /var directories (PED-14736) + tmpfiles.keylime renamed to rust-keylime.conf and extended - Update to version 0.2.8+96: * build(deps): bump wiremock from 0.6.4 to 0.6.5 * build(deps): bump actions/checkout from 5 to 6 * build(deps): bump chrono from 0.4.41 to 0.4.42 * packit: Get coverage from Fedora 43 runs * Fix issues pointed out by clippy * Replace mutex unwraps with proper error handling in TPM library * Remove unused session request methods from StructureFiller * Fix config panic on missing ek_handle in push model agent * build(deps): bump tempfile from 3.21.0 to 3.23.0 * build(deps): bump actions/upload-artifact from 4 to 6 (#1163) * Fix clippy warnings project-wide * Add KEYLIME_DIR support for verifier TLS certificates in push model agent * Thread privileged resources and use MeasurementList for IMA reading * Add privileged resource initialization and privilege dropping to push model agent * Fix privilege dropping order in run_as() * add documentation on FQDN hostnames * Remove confusing logs for push mode agent * Set correct default Verifier port (8891->8881) (#1159) * Add verifier_url to reference configuration file (#1158) * Add TLS support for Registrar communication (#1139) * Fix agent handling of 403 registration responses (#1154) * Add minor README.md rephrasing (#1151) * build(deps): bump actions/checkout from 5 to 6 (#1153) * ci: update spec files for packit COPR build * docs: improve challenge encoding and async TPM documentation * refactor: improve middleware and error handling * feat: add authentication client with middleware integration * docker: Include keylime_push_model_agent binary * Include attestation_interval configuration (#1146) * Persist payload keys to avoid attestation failure on restart * crypto: Implement the load or generate pattern for keys * Use simple algorithm specifiers in certification_keys object (#1140) * tests: Enable more tests in CI * Fix RSA2048 algorithm reporting in keylime agent * Remove disabled_signing_algorithms configuration * rpm: Fix metadata patches to apply to current code * workflows/rpm.yml: Use more strict patching * build(deps): bump uuid from 1.17.0 to 1.18.1 * Fix ECC algorithm selection and reporting for keylime agent * Improve logging consistency and coherency * Implement minimal RFC compliance for Location header and URI parsing (#1125) * Use separate keys for payload mechanism and mTLS * docker: update rust to 1.81 for distroless Dockerfile * Ensure UEFI log capabilities are set to false * build(deps): bump http from 1.1.0 to 1.3.1 * build(deps): bump log from 0.4.27 to 0.4.28 * build(deps): bump cfg-if from 1.0.1 to 1.0.3 * build(deps): bump actix-rt from 2.10.0 to 2.11.0 * build(deps): bump async-trait from 0.1.88 to 0.1.89 * build(deps): bump trybuild from 1.0.105 to 1.0.110 * Accept evidence handling structures null entries * workflows: Add test to check if RPM patches still apply * CI: Enable test add-agent-with-malformed-ek-cert * config: Fix singleton tests * FSM: Remove needless lifetime annotations (#1105) * rpm: Do not remove wiremock which is now available in Fedora * Use latest Fedora httpdate version (1.0.3) * Enhance coverage with parse_retry_after test * Fix issues reported by CI regarding unwrap() calls * Reuse max retries indicated to the ResilientClient * Include limit of retries to 5 for Retry-After * Add policy to handle Retry-After response headers * build(deps): bump wiremock from 0.6.3 to 0.6.4 * build(deps): bump serde_json from 1.0.140 to 1.0.143 * build(deps): bump pest_derive from 2.8.0 to 2.8.1 * build(deps): bump syn from 2.0.90 to 2.0.106 * build(deps): bump tempfile from 3.20.0 to 3.21.0 * build(deps): bump thiserror from 2.0.12 to 2.0.16 * rpm: Fix patches to apply to current master code * build(deps): bump anyhow from 1.0.98 to 1.0.99 * state_machine: Automatically clean config override during tests * config: Implement singleton and factory pattern * testing: Support overriding configuration during tests * feat: implement standalone challenge-response authentication module * structures: rename session structs for clarity and fix typos * tpm: refactor certify_credential_with_iak() into a more generic function * Add Push Model Agent Mermaid FSM chart (#1095) * Add state to avoid exiting on wrong attestation (#1093) * Add 6 alphanumeric lowercase X-Request-ID header * Enhance Evidence Handling response parsing * build(deps): bump quote from 1.0.35 to 1.0.40 * build(deps): bump libc from 0.2.172 to 0.2.175 * build(deps): bump glob from 0.3.2 to 0.3.3 * build(deps): bump actix-web from 4.10.2 to 4.11.0 ++++ selinux-policy: - Update to version 20241031+git17.66062d7a5: * rsync: add rsync_exec_commands boolean and enable it by default (bsc#1231494, bsc#1255372) ------------------------------------------------------------------ ------------------ 2026-1-6 - Jan 6 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251 bsc#1254856). - commit 07d80e9 - Refresh patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch. - Refresh patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch. - commit 4e4929f - cifs: reset iface weights when we cannot find a candidate (git-fixes). - commit a4fc567 - cifs: make cifs_chan_update_iface() a void function (git-fixes). - Refresh patches.suse/cifs-reduce-warning-log-level-for-server-not-advertising-interfaces.patch. - commit d2b9424 - smb: client: fix warning when reconnecting channel (git-fixes). - commit 87ea733 - cifs: do not disable interface polling on failure (git-fixes). - commit 40cfdea - cifs: deal with the channel loading lag while picking channels (git-fixes). - commit 979af19 - cifs: handle when server stops supporting multichannel (git-fixes). - Refresh patches.suse/cifs-cifs_chan_is_iface_active-should-be-called-with-chan_lock-held.patch. - Refresh patches.suse/cifs-handle-cases-where-multiple-sessions-share-connection.patch. - Refresh patches.suse/smb-client-fix-UAF-in-smb2_reconnect_server-.patch. - Refresh patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch. - commit c8dfa59 - cifs: make sure that channel scaling is done only once (git-fixes). - commit 3175d69 - cifs: handle when server starts supporting multichannel (git-fixes). - commit cc5563a - cifs: dns resolution is needed only for primary channel (git-fixes). - commit b750bd0 - cifs: update dstaddr whenever channel iface is updated (git-fixes). - commit 87415ee - cifs: reset connections for all channels when reconnect requested (git-fixes). - commit 506f274 - mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258 bsc#1254843). - commit 664f157 ++++ libsoup: - Add libsoup-CVE-2025-14523.patch: Reject duplicated Host in headers (bsc#1254876, CVE-2025-14523, glgo#GNOME/libsoup!490). ------------------------------------------------------------------ ------------------ 2026-1-5 - Jan 5 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bs-upload-kernel: Fix cve branch uploads - commit 2716d28 - team: Move team device type change at the end of team_port_add (CVE-2025-68340 bsc#1255507). - net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250 bsc#1254854). - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849). - net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40337 bsc#1255081). - net: stmmac: Correctly handle Rx checksum offload errors (CVE-2025-40337 bsc#1255081). - commit 3ae940f - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (CVE-2025-68255 bsc#1255395). - commit d962eb4 - ASoC: Intel: avs: Do not share the name pointer between components (CVE-2025-40338 bsc#1255273). - commit 968173c - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (CVE-2025-40289 bsc#1255042). - commit ff414f2 - scripts: teaapi: Add paging - commit dfea5bd - scrits: teaapi: Add list_repos - commit 83fa609 - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279 bsc#1254846). - commit 9f73fa4 - scripts: bs-upload-kernel: do not create the IGNORE-KABI-BADNESS file There is a tar-up option that creates it. bs-upload-kernel should only set the ignore_kabi_badness macro in prjconf. - commit 1bc75ca - usb: phy: isp1301: fix non-OF device reference imbalance (git-fixes). - usb: gadget: lpc32xx_udc: fix clock imbalance in error path (git-fixes). - commit 4724dd4 - platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (git-fixes). - platform/x86: msi-laptop: add missing sysfs_remove_group() (git-fixes). - platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (git-fixes). - wifi: mac80211: do not use old MBSSID elements (git-fixes). - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (git-fixes). - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (git-fixes). - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (git-fixes). - smc91x: fix broken irq-context in PREEMPT_RT (git-fixes). - usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (git-fixes). - USB: lpc32xx_udc: Fix error handling in probe (git-fixes). - usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (git-fixes). - usb: dwc3: keep susphy enabled during exit to avoid controller faults (git-fixes). - spi: fsl-cpm: Check length parity before switching to 16 bit mode (git-fixes). - PM: runtime: Do not clear needs_force_resume with enabled runtime PM (git-fixes). - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (git-fixes). - commit 29120de - sctp: avoid NULL dereference when chunk data buffer is missing (CVE-2025-40240 bsc#1254869). - commit 7732dc5 - net: rose: fix invalid array index in rose_kill_by_device() (git-fixes). - net: usb: sr9700: fix incorrect command used to write single register (git-fixes). - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (git-fixes). - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (git-fixes). - net: mdio: aspeed: add dummy read to avoid read-after-write issue (git-fixes). - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (git-fixes). - Input: atkbd - skip deactivate for HONOR FMB-P's internal keyboard (git-fixes). - mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (git-fixes). - commit 0ed2427 - drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (git-fixes). - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (git-fixes). - Bluetooth: btusb: revert use of devm_kzalloc in btusb (git-fixes). - idr: fix idr_alloc() returning an ID out of range (git-fixes). - genalloc.h: fix htmldocs warning (git-fixes). - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (git-fixes). - firewire: nosy: Fix dma_free_coherent() size (git-fixes). - drm/msm/dpu: Add missing NULL pointer check for pingpong interface (git-fixes). - ALSA: usb-mixer: us16x08: validate meter packet indices (git-fixes). - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (git-fixes). - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (git-fixes). - hwmon: (tmp401) fix overflow caused by default conversion rate value (git-fixes). - hwmon: (ibmpex) fix use-after-free in high/low store (git-fixes). - drm/panel: sony-td4353-jdi: Enable prepare_prev_first (git-fixes). - ACPI: PCC: Fix race condition by removing static qualifier (git-fixes). - ACPI: CPPC: Fix missing PCC check for guaranteed_perf (git-fixes). - can: j1939: make j1939_sk_bind() fail if device is no longer registered (git-fixes). - can: gs_usb: gs_can_open(): fix error handling (git-fixes). - broadcom: b44: prevent uninitialized value usage (git-fixes). - commit bf82bcb ++++ libpcap: - Security fix: [bsc#1255765, CVE-2025-11961] * Fix out-of-bound-write and out-of-bound-read in pcap_ether_aton() due to missing validation of provided MAC-48 address string * Add libpcap-CVE-2025-11961.patch ------------------------------------------------------------------ ------------------ 2026-1-3 - Jan 3 2026 ------------------- ------------------------------------------------------------------ ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to version 580.126.09 (boo#1255858) ------------------------------------------------------------------ ------------------ 2026-1-2 - Jan 2 2026 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fixes: * [bsc#1255731, CVE-2025-14524] if redirected, require permission to use bearer * [bsc#1255734, CVE-2025-15224] require private key or user-agent for public key auth * [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache * [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file * Add patches: - curl-CVE-2025-14524.patch - curl-CVE-2025-15224.patch - curl-CVE-2025-14819.patch - curl-CVE-2025-15079.patch ++++ kernel-default: - exfat: validate cluster allocation bits of the allocation bitmap (CVE-2025-40307 bsc#1255039). - commit 61971f7 - exfat: using hweight instead of internal logic (git-fixes). - commit 18b7ccc - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - commit 8505ec5 ------------------------------------------------------------------ ------------------ 2026-1-1 - Jan 1 2026 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Branch maintainers was auto-merged from SLE15-SP6-LTSS. Restore to SP7 maintainers per ML discussion at: https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00127.html https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00134.html - commit ca6d40d ------------------------------------------------------------------ ------------------ 2025-12-31 - Dec 31 2025 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Add fde-tools.conf to create /var/log/fde with tmpfiles.d (jsc#PED-14754) ++++ kernel-default: - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042 bsc#1252861). - commit ee6a745 ------------------------------------------------------------------ ------------------ 2025-12-30 - Dec 30 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - README.BRANCH: SLE15-SP6 became LTSS, update maintainers - commit f86184e ------------------------------------------------------------------ ------------------ 2025-12-29 - Dec 29 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - commit 2c42ea1 - fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025). - commit c5ce147 - selftests/bpf: Add test case for different expected_attach_type (CVE-2025-40123 bsc#1253365). - commit a20378c - kABI workaround for bpf: Enforce expected_attach_type for tailcall compatibility (CVE-2025-40123 bsc#1253365). - commit b3b5837 - bpf: Enforce expected_attach_type for tailcall compatibility (CVE-2025-40123 bsc#1253365). Refresh patches.kabi/bpf-struct-bpf_map-workaround.patch. - commit 4229239 ------------------------------------------------------------------ ------------------ 2025-12-23 - Dec 23 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - exfat: fix refcount leak in exfat_find (CVE-2025-40287 bsc#1255030). - commit 8d74fe6 - exfat: fix improper check of dentry.stream.valid_size (CVE-2025-40287 bsc#1255030). - commit 6d6e321 - exfat: add a check for invalid data size (git-fixes). - commit 2af7089 - selftests/bpf: Test widen_imprecise_scalars() with different stack depth (CVE-2025-68208 bsc#1255227). - commit 7bc82c5 - bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227). - commit 59eb6d6 - gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242 bsc#1255075). - commit c371711 ++++ capstone: - fix bsc#1255309 (CVE-2025-67873) Patch added: * fix-unchecked-lenght-cbef76.patch ------------------------------------------------------------------ ------------------ 2025-12-22 - Dec 22 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - selftests/bpf: Skip timer cases when bpf_timer is not supported (git-fixes). - commit c865cf8 - bpf: Reject bpf_timer for PREEMPT_RT (git-fixes). - commit 4c49578 - bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319 bsc#1254794). - commit d39f398 - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206 bsc#1255142). - commit 85cf637 - sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331 bsc#1254615). - commit a261090 - net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297 bsc#1255187). - commit 551613c ++++ qemu: - More spec file cleanup: * [openSUSE][RPM} spec: delete old specfile constructs ------------------------------------------------------------------ ------------------ 2025-12-21 - Dec 21 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ocfs2: clear extent cache after moving/defragmenting extents (CVE-2025-40233 bsc#1254813). - commit 2e6aaae - net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170 bsc#1253413). - commit 7607c99 - ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402). - ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342). - ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402). - ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342). - commit c7716e0 ------------------------------------------------------------------ ------------------ 2025-12-19 - Dec 19 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tipc: Fix use-after-free in tipc_mon_reinit_self() (CVE-2025-40280 bsc#1254847). - commit 293c735 - virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292). - commit 640f7af - vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248, bsc#1254864). - commit 76e0cd6 - vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231, bsc#1254815). - commit f20ceef - xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160, bsc#1253400). - commit a401c8b - xen/events: Cleanup find_virq() return codes (CVE-2025-40160, bsc#1253400). - commit 3a48f4b ++++ capstone: - Fix bsc#1255310 (CVE-2025-68114) Patch added: * fix-buffer-overflow-2c7797.patch ------------------------------------------------------------------ ------------------ 2025-12-18 - Dec 18 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (CVE-2025-40215 bsc#1254959). - commit ae22a6c - xfrm: delete x->tunnel as we delete x (CVE-2025-40215 bsc#1254959). - commit 13f0f1f - kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959 CVE-2025-40215). - commit 63a872c - cifs: Fix copy offload to flush destination region (bsc#1252511). - commit 5ef1ba0 - cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511). - commit 957492b ++++ python311-core: - Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400, CVE-2025-13836) to prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length. - Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic behavior in node ID cache clearing (CVE-2025-12084, bsc#1254997). - Add CVE-2025-13837-plistlib-mailicious-length.patch protect against OOM when loading malicious content (CVE-2025-13837, bsc#1254401). ++++ python311: - Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400, CVE-2025-13836) to prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length. - Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic behavior in node ID cache clearing (CVE-2025-12084, bsc#1254997). - Add CVE-2025-13837-plistlib-mailicious-length.patch protect against OOM when loading malicious content (CVE-2025-13837, bsc#1254401). ++++ qemu: - We *always* want a display driver in x86 too: * [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too ------------------------------------------------------------------ ------------------ 2025-12-17 - Dec 17 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (CVE-2025-40274, bsc#1254830). - commit 539aace ------------------------------------------------------------------ ------------------ 2025-12-16 - Dec 16 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Move upstreamed ath12k patch into sorted section - commit fa80682 - Move upstreamed SCSI patches into sorted section - commit 8ea340d - futex: Prevent use-after-free during requeue-PI (CVE-2025-39977 bsc#1252046). - commit 3062182 ++++ libvirt: - CVE-2025-13193: qemu: Set umask for 'qemu-img' when creating external inactive snapshots bsc#1253703 - CVE-2025-12748: Check ACLs before parsing the whole domain XML bsc#1253278 ++++ qemu: - Bug and CVE fixes: * [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286) * net: pad packets to minimum length in qemu_receive_packet() (bsc#1253002, CVE-2025-12464) ++++ rsync: - Security update (CVE-2025-10158, bsc#1254441): rsync: Out of bounds array access via negative index - Add rsync-CVE-2025-10158.patch ++++ selinux-policy: - Update to version 20241031+git15.e32e86fd5: * Add a new type for systemd-ssh-issue PID files (bsc#1254889) * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t (bsc#1254889) ++++ shim: - shim-install: Add ca_string for SL Micro to update fallback loader The fallback loader, /boot/efi/EFI/BOOT/bootaa64.efi or bootx64.efi, cannot be upgraded by shim-install on SL Micro. The issue case is SL Micro 6.0. It causes that system gets regression bug because it's fallback to a old shim. So this patch adds ca_string to SL Micro. (bsc#1254336) ------------------------------------------------------------------ ------------------ 2025-12-15 - Dec 15 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes). - commit 808d009 - usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes). - commit de6f0cd - USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes). - USB: serial: option: add Quectel RG255C (stable-fixes). - USB: serial: option: add UNISOC UIS7720 (stable-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes). - commit 15d4d36 - usb: raw-gadget: do not limit transfer length (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: udc: Add trace event for usb_gadget_set_state (stable-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - commit c4f787c - Correct USB typec tcpm patches In upstream backports, changes were applied to wrong places (sink instead of source). In the stable upstream, it was corrected in a commit d967f6ae3149, but we fold the corrections in each patch, instead. Refreshed: patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch patches.suse/usb-typec-tcpm-unregister-existing-source-caps-befor.patch - commit 55aaa8f - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - commit 4dc2ee9 ++++ systemd: - Import commit 9ecd16228492f44212e2771bec11ec78245b4094 9ecd162284 timer: rebase last_trigger timestamp if needed cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563) 05bcfe3295 test: check the next elapse timer timestamp after deserialization fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) b58e72215a units: add dep on systemd-logind.service by user@.service 97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449 - Sync systemd-update-helper with the version shipped in Base:System This includes the following changes: - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of "break" in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: backport commit 2d0af8bc354f4a1429ce Since user@.service has `Type=notify-reload` (making the reloading process synchronous) and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service" now. ++++ python-tornado6: - Add security patches: * CVE-2025-67724.patch (bsc#1254903) * CVE-2025-67725.patch (bsc#1254905) * CVE-2025-67726.patch (bsc#1254904) ++++ shim: - Add DER format certificate files for the pretrans script to verify that the necessary certificate is in the UEFI db - openSUSE Secure Boot CA, 2013-2035 openSUSE_Secure_Boot_CA_2013.crt - SUSE Linux Enterprise Secure Boot CA, 2013-2035 SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt - Microsoft Corporation UEFI CA 2011, 2011-2026 Microsoft_Corporation_UEFI_CA_2011.crt - Microsoft UEFI CA 2023, 2023-2038 Microsoft_UEFI_CA_2023.crt - shim.spec: Add a pretrans script to verify that the necessary certificate is in the UEFI db. - Always put SUSE Linux Enterprise Secure Boot CA to target array. (bsc#1254679) ------------------------------------------------------------------ ------------------ 2025-12-14 - Dec 14 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes). - drm/mgag200: Fix big-endian support (git-fixes). - drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes). - drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes). - rtc: gamecube: Check the return value of ioremap() (git-fixes). - commit 4a0695a ------------------------------------------------------------------ ------------------ 2025-12-13 - Dec 13 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes). - ASoC: ak5558: Disable regulator when error happens (git-fixes). - ASoC: ak4458: Disable regulator when error happens (git-fixes). - ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes). - ALSA: uapi: Fix typo in asound.h comment (git-fixes). - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes). - commit 203c44f ------------------------------------------------------------------ ------------------ 2025-12-12 - Dec 12 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458 CVE-2025-40167). - commit 18e6218 - ext4: align max orphan file size with e2fsprogs limit (bsc#1253442 CVE-2025-40179). - commit 7ae82ce - ext4: free orphan info with kvfree (bsc#1253442 CVE-2025-40179). - commit a10c019 - ext4: verify orphan file size is not too big (bsc#1253442 CVE-2025-40179). - commit 6c1724d - Revert "ipmi: fix msg stack when IPMI is disconnected" (bsc#1253622 CVE-2025-40192) - commit 33bdbac ++++ shim: - Update to 16.1 - RPMs shim-16.1-150300.4.31.1.x86_64.rpm shim-debuginfo-16.1-150300.4.31.1.x86_64.rpm shim-debugsource-16.1-150300.4.31.1.x86_64.rpm shim-16.1-150300.4.31.1.aarch64.rpm shim-debuginfo-16.1-150300.4.31.1.aarch64.rpm shim-debugsource-16.1-150300.4.31.1.aarch64.rpm - submitreq: https://build.suse.de/request/show/395247 - repo: https://build.suse.de/package/show/SUSE:Maintenance:39913/shim.SUSE_SLE-15-SP3_Update - Patches (git log --oneline --reverse 16.0..16.1) 4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols 39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses 3133d19 test-mock-variables: make our filter list entries safer. d44405e mock-variables: remove unused variable 0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04 d16a5a6 SbatLevel_Variable.txt: minor typo fix. 32804cf Realloc() needs one more byte for sprintf() 431d370 IPv6: Add more check to avoid multiple double colon and illegal char 5e4d93c Loader Proto: make freeing of bprop.buffer conditional. 33deac2 Prepare to move things from shim.c to verify.c 030e7df Move a bunch of stuff from shim.c to verify.c f3ddda7 handle_image(): make verification conditional 774f226 Cache sections of a loaded image and sub-images from them. eb0d20b loader-protocol: handle sub-section loading for UKIs 2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages 1abc7ca loader-protocol: NULL output variable in load_image on failure fb77b44 Generate Authenticode for the entire PE file b86b909 README: mention new loader protocol and interaction with UKIs 8522612 ci: add mkosi configuration and CI 9ebab84 mkosi workflow: fix the branch name for main. 72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX a2f0dfa This is an organizational patch to move some things around in mok.c 54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint() a5a6922 get_max_var_sz(): add more debugging for apple platforms 77a2922 Add a "VariableInfo" variable to mok-variables. efc71c9 build: Avoid passing *FLAGS to sub-make 7670932 Fixes for 'make TOPDIR=... clean' 13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1 617aed5 Update version to 16.1~rc1 d316ba8 format_variable_info(): fix wrong size test. f5fad0e _do_sha256_sum(): Fix missing error check. 3a9734d doc: add howto for running mkosi locally ced5f71 mkosi: remove spurious slashes from script 0076155 ci: update mkosi commit 5481105 fix http boot 121cddf loader-protocol: Handle UnloadImage after StartImage properly 6a1d1a9 loader-protocol: Fix memory leaks 27a5d22 gitignore: add more mkosi dirs and vscode dir 346ed15 mkosi: disable repository key check on Fedora afc4955 Update version to 16.1 - 16.1 release note https://github.com/rhboot/shim/releases shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738 Fix uncompressed ipv6 netboot by @hrvach in #742 fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739 Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749 SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751 Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746 IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753 Loader proto v2 by @vathpela in #748 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750 Generate Authenticode for the entire PE file by @esnowberg in #604 README: mention new loader protocol and interaction with UKIs by @bluca in #755 ci: add mkosi configuration and CI by @bluca in #764 shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761 Save var info by @vathpela in #763 build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758 Fixes for 'make TOPDIR=... clean' by @bluca in #762 add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766 Coverity fixes 20250804 by @vathpela in #767 ci: fixlets and docs for mkosi workflow by @bluca in #768 fix http boot by @jsetje in #770 Fix double free and leak in the loader protocol by @rosslagerwall in #769 gitignore: add more mkosi dirs and vscode dir by @bluca in #771 - Drop upstreamed patch: The following patches are merged to 16.1 - shim-alloc-one-more-byte-for-sprintf.patch - 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1] - shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch (bsc#1205588) - 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1] - Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n (bsc#1205588) - Building with the latest version of gcc in the codebase: - The gcc13 can workaround dxe_get_mem_attrs() hsi_status problem - We prefer that building shim with the latest version of gcc in codebase. - Set the minimum version is gcc-13. (bsc#1247432) - SLE shim should includes vendor-dbx-sles.esl instead of vendor-dbx-opensuse.esl. Fixed it in shim.spec. ++++ supportutils: - Changes to version 3.2.12 + Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274) + Run in containers without errors (bsc#1245667, PR#272) + Removed pmap PID from memory.txt (bsc#1246011, PR#263) + Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264) + Improved database perforce with kGraft patching (bsc#1249657, PR#273) + Using last boot for journalctl for optimization (bsc#1250224, PR#287) + Fixed extraction failures (bsc#1252318, PR#275) + Update supportconfig.conf path in docs (bsc#1254425, PR#281) + drm_sub_info: Catch error when dir doesn't exist (PR#265) + Replace remaining `egrep` with `grep -E` (PR#261, PR#266) + Add process affinity to slert logs (PR#269) + Reintroduce cgroup statistics (and v2) (PR#270) + Minor changes to basic-health-check: improve information level (PR#271) + Collect important machine health counters (PR#276) + powerpc: collect hot-pluggable PCI and PHB slots (PR#278) + podman: collect podman disk usage (PR#279) + Exclude binary files in crondir (PR#282) + kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284) + Use short-iso for journalctl (PR#288) ------------------------------------------------------------------ ------------------ 2025-12-11 - Dec 11 2025 ------------------- ------------------------------------------------------------------ ++++ glib2: - Add CVE fixes: + glib2-CVE-2025-13601-1.patch, glib2-CVE-2025-13601-2.patch (bsc#1254297 CVE-2025-13601 glgo#GNOME/glib#3827). + glib2-CVE-2025-14087-1.patch, glib2-CVE-2025-14087-2.patch, glib2-CVE-2025-14087-3.patch (bsc#1254662 CVE-2025-14087 glgo#GNOME/glib#3834). + glib2-CVE-2025-14512.patch (bsc#1254878 CVE-2025-14512 glgo#GNOME/glib#3845). ++++ kernel-default: - kABI workaround for HCI_LE_ADV_0 addition (git-fixes). - commit 90a4a45 - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes). - commit 02e48bb ++++ nvidia-open-driver-G06-signed: - readded kernel-6.18.patch still needed for cuda driver version 580.105.08 - update non-CUDA variant to version 580.119.02 (boo#1254801) ------------------------------------------------------------------ ------------------ 2025-12-10 - Dec 10 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes). - commit 8914d15 - i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes). - i2c: i2c.h: fix a bad kernel-doc line (git-fixes). - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes). - commit 9bd979e ------------------------------------------------------------------ ------------------ 2025-12-9 - Dec 9 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256, CVE-2025-38728). - commit 8caf30e - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155) - commit d031559 - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155) - commit 82f1192 - spi: tegra210-quad: Fix timeout handling (bsc#1253155) - commit bd1de03 - spi: tegra210-qspi: Remove cache operations (git-fixes) - commit a5fab01 - spi: tegra210-quad: Add support for internal DMA (git-fixes) - commit 8c1e0cc - spi: tegra210-quad: Update dummy sequence configuration (git-fixes) - commit 8db7584 - Delete patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch. It will reinserted as part of bsc#1253155 update request. - commit aed40ae - smb: Log an error when close_all_cached_dirs fails (bsc#1246328, CVE-2025-38321). - commit a8a838a - arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes) - commit 056601e - arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes) - commit 10b4884 - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (CVE-2025-39890 bsc#1250334). - commit 51d9ba6 - dm-verity: fix unreliable memory allocation (git-fixes). - commit 811cec6 - ipmi: Fix handling of messages with provided receive message pointer (git-fixes). - commit 2e987f2 - ipmi: Rework user message limit handling (git-fixes). - commit 4cbb961 - mm/hugetlb: fix folio is still mapped when deleted (CVE-2025-40006 bsc#1252342). - commit e2e7e3b - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes). - pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes). - phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes). - commit 2f1faf6 - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (CVE-2025-40201 bsc#1253455). - commit 4c20c7d - mm: hugetlb: avoid soft lockup when mprotect to large memory area (CVE-2025-40153 bsc#1253408). - commit 03b4aee ------------------------------------------------------------------ ------------------ 2025-12-8 - Dec 8 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187). - commit 1a4723e - i3c: master: svc: Prevent incomplete IBI transaction (git-fixes). - clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes). - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes). - clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes). - commit 4cf8a99 ------------------------------------------------------------------ ------------------ 2025-12-7 - Dec 7 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes). - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes). - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes). - usb: phy: Initialize struct usb_phy list_head (git-fixes). - usb: dwc2: fix hang during suspend if set as peripheral (git-fixes). - usb: chaoskey: fix locking for O_NONBLOCK (git-fixes). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes). - intel_th: Fix error handling in intel_th_output_open (git-fixes). - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes). - comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes). - comedi: check device's attached status in compat ioctls (git-fixes). - comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes). - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes). - iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes). - iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes). - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes). - firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes). - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes). - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes). - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes). - fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes). - watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes). - rpmsg: glink: fix rpmsg device leak (git-fixes). - iio: accel: bmc150: Fix irq assumption regression (stable-fixes). - usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes). - USB: serial: option: add support for Rolling RW101R-GL (stable-fixes). - USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes). - usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes). - thunderbolt: Add support for Intel Wildcat Lake (stable-fixes). - drm/amd/display: Check NULL before accessing (stable-fixes). - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes). - commit a6f8c1f ------------------------------------------------------------------ ------------------ 2025-12-6 - Dec 6 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - soc: amlogic: canvas: fix device leak on lookup (git-fixes). - soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes). - soc: qcom: ocmem: fix device leak on lookup (git-fixes). - firmware: imx: scu-irq: fix OF node leak in (git-fixes). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - commit 67bcab6 ------------------------------------------------------------------ ------------------ 2025-12-5 - Dec 5 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes). - PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes). - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes). - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes). - power: supply: apm_power: only unset own apm_get_power_status (git-fixes). - power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes). - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes). - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes). - power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes). - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes). - platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes). - spi: bcm63xx: drop wrong casts in probe() (git-fixes). - spi: tegra210-quad: Fix timeout handling (git-fixes). - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes). - regulator: core: disable supply if enabling main regulator fails (git-fixes). - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes). - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes). - mtd: nand: relax ECC parameter validation check (git-fixes). - Revert "mtd: rawnand: marvell: fix layouts" (git-fixes). - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes). - mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes). - pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes). - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes). - commit 6ae74c9 - mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes). - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes). - media: rc: st_rc: Fix reset control resource leak (git-fixes). - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes). - media: vpif_display: fix section mismatch (git-fixes). - media: vpif_capture: fix section mismatch (git-fixes). - media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes). - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes). - media: amphion: Cancel message work before releasing the VPU core (git-fixes). - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes). - media: v4l2-mem2mem: Fix outdated documentation (git-fixes). - media: cec: Fix debugfs leak on bus_register() failure (git-fixes). - media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes). - media: pvrusb2: Fix incorrect variable used in trace message (git-fixes). - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes). - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes). - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes). - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes). - media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes). - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes). - commit 0f91c8f - Documentation: hid-alps: Fix packet format section headings (git-fixes). - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes). - HID: logitech-dj: Remove duplicate error logging (git-fixes). - backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes). - backlight: led-bl: Add devlink to supplier LEDs (git-fixes). - leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes). - leds: leds-lp50xx: Enable chip before any communication (git-fixes). - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes). - leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes). - hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes). - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes). - ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes). - ASoC: stm32: sai: fix OF node leak on probe (git-fixes). - ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes). - ASoC: stm32: sai: fix device leak on probe (git-fixes). - ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes). - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes). - ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes). - ASoC: fsl_xcvr: clear the channel status control memory (git-fixes). - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes). - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes). - drm/nouveau: restrict the flush page to a 32-bit address (git-fixes). - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes). - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes). - drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes). - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes). - drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes). - drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes). - drm/vgem-fence: Fix potential deadlock on release (git-fixes). - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes). - gpu: host1x: Fix race in syncpt alloc/free (git-fixes). - commit 7fcfbe3 ++++ libpng16: - security update - added patches CVE-2025-66293 [bsc#1254480], LIBPNG out-of-bounds read in png_image_read_composite * libpng16-CVE-2025-66293-1.patch * libpng16-CVE-2025-66293-2.patch ------------------------------------------------------------------ ------------------ 2025-12-4 - Dec 4 2025 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Build with distro flags ++++ kernel-default: - RDMA/irdma: Remove unused struct irdma_cq fields (git-fixes) Refresh patches.suse/RDMA-irdma-Set-irdma_cq-cq_num-field-during-CQ-creat.patch - commit acb152c - wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes). - wifi: ieee80211: correct FILS status codes (git-fixes). - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes). - wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes). - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes). - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes). - wifi: mac80211: fix CMAC functions not handling errors (git-fixes). - net: phy: adin1100: Fix software power-down ready condition (git-fixes). - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes). - wifi: ath11k: fix peer HE MCS assignment (git-fixes). - wifi: ath11k: restore register window after global reset (git-fixes). - lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes). - Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes). - Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes). - docs: w1: fix w1-netlink invalid URL (git-fixes). - crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes). - crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes). - crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes). - crypto: hisilicon/qm - restore original qos values (git-fixes). - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes). - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes). - ima: Handle error code returned by ima_filter_rule_match() (git-fixes). - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - commit 912d691 - btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes). - commit 6dcb53c ------------------------------------------------------------------ ------------------ 2025-12-3 - Dec 3 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes). - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes). - efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - commit 242aae6 ++++ nvidia-open-driver-G06-signed: - kernel-6.18.patch * fixed build against kernel 6.18 ------------------------------------------------------------------ ------------------ 2025-12-2 - Dec 2 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: cros_ec_keyb - fix an invalid memory access (stable-fixes). - Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes). - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes). - drm/amd/display: Increase DPCD read retries (stable-fixes). - drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes). - kconfig/nconf: Initialize the default locale at startup (stable-fixes). - kconfig/mconf: Initialize the default locale at startup (stable-fixes). - Input: goodix - add support for ACPI ID GDX9110 (stable-fixes). - commit 7011d30 ------------------------------------------------------------------ ------------------ 2025-12-1 - Dec 1 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - orangefs: fix xattr related buffer overflow.. (git-fixes). - commit f97ca07 - rpm/mkspec: Exclude azure from kernel-syms dependencies Similar to rt azure was initially a separate kernel variant, and not all KMPs are built for it. kernel-azure-devel should be included as explicit build depedency to get a KMP for this kernel flavor. - commit c174e9b ------------------------------------------------------------------ ------------------ 2025-11-29 - Nov 29 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes). - spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes). - firmware: stratix10-svc: fix bug in saving controller data (git-fixes). - iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes). - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes). - iio: accel: fix ADXL355 startup race condition (git-fixes). - iio:common:ssp_sensors: Fix an error handling path ssp_probe() (git-fixes). - iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes). - most: usb: fix double free on late probe failure (git-fixes). - slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes). - serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes). - usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes). - USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes). - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes). - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes). - xhci: dbgtty: fix device unregister (git-fixes). - usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes). - drivers/usb/dwc3: fix PCI parent check (git-fixes). - usb: storage: Fix memory leak in USB bulk transport (git-fixes). - usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes). - mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes). - drm: sti: fix device leaks at component probe (git-fixes). - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes). - commit 17705d7 - net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808) - commit 975011b ------------------------------------------------------------------ ------------------ 2025-11-28 - Nov 28 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463) - commit ce07984 - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (CVE-2025-40187 bsc#1253647) - commit e8a76b4 - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes). - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes). - can: sja1000: fix max irq loop handling (git-fixes). - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes). - net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes). - atm/fore200e: Fix possible data race in fore200e_open() (git-fixes). - Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes). - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes). - net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes). - platform/x86: intel: punit_ipc: fix memory corruption (git-fixes). - atm: idt77252: Add missing `dma_map_error()` (stable-fixes). - commit 2366cbf ++++ libpng16: - security update - added patches CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index * libpng16-CVE-2025-64505.patch CVE-2025-64506 [bsc#1254158], heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled * libpng16-CVE-2025-64506.patch CVE-2025-64720 [bsc#1254159], buffer overflow in `png_image_read_composite` via incorrect palette premultiplication * libpng16-CVE-2025-64720.patch CVE-2025-65018 [bsc#1254160], heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` * libpng16-CVE-2025-65018.patch ++++ sqlite3: - Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release - Changes in version 3.51.0: * New macros in sqlite3.h: - SQLITE_SCM_BRANCH → the name of the branch from which the source code is taken. - SQLITE_SCM_TAGS → space-separated list of tags on the source code check-in. - SQLITE_SCM_DATETIME → ISO-8601 date and time of the source code check-in. * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: - Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. - User-defined functions may now break to return an SQL NULL. * CLI enhancements: - Increase the precision of ".timer" to microseconds. - Enhance the "box" and "column" formatting modes to deal with double-wide characters. - The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. - Add the --ifexists option to the CLI command-line option and to the .open command. - Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: - Use fewer CPU cycles to commit a read transaction. - Early detection of joins that return no rows due to one or more of the tables containing no rows. - Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. - Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ++++ runc: - Update to runc v1.3.4. Upstream changelog is available from . bsc#1254362 ------------------------------------------------------------------ ------------------ 2025-11-27 - Nov 27 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (CVE-2025-40033 bsc#1252824) - commit 2054391 - dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134 bsc#1253386) - commit 1e5953d - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386) - commit bd1d198 - KVM: arm64: Prevent access to vCPU events before init (CVE-2025-40102 bsc#1252919) - commit 104fba7 - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776) - commit f1cab17 - Add dtb-spacemit SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2. - commit f2f396d - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - commit bfcfc18 - nvme-multipath: fix lockdep WARN due to partition scan work (git-fixes bsc#1233640 CVE-2024-53093). - commit 28a7b7d - dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes). - commit a7bb416 - nvme: Use non zero KATO for persistent discovery connections (git-fixes). - commit 4d9eece - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - commit 74497c6 ------------------------------------------------------------------ ------------------ 2025-11-26 - Nov 26 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - commit 24071c5 - vhost: Take a reference on the task in struct vhost_task (CVE-2025-40024 bsc#1252686) - commit fc81dc2 - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - commit 4b41b11 - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (CVE-2025-40149 bsc#1253355). - commit c8fb6ed - smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427). - commit 0f10629 - smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409). - commit a7ae1b3 - smc: Fix use-after-free in __pnet_find_base_ndev() (CVE-2025-40064 bsc#1252845). - commit 2971b90 - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795). - commit fcb52d9 - Update patches.suse/ASoC-Intel-bytcr_rt5640-Fix-invalid-quirk-input-mapp.patch (git-fixes CVE-2025-40154 bsc#1253431). - Update patches.suse/ASoC-Intel-bytcr_rt5651-Fix-invalid-quirk-input-mapp.patch (git-fixes CVE-2025-40121 bsc#1253367). - Update patches.suse/Bluetooth-ISO-Fix-possible-UAF-on-iso_conn_free.patch (git-fixes CVE-2025-40141 bsc#1253352). - Update patches.suse/EDAC-i10nm-Skip-DIMM-enumeration-on-a-disabled-memor.patch (git-fixes CVE-2025-40157 bsc#1253423). - Update patches.suse/PM-devfreq-mtk-cci-Fix-potential-error-pointer-deref.patch (git-fixes CVE-2025-40156 bsc#1253428). - Update patches.suse/Squashfs-reject-negative-file-sizes-in-squashfs_read_inode.patch (git-fixes CVE-2025-40200 bsc#1253448). - Update patches.suse/accel-qaic-Treat-remaining-0-as-error-in-find_and_ma.patch (git-fixes CVE-2025-40172 bsc#1253424). - Update patches.suse/bpf-Fix-metadata_dst-leak-__bpf_redirect_neigh_v-4-6.patch (git-fixes CVE-2025-40183 bsc#1253441). - Update patches.suse/btrfs-avoid-potential-out-of-bounds-in-btrfs_encode_.patch (git-fixes CVE-2025-40205 bsc#1253456). - Update patches.suse/can-hi311x-fix-null-pointer-dereference-when-resumin.patch (stable-fixes CVE-2025-40107 bsc#1253018). - Update patches.suse/cpufreq-intel_pstate-Fix-object-lifecycle-issue-in-update_qos_request.patch (stable-fixes git-fixes CVE-2025-40194 bsc#1253445). - Update patches.suse/crypto-rng-Ensure-set_ent-is-always-present.patch (git-fixes CVE-2025-40109 bsc#1253176). - Update patches.suse/drm-vmwgfx-Fix-Use-after-free-in-validation.patch (git-fixes CVE-2025-40111 bsc#1253362). - Update patches.suse/drm-vmwgfx-Fix-a-null-ptr-access-in-the-cursor-snoop.patch (git-fixes CVE-2025-40110 bsc#1253275). - Update patches.suse/ext4-avoid-potential-buffer-over-read-in-parse_apply.patch (git-fixes CVE-2025-40198 bsc#1253453). - Update patches.suse/hwrng-ks-sa-fix-division-by-zero-in-ks_sa_rng_init.patch (git-fixes CVE-2025-40127 bsc#1253369). - Update patches.suse/mailbox-zynqmp-ipi-Fix-out-of-bounds-access-in-mailb.patch (git-fixes CVE-2025-40180 bsc#1253440). - Update patches.suse/media-v4l2-subdev-Fix-alloc-failure-check-in-v4l2_su.patch (git-fixes CVE-2025-40207 bsc#1253395). - Update patches.suse/net-usb-Remove-disruptive-netif_wake_queue-in-rtl815.patch (git-fixes CVE-2025-40140 bsc#1253349). - Update patches.suse/net-usb-asix-hold-PM-usage-ref-to-avoid-PM-MDIO-RTNL.patch (git-fixes CVE-2025-40120 bsc#1253360). - Update patches.suse/nvmet-fc-move-lsop-put-work-to-nvmet_fc_ls_req_op.patch (bsc#1245193 bsc#1247500 CVE-2025-40171 bsc#1253412). - Update patches.suse/pwm-berlin-Fix-wrong-register-in-suspend-resume.patch (git-fixes CVE-2025-40188 bsc#1253449). - Update patches.suse/scsi-mpt3sas-Fix-crash-in-transport-port-remove-by-using-i.patch (git-fixes CVE-2025-40115 bsc#1253318). - Update patches.suse/scsi-pm80xx-Fix-array-index-out-of-of-bounds-on-rmmod.patch (git-fixes CVE-2025-40118 bsc#1253363). - Update patches.suse/sunrpc-fix-null-pointer-dereference-on-zero-length-checksum.patch (git-fixes CVE-2025-40129 bsc#1253472). - Update patches.suse/tcp-Don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch (git-fixes CVE-2025-40186 bsc#1253438). - Update patches.suse/usb-host-max3421-hcd-Fix-error-pointer-dereference-i.patch (git-fixes CVE-2025-40116 bsc#1253324). - Update patches.suse/usbnet-Fix-using-smp_processor_id-in-preemptible-cod.patch (git-fixes CVE-2025-40164 bsc#1253407). - commit d8d3cd1 ++++ openvswitch: - OpenvSwitch upstream bugfix updates: * https://www.openvswitch.org/releases/NEWS-3.1.7.txt * v3.1.7 - Bug fixes - OVS validated with DPDK 22.11.7. * v3.1.6 - Bug fixes - OVS validated with DPDK 22.11.6. * v3.1.5 - Bug fixes - OVS validated with DPDK 22.11.5. * v3.1.4 - Bug fixes - Fixed vulnerabilities CVE-2023-3966 (bsc#1219465) and CVE-2023-5366 (bsc#1216002). - OVS validated with DPDK 22.11.4. * v3.1.3 - Bug fixes * v3.1.2 - Bug fixes * v3.1.1 - Bug fixes - Fixed vulnerability CVE-2023-1668 (bsc#1210054) - Remove included patches: CVE-2023-1668.patch - OVN upstream bugfix updates: * https://github.com/ovn-org/ovn/blob/branch-23.03/NEWS - Fix CVE-2025-0650 (bsc#1236353) ovn: egress ACLs may be bypassed via specially crafted UDP packet (CVE-2025-0650.patch) * v23.03.3 - Bug fixes - Add "garp-max-timeout-sec" config option to vswitchd external-ids to cap the time between when ovn-controller sends gARP packets. - Security: Fixed vulnerability CVE-2024-2182 (bsc#1255435). - Updated patches install-ovsdb-tools.patch * v23.03.2 - Bug fixes * v23.03.1 - Bug fixes - CT entries are not flushed by default anymore whenever a load balancer backend is removed. A new, per-LB, option 'ct_flush' can be used to restore the previous behavior. Disabled by default. - Always allow IPv6 Router Discovery, Neighbor Discovery, and Multicast Listener Discovery protocols, regardless of ACLs defined. - Send ICMP Fragmentation Needed packets back to offending ports when communicating with multichassis ports using frames that don't fit through a tunnel. This is done only for logical switches that are attached to a physical network via a localnet port, in which case multichassis ports may have an effective MTU different from regular ports and hence may need this mechanism to maintain connectivity with other peers in the network. - ECMP routes use L4_SYM dp-hash by default if the datapath supports it. Existing sessions might get re-hashed to a different ECMP path when OVN detects the algorithm support in the datapath during an upgrade or restart of ovn-controller. - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153 (bsc#1212125). - Remove included patches: CVE-2023-3152.patch ------------------------------------------------------------------ ------------------ 2025-11-25 - Nov 25 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - commit caf12ec - ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794). - commit d58640c - kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794). - commit 7047515 - net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794). - commit bc25dd4 - net: Add locking to protect skb->dev access in ip_output (CVE-2025-40074 bsc#1252794). - commit ba856a3 - ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074 bsc#1252794). - commit 74e34e6 - ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers (CVE-2025-40074 bsc#1252794). - commit bef51be - ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794). - refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch - commit 7eda2f1 - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] (CVE-2025-40074 bsc#1252794). - commit 172fe2b - net: dst: add four helpers to annotate data-races around dst->dev (CVE-2025-40074 bsc#1252794). - commit d644653 - net: dst: annotate data-races around dst->output (CVE-2025-40074 bsc#1252794). - commit a54672b - net: dst: annotate data-races around dst->input (CVE-2025-40074 bsc#1252794). - commit ffc43da - net: dst: annotate data-races around dst->lastuse (CVE-2025-40074 bsc#1252794). - commit 8826356 - net: dst: annotate data-races around dst->expires (CVE-2025-40074 bsc#1252794). - commit 2c55499 - net: dst: annotate data-races around dst->obsolete (CVE-2025-40074 bsc#1252794). - commit 2ab42e2 - net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev' (CVE-2025-40074 bsc#1252794). - commit 3c39f8c - net: gro: convert four dev_net() calls (CVE-2025-40074 bsc#1252794). - commit cf41694 - tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794). - commit 2fe0b75 - net: dst_cache: annotate data-races around dst_cache->reset_ts (CVE-2025-40074 bsc#1252794). - commit 5a73952 - Refresh patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch Fix the missing mutex unlock at the error path - commit f1238c1 - rpm/kernel-obs-build.spec.in: Add xt_addrtype module for docker Needed by docker meanwhile. - commit 1cd2f7d - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - Refresh patches.suse/x86-amd_nb-Add-new-PCI-IDs-for-AMD-family-1Ah-model-60h.patch. - commit 5a88cd1 - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - commit 39c22db - tools: lib: thermal: don't preserve owner in install (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - commit 7dad19b - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - commit 47c8f1c - NFS4: Fix state renewals missing after boot (git-fixes). - commit 1f41fdb - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - commit 6f2e3ba - nfs4_setup_readdir(): insufficient locking for - >d_parent->d_inode dereferencing (git-fixes). - commit cbc0708 - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - commit 8c57bbb - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - commit c832cc2 - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - commit aaacda9 - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - commit f501af0 - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - commit 0b36ea1 - jfs: Verify inode mode when loading from disk (git-fixes). - commit 475a90c - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - commit 5b8d1e6 - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - commit d98de00 - drm/amd/display: ensure committing streams is seamless (stable-fixes). - commit 0def0fa - exfat: limit log print for IO error (git-fixes). - commit 1fa4a3d - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - commit 304e918 - tcp: correct handling of extreme memory squeeze (bsc#1253779 CVE-2025-21710 bsc#1237888). - commit bba09b0 - net: tcp: send zero-window ACK when no memory (bsc#1253779). - commit f54e913 - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - commit 7bfc861 - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - commit d4e809a - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - commit cea477f - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - commit 47d058d - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - commit a383be8 - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - commit 2d1aa96 - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - commit c9d6e6c - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - commit e772bc7 - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - commit 1133dff - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - commit 23d6e42 - Update patches.suse/net-smc-Remove-validation-of-reserved-bits-in-CLC-Decline-.patch (bsc#1252353). - commit d9fe289 - crypto: aspeed - fix double free caused by devm (git-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - commit 89d05dd - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - commit d6deb82 ++++ salt: - Add minimum_auth_version to enforce security (CVE-2025-62349) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Junos module yaml loader fix (CVE-2025-62348) - Require Python dependencies only for used Python version - Fix TLS and x509 modules for OSes with older cryptography module - Require python-legacy-cgi only for Python > 3.12 - Builds with py >=3.13 require python-legacy-cgi - Fix Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) - * Use external tornado on Python > 3.11 - * Make tls and x509 to use python-cryptography - * Remove usage of spwd - Fix payload signature verification on Tumbleweed (bsc#1251776) - Fix broken symlink on migration to Leap 16.0 (bsc#1250755) - Use versioned python interpreter for salt-ssh - Fix known_hosts error on gitfs (bsc#1250520) (bsc#1227207) - Add python3.11 as preferable for salt-ssh to avoid tests fails - Make test_pillar_timeout test more reliable - Modify README and other doc files for openSUSE - Set python-CherryPy as required for python-salt-testsuite (#115) - Revert require M2Crypto >= 0.44.0 for SUSE Family distros - This reverts commit aa40615dcf7a15325ef71bbc09a5423ce512491d. - Improve SL Micro 6.2 detection with grains - Fix functional.states.test_user for SLES 16 and Micro systems - Fix the tests failing on AlmaLinux 10 and other clones - Add `minion_legacy_req_warnings` option to avoid noisy warnings - Require M2Crypto >= 0.44.0 for SUSE Family distros - Added: * backport-3006.17-security-fixes-739.patch * fix-tls-and-x509-modules-for-older-cryptography-modu.patch * fix-salt-for-python-3.11.patch * do-not-break-signature-verification-on-latest-m2cryp.patch * use-versioned-python-interpreter-for-salt-ssh.patch * allow-libgit2-to-guess-sysdir-homedir-successfully-b.patch * add-python3.11-as-preferable-for-salt-ssh-to-avoid-t.patch * even-more-reliable-pillar-timeout-test.patch * modify-readme-for-opensuse-728.patch * improve-sl-micro-6.2-detection-with-grains.patch * fix-functional.states.test_user-for-sles-16-and-micr.patch * fix-the-tests-failing-on-almalinux-10-and-other-clon.patch * add-minion_legacy_req_warnings-option-to-avoid-noisy.patch ------------------------------------------------------------------ ------------------ 2025-11-24 - Nov 24 2025 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Delete workflows conflicting with upstream ++++ gnutls: - Security fix bsc#1254132 CVE-2025-9820 * Fix buffer overflow in gnutls_pkcs11_token_init * Added gnutls-CVE-2025-9820.patch ++++ kernel-default: - kernel-binary: Only skip brp-strip when debuginfo is enabled Fixes: 4fc8f912b4f2 ("kernel-binary: Do not change debuginfo config during build") - commit cd9963e - octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (CVE-2025-39944 bsc#1251120) - commit f5c6371 - ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (CVE-2025-39859 bsc#1250252) - commit b475528 - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - commit 879f123 - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - commit 3042143 - net: macb: fix unregister_netdev call order in macb_remove() (CVE-2025-39805 bsc#1249982) - commit 8a9576d - x86/bugs: Report correct retbleed mitigation status (git-fixes). - commit 11da480 - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - commit 265ca5a - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - commit 0a4b156 - net/ip6_tunnel: Prevent perpetual tunnel growth (CVE-2025-40173 bsc#1253421). - commit 2d9c02f - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - commit 6b0f67d - kernel-binary: Support building gendwarfksyms on SLE/Leap 15 - commit 940a186 - cramfs: Verify inode mode when loading from disk (git-fixes). - commit 593324b - minixfs: Verify inode mode when loading from disk (git-fixes). - commit a428067 - Add missing bugzilla reference to net fix (bsc#1250237 CVE-2025-40206 bsc#1253393) - commit 9ef65cb ------------------------------------------------------------------ ------------------ 2025-11-23 - Nov 23 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - commit a07d058 ------------------------------------------------------------------ ------------------ 2025-11-22 - Nov 22 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001 bsc#1252303). - commit 2c846dd - Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062). - commit 5170874 - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - commit 401121e ------------------------------------------------------------------ ------------------ 2025-11-21 - Nov 21 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tls: wait for pending async decryptions if tls_strp_msg_hold fails (CVE-2025-40176 bsc#1253425). - commit 411c26e - series.conf: reorder misplaced patches from kABI section Fix misplaced patches in the kABI section by restoring correct order. - commit f6506b9 - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - commit e814a2b - vfs: Don't leak disconnected dentries on umount (CVE-2025-40105 bsc#1252928). - commit 29d6b54 ++++ libmicrohttpd: - Fix for the following bugs: * bsc#1253177 CVE-2025-59777 * bsc#1253178 CVE-2025-62689 - Add patch: * CVE-2025-59777.patch * this same patch fixes both CVEs * git commit ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b ------------------------------------------------------------------ ------------------ 2025-11-20 - Nov 20 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - commit f6f6b8f - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - commit dab0856 - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - commit 4d07448 - HID: uclogic: Fix potential memory leak in error path (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - commit 98129db ------------------------------------------------------------------ ------------------ 2025-11-19 - Nov 19 2025 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1253757, CVE-2025-11563] * curl: wcurl path traversal with percent-encoded slashes * Add curl-CVE-2025-11563.patch ++++ kernel-default: - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - uio_hv_generic: Let userspace take care of interrupt mask (git-fixes CVE-2025-40048 bsc#1252862). - net/mana: fix warning in the writer of client oob (git-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - commit 0473d84 - sctp: Fix MAC comparison to be constant-time (CVE-2025-40204 bsc#1253436). - commit 53f522f - tracing: dynevent: Add a missing lockdown check on dynevent (CVE-2025-40021 bsc#1252681). - commit c113400 - Update patches.suse/netfilter-nft_objref-validate-objref-and-objrefmap-e.patch (bsc#1250237 CVE-2025-40206). Inserted series, updated CVE reference and mainline - commit 617e07d - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - commit 9eacaa7 - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - commit 32804dc - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - commit 12adc35 - bpf: Reject negative offsets for ALU ops (CVE-2025-40169 bsc#1253416). - commit 004bd79 ++++ kmod: - man: modprobe.d: document the config file order handling (bsc#1253741) * man-modprobe.d-document-the-config-file-order-handling.patch ------------------------------------------------------------------ ------------------ 2025-11-18 - Nov 18 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kernel-binary: Require libdw in Factory Libdw is required for gendwarfksyms - commit 0d3f66b - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - commit fd43643 ++++ libsoup: - Add libsoup-CVE-2025-12105.patch: fix use after free caused by 'finishing' queue item twice (bsc#1252555 CVE-2025-12105 glgo#GNOME/libsoup!481). ++++ sssd: - Install file in krb5.conf.d to include sssd krb5 config snippets; (bsc#1244325); - Disable Kerberos localauth an2ln plugin for AD; (CVE-2025-11561); (bsc#1251827); Add patch 0005-krb5-disable-Kerberos-localauth-an2ln-plugin-for-AD-.patch ------------------------------------------------------------------ ------------------ 2025-11-17 - Nov 17 2025 ------------------- ------------------------------------------------------------------ ++++ dpdk: - Upstream bugfix update: - Version 22.11.10 - net/mlx5: fix out-of-order completions in ordinary Rx burst (CVE-2025-23259, bsc#1254161) - Version 22.11.9 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id24 - Version 22.11.8 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id21 - Version 22.11.7 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id18 - Remove included fix dpdk-CVE-2024-11614.patch - Version 22.11.6 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id15 - Version 22.11.5 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id12 - Version 22.11.4 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id8 - Version 22.11.3 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id4 Remove included fixes: - 0001-kni-fix-build-with-Linux-6.3.patch - Version 22.11.2 https://doc.dpdk.org/guides-22.11/rel_notes/release_22_11.html#id2 - Fix [bsc#1214724], SUSE provided DPDK modules taint the kernel as unsupported + Add kernel support flag for rte_kni.ko ++++ python-kiwi: - Fixed spec file requires The package requirement for binutils was set to TW (>=1650) only but is also required for SLES16/Leap16 which is 1600 This commit fixes the condition to match with all required distributions and fixes bsc#1253637 ++++ kernel-default: - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083 bsc#1252912). - commit 517474e - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - commit 8bf2ad9 - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - commit fdeb2e0 - xsk: Harden userspace-supplied xdp_desc validation (CVE-2025-40159 bsc#1253403). - commit 7cd1a7d ++++ freetype2: - update to 2.14.1: * The auto-hinter got new abilities. It can now better separate diacritic glyphs from base glyphs at small sizes by artificially moving diacritics up (or down) if necessary * Tilde accent glyphs get vertically stretched at small sizes so that they don't degenerate to horizontal lines. * Diacritics directly attached to a base glyph (like the ogonek in character 'ę') no longer distort the shape of the base glyph * The TrueType instruction interpreter was optimized to produce a 15% gain in the glyph loading speed. * Handling of Variation Fonts is now considerably faster * TrueType and CFF glyph loading speed has been improved by 5-10% on modern 64-bit platforms as a result of better handling of fixed-point multiplication. * The BDF driver now loads fonts 75% faster. ------------------------------------------------------------------ ------------------ 2025-11-16 - Nov 16 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - commit f67cafa - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - commit 172ead3 - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - commit 67585df ------------------------------------------------------------------ ------------------ 2025-11-15 - Nov 15 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - commit c9e8681 ------------------------------------------------------------------ ------------------ 2025-11-14 - Nov 14 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - s390/mm: Fix in_atomic() handling in do_secure_storage_access() (git-fixes CVE-2025-38359 bsc#1247076). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - commit 5eab67b - kernel-binary: Do not change debuginfo config during build Historically when debuginfo build was disabled in OBS kernel was configured to not generate the debuginfo at all saving space during build and making the build faster. More and more kernel features depend on debuginfo, and disabling it changes the kernel significantly disabling functionality that is otherwise available and causing ABI breakage. Recently genksyms was rewritten as gendwarfksyms to support more features but requires debuginfo to operate. With that kernel builds without deuginfo are not very useful anymore. Even if rpm eventually trashes the debuginfo it needs to be always generated. - commit 4fc8f91 - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - commit 0d1ed96 - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - commit 22e4e84 ------------------------------------------------------------------ ------------------ 2025-11-13 - Nov 13 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: make sure skb->len != 0 when redirecting to a tunneling device (CVE-2022-50253 bsc#1249912) - commit 9d76bea - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (CVE-2025-39788 bsc#1249547) - commit 8ecb142 - drm/amd/display: Check dce_hwseq before dereferencing it (CVE-2025-38361 bsc#1247079) - commit c29726d - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - commit a56f52a - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - commit bd549b4 - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - commit e5427cd ++++ python311-core: - Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple quadratic complexity vulnerabilities of os.path.expandvars() (CVE-2025-6075, bsc#1252974). - Readjusted patches: - CVE-2023-52425-libexpat-2.6.0-backport.patch - CVE-2023-52425-remove-reparse_deferral-tests.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch ++++ unbound: - Fix CVE-2025-11411 (possible domain hijacking attack). Since this minimal patch interferes with most of the unit tests, the '%check' section has been removed from the spec file. [CVE-2025-11411, bsc#1252525, unbound-1.22-CVE-2025-11411.patch] ++++ nvidia-open-driver-G06-signed: - introduced extra %gfx_aarch64_version and appropriate tarball/pci_id file in the hope that build service will no longer complain - update CUDA variant to 580.105.08 ++++ python311: - Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple quadratic complexity vulnerabilities of os.path.expandvars() (CVE-2025-6075, bsc#1252974). - Readjusted patches: - CVE-2023-52425-libexpat-2.6.0-backport.patch - CVE-2023-52425-remove-reparse_deferral-tests.patch - fix_configure_rst.patch - skip_if_buildbot-extend.patch ++++ qemu: - Bugfixes: * io: fix use after free in websocket handshake code (bsc#1250984, CVE-2025-11234) * io: move websock resource release to close method (bsc#1250984, CVE-2025-11234) * io: release active GSource in TLS channel finalizer (bsc#1250984, CVE-2025-11234) * block/curl: fix curl internal handles handling (bsc#1252768, CVE-2025-11234) ------------------------------------------------------------------ ------------------ 2025-11-12 - Nov 12 2025 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix CVE-2025-54771 (bsc#1252931) * 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch - Fix CVE-2025-54770 (bsc#1252930) * 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch - Fix CVE-2025-61662 (bsc#1252933) * 0003-gettext-gettext-Unregister-gettext-command-on-module.patch - Fix CVE-2025-61663 (bsc#1252934) - Fix CVE-2025-61664 (bsc#1252935) * 0004-normal-main-Unregister-commands-on-module-unload.patch * 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch - Fix CVE-2025-61661 (bsc#1252932) * 0006-commands-usbtest-Use-correct-string-length-field.patch * 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch - Bump upstream SBAT generation to 6 ++++ kernel-default: - perf script: add --addr2line option (bsc#1247509). - commit b555487 - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786 CVE-2023-53676). - commit 9f54767 - crypto: iaa - Do not clobber req->base.data (git-fixes). - commit 5feccb5 - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - commit 065dd63 - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - commit c42dda1 - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - commit 187ad0b - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - commit ce2cf8f - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - commit aaea082 - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - commit 6c43180 - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - commit b216859 - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - commit 1ee428c - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - commit 0febf2a - btrfs: run btrfs_error_commit_super() early (git-fix). - commit 8643309 - btrfs: tree-checker: add dev extent item checks (git-fix). - commit 48bfe9b - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - commit 4308950 - btrfs: avoid using fixed char array size for tree names (git-fix). - commit f141f17 - btrfs: tree-checker: validate dref root and objectid (git-fix). - commit 3243d37 - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - commit 36065ed - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - commit 9e4469e - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - commit d1d2092 - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - commit ee165a1 ------------------------------------------------------------------ ------------------ 2025-11-11 - Nov 11 2025 ------------------- ------------------------------------------------------------------ ++++ cloud-init: - Fix dependency replace -serial with -pyserial ++++ kernel-default: - Alt-commit updates - Refresh patches.suse/drm-amd-display-Fix-brightness-level-not-retained-ov.patch. - Refresh patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch. - Refresh patches.suse/drm-i915-dsi-Use-TRANS_DDI_FUNC_CTL-s-own-port-width.patch. - Refresh patches.suse/drm-panel-simple-Update-timings-for-AUO-G101EVN010.patch. - Refresh patches.suse/drm-sched-Add-locking-to-drm_sched_entity_modify_sch.patch. - commit 1d2b5d5 - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - commit baa92d8 - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - commit 508e295 - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - commit c373962 - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - commit 5e3a1fc - btrfs: fix inode leak on failure to add link to inode (git-fixes). - commit 5155c3a - btrfs: abort transaction on failure to add link to inode (git-fixes). - commit 91c4075 - btrfs: rename err to ret in btrfs_link() (git-fixes). - commit 4d5a044 - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - commit 2c08529 - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - commit 78a2926 - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - commit d3c0a38 - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - commit b58dbd2 - Delete patches.kabi/KVM-x86-Snapshot-the-host-s-DEBUGCTL-in-common-x86.patch. Now that kabi/severities is amended to ignore xfer_to_guest_mode_handle_work(), drop the unneeded kABI workaround. - commit 27b5996 ------------------------------------------------------------------ ------------------ 2025-11-10 - Nov 10 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - commit d11dc7c - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - commit 0e43958 - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - commit add9d74 - kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes) (git-fixes). - commit 10ade44 - pds_core: remove write-after-free of client_id (CVE-2025-37916 bsc#1243474) - commit 40805a0 - coresight: Fix incorrect handling for return value of devm_kzalloc (CVE-2025-40059 bsc#1252809) - commit f7e7b0e - ocfs2: fix double free in user_cluster_connect() (CVE-2025-40055 bsc#1252821) - commit 9897d8a - pinctrl: check the return value of pinmux_ops::get_function_name() (CVE-2025-40030 bsc#1252773). - commit 060cddf - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - commit 0701a3a - pps: fix warning in pps_register_cdev when register device fail (CVE-2025-40070 bsc#1252836). - commit 98a58ce - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - commit 15e0a05 - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (CVE-2025-40098 bsc#1252917). - commit 8b9eeeb - rtc: rx8025: fix incorrect register reference (git-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (git-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). - commit 6309683 ------------------------------------------------------------------ ------------------ 2025-11-9 - Nov 9 2025 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.7.29. Upstream release notes: * CVE-2024-25621 bsc#1253126 * CVE-2025-64329 bsc#1253132 - Rebase patches: * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch ------------------------------------------------------------------ ------------------ 2025-11-7 - Nov 7 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - Refresh patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch. - Refresh patches.suse/x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-client. - commit d7ef23e - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - commit 85fd0b8 - fs/smb: Fix inconsistent refcnt update (bsc#1250176, CVE-2025-39819). - commit 966a58e - kabi/severities: drop xfer_to_guest_mode_handle_work This is part of KVM, and it is already ignored in SL-16.0. The function only takes a pointer to a KVM struct and feeds it back to the KVM subsystem. - commit dc5bb81 - net/9p: fix double req put in p9_fd_cancelled (CVE-2025-40027 bsc#1252763). - commit bff03bd - KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (CVE-2025-40038 bsc#1252817). - commit d00fe85 - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - commit fd68ed6 ++++ openssh: - Add openssh-cve-2025-61984-username-validation.patch (bsc#1251198, CVE-2025-61984). - Add openssh-cve-2025-61985-nul-url-encode.patch (bsc#1251199, CVE-2025-61985). ++++ opensuse-migration-tool: - Drop accidentally created submodule * Add opensuse-migration-tool to .gitignore ------------------------------------------------------------------ ------------------ 2025-11-6 - Nov 6 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - commit 59aa14f - nexthop: Forbid FDB status change while nexthop is in a group (CVE-2025-39980 bsc#1252063). - commit 44a7e79 - mm/ksm: fix flag-dropping behavior in ksm_madvise (CVE-2025-40040 bsc#1252780). - commit ff8401e - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - commit c2ea229 - media: atomisp: Prefix firmware paths with "intel/ipu/" (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - commit 903670f ------------------------------------------------------------------ ------------------ 2025-11-5 - Nov 5 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - commit 0165696 - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - commit 2116607 - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - commit b261c17 - nbd: restrict sockets to TCP and UDP (bsc#1252774 CVE-2025-40080). - commit a7c3e39 - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - commit 6f9b1c9 - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - commit b83e48d - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - commit 2982d0e - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - commit 5cc1fcc - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - commit 9e70f85 - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - commit 2630cbd - Refresh patches.suse/Revert-KVM-VMX-Move-LOAD_IA32_PERF_GLOBAL_CTRL-errat.patch. Fix whitespace (patch was using spaces). - commit 04dc661 - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - commit 0f034b6 - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes) - commit c7164d9 - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes) - commit ff60916 - RDMA/hns: Fix the modification of max_send_sge (git-fixes) - commit e73e586 - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes) - commit 80efef8 - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes) - commit 8445b54 - RDMA/irdma: Fix SD index calculation (git-fixes) - commit 05d9bdd - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes) - commit 3c9a931 ++++ runc: - Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 - Remove upstreamed patches for bsc#1252232: - 2025-11-05-CVEs.patch ------------------------------------------------------------------ ------------------ 2025-11-4 - Nov 4 2025 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 059+suse.641.g906a3d31: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) ++++ kernel-default: - Delete patches.kabi/KVM-x86-pmu-Allow-programming-events-that-match-unsu.patch. This avoids a kbuild error in check-patchrv. This patch is not needed anyway since 4f5efb71e1f4. - commit 624b1b2 - vhost: vringh: Modify the return value check (CVE-2025-40051 bsc#1252858). - commit 80d9f20 - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - commit 91a9728 ++++ nvidia-open-driver-G06-signed: - back to 580.95.05 on aarch64, since userspace drivers have not been updated for this platform ------------------------------------------------------------------ ------------------ 2025-11-3 - Nov 3 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - Refresh patches.suse/KVM-x86-Don-t-inject-PV-async-PF-if-SEND_ALWAYS-0-an.patch. - Refresh patches.suse/KVM-x86-Exit-to-userspace-if-fastpath-triggers-one-o.patch. - Refresh patches.suse/KVM-x86-Introduce-kvm_set_mp_state.patch. - Refresh patches.suse/KVM-x86-Route-non-canonical-checks-in-emulator-throu.patch. - Refresh patches.suse/KVM-x86-model-canonical-checks-more-precisely.patch. - commit 3454959 - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - commit 6bb685c - Update patches.suse/ACPI-x86-s2idle-Catch-multiple-ACPI_TYPE_PACKAGE-obj.patch (git-fixes CVE-2023-53708 bsc#1252537). - Update patches.suse/ALSA-usb-audio-Fix-NULL-pointer-deference-in-try_to_.patch (git-fixes CVE-2025-40085 bsc#1252873). - Update patches.suse/ALSA-usb-audio-fix-race-condition-to-UAF-in-snd_usbm.patch (git-fixes CVE-2025-39997 bsc#1252056). - Update patches.suse/ASoC-qcom-audioreach-fix-potential-null-pointer-dere.patch (git-fixes CVE-2025-40013 bsc#1252348). - Update patches.suse/Bluetooth-MGMT-Fix-possible-UAFs.patch (git-fixes CVE-2025-39981 bsc#1252060). - Update patches.suse/Bluetooth-hci_event-Fix-UAF-in-hci_acl_create_conn_s.patch (git-fixes CVE-2025-39982 bsc#1252083). - Update patches.suse/HID-amd_sfh-Fix-for-shift-out-of-bounds.patch (bsc#1012628 CVE-2023-53703 bsc#1252553). - Update patches.suse/Input-uinput-zero-initialize-uinput_ff_upload_compat.patch (git-fixes CVE-2025-40035 bsc#1252866). - Update patches.suse/NFS-Fix-a-potential-data-corruption.patch (git-fixes CVE-2023-53711 bsc#1252536). - Update patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch (git-fixes CVE-2025-40087 bsc#1252909). - Update patches.suse/PCI-endpoint-pci-epf-test-Add-NULL-check-for-DMA-cha.patch (git-fixes CVE-2025-40032 bsc#1252841). - Update patches.suse/RDMA-rxe-Fix-race-in-do_task-when-draining.patch (git-fixes CVE-2025-40061 bsc#1252849). - Update patches.suse/Squashfs-fix-uninit-value-in-squashfs_get_parent.patch (git-fixes CVE-2025-40049 bsc#1252822). - Update patches.suse/USB-gadget-Fix-the-memory-leak-in-raw_gadget-dr.patch (bsc#1012628 CVE-2023-53693 bsc#1252489). - Update patches.suse/afs-Fix-potential-null-pointer-dereference-in-afs_put_server.patch (git-fixes CVE-2025-40010 bsc#1252332). - Update patches.suse/arm64-csum-Fix-OoB-access-in-IP-checksum-code-for-ne.patch (git-fixes CVE-2023-53726 bsc#1252565). - Update patches.suse/arm64-sme-Use-STR-P-to-clear-FFR-context-field-.patch (bsc#1012628 CVE-2023-53713 bsc#1252559). - Update patches.suse/blk-iocost-use-spin_lock_irqsave-in-adjust_inus.patch (bsc#1012628 CVE-2023-53730 bsc#1252495). - Update patches.suse/bus-fsl-mc-Check-return-value-of-platform_get_resour.patch (git-fixes CVE-2025-40029 bsc#1252772). - Update patches.suse/can-etas_es58x-populate-ndo_change_mtu-to-prevent-bu.patch (git-fixes CVE-2025-39988 bsc#1252074). - Update patches.suse/can-hi311x-populate-ndo_change_mtu-to-prevent-buffer.patch (git-fixes CVE-2025-39987 bsc#1252079). - Update patches.suse/can-mcba_usb-populate-ndo_change_mtu-to-prevent-buff.patch (git-fixes CVE-2025-39985 bsc#1252082). - Update patches.suse/can-peak_usb-fix-shift-out-of-bounds-issue.patch (git-fixes CVE-2025-40020 bsc#1252679). - Update patches.suse/can-sun4i_can-populate-ndo_change_mtu-to-prevent-buf.patch (git-fixes CVE-2025-39986 bsc#1252078). - Update patches.suse/clk-imx-clk-imx8mp-improve-error-handling-in-im.patch (bsc#1012628 CVE-2023-53704 bsc#1252490). - Update patches.suse/clocksource-drivers-cadence-ttc-Fix-memory-leak.patch (bsc#1012628 CVE-2023-53725 bsc#1252492). - Update patches.suse/crypto-essiv-Check-ssize-for-decryption-and-in-place.patch (git-fixes CVE-2025-40019 bsc#1252678). - Update patches.suse/crypto-hisilicon-qm-set-NULL-to-qm-debug.qm_diff_reg.patch (git-fixes CVE-2025-40062 bsc#1252850). - Update patches.suse/drm-amdgpu-Fix-integer-overflow-in-amdgpu_cs_p.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53707 bsc#1252632). - Update patches.suse/drm-gma500-Fix-null-dereference-in-hdmi-teardown.patch (git-fixes CVE-2025-40011 bsc#1252336). - Update patches.suse/drm-sched-Fix-potential-double-free-in-drm_sched_job.patch (git-fixes CVE-2025-40096 bsc#1252902). - Update patches.suse/fbcon-fix-integer-overflow-in-fbcon_do_set_font.patch (git-fixes CVE-2025-39967 bsc#1252033). - Update patches.suse/fs-udf-fix-OOB-read-in-lengthAllocDescs-handling.patch (git-fixes CVE-2025-40044 bsc#1252785). - Update patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_strcasecmp.patch (git-fixes CVE-2025-40088 bsc#1252904). - Update patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2asc_followup.patch (git-fixes CVE-2025-40082 bsc#1252775). - Update patches.suse/iommu-vt-d-Disallow-dirty-tracking-if-incoherent-pag.patch (git-fixes CVE-2025-40058 bsc#1252854). - Update patches.suse/md-raid1-fix-potential-OOB-in-raid1_remove_disk-8b04.patch (jsc#PED-7542 CVE-2023-53722 bsc#1252499). - Update patches.suse/media-b2c2-Fix-use-after-free-causing-by-irq_check_w.patch (git-fixes CVE-2025-39996 bsc#1252065). - Update patches.suse/media-i2c-tc358743-Fix-use-after-free-bugs-caused-by.patch (git-fixes CVE-2025-39995 bsc#1252064). - Update patches.suse/media-rc-fix-races-with-imon_disconnect.patch (git-fixes CVE-2025-39993 bsc#1252070). - Update patches.suse/media-tuner-xc5000-Fix-use-after-free-in-xc5000_rele.patch (git-fixes CVE-2025-39994 bsc#1252072). - Update patches.suse/media-uvcvideo-Mark-invalid-entities-with-id-UVC_INV.patch (git-fixes CVE-2025-40016 bsc#1252346). - Update patches.suse/misc-fastrpc-fix-possible-map-leak-in-fastrpc_put_ar.patch (git-fixes CVE-2025-40036 bsc#1252865). - Update patches.suse/net-nfc-nci-Add-parameter-validation-for-packet-data.patch (git-fixes CVE-2025-40043 bsc#1252787). - Update patches.suse/net-sched-cls_u32-Undo-tcf_bind_filter-if-u32_r.patch (bsc#1012628 CVE-2023-53733 bsc#1252685). - Update patches.suse/net-sched-fq_pie-avoid-stalls-in-fq_pie_timer.patch (bsc#1220419 CVE-2023-53727 bsc#1252566). - Update patches.suse/netlink-fix-potential-deadlock-in-netlink_set_e.patch (bsc#1012628 CVE-2023-53731 bsc#1252481). - Update patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch (jsc#PED-5853 CVE-2023-53697 bsc#1252534). - Update patches.suse/posix-timers-Ensure-timer-ID-search-loop-limit-.patch (bsc#1012628 CVE-2023-53728 bsc#1252668). - Update patches.suse/ring-buffer-Do-not-swap-cpu_buffer-during-resi.patch (bsc#1012628 CVE-2023-53718 bsc#1252564). - Update patches.suse/riscv-move-memblock_allow_resize-after-linear-m.patch (bsc#1012628 CVE-2023-53699 bsc#1252550). - Update patches.suse/smb-client-fix-crypto-buffers-in-non-linear-memory.patch (bsc#1250491 boo#1239206 CVE-2025-40052 bsc#1252851). - Update patches.suse/soc-qcom-qmi_encdec-Restrict-string-length-in-decode.patch (git-fixes CVE-2023-53729 bsc#1252496). - Update patches.suse/tty-n_gsm-Don-t-block-input-queue-by-waiting-MSC.patch (git-fixes CVE-2025-40071 bsc#1252797). - Update patches.suse/wifi-ath11k-fix-NULL-dereference-in-ath11k_qmi_m3_lo.patch (git-fixes CVE-2025-39991 bsc#1252075). - Update patches.suse/wifi-ath12k-Fix-a-NULL-pointer-dereference-in-ath12k.patch (git-fixes CVE-2023-53721 bsc#1252561). - Update patches.suse/xfrm-xfrm_alloc_spi-shouldn-t-use-0-as-SPI.patch (CVE-2025-39797 bsc#1249608 CVE-2025-39965 bsc#1251967). - Update patches.suse/xsk-fix-refcount-underflow-in-error-path.patch (bsc#1012628 CVE-2023-53698 bsc#1252479). - commit 9042362 - coresight: trbe: Return NULL pointer for allocation failures (CVE-2025-40060 bsc#1252848). - commit 4543e34 ------------------------------------------------------------------ ------------------ 2025-11-2 - Nov 2 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - commit 20abe4b - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - Refresh patches.suse/scsi-mpi3mr-Serialize-admin-queue-BAR-writes-on-32-bit-sys.patch. - commit 0321942 ------------------------------------------------------------------ ------------------ 2025-11-1 - Nov 1 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - commit 237fed8 - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - commit acb4ea2 ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to version 580.105.08 (boo#1252978) ------------------------------------------------------------------ ------------------ 2025-10-31 - Oct 31 2025 ------------------- ------------------------------------------------------------------ ++++ glib2: - Add glib2-CVE-2025-7039.patch: fix computation of temporary file name (bsc#1249055 CVE-2025-7039 glgo#GNOME/glib#3716). ++++ kernel-default: - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - commit 5e5239d - vhost: vringh: Fix copy_to_iter return value check (CVE-2025-40056 bsc#1252826) - commit 4efa16a - btrfs: do not assert we found block group item when creating free space tree (bsc#1252918 CVE-2025-40100). - commit 327502f - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - commit f5ef369 - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - commit 8cb68fe - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - commit 37d594a - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - commit 51d3745 - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - commit 24ba5aa - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - commit 9809b14 - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - commit cc1ca5e ------------------------------------------------------------------ ------------------ 2025-10-30 - Oct 30 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078 bsc#1252789). - commit 6edd4b3 - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - commit fdfcdff - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - commit cb2e3ab - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - commit 7cb788c - Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" (git-fixes). - commit 769724a - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - commit 40898e0 - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - commit a2e4db9 - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - commit 693ef92 - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - commit 6aec9cc ------------------------------------------------------------------ ------------------ 2025-10-29 - Oct 29 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ARM: tegra: Use I/O memcpy to write to IRAM (CVE-2025-39794 bsc#1249595) - commit ad8d355 - ipvs: Defer ip_vs_ftp unregister during netns cleanup (CVE-2025-40018 bsc#1252688). - commit d48a123 - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - commit 1a326b8 - Fix Git-commit for patches.suse/cxl-downgrade-a-warning-message-to-debug-level-in-cxl.patch. - commit 31a5035 ++++ opensuse-migration-tool: - Update to version 20251029.ed0d12d: * Update opensuse-migration-tool ------------------------------------------------------------------ ------------------ 2025-10-28 - Oct 28 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - commit 82fd58d - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - commit fceae30 - octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (CVE-2025-39978 bsc#1252069). - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955 bsc#1251804). - commit 0468786 - Revert "e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898" This reverts commit df2ae2c1bd0dd998b7e23e3d49e90e95ada467f0. - commit 79fa523 - i40e: add max boundary check for VF filters (CVE-2025-39968 bsc#1252047). - i40e: fix validation of VF state in get resources (CVE-2025-39969 bsc#1252044). - i40e: fix idx validation in i40e_validate_queue_map (CVE-2025-39972 bsc#1252039). - i40e: add validation for ring_len param (CVE-2025-39973 bsc#1252035). - ice: fix Rx page leak on multi-buffer frames (CVE-2025-39948 bsc#1251233). - qed: Don't collect too many protection override GRC elements (CVE-2025-39949 bsc#1251177). - commit 2c4293d - Delete patches.suse/cpuidle-menu-Avoid-discarding-useful-information.patch. - commit c2e3ac6 - Delete patches.suse/cpuidle-governors-menu-Avoid-using-invalid-recent-intervals-data.patch. - commit b1a47b7 - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - commit 4b35633 - ACPI: battery: Add synchronization between interface updates (git-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - commit 7bacc8f ++++ libgcrypt: - Fix running the test suite in FIPS mode [bsc#1246934] * Add libgcrypt-fix-pkcs12-test-in-FIPS-mode.patch * Rebase libgcrypt-FIPS-SLI-kdf-leylength.patch ------------------------------------------------------------------ ------------------ 2025-10-27 - Oct 27 2025 ------------------- ------------------------------------------------------------------ ++++ docker: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no practical impact on non-SELinux systems. bsc#1252290 ++++ kernel-default: - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (CVE-2025-40000 bsc#1252062). - commit b7a479d - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - commit b185921 - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - Refresh patches.suse/misc-fastrpc-Skip-reference-for-DMA-handles.patch. - commit b472422 - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - PCI: j721e: Fix programming sequence of "strap" settings (git-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - PM: runtime: Add new devm functions (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - commit 9f99f4e - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - commit 110d102 - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - commit e53e617 - spi: cadence-quadspi: Implement refcount to handle unbind during busy (CVE-2025-40005 bsc#1252349). - commit 7406f70 ++++ python-PyJWT: - Remove not needed update-alternatives requirement. ------------------------------------------------------------------ ------------------ 2025-10-26 - Oct 26 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - i40e: fix idx validation in config queues msg (CVE-2025-39971 bsc#1252052) - commit 70699a8 - i40e: fix input validation logic for action_meta (CVE-2025-39970 bsc#1252051) - commit 57401e3 ------------------------------------------------------------------ ------------------ 2025-10-25 - Oct 25 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - commit 59db3fb - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - commit da235eb - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - commit 5587842 ------------------------------------------------------------------ ------------------ 2025-10-24 - Oct 24 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - commit baef4e7 - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - commit 72f1d28 - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - commit a6f88ab - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - commit 677fb8c ------------------------------------------------------------------ ------------------ 2025-10-23 - Oct 23 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (CVE-2025-39876 bsc#1250400) - commit 137f367 - proc: fix type confusion in pde_set_flags() (bsc#1248630) - commit c6a1bb4 - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - commit 539da61 - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653 bsc#1248630) - commit bcff9b5 - ovl: fix file reference leak when submitting aio (stable-fixes). - commit 57db5b5 - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - commit 85e57cf - KVM: x86: Don't bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - commit cd63f69 - KVM: x86: Process "guest stopped request" once per guest time update (git-fixes). - commit 29a55cf - add bug reference to existing hv_netvsc change (bsc#1252265) - commit 95261dd ------------------------------------------------------------------ ------------------ 2025-10-22 - Oct 22 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - commit ed9dfb1 - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - commit f4d45de - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - commit 4b1f2ec ++++ gpgme: - Treat empty DISPLAY variable as unset. [bsc#1252425, bsc#1231055] * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Add gpgme-Treat-empty-DISPLAY-variable-as-unset.patch * Reported upstream: dev.gnupg.org/T7919 ------------------------------------------------------------------ ------------------ 2025-10-21 - Oct 21 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - NFS: Fix a race when updating an existing write (bsc#1249319 bsc#1252236 CVE-2025-39697). - commit 40cab0c - nfs: Add missing release on error in nfs_lock_and_join_requests() (bsc#1249319 bsc#1252236 CVE-2025-39697). - commit b903556 - nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests (bsc#1249319 bsc#1252236 CVE-2025-39697). - commit 13ceff1 - nfs: fold nfs_folio_find_and_lock_request into nfs_lock_and_join_requests (bsc#1249319 bsc#1252236 CVE-2025-39697). - commit 14874ac - nfs: simplify nfs_folio_find_and_lock_request (bsc#1249319 bsc#1252236 CVE-2025-39697). - commit 1b25c26 - nfs: remove nfs_folio_private_request (bsc#1249319 bsc#1252236 CVE-2025-39697). - commit c28ea5d - nfs: remove dead code for the old swap over NFS implementation (bsc#1249319 bsc#1252236 CVE-2025-39697). - Refresh patches.suse/NFS-fix-nfs_release_folio-to-not-deadlock-via-kcompa.patch. - commit e7a5c52 - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - commit 0bb2570 - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - commit 4cfc4ed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911 bsc#1250704) - commit 627f938 - sched: Fix sched_numa_find_nth_cpu() if mask offline (CVE-2025-39895 bsc#1250721) - commit 581de7a - sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812 bsc#1250202) - commit 56a7db3 ++++ sqlite3: - bsc#1252217: Add a %license file. ------------------------------------------------------------------ ------------------ 2025-10-20 - Oct 20 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702 bsc#1249317) - commit 3d85c5c - sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718 bsc#1249161) - commit 0083867 - scsi: qla4xxx: Prevent a potential error pointer dereference (CVE-2025-39676 bsc#1249302) - commit a3b8686 - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - commit f1ec116 - net/mlx5e: Harden uplink netdev access against device unbind (CVE-2025-39947 bsc#1251232). - commit d4278a0 - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - commit 09e399f - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - commit 27a06fc - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - commit ad26239 - r8152: add error handling in rtl8152_driver_init (git-fixes). - commit db73d98 - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - commit b2c518b - config.sh: Update IBS project - commit f8ef735 - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - commit 149500a - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - commit a4ef664 - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - commit baddd40 - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - commit 63e24c4 - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - commit f4f0a36 - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - commit fa036e9 - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - commit d19eec5 - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - commit 3353a4b - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - commit b5270ce - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - commit 736692a - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - commit 8aa3099 - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - commit 35f5a49 ------------------------------------------------------------------ ------------------ 2025-10-19 - Oct 19 2025 ------------------- ------------------------------------------------------------------ ++++ util-linux-systemd: - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682, util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch). ++++ util-linux: - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682, util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch). ------------------------------------------------------------------ ------------------ 2025-10-17 - Oct 17 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - commit 814983a - doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT The character was previously 'N', but upstream used it for TAINT_TEST, which prompted the change of TAINT_NO_SUPPORT to 'n'. This occurred in commit c35dc3823d08 ("Update to 6.0-rc1") on master and in d016c04d731d ("Bump to 6.4 kernel (jsc#PED-4593)") for SLE15-SP6 (and onwards). Update the documentation to reflect this change. - commit f42ecf5 - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - commit 19fb175 - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - commit d0f4111 - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - commit 59c2171 - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - commit 793bb70 - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - commit 39be628 - cpuidle: menu: Avoid discarding useful information (stable-fixes). - commit b136410 - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - commit e1cfca8 - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - commit 8b10f36 - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - commit 3e7dc0b - cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs (stable-fixes). - commit 2dde40f - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - commit 5925a0e - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - Update config files. - commit 1a58311 - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - Refresh patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch. - commit be42a2d ++++ freetype2: - package FTL.TXT and GPLv2.TXT [bsc#1252148] ++++ opensuse-migration-tool: - Update to version 20251017.e28f94c: * fix: remove the check for x86-64-v3 flag xsave from the v2 check ------------------------------------------------------------------ ------------------ 2025-10-16 - Oct 16 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf: Extract a few helpers (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - commit 76eb280 - tls: make sure to abort the stream if headers are bogus (CVE-2025-39946 bsc#1251114). - commit d62deaa - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - commit b2a359c - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - commit 799529b - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - commit f14b275 - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - commit 498999e - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - commit eb3a7bd - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - commit 109e7cc - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - commit 9b43d04 - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - commit 442e8bf - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - commit 1f65169 - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - commit 7613608 - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - commit 8a1df26 - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - commit 73d4d2d - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - commit 1a82fe5 - kabi: hide new member allow_subflows in struct mptcp_sock (CVE-2025-38552 bsc#1248230). - commit f51a25e - mptcp: plug races between subflow fail and subflow creation (CVE-2025-38552 bsc#1248230). - Refresh patches.kabi/kabi-hide-new-member-fallback_lock-in-struct-mptcp_s.patch. (also delete outdated part of a comment) - commit fdbbed8 ++++ libsoup: - Update libsoup-CVE-2025-11021.patch: Add NULL check for soup_date_time_to_string() (bsc#1250562, CVE-2025-11021, glgo#GNOME/libsoup!483). ++++ nvidia-open-driver-G06-signed: - renamed check to %name-check package ++++ runc: [ This update was only released for SLE 12 and 15. ] - Backport patches for three CVEs. All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files. bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 + 2025-11-05-CVEs.patch ------------------------------------------------------------------ ------------------ 2025-10-15 - Oct 15 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/ALSA-ac97-Fix-possible-NULL-dereference-in-snd_.patch (bsc#1012628 CVE-2023-53648 bsc#1251750). - Update patches.suse/ASoC-codecs-wcd938x-fix-missing-mbhc-init-error.patch (bsc#1012628 CVE-2023-53666 bsc#1251760). - Update patches.suse/ASoC-qcom-q6apm-lpass-dais-Fix-NULL-pointer-derefere.patch (git-fixes CVE-2025-39938 bsc#1251134). - Update patches.suse/Bluetooth-hci_event-call-disconnect-callback-be.patch (bsc#1012628 CVE-2023-53673 bsc#1251763). - Update patches.suse/HID-hyperv-avoid-struct-memcpy-overrun-warning.patch (bsc#1012628 CVE-2023-53553 bsc#1251068). - Update patches.suse/KVM-nSVM-Check-instead-of-asserting-on-nested-TSC-sc.patch (git-fixes CVE-2023-53663 bsc#1251290). - Update patches.suse/RDMA-rxe-Fix-incomplete-state-save-in-rxe_requester.patch (git-fixes CVE-2023-53539 bsc#1251060). - Update patches.suse/USB-Gadget-core-Help-prevent-panic-during-UVC-.patch (bsc#1012628 CVE-2023-53580 bsc#1251105). - Update patches.suse/accel-qaic-Fix-a-leak-in-map_user_pages.patch (bsc#1012628 CVE-2023-53633 bsc#1251746). - Update patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-f.patch (bsc#1012628 CVE-2023-53681 bsc#1251769). - Update patches.suse/bonding-do-not-assume-skb-mac_header-is-set.patch (bsc#1012628 CVE-2023-53601 bsc#1251153). - Update patches.suse/bpf-Make-bpf_refcount_acquire-fallible-for-non-.patch (bsc#1012628 CVE-2023-53645 bsc#1251321). - Update patches.suse/bpf-cpumap-Handle-skb-as-well-when-clean-up-pt.patch (bsc#1012628 CVE-2023-53660 bsc#1251721). - Update patches.suse/bpf-cpumap-Make-sure-kthread-is-running-before.patch (bsc#1012628 CVE-2023-53577 bsc#1251028). - Update patches.suse/bpf-reject-unhashed-sockets-in-bpf_sk_assign.patch (jsc#PED-6811 CVE-2023-53585 bsc#1251126). - Update patches.suse/btrfs-insert-tree-mod-log-move-in-push_node_lef.patch (bsc#1012628 CVE-2023-53538 bsc#1251024). - Update patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch (git-fixes CVE-2023-53672 bsc#1251780). - Update patches.suse/btrfs-reject-invalid-reloc-tree-root-keys-with.patch (bsc#1012628 CVE-2023-53618 bsc#1251748). - Update patches.suse/cifs-Release-folio-lock-on-fscache-read-hit.patch (bsc#1012628 CVE-2023-53593 bsc#1251132). - Update patches.suse/cifs-fix-mid-leak-during-reconnection-after-tim.patch (bsc#1012628 CVE-2023-53597 bsc#1251159). - Update patches.suse/clk-Fix-memory-leak-in-devm_clk_notifier_regist.patch (bsc#1012628 CVE-2023-53674 bsc#1251764). - Update patches.suse/clk-imx-scu-use-_safe-list-iterator-to-avoid-a-.patch (bsc#1012628 CVE-2023-53572 bsc#1251027). - Update patches.suse/cpufreq-amd-pstate-fix-global-sysfs-attribute-.patch (bsc#1012628 CVE-2023-53550 bsc#1251071). - Update patches.suse/cpufreq-amd-pstate-ut-Fix-kernel-panic-when-loading-.patch (git-fixes CVE-2023-53563 bsc#1251038). - Update patches.suse/crypto-af_alg-Fix-missing-initialisation-affecting-g.patch (bsc#1216396 CVE-2023-53599 bsc#1251150). - Update patches.suse/crypto-af_alg-Set-merge-to-zero-early-in-af_alg_send.patch (git-fixes CVE-2025-39931 bsc#1251100). - Update patches.suse/dax-Fix-dax_mapping_release-use-after-free.patch (bsc#1012628 CVE-2023-53613 bsc#1251119). - Update patches.suse/drivers-base-Free-devm-resources-when-unregistering-.patch (jsc#PED-6054 CVE-2023-53596 bsc#1251161). - Update patches.suse/drivers-perf-hisi-Don-t-migrate-perf-to-the-CPU.patch (bsc#1012628 CVE-2023-53656 bsc#1251758). - Update patches.suse/drm-amdgpu-unmap-and-remove-csa_va-properly.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53545 bsc#1251084). - Update patches.suse/drm-bridge-anx7625-Fix-NULL-pointer-dereference-with.patch (git-fixes CVE-2025-39934 bsc#1251146). - Update patches.suse/drm-i915-mark-requests-for-GuC-virtual-engines-to-av.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53552 bsc#1251065). - Update patches.suse/drm-i915-perf-add-sentinel-to-xehp_oa_b_counter.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53646 bsc#1251742). - Update patches.suse/ext4-fix-memory-leaks-in-ext4_fname_-setup_filename-.patch (bsc#1214954 CVE-2023-53662 bsc#1251282). - Update patches.suse/fbdev-omapfb-lcd_mipid-Fix-an-error-handling-pa.patch (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53650 bsc#1251283). - Update patches.suse/fprobe-Release-rethook-after-the-ftrace_ops-is-.patch (bsc#1012628 CVE-2023-53557 bsc#1251054). - Update patches.suse/gfs2-Fix-possible-data-races-in-gfs2_show_opti.patch (bsc#1012628 CVE-2023-53622 bsc#1251777). - Update patches.suse/gpio-mvebu-fix-irq-domain-leak.patch (bsc#1012628 CVE-2023-53579 bsc#1251170). - Update patches.suse/iavf-Fix-out-of-bounds-when-setting-channels-on.patch (bsc#1012628 CVE-2023-53659 bsc#1251247). - Update patches.suse/iavf-Fix-use-after-free-in-free_netdev.patch (bsc#1012628 CVE-2023-53556 bsc#1251059). - Update patches.suse/ice-Don-t-tx-before-switchdev-is-fully-configured.patch (jsc#PED-4876 CVE-2023-53657 bsc#1251319). - Update patches.suse/ip_vti-fix-potential-slab-use-after-free-in-de.patch (bsc#1012628 CVE-2023-53559 bsc#1251052). - Update patches.suse/ipmi_si-fix-a-memleak-in-try_smi_init.patch (git-fixes CVE-2023-53611 bsc#1251123). - Update patches.suse/jfs-fix-invalid-free-of-JFS_IP-ipimap-i_imap-in-diUnmount.patch (git-fixes CVE-2023-53616 bsc#1251215). - Update patches.suse/md-don-t-dereference-mddev-after-export_rdev-7dea.patch (jsc#PED-7542 CVE-2023-53665 bsc#1251270). - Update patches.suse/media-amphion-fix-REVERSE_INULL-issues-reported-by-c.patch (git-fixes CVE-2023-53653 bsc#1251755). - Update patches.suse/memcontrol-ensure-memcg-acquired-by-id-is-properly-s.patch (git-fixes CVE-2023-53621 bsc#1251323). - Update patches.suse/mm-damon-core-initialize-damo_filter-list-from.patch (bsc#1012628 CVE-2023-53555 bsc#1251056). - Update patches.suse/msft-hv-2870-Drivers-hv-vmbus-Don-t-dereference-ACPI-root-object-.patch (git-fixes CVE-2023-53647 bsc#1251732). - Update patches.suse/mtd-rawnand-brcmnand-Fix-potential-out-of-bounds-acc.patch (git-fixes CVE-2023-53541 bsc#1251043). - Update patches.suse/net-handshake-fix-null-ptr-deref-in-handshake_nl_don.patch (bsc#1220419 CVE-2023-53686 bsc#1251771). - Update patches.suse/net-mlx5-DR-fix-memory-leak-in-mlx5dr_cmd_crea.patch (bsc#1012628 CVE-2023-53546 bsc#1251079). - Update patches.suse/net-mlx5e-Check-for-NOT_READY-flag-state-after-.patch (bsc#1012628 CVE-2023-53581 bsc#1251106). - Update patches.suse/net-mlx5e-Take-RTNL-lock-when-needed-before-ca.patch (bsc#1012628 CVE-2023-53632 bsc#1251269). - Update patches.suse/net-rfkill-gpio-Fix-crash-due-to-dereferencering-uni.patch (git-fixes CVE-2025-39937 bsc#1251143). - Update patches.suse/net-usbnet-Fix-WARNING-in-usbnet_start_xmit-us.patch (bsc#1012628 CVE-2023-53548 bsc#1251066). - Update patches.suse/netfilter-conntrack-Avoid-nf_ct_helper_hash-use.patch (bsc#1012628 CVE-2023-53619 bsc#1251743). - Update patches.suse/nvme-core-fix-dev_pm_qos-memleak.patch (bsc#1012628 CVE-2023-53670 bsc#1251762). - Update patches.suse/octeon_ep-cancel-queued-works-in-probe-error-p.patch (bsc#1012628 CVE-2023-53638 bsc#1251328). - Update patches.suse/octeontx2-af-Add-validation-before-accessing-cg.patch (bsc#1012628 CVE-2023-53654 bsc#1251756). - Update patches.suse/perf-RISC-V-Remove-PERF_HES_STOPPED-flag-checki.patch (bsc#1012628 CVE-2023-53583 bsc#1251108). - Update patches.suse/perf-trace-Really-free-the-evsel-priv-area.patch (perf-v6.7 (jsc#PED-6012 jsc#PED-6121) CVE-2023-53649 bsc#1251749). - Update patches.suse/platform-x86-dell-sysman-Fix-reference-leak.patch (git-fixes CVE-2023-53631 bsc#1251529). - Update patches.suse/rcu-tasks-Avoid-pr_info-with-spin-lock-in-cblis.patch (bsc#1012628 CVE-2023-53558 bsc#1251081). - Update patches.suse/ring-buffer-Fix-deadloop-issue-on-reading-trace.patch (bsc#1012628 CVE-2023-53668 bsc#1251286). - Update patches.suse/s390-zcrypt-don-t-leak-memory-if-dev_set_name-fails.patch (git-fixes bsc#1215143 CVE-2023-53568 bsc#1251035). - Update patches.suse/scsi-qla2xxx-Avoid-fcport-pointer-dereference.patch (bsc#1012628 CVE-2023-53603 bsc#1251180). - Update patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch (git-fixes CVE-2023-53615 bsc#1251113). - Update patches.suse/soc-aspeed-socinfo-Add-kfree-for-kstrdup.patch (bsc#1012628 CVE-2023-53617 bsc#1251268). - Update patches.suse/spi-bcm-qspi-return-error-if-neither-hif_mspi-n.patch (bsc#1012628 CVE-2023-53658 bsc#1251759). - Update patches.suse/staging-ks7010-potential-buffer-overflow-in-ks_.patch (bsc#1012628 CVE-2023-53554 bsc#1251057). - Update patches.suse/tracing-histograms-Add-histograms-to-hist_vars-.patch (bsc#1012628 CVE-2023-53560 bsc#1251045). - Update patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c-832e231.patch (bsc#1012628 CVE-2023-53687 bsc#1251772). - Update patches.suse/tunnels-fix-kasan-splat-when-generating-ipv4-p.patch (bsc#1012628 CVE-2023-53600 bsc#1251152). - Update patches.suse/vdpa-Add-features-attr-to-vdpa_nl_policy-for-n.patch (bsc#1012628 CVE-2023-53652 bsc#1251754). - Update patches.suse/vdpa-Add-max-vqp-attr-to-vdpa_nl_policy-for-nl.patch (bsc#1012628 CVE-2023-53543 bsc#1251083). - Update patches.suse/wifi-ath11k-fix-memory-leak-in-WMI-firmware-sta.patch (bsc#1012628 CVE-2023-53602 bsc#1251076). - Update patches.suse/wifi-cfg80211-reject-auth-assoc-to-AP-with-our-addre.patch (git-fixes CVE-2023-53540 bsc#1251053). - Update patches.suse/wifi-iwlwifi-mvm-fix-potential-array-out-of-bou.patch (bsc#1012628 CVE-2023-53575 bsc#1251067). - Update patches.suse/wifi-mac80211-check-for-station-first-in-client-prob.patch (git-fixes CVE-2023-53588 bsc#1251206). - Update patches.suse/wifi-mac80211-increase-scan_ies_len-for-S1G.patch (stable-fixes CVE-2025-39957 bsc#1251810). - Update patches.suse/wifi-nl80211-fix-integer-overflow-in-nl80211_p.patch (bsc#1012628 CVE-2023-53570 bsc#1251031). - Update patches.suse/wifi-rtw88-delete-timer-and-free-skb-queue-when-unlo.patch (git-fixes CVE-2023-53574 bsc#1251222). - Update patches.suse/wifi-wilc1000-avoid-buffer-overflow-in-WID-string-co.patch (stable-fixes CVE-2025-39952 bsc#1251216). - commit 56ea93d - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - commit 9da1184 - mm/page_alloc: fix race condition in unaccepted memory handling (CVE-2025-38008 bsc#1244939). - commit b445cb1 - mm/slub: avoid accessing metadata when pointer is invalid in object_err() (CVE-2025-39902 bsc#1250702). - commit 46c39b3 - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - commit b115f79 - tracing: Fix filter string testing (git-fixes). - commit 864d37b - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - commit a9de969 - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - commit 6a094d4 - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - commit 0e75825 - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - commit 10550c7 - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - commit 9288055 - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - commit 9258f2a - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - commit 6e8ac35 - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - commit 44dc7b7 - tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211 CVE-2025-38539). - commit b1816b0 - tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286 CVE-2025-39683). - tracing: Remove unneeded goto out logic (bsc#1249286). - commit 8eaad3a ++++ libxslt: - security update - added patches CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service * libxslt-CVE-2025-11731.patch ++++ python311-core: - Update to 3.11.14: - Security - gh-139700: Check consistency of the zip64 end of central directory record. Support records with “zip64 extensible data” if there are no bytes prepended to the ZIP file (CVE-2025-8291, bsc#1251305). - gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created by ExternalEntityParserCreate(). Patch by Sebastian Pipping. - gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. * Whitespaces no longer accepted between does not end the script section. * Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space. * Null character (U+0000) no longer ends the tag name. * Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. . * Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. . * Multiple = between attribute name and value are no longer collapsed. E.g. produces attribute “foo” with value “=bar”. - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace. - gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->. - gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored. - gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser. - gh-86155: html.parser.HTMLParser.close() no longer loses data when the . * Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. . * Multiple = between attribute name and value are no longer collapsed. E.g. produces attribute “foo” with value “=bar”. - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace. - gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->. - gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored. - gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser. - gh-86155: html.parser.HTMLParser.close() no longer loses data when the