- systemd
-
- Import commit b9c5a78950c6d2dfd9c0ee57a380afa6b203e9a5
cbf8ee66ee machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
1a55ad48da udev: fix review mixup
1eba76668c udev-builtin-net-id: print cescaped bad attributes
cbd4b55380 udev: ensure tag parsing stays within bounds
5973d3b1cc udev: ensure there is space for trailing NUL before calling sprintf
f038eb6c8b udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- python36
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- util-linux-systemd
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- ca-certificates-mozilla
-
- Updated to 2.84 state (bsc#1258002)
- Removed:
- Baltimore CyberTrust Root
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- DigiNotar Root CA
- Added:
- e-Szigno TLS Root CA 2023
- OISTE Client Root ECC G1
- OISTE Client Root RSA G1
- OISTE Server Root ECC G1
- OISTE Server Root RSA G1
- SwissSign RSA SMIME Root CA 2022 - 1
- SwissSign RSA TLS Root CA 2022 - 1
- TrustAsia SMIME ECC Root CA
- TrustAsia SMIME RSA Root CA
- TrustAsia TLS ECC Root CA
- TrustAsia TLS RSA Root CA
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- python-urllib3
-
- fix regression in CVE-2025-66471.patch when downloading large files
(bsc#1259829)
- CVE-2025-66471: excessive resource consumption via decompression
of highly compressed data in Streaming API (bsc#1254867)
added CVE-2025-66471.patch
- CVE-2025-66418: resource exhaustion via unbounded number of links
in the decompression chain (bsc#1254866)
added CVE-2025-66418.patch
- CVE-2026-21441: excessive resource consumption during decompression
of data in HTTP redirect responses (bsc#1256331)
added CVE-2026-21441.patch
- disabled response decompression with brotli due to missing brotli
feature (jsc#PED-15380)
- Add security patches:
* CVE-2025-66471 (bsc#1254867)
* CVE-2025-66418 (bsc#1254866)
* CVE-2026-21441 (bsc#1256331)
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- python-pyOpenSSL
-
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
Add patch CVE-2026-27448.patch
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- Add avahi-CVE-2025-68276.patch:
Backport 0c013e2 from upstream, refuse to create wide-area record
browsers when wide-area is off.
(CVE-2025-68276, bsc#1256498)
- Add avahi-CVE-2025-68471.patch:
Backport 9c6eb53 from upstream, fix DoS bug by changing assert to
return.
(CVE-2025-68471, bsc#1256500)
- Add avahi-CVE-2025-68468.patch:
Backport f66be13 from upstream, fix DoS bug by removing incorrect
assertion.
(CVE-2025-68468, bsc#1256499)
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- mozilla-nss
-
- update to NSS 3.112.4
* bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
* bmo#2029462 - store email on subject cache_entry in NSS trust domain.
* bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* bmo#2029323 - Improve size calculations in CMS content buffering.
* bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
* bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
* bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
* bmo#2027345 - Improve input validation in DSAU signature decoding.
* bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
* bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
* bmo#2026156 - Add a maximum cert uncompressed len and tests.
* bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
* bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* bmo#2019224 - Remove invalid PORT_Free().
* bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
- update to NSS 3.112.3
* bmo#2009552 - avoid integer overflow in platform-independent ghash
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- fix regression in tests from CVE-2026-23490.patch (bsc#1257129)
- Add CVE-2026-23490.patch to fix CVE-2026-23490 (bsc#1256902)
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- Sync version 3.51.2 from Factory:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* bsc#1254670, CVE-2025-7709: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- cups
-
- cups-1.7.5-CVE-2026-34980.patch is based on
https://github.com/OpenPrinting/cups/commit/8d0f51cac24cb5bf949c5b6a221e51a150d982e3
backported to CUPS 1.7.5 to fix CVE-2026-34980
"Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
bsc#1261569
- cups-1.7.5-CVE-2026-34990.patch is is based on
https://github.com/OpenPrinting/cups/commit/e052dc44da9d12adfbebc51de4975fbadb2ce356
backported to CUPS 1.7.5 to fix CVE-2026-34990
"Local print admin token disclosure using temporary printers"
as far as matching code parts were found in CUPS 1.7.5
in particular CUPS 1.7.5 has no function to
"Create a local (temporary) [print] queue"
so CUPS 1.7.5 should not be affected by issues
which are related to "using temporary printers"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
bsc#1261568
- Incompatible changes needed to properly fix CVE-2026-34990:
The scheduler incorrectly allowed local certificates over the
loopback interface. Now this is only via domain sockets allowed.
The ability to create/overwrite files via a 'file:' device URI
is removed. Now the specified file must already exist
and is opened only for writing in exclusive mode.
In general: Historically 'file:' devices were provided
for backwards compatibility with System V interface scripts
that talked to serial printers over a character device, with
very limited debugging support for writing to an ordinary file.
It is not and never was intended as a way to "print to a file".
For a proper debugging method see the section
"A backend that sends its input into a file for debugging" in
https://en.opensuse.org/SDB:Using_Your_Own_Backends_to_Print_with_CUPS
- shim
-
- Add DER format certificate files for the pretrans script to verify
that the necessary certificate is in the UEFI db
- openSUSE Secure Boot CA, 2013-2035
openSUSE_Secure_Boot_CA_2013.crt
- SUSE Linux Enterprise Secure Boot CA, 2013-2035
SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt
- Microsoft Corporation UEFI CA 2011, 2011-2026
Microsoft_Corporation_UEFI_CA_2011.crt
- Microsoft UEFI CA 2023, 2023-2038
Microsoft_UEFI_CA_2023.crt
- shim.spec: Add a pretrans script to verify that the necessary certificate
is in the UEFI db.
- Always put SUSE Linux Enterprise Secure Boot CA to target array.
(bsc#1254679)
- Update to 16.1
- RPMs
shim-16.1-150300.4.31.1.x86_64.rpm
- submitreq: https://build.suse.de/request/show/395247
- repo: https://build.suse.de/package/show/SUSE:Maintenance:39913/shim.SUSE_SLE-15-SP3_Update
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746 (bsc#1240871)
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch (bsc#1205588)
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n (bsc#1205588)
- Building with the latest version of gcc in the codebase:
- The gcc13 can workaround dxe_get_mem_attrs() hsi_status problem
- We prefer that building shim with the latest version of gcc in codebase.
- Set the minimum version is gcc-13.
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
- grub2
-
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- rsync
-
- Fix bsc#1252351
* Fix order of cihpers in rsync-fix-daemon-proto-32.patch
* rsync client from SLES 12SP5 LTSS fails with "auth failed on module" after installing rsync-3.1.3-3.31.1
- python-requests
-
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
Add patch CVE-2026-25645.patch
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- glibc
-
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- regcomp-double-free.patch: posix: Fix double-free after allocation
failure in regcomp (CVE-2025-8058, bsc#1246965, BZ #33185)
- python
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- Fix the test suite so it is run again.
- Add CVE-2026-1299-email-encode-EOL-headers.patch preventing
embedded white characters inside of email headers (bsc#1257181,
CVE-2026-1299, gh#python/cpython#144125).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Add add-zlib-eof-attribute.patch, needed for python-urllib3
CVE fix (bsc#1254867)
- Modify CVE-2025-6075-expandvars-perf-degrad.patch so it doesn't
use `re.ASCII` flag, which is not available in Python 2.7
(because it is unnecessary, that's the default behaviour;
bsc#1257064).
- gpg2
-
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- Security fix: [bsc#1256390] (gpg.fail/notdash)
* gpg2: Cleartext Signature Forgery in the NotDashEscaped header
implementation in GnuPG
* Add patch gnupg-notdash-escape.patch
* Add parse_compat_flags.patch
* Add compat_flags_base.patch
- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
* gpg: Fix possible memory corruption in the armor parser [T7906]
* Add gnupg-CVE-2025-68973.patch
- Security fix: [bsc#1256244] (gpg.fail/detached)
* gpg: Error out on unverified output for non-detached signatures [T7903]
* Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- Security fix: [bsc#1219273, CVE-2023-27534]
* Add upstream regression fix for CVE-2023-27534
* Add curl-CVE-2023-27534-regression-fix.patch
- util-linux
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- perl
-
- Fix stack buffer overflow in Storable's deserialization of hooks
code [bsc#1262486] [CVE-2017-20230]
new patch: perl-storable-overflow.diff
- polkit
-
- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
0001-CVE-2026-4897-getline-string-overflow.patch
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- python3
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- libssh
-
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- bind
-
- Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805, bind-9.11-CVE-2026-1519.patch]
- python-PyJWT
-
- Add CVE-2026-32597_crit-header.patch to reject the crit
(Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
CVE-2026-32597).
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Switch GUI build requirement to GTK2 for SLE 12 compatibility.
Replaced pkgconfig(gtk+-3.0) with pkgconfig(gtk+-2.0) and
set --enable-gui=gtk2.
* Remove autoconf BuildRequires and autoconf call in %build.
* Package new Swedish (sv) man pages and remove duplicate encodings
(sv.ISO8859-1 and sv.UTF-8).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1-revert-v9.1.86.patch
* Refresh the following patches for 9.2.0045:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- perl-XML-Parser
-
- added patches
CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901)
* perl-XML-Parser-CVE-2006-10002.patch
CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902)
* perl-XML-Parser-CVE-2006-10003.patch
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- openssl-1_0_0
-
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* CVE-2026-31791: NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31791.patch
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22796.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
- xen
-
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
xsa477.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
xsa479.patch
- bsc#1252692 - VUL-0: CVE-2025-58149: xen: incorrect removal of
permissions on PCI device unplug allows PV guests to access
memory of devices no longer assigned to it (XSA-476)
xsa476.patch
- kernel-default
-
- libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220).
- commit 9ff4124
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit caea5fb
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
(CVE-2026-23125 bsc#1258293).
- commit 666649e
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836)
Disable sch_atm module, it doesn't seem to be used and security issues
led to its removal from upstream.
- commit 197c542
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- Refresh
patches.suse/mdraid-fix-read-write-bytes-accounting.patch.
- commit 6a54f47
- md/raid1,raid10: don't handle IO error for REQ_RAHEAD and
REQ_NOWAIT (git-fixes).
- commit 3758085
- Delete
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch.
- Delete
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
completion in abort path'), locally contained in patch
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
Intead of committing a revert patch, just remove this patch.
This also requires removing our local patch
scsi-qla2xxx-Complete-command-early-within-lock.patch,
since this modified the code that was previously added in
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
- commit 239eaae
- scsi: aic94xx: fix use-after-free in device removal path
(CVE-2025-71075 bsc#1256629).
- commit f9c693f
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit 2fb7a81
- md/raid1,raid10: don't ignore IO flags (CVE-2025-22125
bsc#1241596).
- commit aa9f7d7
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (CVE-2025-68223 bsc#1255357).
- commit 9a5ddda
- drm/amdkfd: fix potential kgd_mem UAFs (CVE-2023-53816 bsc#1254958).
- commit 8f7c148
- vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069).
- Refresh
patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch.
- commit 047f7a1
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() header which is required.
- commit 3465c86
- Update patches.suse/netfilter-nf_tables-Reject-tables-of-unsupported-fam.patch
(CVE-2023-6040 bsc#1218752 bsc#1259069 CVE-2026-25702).
Added references to bsc#1259069 and CVE-2026-25702.
- commit 1452528
- ata: libata-sff: Ensure that we cannot write outside the
allocated buffer (bsc#1238917 CVE-2025-21738).
- commit 4dc232e
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(CVE-2025-40219 bsc#1254518).
- Delete
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-d.patch.
Replace a reverted commit (due to deadlocks) with a better fix.
- commit 3aab429
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 596e702
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit fca031c
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 159cfe5
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- commit d173346
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit 8469a6e
- scsi: qla2xxx: Validate sp before freeing associated memory
(CVE-2025-71236 bsc#1258442).
- commit 152e17d
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit 0850ede
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit ee83c59
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 303c99b
- Refresh
patches.suse/dst-fix-races-in-rt6_uncached_list_del-and-rt_del_un.patch.
- commit ee740c8
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit 16f0a57
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 817285f
- cifs: fix session state check in reconnect to avoid
use-after-free issue (bsc#1255163, CVE-2023-53794).
- commit 0e35638
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 4abf8ac
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(CVE-2025-71224 bsc#1258824).
- commit cb35621
- Delete custom fix for bsc#1215420 as it caused regression bsc#1257672
Please notice that the backport for bsc#1215420 isn't needed for
SLE12-SP5 because the CVE does not apply here.
- Delete patches.kabi/netfilter-nft_set-preserver-kabi.patch.
- Delete
patches.suse/netfilter-Implement-reference-counting-for-nft_sets.patch.
- Delete
patches.suse/netfilter-take-a-reference-when-looking-up-nft_sets.patch.
- commit f1caf6c
- Bluetooth: Fix l2cap_disconnect_req deadlock (CVE-2023-53827
bsc#1255049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit 1c9a63f
- vhost-scsi: Fix handling of multiple calls to
vhost_scsi_set_endpoint (CVE-2025-22083 bsc#1241414).
- commit fc4b2ad
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes
CVE-2022-50453 bsc#1250887).
- commit 720a0a8
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit 9210e96
- Bluetooth: L2CAP: Fix use-after-free in
l2cap_disconnect_{req,rsp} (CVE-2023-53827 bsc#1255049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit b9be58b
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
(CVE-2023-53808 bsc#1254723).
- commit 8ddd031
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
is no callback function (CVE-2023-53802 bsc#1254725).
- commit fa09e6d
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit 987fc92
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 7183095
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit 0c324f3
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit 0aa7839
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 97b4a24
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 1a417a8
- btrfs: always detect conflicting inodes when logging inode refs
(bsc#1257631 CVE-2025-71183).
- commit f7a95eb
- crypto: fix kABI fixup for af_alg_ctx (bsc#1251966 CVE-2025-39964)
struct af_alg_ctx is completely internal and not relevant for
kABI stability: instances thereof are referenced exclusively from
`struct alg_sock`'s ->private and it doesn't appear in any EXPORTed
function's prototype.
Drop the existing, unneeded kABI fixup to struct af_alg_ctx in order
to facilitate subsequent backports affecting that struct's definition.
- commit de20ef8
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 8a5df43
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit e033ed1
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(bsc#1256742 CVE-2025-71131).
- commit 0e8f309
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit fd7a81e
- usb: dwc3: Fix race condition between concurrent
dwc3_remove_requests() call paths (CVE-2025-68287 bsc#1255152).
- commit 3edfe08
- crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id (bsc#1255550 CVE-2025-68724).
- commit 9c5c373
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit bfc63b3
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit 3fbd310
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit ded7b5c
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 4689216
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
- commit 5d5f781
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit cfb18f3
- drm/mgag200: fix mgag200_bmc_stop_scanout() (bsc#1258153 bsc#1258226)
- commit 1fecfbd
- scsi: target: iscsit: Free cmds before session free
(CVE-2023-54184 bsc#1255991).
- commit b34bf9f
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 05d7a54
- scsi: imm: Fix use-after-free bug caused by unfinished delayed
work (CVE-2025-68234 bsc#1255416).
- commit fd3d164
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit 880a2a6
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit ad3585c
- Fix locking order issue then unsharing pmds.
Refresh
patches.suse/hugetlbfs-flush-TLBs-correctly-after-huge_pmd_unshar.patch.
- commit f19c57e
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit a0264a1
- nvme-fc: use lock accessing port_state and rport state
(CVE-2025-40342 bsc#1255274).
- commit 50aba1a
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473 bsc#1257732 CVE-2026-23054).
- commit 4f9f160
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit be8cfc1
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit 640e30b
- Update
patches.suse/ip6_tunnel-use-skb_vlan_inet_prepare-in-__ip6_tnl_rcv.patch
(CVE-2026-23003 bsc#1257246 bsc#1257942).
- commit 4442655
- usb: storage: Fix memory leak in USB bulk transport
(bsc#1257949).
- commit 4443d16
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit 726823e
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 000c866
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 4a41a3f
- geneve: fix header validation in geneve_xmit_skb (CVE-2026-23003
bsc#1257246).
- commit 6cf7b31
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit b3bb110
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit 13d481c
- char: applicom: fix NULL pointer dereference in ac_ioctl
(CVE-2025-68797 bsc#1256660).
- serial: sc16is7xx: setup GPIO controller later in probe
(CVE-2023-54118 bsc#1256131).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
(CVE-2023-54198 bsc#1255970).
- commit fb656d4
- Update
patches.suse/HID-multitouch-Add-NULL-check-in-mt_input_configured.patch
(bsc#1250759 CVE-2024-58020 bsc#1239346).
- Update
patches.suse/HID-uclogic-Add-NULL-check-in-uclogic_input_configur.patch
(CVE-2023-54207 bsc#1255961 CVE-2025-38007 bsc#1244938).
- Update
patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch
(CVE-2025-40088 bsc#1252909 CVE-2025-40087).
- Update
patches.suse/USB-gadget-Fix-obscure-lockdep-violation-for-udc_mut.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-49943 bsc#1244904).
- Update
patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
(CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(bsc#1225527 CVE-2024-56690 bsc#1235428).
- Update
patches.suse/ext4-fix-string-copying-in-parse_apply_sb_mount_opti.patch
(bsc#1253453 CVE-2025-40198 CVE-2025-71123 bsc#1256757).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/igb-Do-not-bring-the-device-up-after-non-fatal-error.patch
(CVE-2023-53148 bsc#1249842 CVE-2024-50040 bsc#1231908).
- Update
patches.suse/ipv6-Fix-potential-uninit-value-access-in-__ip6_make_skb.patch
(CVE-2023-54265 bsc#1255874 CVE-2024-36903 bsc#1225741).
- Update
patches.suse/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
(CVE-2023-53178 bsc#1249827 git-fix CVE-2024-26832 bsc#1223007).
- Update
patches.suse/net-fix-UaF-in-netns-ops-registration-error-path.patch
(CVE-2022-50780 bsc#1256305 CVE-2023-52999 bsc#1240299).
- Update
patches.suse/net_sched-qfq-Fix-double-list-add-in-class-with-netem-as-c.patch
(CVE-2026-22976 bsc#1257035 CVE-2025-37913 bsc#1243471).
- Update
patches.suse/openvswitch-fix-lockup-on-tx-to-unregistering-netdev.patch
(bsc#1249854 CVE-2025-21681 bsc#1236702).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes CVE-2024-26935 bsc#1223675).
- Update
patches.suse/scsi-iscsi_tcp-Check-that-sock-is-valid-before-iscsi_set_p.patch
(git-fixes CVE-2023-53464 bsc#1250868).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-48838 bsc#1227988).
- Update
patches.suse/wifi-iwlwifi-Fix-error-code-in-iwl_op_mode_dvm_start.patch
(CVE-2025-38602 bsc#1248341 CVE-2025-38656 bsc#1248643).
- Update
patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
(CVE-2023-53226 bsc#1249658 CVE-2023-52525 bsc#1220840).
- commit 1d15285
- wifi: avoid kernel-infoleak from struct iw_point (CVE-2026-22978
bsc#1257227).
- commit 4470971
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit 1b61eee
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit e8558a0
- net: macvlan: Use built-in RCU list checking (CVE-2026-23001
bsc#1257232).
- macvlan: Use 'hash' iterators to simplify code (CVE-2026-23001
bsc#1257232).
- commit 56e1910
- ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011
bsc#1257207).
- commit ec13881
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
(CVE-2023-54218 bsc#1256229).
- net: prevent load/store tearing on sk->sk_stamp (CVE-2023-54218
bsc#1256229).
- commit 58808cc
- sock: Make sock->sk_stamp thread-safe (CVE-2023-54218
bsc#1256229).
- Refresh
patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit 93f2522
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 40ddb3a
- netlink: annotate accesses to nlk->cb_running (CVE-2023-53853
bsc#1254673).
- commit e5e9e66
- usb: dwc3: gadget: add dwc3_request status tracking
(CVE-2025-68287 bsc#1255152).
- commit 9988872
- usb: dwc3: core.h: add some register definitions (CVE-2025-68287
bsc#1255152).
- commit d0d3b6e
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit c099250
- nfc: Fix potential resource leaks (CVE-2022-50834 bsc#1256219).
- commit 71aae68
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive
aggregate in qfq_reset (CVE-2026-22976 bsc#1257035).
- commit 665af3c
- net_sched: qfq: Fix double list add in class with netem as
child qdisc (CVE-2026-22976 bsc#1257035).
- commit d6c7f6c
- usbnet: Prevents free active kevent (CVE-2025-68312
bsc#1255171).
- commit 8b74503
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- ethtool: Avoid overflowing userspace buffer on stats query
(CVE-2025-68795 bsc#1256688).
- kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg()
(git-fixes CVE-2023-53825 bsc#1254707).
- kcm: Fix memory leak in error path of kcm_sendmsg()
(CVE-2023-54112 bsc#1256354).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
(CVE-2022-50777 bsc#1256320).
- commit 1685ea3
- ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740 bsc#1255812).
- commit 858a097
- usb: typec: ucsi: Handle incorrect num_connectors capability
(CVE-2025-71108 bsc#1256774).
- commit f98de60
- e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093
bsc#1256777).
- net/mlx5: fw_tracer, Validate format string parameters
(CVE-2025-68816 bsc#1256674).
- commit ee63540
- Revert "btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"
This reverts commit 416113fa7a7f7954975b36f72fe7f224da379b7c.
The patch that commit introduces is causing regressions, as it differs
a lot from upstream because there were many changes that happened
upstream and it's too risky to backport them. Further the issue fixed by
the patch is very rare and other than the Meta servers, no one ever
reported it, plus it's just triggering a WARN_ON(), nothing really serious
and certainly nothing that justifies it being a CVE.
See bsc#1257229 for the report of the regression.
- commit 63b49a5
- Revert "btrfs: fix wrong block_start calculation for"
This reverts commit 87607636696a2af6cb6697241eb8476a0cedfe56.
This commit introduces a patch that fixes a bug in the patch introduced by
the previous commit (416113fa7a7f7954975b36f72fe7f224da379b7c), but that
patch had to be too different from upstream since there were a lot of big
changes upstream and it's causing a regression. So remove this patch,
and the next commit will remove the other patch.
- commit 66f1f0f
- net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654)
- commit 06054f6
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547)
- commit a2977a9
- media: s5p-mfc: Clear workbit to handle error condition (CVE-2022-50786 bsc#1256258)
- commit 6b48967
- team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773)
- commit ad0dda9
- driver core: fix potential null-ptr-deref in device_add() (CVE-2023-54321 bsc#1255762)
- commit d382224
- Fix build-time warning from "drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup"
Fix the warning
* unused-variable (pdev) in ../drivers/gpu/drm/i915/intel_fbdev.c in intelfb_create
../drivers/gpu/drm/i915/intel_fbdev.c: In function 'intelfb_create':
../drivers/gpu/drm/i915/intel_fbdev.c:175:18: warning: unused variable 'pdev' [-Wunused-variable]
caused by this patch.
- commit 55ad6d4
- kABI: Fixup for struct mrp_applicant (CVE-2022-50697
bsc#1255594).
- commit 841f2f7
- mrp: introduce active flags to prevent UAF when applicant uninit
(CVE-2022-50697 bsc#1255594).
- commit 567f600
- btrfs: fix wrong block_start calculation for
btrfs_drop_extent_map_range() (bsc#1256267 CVE-2023-54121).
- commit 8760763
- btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
(bsc#1256267 CVE-2023-54121).
- commit 416113f
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
debugfs (CVE-2022-50744 bsc#1256165).
- commit 268e0b4
- fsnotify: do not generate ACCESS/MODIFY events on child for
special files (bsc#1256638 CVE-2025-68788).
- commit d259bdb
- ext4: add i_data_sem protection in
ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261).
- commit 07d5d92
- nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372).
- commit 1113557
- nbd: defer config unlock in nbd_genl_connect (bsc#1255622
CVE-2025-68366).
- commit 3c02735
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when
file system corrupted (bsc#1255482 CVE-2025-68337).
- commit 582c147
- ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1256282 CVE-2022-50782).
- commit f60c869
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (bsc#1255880 CVE-2023-54202)
- commit 492f4ae
- kABI workaround for "drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup" (bsc#1255128)
- commit f3c8307
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit 2d90c1b
- tcp: use dst_dev_rcu() in
tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188
bsc#1255269).
- commit 0bb0de7
- Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (bsc#1255943)
Fix potential crash, timer_setup uses different parameter type for callback.
- commit 07542cf
- net: ipv6: fix field-spanning memcpy warning in AH output
(CVE-2025-40363 bsc#1255102).
- commit 1148ce8
- ipv4: route: Prevent rt_bind_exception() from rebinding stale
fnhe (CVE-2025-68241 bsc#1255157).
- net: netpoll: fix incorrect refcount handling causing incorrect
cleanup (CVE-2025-68245 bsc#1255268).
- commit 9c41c99
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
(CVE-2022-50347 bsc#1249928).
- commit e0927c4
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094 CVE-2025-40323)
- commit 8cd32df
- Delete
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch.
- commit 734bbd3
- bpf: Reject narrower access to pointer ctx fields
(CVE-2025-38591 bsc#1248363).
- commit 406618c
- Update
patches.suse/bpf-fix-pointer-offsets-in-context-for-32-bit.patch
(bsc#1109837 bsc#1248363 CVE-2025-38591).
Include reference to bsc#1248363/CVE-2025-38591 as it is a dependency of
upstream commit e09299225d5b.
- commit 71b6a1d
- blk-throttle: prevent overflow while calculating wait time
(CVE-2022-50580 bsc#1252542).
- commit ef0f0b6
- arp: do not assume dev_hard_header() does not change skb->head
(CVE-2025-71098 bsc#1256591).
- ip6_gre: make ip6gre_header() robust (CVE-2025-71098
bsc#1256591).
- commit 6b38561
- ALSA: usb-mixer: us16x08: validate meter packet indices
(CVE-2025-68783 bsc#1256650).
- commit da95073
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(CVE-2022-50709 bsc#1255565).
- commit c5a755c
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(CVE-2025-71082 bsc#1256611).
- commit b7a4df1
- drm/amd/display: Check NULL before accessing (bsc#1255351 CVE-2025-68286)
- commit 8dc335b
- drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339)
- commit 2327b42
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- commit 5fcdb4b
- drm/amdgpu: Remove explicit wait after VM validate (bsc#1255428)
- commit fb29e5d
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (bsc#1256398 CVE-2023-54047)
- commit dd69a49
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (bsc#1256779 CVE-2025-71120).
- commit 796bbfa
- btrfs: fix race when deleting free space root from the dirty
cow roots list (bsc#1256369 CVE-2023-54067).
- commit c200fa3
- Fix hugetlb locking regression (bsc#1256684)
Refresh
patches.suse/mm-hugetlb-fix-UAF-in-hugetlb_handle_userfault.patch.
- commit 9a8d34e
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1256221
CVE-2022-50770).
- commit 89af8ba
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode
(CVE-2023-54134 bsc#1256106).
- commit 2f939a3
- wifi: cfg80211: ocb: don't leave if not joined (CVE-2023-53992 bsc#1256058)
- commit 56289a8
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (CVE-2022-50884 bsc#1256127)
- commit d891f0c
- drm/vgem-fence: Fix potential deadlock on release (CVE-2025-68757 bsc#1255943)
- commit 1c62615
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (CVE-2023-54111 bsc#1256149)
- commit 0e36dc4
- hfsplus: Verify inode mode when loading from disk
(CVE-2025-68767 bsc#1256580).
- commit 5d4e3fb
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
(CVE-2025-68774 bsc#1256585).
- commit ceca245
- scsi: mpt3sas: Fix crash in transport port remove by using
ioc_info() (CVE-2025-40115 bsc#1253318).
- commit e748f8b
- ipv6: ensure sane device mtu in tunnels (CVE-2022-50816
bsc#1256038).
- Refresh patches.suse/ip6_tunnel-Fix-broken-GRO.patch.
- commit 59ff94e
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (CVE-2023-54274 bsc#1255905)
- commit 068be2d
- iavf: fix off-by-one issues in iavf_config_rss_reg()
(CVE-2025-71087 bsc#1256628).
- commit 3c9a37a
- RDMA/srpt: Fix disabling device management (bsc#1255905)
Refresh patches.suse/IB-srpt-Fix-memory-leak-in-srpt_add_one.patch
- commit bc87c75
- RDMA/srpt: Fix handling of SR-IOV and iWARP ports (bsc#1255905)
- commit 4ce5ebd
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695)
- commit 6f3a231
- amba: bus: fix refcount leak (CVE-2023-54230 bsc#1255925).
- commit fbf714d
- media: tuners: qt1010: replace BUG_ON with a regular error
(CVE-2023-54282 bsc#1255810).
- commit becd663
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544).
- commit 8958100
- netlink: do not hard code device address lenth in fdb dumps
(CVE-2023-53863 bsc#1254657).
- commit f777de6
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit b9ce8be
- net: fix UaF in netns ops registration error path
(CVE-2022-50780 bsc#1256305).
- commit 5a1f3db
- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init()
failed (CVE-2022-50780 bsc#1256305).
- commit bb6fa75
- tun: Fix memory leak for detached NAPI queue (CVE-2023-53685 bsc#1251770).
- commit 31c92c0
- netfilter: ebtables: fix table blob use-after-free
(CVE-2023-54243 bsc#1255908).
- commit 57c9b49
- drm/amdgpu: Fix PCI device refcount leak in
amdgpu_atrm_get_bios() (CVE-2022-50760 bsc#1255983).
- commit 96c5417
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex (CVE-2025-68354 bsc#1255553).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb() (CVE-2025-68362 bsc#1255611).
- commit d84610d
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839).
- commit e6047b6
- Bluetooth: hci_sock: Prevent race in socket write iter and
sock bind (CVE-2025-68305 bsc#1255169).
- platform/x86: intel: punit_ipc: fix memory corruption
(CVE-2025-68303 bsc#1255122).
- commit d0d5ae8
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (CVE-2023-54048 bsc#1256395)
- commit 58a38ef
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (bsc#1256386)
- commit 2e95e1a
- hwrng: amd - Fix PCI device refcount leak (CVE-2022-50868 bsc#1256386)
- commit fbdd4ab
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (CVE-2022-50885 bsc#1256122)
- commit 1101dce
- RDMA/rxe: Fix the error caused by qp->sk (bsc#1256122)
- commit 36a77a8
- acct: fix potential integer overflow in encode_comp_t() (CVE-2022-50749 bsc#1256191)
- commit c31a201
- configfs: fix possible memory leak in configfs_create_dir() (CVE-2022-50751 bsc#1256184)
- commit 82a1812
- configfs: factor dirent removal into helpers (bsc#1256184)
- commit bfd428d
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
(CVE-2022-50865 bsc#1256168).
- commit 5312c7e
- wifi: ath9k: hif_usb: fix memory leak of urbs in
ath9k_hif_usb_dealloc_tx_urbs() (CVE-2022-50740 bsc#1256155).
- commit 3700208
- regulator: core: fix unbalanced of node refcount in
regulator_dev_lookup() (CVE-2022-50887 bsc#1256125).
- commit 689f145
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
(CVE-2022-50881 bsc#1256130).
- ath9k: Fix typo in function name (CVE-2022-50881 bsc#1256130).
- commit 807e5b2
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (CVE-2022-50880 bsc#1256132).
- commit 7101b87
- ALSA: line6: fix stack overflow in line6_midi_transmit
(CVE-2022-50719 bsc#1255939).
- commit 690b0fb
- nvme-pci: fix mempool alloc size (CVE-2023-50756 bsc#1256216).
- blacklist.conf:
- commit 85846d9
- ipv6: Fix potential uninit-value access in __ip6_make_skb()
(CVE-2023-54265 bsc#1255874).
- commit 0377cad
- ipv6: Fix an uninit variable access bug in __ip6_make_skb()
(CVE-2023-54265 bsc#1255874).
- commit dbe2f65
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit d531007
- vc_screen: reload load of struct vc_data pointer in vcs_write()
to avoid UAF (CVE-2023-53747 bsc#1254572).
- tty: serial: imx: disable Ageing Timer interrupt request irq
(CVE-2023-54287 bsc#1255804).
- commit 926f469
- Refresh
patches.suse/mm-hugetlb-fix-UAF-in-hugetlb_handle_userfault.patch.
Add a missing hunk which caused bsc#1256684.
- commit 85d641b
- nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844
CVE-2022-50717).
- nvmet-tcp: Fix NULL dereference when a connect data comes in
h2cdata pdu (bsc#1255844).
- commit b013137
- net: usb: qmi_wwan: initialize MAC header offset in
qmimux_rx_fixup (CVE-2025-68192 bsc#1255246).
- commit 359aab7
- HID: uclogic: Add NULL check in uclogic_input_configured()
(CVE-2023-54207 bsc#1255961).
- commit 8eae399
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131).
- commit 8a432e1
- HID: uclogic: Correct devm device reference for hidinput
input_dev name (CVE-2023-54207 bsc#1255961).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
(CVE-2022-50716 bsc#1255839).
- commit 8f729ac
- usb: storage: sddr55: Reject out-of-bound new_pba
(CVE-2025-40345 bsc#1255279).
- commit 2c4371e
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: rds: don't hold sock lock when cancelling work from
rds_tcp_reset_callbacks() (CVE-2022-50676 bsc#1254689).
- commit 8bbfbbe
- kABI fix for net: fix stack overflow when LRO is disabled for
virtual interfaces (CVE-2023-54012 bsc#1255571).
- commit 184711d
- net: fix stack overflow when LRO is disabled for virtual
interfaces (CVE-2023-54012 bsc#1255571).
- commit 3c3bd51
- Remove patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (bsc#1256516)
This patch regresses fbcon output. We'll re-merge when the fix is ready.
- commit 394393a
- Bluetooth: Fix race condition in hidp_session_thread
(CVE-2023-54120 bsc#1256133).
- commit 5460154
- Update bug reference for patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch (bsc#1251738)
- commit d91a743
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
(CVE-2023-53819 bsc#1254712).
- Refresh
patches.suse/0001-drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch.
- commit 7ec6aaf
- mm: hugetlb: fix UAF in hugetlb_handle_userfault (CVE-2022-50630
bsc#1254785).
- commit a1aa6ca
- Update
patches.suse/0002-drm-client-Fix-memory-leak-in-drm_client_target_clon.patch
(bsc#1152446 CVE-2023-54091 bsc#1256274).
- Update
patches.suse/PCI-Fix-pci_device_is_present-for-VFs-by-checking-PF.patch
(git-fixes CVE-2022-50636 bsc#1254645).
- Update
patches.suse/RDMA-mlx4-Prevent-shift-wrapping-in-set_user_sq_size.patch
(git-fixes CVE-2023-54168 bsc#1256053).
- Update
patches.suse/Revert-Bluetooth-btsdio-fix-use-after-free-bug-in-bt.patch
(git-fixes CVE-2023-54197 bsc#1255969).
- Update
patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch
(git-fixes CVE-2022-50821 bsc#1256242).
- Update patches.suse/USB-sisusbvga-Add-endpoint-checks.patch
(git-fixes CVE-2023-54213 bsc#1255953).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch-e1d09c2c
(bsc#1226846 CVE-2023-54226 bsc#1255841).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 bsc#1225203 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch
(git-fixes CVE-2023-54224 bsc#1255951).
- Update
patches.suse/btrfs-fix-race-when-deleting-quota-root-from-the-dir.patch
(git-fixes CVE-2023-54032 bsc#1255617).
- Update
patches.suse/cifs-Fix-lost-destroy-smbd-connection-when-MR-allocate-failed.patch
(bsc#1190317 CVE-2023-54260 bsc#1255878).
- Update
patches.suse/cifs-Fix-the-error-length-of-VALIDATE_NEGOTIATE_INFO-message.patch
(bsc#1190317 CVE-2022-50859 bsc#1256172).
- Update
patches.suse/cifs-Fix-xid-leak-in-cifs_copy_file_range-.patch
(bsc#1190317 CVE-2022-50643 bsc#1254631).
- Update
patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch
(git-fixes CVE-2023-54317 bsc#1255771).
- Update
patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch
(git-fixes CVE-2023-53786 bsc#1254916).
- Update
patches.suse/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-bo.patch
(bsc#1207620 CVE-2022-50638 bsc#1255469).
- Update
patches.suse/ext4-fix-deadlock-due-to-mbcache-entry-corruption.patch
(bsc#1207653 CVE-2022-50668 bsc#1254763).
- Update
patches.suse/ext4-set-goal-start-correctly-in-ext4_mb_normalize_r.patch
(bsc#1214940 CVE-2023-54021 bsc#1255600).
- Update
patches.suse/ext4-silence-the-warning-when-evicting-inode-with-di.patch
(bsc#1206889 CVE-2022-50730 bsc#1256048).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-bug.patch
(git-fixes CVE-2023-54264 bsc#1255872).
- Update patches.suse/hfs-Fix-OOB-Write-in-hfs_asc2mac.patch
(git-fixes CVE-2022-50747 bsc#1256432).
- Update
patches.suse/hfs-fix-missing-hfs_bnode_get-in-__hfs_bnode_create.patch
(git-fixes CVE-2023-53862 bsc#1254994).
- Update
patches.suse/hfs-hfsplus-avoid-WARN_ON-for-sanity-check-use-prope.patch
(git-fixes CVE-2023-54130 bsc#1256114).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(git-fixes CVE-2023-54070 bsc#1256364).
- Update
patches.suse/inotify-Avoid-reporting-event-with-invalid-wd.patch
(bsc#1213025 CVE-2023-54119 bsc#1256349).
- Update
patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch
(git-fixes CVE-2022-50677 bsc#1254692).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch
(bsc#1207088 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/l2tp-Avoid-possible-recursive-deadlock-in-l2tp_tunne.patch
(CVE-2023-53020 bsc#1240224 CVE-2023-53809 bsc#1254722).
- Update
patches.suse/md-raid1-stop-mdx_raid1-thread-when-raid1-array-run-failed-b611.patch
(git-fixes CVE-2022-50715 bsc#1255749).
- Update
patches.suse/md-raid10-fix-memleak-for-conf-bio_split-c9ac.patch
(git-fixes CVE-2023-54123 bsc#1256142).
- Update
patches.suse/md-raid10-fix-memleak-of-md-thread-f0dd.patch
(git-fixes CVE-2023-54294 bsc#1255802).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-in-raid10_sync_request-a405.patch
(git-fixes CVE-2023-53832 bsc#1254671).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-usb-siano-Fix-use-after-free-bugs-caused-by-do.patch
(bsc#1213969 CVE-2023-4132 CVE-2023-54270 bsc#1255901).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_FRAGS.patch
(git-fixes CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-ieee802154-don-t-warn-zero-sized-raw_sendmsg.patch
(CVE-2022-49975 bsc#1245196 CVE-2022-50706 bsc#1255581).
- Update
patches.suse/orangefs-Fix-kmemleak-in-orangefs_prepare_debugfs_help_string.patch
(git-fixes CVE-2022-50779 bsc#1256423).
- Update
patches.suse/perf-x86-intel-uncore-Fix-reference-count-leak-in-snr_uncore_mmio_map.patch
(jsc#PED-5023 bsc#1211439 (git-fixes) CVE-2022-50615
bsc#1254580).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1065729 CVE-2023-54017 bsc#1255605).
- Update
patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch
(bsc#1065729 CVE-2022-50870 bsc#1256154).
- Update
patches.suse/pstore-Avoid-kcore-oops-by-vmap-ing-with-VM_IOREMAP.patch
(git-fixes CVE-2022-50849 bsc#1256193).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1214962 CVE-2023-54177 bsc#1255993).
- Update
patches.suse/s390-lcs-Fix-return-type-of-lcs_start_xmit.patch
(git-fixes bsc#1212173 CVE-2022-50728 bsc#1256046).
- Update
patches.suse/s390-vfio-ap-fix-memory-leak-in-vfio_ap-device-drive.patch
(git-fixes CVE-2023-53746 bsc#1254617).
- Update
patches.suse/scsi-hpsa-Fix-possible-memory-leak-in-hpsa_init_one.patch
(git-fixes CVE-2022-50646 bsc#1254634).
- Update patches.suse/scsi-ipr-Fix-WARNING-in-ipr_init.patch
(git-fixes CVE-2022-50850 bsc#1256194).
- Update
patches.suse/scsi-lpfc-Fix-ioremap-issues-in-lpfc_sli4_pci_mem_setup.patch
(git-fixes CVE-2023-53754 bsc#1254609).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handling.patch
(git-fixes CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1213747 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_bsg_to.patch
(bsc#1213747 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch
(bsc#1208570 CVE-2023-54108 bsc#1256355).
- Update
patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_enclosure_data_process.patch
(git-fixes CVE-2023-53803 bsc#1255165).
- Update
patches.suse/scsi-snic-Fix-possible-UAF-in-snic_tgt_create.patch
(git-fixes CVE-2022-50840 bsc#1256208).
- Update
patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_change_pm.patch
(CVE-2023-53176 bsc#1249991 CVE-2023-54220 bsc#1255949).
- Update
patches.suse/tpm-tpm_tis-Add-the-missed-acpi_put_table-to-fix-mem.patch
(bsc#1082555 CVE-2022-50824 bsc#1256334).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx.patch
(bsc#1082555 CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_disable.patch
(git-fixes bsc#1217036 CVE-2023-54211 bsc#1255843).
- Update patches.suse/udf-Avoid-double-brelse-in-udf_rename.patch
(bsc#1213032 CVE-2022-50755 bsc#1256199).
- Update
patches.suse/usb-early-xhci-dbc-Fix-a-potential-out-of-bound-memo.patch
(git-fixes CVE-2023-53840 bsc#1254709).
- Update
patches.suse/usb-idmouse-fix-an-uninit-value-in-idmouse_open.patch
(git-fixes CVE-2022-50733 bsc#1256064).
- Update
patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
(CVE-2023-23559 bsc#1207051 CVE-2023-54110 bsc#1256353).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_check_.patch
(git-fixes CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-typec-altmodes-displayport-fix-pin_assignment_sh.patch
(git-fixes CVE-2023-54186 bsc#1255985).
- Update
patches.suse/x86-kexec-Fix-double-free-of-elf-header-buffer.patch
(git-fixes CVE-2022-49546 bsc#1238750 CVE-2023-54146
bsc#1256091).
- Update
patches.suse/x86-xen-Fix-memory-leak-in-xen_init_lock_cpu.patch
(git-fixes CVE-2022-50761 bsc#1256062).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit f394de5
- ext4: fix deadlock when converting an inline directory in
nojournal mode (bsc#1255773 CVE-2023-54311).
- commit a558ce8
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit e43869a
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit 3da8d7a
- Update
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch
(bsc#1213287, CVE-2023-20569, bsc#1256129, CVE-2022-50879).
- commit 63563aa
- dm cache: free background tracker's queued work in
btracker_destroy (CVE-2023-53765, bsc#1254912).
- commit b7e0246
- drm/amdgpu: Fix potential NULL dereference (bsc#1251238)
- commit d24edfc
- drm/amdgpu: Fix size validation for non-exclusive domains (v4) (CVE-2022-50527 bsc#1251738)
- commit 256fea7
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (CVE-2022-50678 bsc#1254902)
- commit 667f172
- mmc: core: Fix kernel panic when remove non-standard SDIO card (CVE-2022-50640 bsc#1254686)
Refresh patches/patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch for context.
- commit 86efd5b
- nfc: pn533: Clear nfc_target before being used (CVE-2022-50656 bsc#1254745)
- commit 7246feb
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (CVE-2025-40275 bsc#1254829)
- commit 8d37c6b
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit 51664e0
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: stmmac: Correctly handle Rx checksum offload errors
(CVE-2025-40337 bsc#1255081).
- iavf: use internal state to free traffic IRQs (CVE-2023-53850
bsc#1254677).
- net/net_failover: fix txq exceeding warning (CVE-2023-54236
bsc#1255922).
- commit ab9819b
- Bluetooth: L2CAP: Fix potential user-after-free (CVE-2023-54214
bsc#1255954).
- commit 99d8a13
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
backtrace (CVE-2023-54286 bsc#1255803).
- commit 119b74e
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
(CVE-2023-53788 bsc#1254917).
- commit d36df4f
- media: mediatek: vcodec: Fix potential array out-of-bounds in
decoder queue_setup (CVE-2023-53748 bsc#1254907).
- commit 31217ab
- Revert "btrfs: tree-checker: Refactor root key check into separate function (bsc#1251748)"
This reverts commit b60efb96f6512618cec7832baf77ad7d368cfc95.
- commit e85541c
- Revert "btrfs: reject invalid reloc tree root keys with stack dump (CVE-2023-53618 bsc#1251748)"
This reverts commit 1015f12fd5cca42dd5f38e97a308eeefc26f2dc5.
- commit 6191ab1
- Refresh patches.suse/ipv6-use-RCU-in-ip6_xmit.patch (bsc#1255959)
- commit 73489ad
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094 CVE-2025-40323)
- commit 33a4327
- wifi: ath9k: avoid referencing uninit memory in
ath9k_wmi_ctrl_rx (CVE-2023-54300 bsc#1255790).
- commit 2e30457
- fbdev: bitblit: bound-check glyph index in bit_putcs* (bsc#1255092 CVE-2025-40322)
- commit 66bfa5a
- wifi: ath10k: Delay the unmapping of the buffer (CVE-2022-50700
bsc#1255576).
- commit f2d1c9b
- kabi/severities: ignore kABI breakage in atheros WiFi
Extend kABI severity quirks to tot only ath9k but other atheros WiFi drivers
Those symbols are only used locally, hence not for 3rd parties
- commit 3e22274
- Bluetooth: bcsp: receive data only if registered (CVE-2025-40308
bsc#1255064).
- commit 68b7fd3
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
(CVE-2025-40269 bsc#1255035).
- commit 3a18895
- wifi: brcmfmac: fix crash while sending Action Frames in
standalone AP Mode (CVE-2025-40321 bsc#1254795).
- commit 807acc6
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit dacd4a6
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (bsc#1255034 CVE-2025-40304)
- commit c06cf4e
- sctp: avoid NULL dereference when chunk data buffer is missing
(CVE-2025-40240 bsc#1254869).
- commit 65c4aba
- hfs: validate record offset in hfsplus_bmap_alloc
(CVE-2025-40349 bsc#1255280).
- commit f2d5c12
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
(CVE-2025-40351 bsc#1255281).
- commit 726272a
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
bsc#1256730).
- commit e14b3fc
- ring-buffer: Do not swap cpu_buffer during resize process
(CVE-2023-53718 bsc#1252564).
- commit dde7681
- Move BPF kABI workarounds to the correct section
The kABI workaround for BPF backports are place at the end of
series.conf with the assumption that the "kABI consistency patches" is
at the end of series.conf. However that is not the case for SLE12-SP5.
Move them to under "kABI consistency patches".
- commit e8306c5
- Move kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch to patches.kabi
The kABI workaround was accidentally placed into patches.suse directly
by mistake, move it to the patches.kabi directory, where kABI workaround
should live.
- commit e2454a0
- kABI workaround for bpf: Enforce expected_attach_type for
tailcall compatibility (CVE-2025-40123 bsc#1253365).
- commit 15f8c57
- bpf: Enforce expected_attach_type for tailcall compatibility
(CVE-2025-40123 bsc#1253365).
- commit 0d4312e
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
(bsc#1246370 CVE-2025-38336).
- commit bc71668
- hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent() (CVE-2025-40244 bsc#1255033).
- commit 4a719f8
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit ffc47ed
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit e87e362
- kabi: hide include of <net/lwtunnel.h> in include/net/ip.h
(CVE-2025-40074 bsc#1252794).
- commit 22c64b3
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402).
- commit 38b553a
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 5962377
- tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (CVE-2025-40149 bsc#1253355).
- commit 9e73f75
- smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427).
- commit 0dd4401
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- commit 7f84325
- smc: Fix use-after-free in __pnet_find_base_ndev()
(CVE-2025-40064 bsc#1252845).
- commit a90974f
- tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795).
- commit b2b82f1
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit c6c59c0
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 89f66e5
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit 1204669
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 41c00f2
- kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794).
- ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794).
- ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342).
- net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794).
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40074 bsc#1252794).
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074
bsc#1252794).
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40074 bsc#1252794).
- ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794).
- refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40074 bsc#1252794).
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40074 bsc#1252794).
- net: dst: annotate data-races around dst->output (CVE-2025-40074
bsc#1252794).
- net: dst: annotate data-races around dst->input (CVE-2025-40074
bsc#1252794).
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40074 bsc#1252794).
- net: dst: annotate data-races around dst->expires
(CVE-2025-40074 bsc#1252794).
- refresh patches.suse/ipv4-use-RCU-protection-in-__ip_rt_update_pmtu.patch
also use backport closer to mainline commit to make further backports easier
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40074 bsc#1252794).
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40074 bsc#1252794).
- tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794).
- ndisc: ndisc_send_redirect() cleanup (CVE-2025-40074
bsc#1252794).
- ipv4: icmp: convert to dev_net_rcu() (CVE-2025-40074
bsc#1252794).
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40074 bsc#1252794).
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu (CVE-2022-49604 CVE-2025-40074
bsc#1238414 bsc#1252794).
- blacklist.conf: remove 60c158dc7b1f from blacklist
it was blacklisted as unneeded but now we need it as a prerequisity for
the CVE-2025-40074 / bsc#1252794 series
- refresh patches.suse/ipv4-use-RCU-protection-in-ip_dst_mtu_maybe_forward.patch
- ip: Fix data-races around sysctl_ip_default_ttl (CVE-2025-40074
bsc#1252794).
- refresh patches.suse/ipv4-add-RCU-protection-to-ip4_dst_hoplimit.patch
use backport closer to mainline version to make further backports easier
- ipv6: ip6_skb_dst_mtu() cleanups (CVE-2025-40074 bsc#1252794).
- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward
(CVE-2025-40074 bsc#1252794).
- refresh patches.suse/ipv4-use-RCU-protection-in-ip_dst_mtu_maybe_forward.patch
- commit 7269666
- btrfs: reject invalid reloc tree root keys with stack dump (CVE-2023-53618 bsc#1251748)
- commit 1015f12
- btrfs: tree-checker: Refactor root key check into separate function (bsc#1251748)
Refresh patches.suse/btrfs-tree-checker-fix-false-alert-caused-by-legacy-.patch.
- commit b60efb9
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 71c7413
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 59e6618
- smc: Fix use-after-free in tcp_write_timer_handler()
(CVE-2023-53781 bsc#1254751).
- commit bf67dae
- cifs: fix potential use-after-free bugs in
TCP_Server_Info::hostname (bsc#1254986, CVE-2023-53751).
- commit 14c9faa
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling
SR-IOV (CVE-2025-40219 bsc#1254518).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register
(CVE-2022-50625 bsc#1254559).
- commit 4c61e27
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid
UAF (CVE-2025-40283 bsc#1254858).
- commit 4b3fb60
- smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256,
CVE-2025-38728).
- commit 9fb41f0
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431
CVE-2025-38085 bsc#1245499).
- commit f2cb81d
- HID: multitouch: Add NULL check in mt_input_configured (bsc#1250759)
- commit 9963a0f
- mm/hugetlb: fix folio is still mapped when deleted
(CVE-2025-40006 bsc#1252342).
- commit 79253cf
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (CVE-2025-40153 bsc#1253408).
- commit 174ebb8
- usbnet: Fix using smp_processor_id() in preemptible code
warnings (CVE-2025-40164 bsc#1253407).
- commit b10a5dd
- Disable CONFIG_CPU5_WDT
The cpu5wdt driver doesn't implement a proper watchdog interface and
has many code issues. It only handles obscure and obsolete hardware.
Stop building and supporting this driver (jsc#PED-14062).
- commit 12d0d02
- ext4: fix string copying in parse_apply_sb_mount_options()
(bsc#1253453 CVE-2025-40198).
- commit a350880
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 5b1fcbf
- ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options() (bsc#1253453 CVE-2025-40198).
- commit f93c3a5
- net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808)
- commit 4dfabf1
- pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463)
- commit 80993d6
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
(CVE-2025-40110 bsc#1253275).
- commit 78a9e64
- Squashfs: reject negative file sizes in squashfs_read_inode() (CVE-2025-40200 bsc#1253448)
- commit ce2cf29
- Squashfs: add additional inode sanity checking (bsc#1253448)
- commit dda3d33
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (CVE-2025-40035 bsc#1252866)
- commit 27315ae
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776)
- commit dc2cb58