suse-sles-12-sp5-v20260506-ecs-hvm-ssd-x86

_product:sle-sdk-release

n/a

gnutls

- Security fix bsc#1254132 CVE-2025-9820
  * Fix buffer overflow in gnutls_pkcs11_token_init
  * Added gnutls-CVE-2025-9820.patch

sed

- Add CVE-2026-5958.patch
  * Fix CVE-2026-5958 (bsc#1262144):
    A TOCTOU race can allow to read attacker-controlled content and write
    it to an unintended file

kernel-default

- crypto: authencesn - Fix src offset when decrypting in-place
  (bsc#1262573 CVE-2026-31431).
- commit 447ae9a

- crypto: authencesn - Do not place hiseq at end of dst for
  out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit ce75b61

- crypto: authenc - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- Refresh
  patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 2ef1585

- crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
  (bsc#1262573 CVE-2026-31431).
- commit 3389719

- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
  CVE-2026-31431).
- commit e0a7432

- crypto: algif_aead - Revert to operating out-of-place
  (bsc#1262573 CVE-2026-31431).
- commit 3324e92

- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- commit e04265b

- crypto: aead - prevent using AEADs without setting key
  (bsc#1262573 CVE-2026-31431).
- commit 81b8a54

- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
  (bsc#1262573 CVE-2026-31431).
- commit b51c829

- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
  CVE-2026-31431).
- commit 18c7752

- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks
  missing them (CVE-2026-23382 bsc#1260551).
- commit 0938773

- ALSA: usb-audio: Use correct version for UAC3 header validation
  (CVE-2026-23318 bsc#1260536).
- commit d97948d

- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
  on TEQL slave xmit (CVE-2026-23277 bsc#1259997).
- commit 1e064e8

- netfilter: nf_tables: unconditionally bump set->nelems before
  insertion (CVE-2026-23272 bsc#1260009).
- commit 09c01da

- icmp: fix NULL pointer dereference in icmp_tag_validation()
  (CVE-2026-23398 bsc#1260730).
- commit 4a6435e

- gve: Fix stats report corruption on queue count change
  (CVE-2026-23262 bsc#1259870).
- commit 9fb91de

- btrfs: fix reservation leak in some error paths when inserting
  inline extent (CVE-2025-71268 bsc#1259865).
- commit 9f5a354

- btrfs: do not free data reservation in fallback from inline
  due to -ENOSPC (CVE-2025-71269 bsc#1259889).
- commit 1264408

- gve: fix incorrect buffer cleanup in
  gve_tx_clean_pending_packets for QPL (CVE-2026-23386
  bsc#1260799).
- commit cbe159d

- can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362
  bsc#1260489).
- commit 2c7a147

- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit f1f6f9a

- net/tls: return ENOTSUPP on tls_init() (CVE-2024-26584
  bsc#1220186).
- blacklist.conf: blacklist original commit.
- commit eedeb3a

- btrfs: fix processing of delayed data refs during backref walking (bsc#1228031).
- commit 4e68ed0

- fs: skip superblock shrink on frozen xfs filesystems
  (bsc#1259770).
- commit f01e7af

- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221).
- commit 48abf39

- btrfs: qgroup: fix race between quota disable and quota rescan
  ioctl (CVE-2025-39759 bsc#1249522).
- commit 80667fb

- kABI fix for ipvlan: Make the addrs_lock be per port
  (CVE-2026-23103 bsc#1257773).
- commit d449598

- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 2ff5901

- Refresh
  patches.suse/0001-apparmor-validate-DFA-start-states-are-in-bounds-in-.patch.
- commit c19850e

- l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280)
- commit 30aaeff

- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
  bsc#1257773).
- Delete patches.kabi/ipvlan_addr_lock_kabi.patch.
- commit 9627a6e

- Use unified maintainers' email address
- commit 0ed1513