suse-sles-15-sp6-sapcal-v20260505-hvm-ssd-x86

kernel-default

- crypto: authencesn - Fix src offset when decrypting in-place
  (bsc#1262573 CVE-2026-31431).
- commit 00dc708

- crypto: authencesn - Do not place hiseq at end of dst for
  out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit 3756951

- crypto: authenc - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- Refresh
  patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit ce64565

- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
  CVE-2026-31431).
- commit 99d9260

- crypto: algif_aead - Revert to operating out-of-place
  (bsc#1262573 CVE-2026-31431).
- commit 1c6e33a

- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- commit d921544

- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
  (bsc#1262573 CVE-2026-31431).
- commit 984f87d

- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
  CVE-2026-31431).
- commit 7619339

- netfilter: bpf: defer hook memory release until rcu readers
  are done (CVE-2026-23412 bsc#1261412).
- commit 1299d5b

- net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
  (CVE-2026-23381 bsc#1260471).
- commit 21aa5bd

- clsact: Fix use-after-free in init/destroy rollback asymmetry
  (CVE-2026-23413 bsc#1261498).
- commit eaf3b22

- icmp: fix NULL pointer dereference in icmp_tag_validation()
  (CVE-2026-23398 bsc#1260730).
- net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
  (CVE-2026-23293 bsc#1260486).
- commit 05f5f64

- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
  (CVE-2026-23274 bsc#1260005).
- commit b61cf0b

- netfilter: nf_tables: always walk all pending catchall elements
  (CVE-2026-23278 bsc#1259998).
- commit bde2f22

- netfilter: nf_tables: unconditionally bump set->nelems before
  insertion (CVE-2026-23272 bsc#1260009).
- commit 4898783

- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- commit dd3433a

- kABI fix for ipvlan: Make the addrs_lock be per port
  (CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
  bsc#1257773).
- commit 546f802

- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit aa72668

- xen/privcmd: unregister xenstore notifier on module exit
  (git-fixes).
- commit 0c94fec

- xen/privcmd: restrict usage in unprivileged domU (bsc#1259707
  CVE-2026-31788).
- commit 0c51260

- drm/vmwgfx: Return the correct value in vmw_translate_ptr
  functions (CVE-2026-23317 bsc#1260562).
- commit 62d1ba3

- Delete
  patches.suse/scsi-Fix-sas_user_scan-to-handle-wildcard-and-multi-channe.patch.
  See bsc#1257506.
  The git-fix being removed had issues and needs to be redesigned.
  In the mean time, reverting this addresses the problem.
  See:
  > https://bugzilla.suse.com/show_bug.cgi?id=1257506#c47
- commit 14d63c6

- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit f09c977

- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit b964f1d

- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
  (CVE-2026-23231 bsc#1259188).
- netfilter: nf_tables: register hooks last when adding new
  chain/flowtable (CVE-2026-23231 bsc#1259188).
- commit fd540e6

- scsi: target: target_core_configfs: Add length check to avoid
  buffer overflow (CVE-2025-39998 bsc#1252073).
- commit dff8745

- Use unified maintainers' email address
- commit 3c803fb

python-certifi

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-idna

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-packaging

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-pycparser

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-py

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-requests

- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
  Add patch CVE-2026-25645.patch

- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-six

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-urllib3

- fix regression in CVE-2025-66471.patch when downloading large files
  (bsc#1259829)