sles-12-sp5-v20260506-x86-64 Package Source Changes

kernel-default

- crypto: authencesn - Fix src offset when decrypting in-place
  (bsc#1262573 CVE-2026-31431).
- commit 447ae9a

- crypto: authencesn - Do not place hiseq at end of dst for
  out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit ce75b61

- crypto: authenc - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- Refresh
  patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 2ef1585

- crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
  (bsc#1262573 CVE-2026-31431).
- commit 3389719

- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
  CVE-2026-31431).
- commit e0a7432

- crypto: algif_aead - Revert to operating out-of-place
  (bsc#1262573 CVE-2026-31431).
- commit 3324e92

- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  (bsc#1262573 CVE-2026-31431).
- commit e04265b

- crypto: aead - prevent using AEADs without setting key
  (bsc#1262573 CVE-2026-31431).
- commit 81b8a54

- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
  (bsc#1262573 CVE-2026-31431).
- commit b51c829

- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
  CVE-2026-31431).
- commit 18c7752

- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks
  missing them (CVE-2026-23382 bsc#1260551).
- commit 0938773

- ALSA: usb-audio: Use correct version for UAC3 header validation
  (CVE-2026-23318 bsc#1260536).
- commit d97948d

- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
  on TEQL slave xmit (CVE-2026-23277 bsc#1259997).
- commit 1e064e8

- netfilter: nf_tables: unconditionally bump set->nelems before
  insertion (CVE-2026-23272 bsc#1260009).
- commit 09c01da

- icmp: fix NULL pointer dereference in icmp_tag_validation()
  (CVE-2026-23398 bsc#1260730).
- commit 4a6435e

- gve: Fix stats report corruption on queue count change
  (CVE-2026-23262 bsc#1259870).
- commit 9fb91de

- btrfs: fix reservation leak in some error paths when inserting
  inline extent (CVE-2025-71268 bsc#1259865).
- commit 9f5a354

- btrfs: do not free data reservation in fallback from inline
  due to -ENOSPC (CVE-2025-71269 bsc#1259889).
- commit 1264408

- gve: fix incorrect buffer cleanup in
  gve_tx_clean_pending_packets for QPL (CVE-2026-23386
  bsc#1260799).
- commit cbe159d

- can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362
  bsc#1260489).
- commit 2c7a147

- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit f1f6f9a

- net/tls: return ENOTSUPP on tls_init() (CVE-2024-26584
  bsc#1220186).
- blacklist.conf: blacklist original commit.
- commit eedeb3a

- btrfs: fix processing of delayed data refs during backref walking (bsc#1228031).
- commit 4e68ed0

- fs: skip superblock shrink on frozen xfs filesystems
  (bsc#1259770).
- commit f01e7af

- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221).
- commit 48abf39

- btrfs: qgroup: fix race between quota disable and quota rescan
  ioctl (CVE-2025-39759 bsc#1249522).
- commit 80667fb

- kABI fix for ipvlan: Make the addrs_lock be per port
  (CVE-2026-23103 bsc#1257773).
- commit d449598

- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 2ff5901

- Refresh
  patches.suse/0001-apparmor-validate-DFA-start-states-are-in-bounds-in-.patch.
- commit c19850e

- l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280)
- commit 30aaeff

- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
  bsc#1257773).
- Delete patches.kabi/ipvlan_addr_lock_kabi.patch.
- commit 9627a6e

- Use unified maintainers' email address
- commit 0ed1513

cups

- cups-1.7.5-CVE-2026-34980.patch is based on
  https://github.com/OpenPrinting/cups/commit/8d0f51cac24cb5bf949c5b6a221e51a150d982e3
  backported to CUPS 1.7.5 to fix CVE-2026-34980
  "Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
  bsc#1261569

- cups-1.7.5-CVE-2026-34990.patch is is based on
  https://github.com/OpenPrinting/cups/commit/e052dc44da9d12adfbebc51de4975fbadb2ce356
  backported to CUPS 1.7.5 to fix CVE-2026-34990
  "Local print admin token disclosure using temporary printers"
  as far as matching code parts were found in CUPS 1.7.5
  in particular CUPS 1.7.5 has no function to
  "Create a local (temporary) [print] queue"
  so CUPS 1.7.5 should not be affected by issues
  which are related to "using temporary printers"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
  bsc#1261568
- Incompatible changes needed to properly fix CVE-2026-34990:
  The scheduler incorrectly allowed local certificates over the
  loopback interface. Now this is only via domain sockets allowed.
  The ability to create/overwrite files via a 'file:' device URI
  is removed. Now the specified file must already exist
  and is opened only for writing in exclusive mode.
  In general: Historically 'file:' devices were provided
  for backwards compatibility with System V interface scripts
  that talked to serial printers over a character device, with
  very limited debugging support for writing to an ordinary file.
  It is not and never was intended as a way to "print to a file".
  For a proper debugging method see the section
  "A backend that sends its input into a file for debugging" in
  https://en.opensuse.org/SDB:Using_Your_Own_Backends_to_Print_with_CUPS

libpng16

- added patches
  CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
  * libpng16-CVE-2026-34757.patch

sed

- Add CVE-2026-5958.patch
  * Fix CVE-2026-5958 (bsc#1262144):
    A TOCTOU race can allow to read attacker-controlled content and write
    it to an unintended file

_product:sle-sdk-release

n/a