- kernel-default
-
- crypto: authencesn - Fix src offset when decrypting in-place
(bsc#1262573 CVE-2026-31431).
- commit 86cbba3
- crypto: authencesn - Do not place hiseq at end of dst for
out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit d00ea08
- crypto: authenc - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- Refresh
patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 8439d6a
- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
CVE-2026-31431).
- commit 3c6e00a
- crypto: algif_aead - Revert to operating out-of-place
(bsc#1262573 CVE-2026-31431).
- commit 402e84d
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- commit f620cf3
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
(bsc#1262573 CVE-2026-31431).
- commit 8814cb0
- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
CVE-2026-31431).
- commit e081d55
- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- commit 4d23627
- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes bsc#1215492).
- commit b85a9eb
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in
pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures
(git-fixes).
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- commit 2b4e030
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
(CVE-2026-23274 bsc#1260005).
- commit 523e0c7
- netfilter: nf_tables: unconditionally bump set->nelems before
insertion (CVE-2026-23272 bsc#1260009).
- commit 9195450
- Refresh
patches.suse/iommu-disable-SVA-when-CONFIG_X86-is-set.patch.
Move the condition check before iommu_group_get() to prevent
reference count leak.
- commit 46c4966
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (CVE-2026-23317 bsc#1260562).
- commit 3e86a3e
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit 707a5c5
- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit 58ab8fc
- Delete
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch.
Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
completion in abort path'), locally contained in patch
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
Intead of committing a revert patch, just remove this patch.
- commit 05a58b7
- Delete
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch.
- Delete
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch.
Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
completion in abort path'), locally contained in patch
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
Intead of committing a revert patch, just remove this patch.
This also requires removing our local patch
scsi-qla2xxx-Complete-command-early-within-lock.patch,
since this modified the code that was previously added in
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
- commit 9a39993
- kABI fix for ipvlan: Make the addrs_lock be per port
(CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
bsc#1257773).
- commit d6cd4ec
- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 3cdc4b6
- Use unified maintainers' email address
- commit 8028c58
- python-requests
-
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
Add patch CVE-2026-25645.patch
- sed
-
- Add CVE-2026-5958.patch
* Fix CVE-2026-5958 (bsc#1262144):
A TOCTOU race can allow to read attacker-controlled content and write
it to an unintended file
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
- xen
-
- bsc#1262428 - VUL-0: CVE-2025-54505: xen: Floating Point Divider
State Sampling on AMD CPUs AMD-SN-7053 (XSA-488)
xsa488.patch
- bsc#1262178 - VUL-0: CVE-2026-23557: xen: Xenstored DoS via
XS_RESET_WATCHES command (XSA-484)
xsa484.patch
- bsc#1262180 - VUL-0: CVE-2026-23558: xen: grant table v2 race in
status page mapping (XSA-486)
xsa486.patch