- libssh
-
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- util-linux-systemd
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- multipath-tools
-
- Update to version 0.7.9+236+suse.0771b5a4:
* multipath-tools: compile with -fno-strict-aliasing and -fexceptions
(bsc#1257007)
* multipathd: print path offline message even without a checker
(bsc#1254094)
* libdmmp/Makefile: build docs in install stage
* libmultipath: fix compilation on tumbleweed
* libmultipath: deal with dynamic PTHREAD_STACK_MIN
* multipath-tools: use /run instead of /dev/shm
* multipathd: ignore duplicated multipathd command keys
- _product:sle-live-patching-release
-
n/a
- python
-
- Fix the test suite so it is run again.
- Add CVE-2026-1299-email-encode-EOL-headers.patch preventing
embedded white characters inside of email headers (bsc#1257181,
CVE-2026-1299, gh#python/cpython#144125).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Add add-zlib-eof-attribute.patch, needed for python-urllib3
CVE fix (bsc#1254867)
- Modify CVE-2025-6075-expandvars-perf-degrad.patch so it doesn't
use `re.ASCII` flag, which is not available in Python 2.7
(because it is unnecessary, that's the default behaviour;
bsc#1257064).
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Readjust CVE-2025-6075-expandvars-perf-degrad.patch.
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- libpng16
-
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- security update
- added patches
CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read
* libpng16-CVE-2026-22695.patch
- grub2
-
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- ca-certificates-mozilla
-
- Updated to 2.84 state (bsc#1258002)
- Removed:
- Baltimore CyberTrust Root
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- DigiNotar Root CA
- Added:
- e-Szigno TLS Root CA 2023
- OISTE Client Root ECC G1
- OISTE Client Root RSA G1
- OISTE Server Root ECC G1
- OISTE Server Root RSA G1
- SwissSign RSA SMIME Root CA 2022 - 1
- SwissSign RSA TLS Root CA 2022 - 1
- TrustAsia SMIME ECC Root CA
- TrustAsia SMIME RSA Root CA
- TrustAsia TLS ECC Root CA
- TrustAsia TLS RSA Root CA
- openssl-1_1
-
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31791: NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-CVE-2026-31791.patch
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- python36
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- glibc
-
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- regcomp-double-free.patch: posix: Fix double-free after allocation
failure in regcomp (CVE-2025-8058, bsc#1246965, BZ #33185)
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- Security fix: [bsc#1219273, CVE-2023-27534]
* Add upstream regression fix for CVE-2023-27534
* Add curl-CVE-2023-27534-regression-fix.patch
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- python3
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- Readjust CVE-2025-4435-normalize-lnk-trgts-tarfile.patch on the
top of the previous patch. Security fixes for CVE-2025-4517,
CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on
tarfile (bsc#1244032, bsc#1244061, bsc#1244059, bsc#1244060,
bsc#1244056). The backported fixes do not contain changes for
ntpath.py and related tests, because the support for symlinks
and junctions were added later in Python 3.9, and it does not
make sense to backport them to 3.6 here. The patch is contains
the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in
tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Readjust CVE-2025-8194-tarfile-no-neg-offsets.patch on the top
of the previous two patches
- Add remove-usr-local-bin-shebangs.patch for removing two
shebangs with /usr/local/bin/python (with the complexity of the
current patchset fiddling with the files with `sed` makes those
patches unmaintainable).
- Finally ported CVE-2007-4559-filter-tarfile_extractall.patch
for Python 3.4 (CVE-2007-4559, bsc#1203750, bsc#1251841).
- avahi
-
- Add avahi-CVE-2025-68276.patch:
Backport 0c013e2 from upstream, refuse to create wide-area record
browsers when wide-area is off.
(CVE-2025-68276, bsc#1256498)
- Add avahi-CVE-2025-68471.patch:
Backport 9c6eb53 from upstream, fix DoS bug by changing assert to
return.
(CVE-2025-68471, bsc#1256500)
- Add avahi-CVE-2025-68468.patch:
Backport f66be13 from upstream, fix DoS bug by removing incorrect
assertion.
(CVE-2025-68468, bsc#1256499)
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- bind
-
- Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805, bind-9.11-CVE-2026-1519.patch]
- libvirt
-
- CVE-2025-13193: qemu: Set umask for 'qemu-img' when creating
external inactive snapshots
a379327d-CVE-2025-13193.patch
bsc#1253703
- CVE-2025-12748: Check ACLs before parsing the whole domain XML
ec8dafd0-CVE-2025-12748-p1.patch, 69958ba3-CVE-2025-12748-p2.patch,
e6de1e43-CVE-2025-12748-p3.patch, a1f48bca-CVE-2025-12748-p4.patch,
a6dcfee8-CVE-2025-12748-p5.patch, 2a326c41-CVE-2025-12748-p6.patch
bsc#1253278
- google-cloud-sap-agent
-
- Add CVE-2026-33186.patch to fix authorization bypass in grpc-go due to improper
validation of the HTTP/2 :path pseudo-header (bsc#1260265, CVE-2026-33186)
- Update to version 3.12 (bsc#1259816)
* Collect WLM metric `saphanasr_angi_installed` for all OS types.
* Failure handling: Remove attached disks from CG
* OTE Status checks for Parameter Manager (SAP Agent)
* Log command-line arguments in configureinstance.
* Minor multiple reliability checks and fixes
* Support custom names for restored disks in hanadiskrestore
* Add newAttachedDisks to Restorer and detach them on restore failure.
* Improve unit test coverage for hanadiskbackup and hanadiskrestore
* Add support for refresh point tests.
* Refactor HANA disk backup user validation and physical path parsing.
* Auto updated compiled protocol buffers
* Parameter Manager integration to SAP Agent
* Modify collection logic for SAP HANA configuration files.
* Update workloadagentplatform version and hash.
* Auto updated compiled protocol buffers
* Update WLM Validation metrics to support SAPHanaSR-angi setups.
* Increment agent version to 3.12.
* SAP HANA Pacemaker failover settings can come from `SAPHanaController`.
* Update collection for WLM metric `ha_sr_hook_configured`.
* Refactor CheckTopology to accept instance number.
* Use constant backoff with max retries for snapshot group operations.
* Update workloadagentplatform dependency
- Bump Go ABI version to 1.25 in BuildRequires
- Update to version 3.11 (bsc#1257821)
* Fix logging calls in hanadiskbackup and hanadiskrestore.
* Add instance name label to HANA disk backups.
* Update workloadagentplatform submodule hash.
* Refactor HANA disk restore to use new-disk-suffix.
* Update workloadagentplatform dependency to a newer commit.
* Refactor snapshot name generation and validation.
* Implement Snapshot Group label setting and SG deletion.
* Restart tuned service before verification in configure instance
* Remove legacy iam shared package
* Improve HANA stop error handling in hanabackup.
* Add INFO level log message for WLM ConfigureInstance check.
* Add tuned-adm verify to X4 configuration.
* sched_min/wakeup_granularity_ns in tuned is under [scheduler] not [sysctl]
* Change tuned service check and improve error logging in configurex4.
* Bump SAP Agent version to 3.11
* Auto updated compiled protocol buffers
* Add status_features to agent configuration proto.
* Ensure all properties from the source DB component are copied to the replication site component
* Update grub command for RHEL 9+ X4 configure instance
* Add additional parameters to improve the performance in RHEL OS
* Exclude Backint status when parameters path is not set.
* Use local context in loggers for discovery data upload loop.
* Add a retry loop to SAP System WriteInsight when the response is a permission error.
* Add a custom timeout to HANA queries in hanadiskbackup.
* Add check for /usr/sap executable permissions in status command.
* Flush logger for Cloud Logging client.
* Fix structured logging and empty slice declarations in multidisk.go.
* Log errors encountered during LogCollectionHandler startup.
- Update to version 3.10
* Update transparent huge page setting for X4 instances on newer OS versions.
* Cap the number of threads in performance diagnostics tests.
* Remove check SAP instances before starting process metrics goroutine.
* Modify Netweaver role metric collection. ASCS is reported true if either
process is present, and the metric is always reported regardless if any
roles are detected
* Fix `regenerateLine` to handle similar key prefixes and guard HyperThreading
changes with `Apply`.
* [AIOps] Add metric labels key to incident data structs
* Add `workqueue.watchdog_thresh=120` to X4 GRUB config.
* [status OTE]Dynamically determine Artifact Registry repository location for status checks.
* Add temporary el10 version of service file
* Write agent logs to Guest Agent errorlogfile.
* Add function to save agent configuration from VM extension manager.
* Remove benign invalid message logs - this is misleading and clogs up the logs as well
* Add Recent Only flag for supportbundle - this collects the 3 recent logs for each log type.
* Disable cloud monitoring metric collection for AIOps
* Initialize the new filtering feature for Status in daemon mode
* Auto updated compiled protocol buffers
* Add option to configure SAP details from the pubsub config
* Add public IP masking for supportbundle
* Skip permission checks for non-existent files in status command.
* Add a `-feature` flag to the `status` command.
* Add event name support for pubsub actions
* Use InstanceName in InstanceUri for status command.
* Correct app_server_zonal_separation computation.
* Add metrics for validating the settings for the SAP HANA chksrv hook.
* Auto updated compiled protocol buffers
* Add support in WLM Validation proto to collect a new category of HANA metric.
* Auto updated compiled protocol buffers
* Add collection of hostname to SAP HANA instance info during discovery of SAP applications.
* Remove message validation for log collection for pubsub actions
* Make hostname, sid and instance-numbers as optional params
* Fix an issue where HAHosts may not get merged properly when mulriple
SAP Instances are running on a single host.
* Include WLM Observability onboarding scripts.
* fix(processmetrics): Fixes for SkippedMetrics
* Create event annotation if Backint fails to start
- libtasn1
-
- Security fix: [bsc#1256341, CVE-2025-13151]
* Stack-based buffer overflow. The function asn1_expend_octet_string()
fails to validate the size of input data resulting in a buffer overflow.
* Add libtasn1-CVE-2025-13151.patch
- lifecycle-data-sle-live-patching
-
- Added data for 4_12_14-122_280, 4_12_14-122_283, 4_12_14-122_290,
4_12_14-122_293. (bsc#1020320)
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- python-requests
-
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
Add patch CVE-2026-25645.patch
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- fix regression in tests from CVE-2026-23490.patch (bsc#1257129)
- Add CVE-2026-23490.patch to fix CVE-2026-23490 (bsc#1256902)
- vim
-
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Switch GUI build requirement to GTK2 for SLE 12 compatibility.
Replaced pkgconfig(gtk+-3.0) with pkgconfig(gtk+-2.0) and
set --enable-gui=gtk2.
* Remove autoconf BuildRequires and autoconf call in %build.
* Package new Swedish (sv) man pages and remove duplicate encodings
(sv.ISO8859-1 and sv.UTF-8).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1-revert-v9.1.86.patch
* Refresh the following patches for 9.2.0045:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
- systemd
-
- Import commit b9c5a78950c6d2dfd9c0ee57a380afa6b203e9a5
cbf8ee66ee machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
1a55ad48da udev: fix review mixup
1eba76668c udev-builtin-net-id: print cescaped bad attributes
cbd4b55380 udev: ensure tag parsing stays within bounds
5973d3b1cc udev: ensure there is space for trailing NUL before calling sprintf
f038eb6c8b udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- _product:sle-sdk-release
-
n/a
- kernel-default
-
- libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220).
- commit 9ff4124
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit caea5fb
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
(CVE-2026-23125 bsc#1258293).
- commit 666649e
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836)
Disable sch_atm module, it doesn't seem to be used and security issues
led to its removal from upstream.
- commit 197c542
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- Refresh
patches.suse/mdraid-fix-read-write-bytes-accounting.patch.
- commit 6a54f47
- md/raid1,raid10: don't handle IO error for REQ_RAHEAD and
REQ_NOWAIT (git-fixes).
- commit 3758085
- Delete
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch.
- Delete
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
completion in abort path'), locally contained in patch
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
Intead of committing a revert patch, just remove this patch.
This also requires removing our local patch
scsi-qla2xxx-Complete-command-early-within-lock.patch,
since this modified the code that was previously added in
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
- commit 239eaae
- scsi: aic94xx: fix use-after-free in device removal path
(CVE-2025-71075 bsc#1256629).
- commit f9c693f
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit 2fb7a81
- md/raid1,raid10: don't ignore IO flags (CVE-2025-22125
bsc#1241596).
- commit aa9f7d7
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (CVE-2025-68223 bsc#1255357).
- commit 9a5ddda
- drm/amdkfd: fix potential kgd_mem UAFs (CVE-2023-53816 bsc#1254958).
- commit 8f7c148
- vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069).
- Refresh
patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch.
- commit 047f7a1
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() header which is required.
- commit 3465c86
- Update patches.suse/netfilter-nf_tables-Reject-tables-of-unsupported-fam.patch
(CVE-2023-6040 bsc#1218752 bsc#1259069 CVE-2026-25702).
Added references to bsc#1259069 and CVE-2026-25702.
- commit 1452528
- ata: libata-sff: Ensure that we cannot write outside the
allocated buffer (bsc#1238917 CVE-2025-21738).
- commit 4dc232e
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(CVE-2025-40219 bsc#1254518).
- Delete
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-d.patch.
Replace a reverted commit (due to deadlocks) with a better fix.
- commit 3aab429
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 596e702
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit fca031c
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 159cfe5
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- commit d173346
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit 8469a6e
- scsi: qla2xxx: Validate sp before freeing associated memory
(CVE-2025-71236 bsc#1258442).
- commit 152e17d
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit 0850ede
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit ee83c59
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 303c99b
- Refresh
patches.suse/dst-fix-races-in-rt6_uncached_list_del-and-rt_del_un.patch.
- commit ee740c8
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit 16f0a57
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 817285f
- cifs: fix session state check in reconnect to avoid
use-after-free issue (bsc#1255163, CVE-2023-53794).
- commit 0e35638
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 4abf8ac
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(CVE-2025-71224 bsc#1258824).
- commit cb35621
- Delete custom fix for bsc#1215420 as it caused regression bsc#1257672
Please notice that the backport for bsc#1215420 isn't needed for
SLE12-SP5 because the CVE does not apply here.
- Delete patches.kabi/netfilter-nft_set-preserver-kabi.patch.
- Delete
patches.suse/netfilter-Implement-reference-counting-for-nft_sets.patch.
- Delete
patches.suse/netfilter-take-a-reference-when-looking-up-nft_sets.patch.
- commit f1caf6c
- Bluetooth: Fix l2cap_disconnect_req deadlock (CVE-2023-53827
bsc#1255049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit 1c9a63f
- vhost-scsi: Fix handling of multiple calls to
vhost_scsi_set_endpoint (CVE-2025-22083 bsc#1241414).
- commit fc4b2ad
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes
CVE-2022-50453 bsc#1250887).
- commit 720a0a8
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit 9210e96
- Bluetooth: L2CAP: Fix use-after-free in
l2cap_disconnect_{req,rsp} (CVE-2023-53827 bsc#1255049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit b9be58b
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
(CVE-2023-53808 bsc#1254723).
- commit 8ddd031
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
is no callback function (CVE-2023-53802 bsc#1254725).
- commit fa09e6d
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit 987fc92
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 7183095
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit 0c324f3
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit 0aa7839
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 97b4a24
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 1a417a8
- btrfs: always detect conflicting inodes when logging inode refs
(bsc#1257631 CVE-2025-71183).
- commit f7a95eb
- crypto: fix kABI fixup for af_alg_ctx (bsc#1251966 CVE-2025-39964)
struct af_alg_ctx is completely internal and not relevant for
kABI stability: instances thereof are referenced exclusively from
`struct alg_sock`'s ->private and it doesn't appear in any EXPORTed
function's prototype.
Drop the existing, unneeded kABI fixup to struct af_alg_ctx in order
to facilitate subsequent backports affecting that struct's definition.
- commit de20ef8
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 8a5df43
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit e033ed1
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(bsc#1256742 CVE-2025-71131).
- commit 0e8f309
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit fd7a81e
- usb: dwc3: Fix race condition between concurrent
dwc3_remove_requests() call paths (CVE-2025-68287 bsc#1255152).
- commit 3edfe08
- crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id (bsc#1255550 CVE-2025-68724).
- commit 9c5c373
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit bfc63b3
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit 3fbd310
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit ded7b5c
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 4689216
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
- commit 5d5f781
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit cfb18f3
- drm/mgag200: fix mgag200_bmc_stop_scanout() (bsc#1258153 bsc#1258226)
- commit 1fecfbd
- scsi: target: iscsit: Free cmds before session free
(CVE-2023-54184 bsc#1255991).
- commit b34bf9f
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 05d7a54
- scsi: imm: Fix use-after-free bug caused by unfinished delayed
work (CVE-2025-68234 bsc#1255416).
- commit fd3d164
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit 880a2a6
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit ad3585c
- Fix locking order issue then unsharing pmds.
Refresh
patches.suse/hugetlbfs-flush-TLBs-correctly-after-huge_pmd_unshar.patch.
- commit f19c57e
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit a0264a1
- nvme-fc: use lock accessing port_state and rport state
(CVE-2025-40342 bsc#1255274).
- commit 50aba1a
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473 bsc#1257732 CVE-2026-23054).
- commit 4f9f160
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit be8cfc1
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit 640e30b
- Update
patches.suse/ip6_tunnel-use-skb_vlan_inet_prepare-in-__ip6_tnl_rcv.patch
(CVE-2026-23003 bsc#1257246 bsc#1257942).
- commit 4442655
- usb: storage: Fix memory leak in USB bulk transport
(bsc#1257949).
- commit 4443d16
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit 726823e
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 000c866
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 4a41a3f
- geneve: fix header validation in geneve_xmit_skb (CVE-2026-23003
bsc#1257246).
- commit 6cf7b31
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit b3bb110
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit 13d481c
- char: applicom: fix NULL pointer dereference in ac_ioctl
(CVE-2025-68797 bsc#1256660).
- serial: sc16is7xx: setup GPIO controller later in probe
(CVE-2023-54118 bsc#1256131).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
(CVE-2023-54198 bsc#1255970).
- commit fb656d4
- Update
patches.suse/HID-multitouch-Add-NULL-check-in-mt_input_configured.patch
(bsc#1250759 CVE-2024-58020 bsc#1239346).
- Update
patches.suse/HID-uclogic-Add-NULL-check-in-uclogic_input_configur.patch
(CVE-2023-54207 bsc#1255961 CVE-2025-38007 bsc#1244938).
- Update
patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch
(CVE-2025-40088 bsc#1252909 CVE-2025-40087).
- Update
patches.suse/USB-gadget-Fix-obscure-lockdep-violation-for-udc_mut.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-49943 bsc#1244904).
- Update
patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
(CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(bsc#1225527 CVE-2024-56690 bsc#1235428).
- Update
patches.suse/ext4-fix-string-copying-in-parse_apply_sb_mount_opti.patch
(bsc#1253453 CVE-2025-40198 CVE-2025-71123 bsc#1256757).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/igb-Do-not-bring-the-device-up-after-non-fatal-error.patch
(CVE-2023-53148 bsc#1249842 CVE-2024-50040 bsc#1231908).
- Update
patches.suse/ipv6-Fix-potential-uninit-value-access-in-__ip6_make_skb.patch
(CVE-2023-54265 bsc#1255874 CVE-2024-36903 bsc#1225741).
- Update
patches.suse/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
(CVE-2023-53178 bsc#1249827 git-fix CVE-2024-26832 bsc#1223007).
- Update
patches.suse/net-fix-UaF-in-netns-ops-registration-error-path.patch
(CVE-2022-50780 bsc#1256305 CVE-2023-52999 bsc#1240299).
- Update
patches.suse/net_sched-qfq-Fix-double-list-add-in-class-with-netem-as-c.patch
(CVE-2026-22976 bsc#1257035 CVE-2025-37913 bsc#1243471).
- Update
patches.suse/openvswitch-fix-lockup-on-tx-to-unregistering-netdev.patch
(bsc#1249854 CVE-2025-21681 bsc#1236702).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes CVE-2024-26935 bsc#1223675).
- Update
patches.suse/scsi-iscsi_tcp-Check-that-sock-is-valid-before-iscsi_set_p.patch
(git-fixes CVE-2023-53464 bsc#1250868).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-48838 bsc#1227988).
- Update
patches.suse/wifi-iwlwifi-Fix-error-code-in-iwl_op_mode_dvm_start.patch
(CVE-2025-38602 bsc#1248341 CVE-2025-38656 bsc#1248643).
- Update
patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
(CVE-2023-53226 bsc#1249658 CVE-2023-52525 bsc#1220840).
- commit 1d15285
- wifi: avoid kernel-infoleak from struct iw_point (CVE-2026-22978
bsc#1257227).
- commit 4470971
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit 1b61eee
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit e8558a0
- net: macvlan: Use built-in RCU list checking (CVE-2026-23001
bsc#1257232).
- macvlan: Use 'hash' iterators to simplify code (CVE-2026-23001
bsc#1257232).
- commit 56e1910
- ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011
bsc#1257207).
- commit ec13881
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
(CVE-2023-54218 bsc#1256229).
- net: prevent load/store tearing on sk->sk_stamp (CVE-2023-54218
bsc#1256229).
- commit 58808cc
- sock: Make sock->sk_stamp thread-safe (CVE-2023-54218
bsc#1256229).
- Refresh
patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit 93f2522
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 40ddb3a
- netlink: annotate accesses to nlk->cb_running (CVE-2023-53853
bsc#1254673).
- commit e5e9e66
- usb: dwc3: gadget: add dwc3_request status tracking
(CVE-2025-68287 bsc#1255152).
- commit 9988872
- usb: dwc3: core.h: add some register definitions (CVE-2025-68287
bsc#1255152).
- commit d0d3b6e
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit c099250
- nfc: Fix potential resource leaks (CVE-2022-50834 bsc#1256219).
- commit 71aae68
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive
aggregate in qfq_reset (CVE-2026-22976 bsc#1257035).
- commit 665af3c
- net_sched: qfq: Fix double list add in class with netem as
child qdisc (CVE-2026-22976 bsc#1257035).
- commit d6c7f6c
- usbnet: Prevents free active kevent (CVE-2025-68312
bsc#1255171).
- commit 8b74503
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- ethtool: Avoid overflowing userspace buffer on stats query
(CVE-2025-68795 bsc#1256688).
- kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg()
(git-fixes CVE-2023-53825 bsc#1254707).
- kcm: Fix memory leak in error path of kcm_sendmsg()
(CVE-2023-54112 bsc#1256354).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
(CVE-2022-50777 bsc#1256320).
- commit 1685ea3
- ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740 bsc#1255812).
- commit 858a097
- usb: typec: ucsi: Handle incorrect num_connectors capability
(CVE-2025-71108 bsc#1256774).
- commit f98de60
- e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093
bsc#1256777).
- net/mlx5: fw_tracer, Validate format string parameters
(CVE-2025-68816 bsc#1256674).
- commit ee63540
- Revert "btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"
This reverts commit 416113fa7a7f7954975b36f72fe7f224da379b7c.
The patch that commit introduces is causing regressions, as it differs
a lot from upstream because there were many changes that happened
upstream and it's too risky to backport them. Further the issue fixed by
the patch is very rare and other than the Meta servers, no one ever
reported it, plus it's just triggering a WARN_ON(), nothing really serious
and certainly nothing that justifies it being a CVE.
See bsc#1257229 for the report of the regression.
- commit 63b49a5
- Revert "btrfs: fix wrong block_start calculation for"
This reverts commit 87607636696a2af6cb6697241eb8476a0cedfe56.
This commit introduces a patch that fixes a bug in the patch introduced by
the previous commit (416113fa7a7f7954975b36f72fe7f224da379b7c), but that
patch had to be too different from upstream since there were a lot of big
changes upstream and it's causing a regression. So remove this patch,
and the next commit will remove the other patch.
- commit 66f1f0f
- net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654)
- commit 06054f6
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547)
- commit a2977a9
- media: s5p-mfc: Clear workbit to handle error condition (CVE-2022-50786 bsc#1256258)
- commit 6b48967
- team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773)
- commit ad0dda9
- driver core: fix potential null-ptr-deref in device_add() (CVE-2023-54321 bsc#1255762)
- commit d382224
- Fix build-time warning from "drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup"
Fix the warning
* unused-variable (pdev) in ../drivers/gpu/drm/i915/intel_fbdev.c in intelfb_create
../drivers/gpu/drm/i915/intel_fbdev.c: In function 'intelfb_create':
../drivers/gpu/drm/i915/intel_fbdev.c:175:18: warning: unused variable 'pdev' [-Wunused-variable]
caused by this patch.
- commit 55ad6d4
- kABI: Fixup for struct mrp_applicant (CVE-2022-50697
bsc#1255594).
- commit 841f2f7
- mrp: introduce active flags to prevent UAF when applicant uninit
(CVE-2022-50697 bsc#1255594).
- commit 567f600
- btrfs: fix wrong block_start calculation for
btrfs_drop_extent_map_range() (bsc#1256267 CVE-2023-54121).
- commit 8760763
- btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
(bsc#1256267 CVE-2023-54121).
- commit 416113f
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
debugfs (CVE-2022-50744 bsc#1256165).
- commit 268e0b4
- fsnotify: do not generate ACCESS/MODIFY events on child for
special files (bsc#1256638 CVE-2025-68788).
- commit d259bdb
- ext4: add i_data_sem protection in
ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261).
- commit 07d5d92
- nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372).
- commit 1113557
- nbd: defer config unlock in nbd_genl_connect (bsc#1255622
CVE-2025-68366).
- commit 3c02735
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when
file system corrupted (bsc#1255482 CVE-2025-68337).
- commit 582c147
- ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1256282 CVE-2022-50782).
- commit f60c869
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (bsc#1255880 CVE-2023-54202)
- commit 492f4ae
- kABI workaround for "drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup" (bsc#1255128)
- commit f3c8307
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit 2d90c1b
- tcp: use dst_dev_rcu() in
tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188
bsc#1255269).
- commit 0bb0de7
- Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (bsc#1255943)
Fix potential crash, timer_setup uses different parameter type for callback.
- commit 07542cf
- net: ipv6: fix field-spanning memcpy warning in AH output
(CVE-2025-40363 bsc#1255102).
- commit 1148ce8
- ipv4: route: Prevent rt_bind_exception() from rebinding stale
fnhe (CVE-2025-68241 bsc#1255157).
- net: netpoll: fix incorrect refcount handling causing incorrect
cleanup (CVE-2025-68245 bsc#1255268).
- commit 9c41c99
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
(CVE-2022-50347 bsc#1249928).
- commit e0927c4
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094 CVE-2025-40323)
- commit 8cd32df
- Delete
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch.
- commit 734bbd3
- bpf: Reject narrower access to pointer ctx fields
(CVE-2025-38591 bsc#1248363).
- commit 406618c
- Update
patches.suse/bpf-fix-pointer-offsets-in-context-for-32-bit.patch
(bsc#1109837 bsc#1248363 CVE-2025-38591).
Include reference to bsc#1248363/CVE-2025-38591 as it is a dependency of
upstream commit e09299225d5b.
- commit 71b6a1d
- blk-throttle: prevent overflow while calculating wait time
(CVE-2022-50580 bsc#1252542).
- commit ef0f0b6
- arp: do not assume dev_hard_header() does not change skb->head
(CVE-2025-71098 bsc#1256591).
- ip6_gre: make ip6gre_header() robust (CVE-2025-71098
bsc#1256591).
- commit 6b38561
- ALSA: usb-mixer: us16x08: validate meter packet indices
(CVE-2025-68783 bsc#1256650).
- commit da95073
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(CVE-2022-50709 bsc#1255565).
- commit c5a755c
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(CVE-2025-71082 bsc#1256611).
- commit b7a4df1
- drm/amd/display: Check NULL before accessing (bsc#1255351 CVE-2025-68286)
- commit 8dc335b
- drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339)
- commit 2327b42
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- commit 5fcdb4b
- drm/amdgpu: Remove explicit wait after VM validate (bsc#1255428)
- commit fb29e5d
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (bsc#1256398 CVE-2023-54047)
- commit dd69a49
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (bsc#1256779 CVE-2025-71120).
- commit 796bbfa
- btrfs: fix race when deleting free space root from the dirty
cow roots list (bsc#1256369 CVE-2023-54067).
- commit c200fa3
- Fix hugetlb locking regression (bsc#1256684)
Refresh
patches.suse/mm-hugetlb-fix-UAF-in-hugetlb_handle_userfault.patch.
- commit 9a8d34e
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1256221
CVE-2022-50770).
- commit 89af8ba
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode
(CVE-2023-54134 bsc#1256106).
- commit 2f939a3
- wifi: cfg80211: ocb: don't leave if not joined (CVE-2023-53992 bsc#1256058)
- commit 56289a8
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (CVE-2022-50884 bsc#1256127)
- commit d891f0c
- drm/vgem-fence: Fix potential deadlock on release (CVE-2025-68757 bsc#1255943)
- commit 1c62615
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (CVE-2023-54111 bsc#1256149)
- commit 0e36dc4
- hfsplus: Verify inode mode when loading from disk
(CVE-2025-68767 bsc#1256580).
- commit 5d4e3fb
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
(CVE-2025-68774 bsc#1256585).
- commit ceca245
- scsi: mpt3sas: Fix crash in transport port remove by using
ioc_info() (CVE-2025-40115 bsc#1253318).
- commit e748f8b
- ipv6: ensure sane device mtu in tunnels (CVE-2022-50816
bsc#1256038).
- Refresh patches.suse/ip6_tunnel-Fix-broken-GRO.patch.
- commit 59ff94e
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (CVE-2023-54274 bsc#1255905)
- commit 068be2d
- iavf: fix off-by-one issues in iavf_config_rss_reg()
(CVE-2025-71087 bsc#1256628).
- commit 3c9a37a
- RDMA/srpt: Fix disabling device management (bsc#1255905)
Refresh patches.suse/IB-srpt-Fix-memory-leak-in-srpt_add_one.patch
- commit bc87c75
- RDMA/srpt: Fix handling of SR-IOV and iWARP ports (bsc#1255905)
- commit 4ce5ebd
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695)
- commit 6f3a231
- amba: bus: fix refcount leak (CVE-2023-54230 bsc#1255925).
- commit fbf714d
- media: tuners: qt1010: replace BUG_ON with a regular error
(CVE-2023-54282 bsc#1255810).
- commit becd663
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544).
- commit 8958100
- netlink: do not hard code device address lenth in fdb dumps
(CVE-2023-53863 bsc#1254657).
- commit f777de6
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit b9ce8be
- net: fix UaF in netns ops registration error path
(CVE-2022-50780 bsc#1256305).
- commit 5a1f3db
- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init()
failed (CVE-2022-50780 bsc#1256305).
- commit bb6fa75
- tun: Fix memory leak for detached NAPI queue (CVE-2023-53685 bsc#1251770).
- commit 31c92c0
- netfilter: ebtables: fix table blob use-after-free
(CVE-2023-54243 bsc#1255908).
- commit 57c9b49
- drm/amdgpu: Fix PCI device refcount leak in
amdgpu_atrm_get_bios() (CVE-2022-50760 bsc#1255983).
- commit 96c5417
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex (CVE-2025-68354 bsc#1255553).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb() (CVE-2025-68362 bsc#1255611).
- commit d84610d
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839).
- commit e6047b6
- Bluetooth: hci_sock: Prevent race in socket write iter and
sock bind (CVE-2025-68305 bsc#1255169).
- platform/x86: intel: punit_ipc: fix memory corruption
(CVE-2025-68303 bsc#1255122).
- commit d0d5ae8
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (CVE-2023-54048 bsc#1256395)
- commit 58a38ef
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (bsc#1256386)
- commit 2e95e1a
- hwrng: amd - Fix PCI device refcount leak (CVE-2022-50868 bsc#1256386)
- commit fbdd4ab
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (CVE-2022-50885 bsc#1256122)
- commit 1101dce
- RDMA/rxe: Fix the error caused by qp->sk (bsc#1256122)
- commit 36a77a8
- acct: fix potential integer overflow in encode_comp_t() (CVE-2022-50749 bsc#1256191)
- commit c31a201
- configfs: fix possible memory leak in configfs_create_dir() (CVE-2022-50751 bsc#1256184)
- commit 82a1812
- configfs: factor dirent removal into helpers (bsc#1256184)
- commit bfd428d
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
(CVE-2022-50865 bsc#1256168).
- commit 5312c7e
- wifi: ath9k: hif_usb: fix memory leak of urbs in
ath9k_hif_usb_dealloc_tx_urbs() (CVE-2022-50740 bsc#1256155).
- commit 3700208
- regulator: core: fix unbalanced of node refcount in
regulator_dev_lookup() (CVE-2022-50887 bsc#1256125).
- commit 689f145
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
(CVE-2022-50881 bsc#1256130).
- ath9k: Fix typo in function name (CVE-2022-50881 bsc#1256130).
- commit 807e5b2
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (CVE-2022-50880 bsc#1256132).
- commit 7101b87
- ALSA: line6: fix stack overflow in line6_midi_transmit
(CVE-2022-50719 bsc#1255939).
- commit 690b0fb
- nvme-pci: fix mempool alloc size (CVE-2023-50756 bsc#1256216).
- blacklist.conf:
- commit 85846d9
- ipv6: Fix potential uninit-value access in __ip6_make_skb()
(CVE-2023-54265 bsc#1255874).
- commit 0377cad
- ipv6: Fix an uninit variable access bug in __ip6_make_skb()
(CVE-2023-54265 bsc#1255874).
- commit dbe2f65
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit d531007
- vc_screen: reload load of struct vc_data pointer in vcs_write()
to avoid UAF (CVE-2023-53747 bsc#1254572).
- tty: serial: imx: disable Ageing Timer interrupt request irq
(CVE-2023-54287 bsc#1255804).
- commit 926f469
- Refresh
patches.suse/mm-hugetlb-fix-UAF-in-hugetlb_handle_userfault.patch.
Add a missing hunk which caused bsc#1256684.
- commit 85d641b
- nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844
CVE-2022-50717).
- nvmet-tcp: Fix NULL dereference when a connect data comes in
h2cdata pdu (bsc#1255844).
- commit b013137
- net: usb: qmi_wwan: initialize MAC header offset in
qmimux_rx_fixup (CVE-2025-68192 bsc#1255246).
- commit 359aab7
- HID: uclogic: Add NULL check in uclogic_input_configured()
(CVE-2023-54207 bsc#1255961).
- commit 8eae399
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131).
- commit 8a432e1
- HID: uclogic: Correct devm device reference for hidinput
input_dev name (CVE-2023-54207 bsc#1255961).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
(CVE-2022-50716 bsc#1255839).
- commit 8f729ac
- usb: storage: sddr55: Reject out-of-bound new_pba
(CVE-2025-40345 bsc#1255279).
- commit 2c4371e
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: rds: don't hold sock lock when cancelling work from
rds_tcp_reset_callbacks() (CVE-2022-50676 bsc#1254689).
- commit 8bbfbbe
- kABI fix for net: fix stack overflow when LRO is disabled for
virtual interfaces (CVE-2023-54012 bsc#1255571).
- commit 184711d
- net: fix stack overflow when LRO is disabled for virtual
interfaces (CVE-2023-54012 bsc#1255571).
- commit 3c3bd51
- Remove patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (bsc#1256516)
This patch regresses fbcon output. We'll re-merge when the fix is ready.
- commit 394393a
- Bluetooth: Fix race condition in hidp_session_thread
(CVE-2023-54120 bsc#1256133).
- commit 5460154
- Update bug reference for patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch (bsc#1251738)
- commit d91a743
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
(CVE-2023-53819 bsc#1254712).
- Refresh
patches.suse/0001-drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch.
- commit 7ec6aaf
- mm: hugetlb: fix UAF in hugetlb_handle_userfault (CVE-2022-50630
bsc#1254785).
- commit a1aa6ca
- Update
patches.suse/0002-drm-client-Fix-memory-leak-in-drm_client_target_clon.patch
(bsc#1152446 CVE-2023-54091 bsc#1256274).
- Update
patches.suse/PCI-Fix-pci_device_is_present-for-VFs-by-checking-PF.patch
(git-fixes CVE-2022-50636 bsc#1254645).
- Update
patches.suse/RDMA-mlx4-Prevent-shift-wrapping-in-set_user_sq_size.patch
(git-fixes CVE-2023-54168 bsc#1256053).
- Update
patches.suse/Revert-Bluetooth-btsdio-fix-use-after-free-bug-in-bt.patch
(git-fixes CVE-2023-54197 bsc#1255969).
- Update
patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch
(git-fixes CVE-2022-50821 bsc#1256242).
- Update patches.suse/USB-sisusbvga-Add-endpoint-checks.patch
(git-fixes CVE-2023-54213 bsc#1255953).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch-e1d09c2c
(bsc#1226846 CVE-2023-54226 bsc#1255841).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 bsc#1225203 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch
(git-fixes CVE-2023-54224 bsc#1255951).
- Update
patches.suse/btrfs-fix-race-when-deleting-quota-root-from-the-dir.patch
(git-fixes CVE-2023-54032 bsc#1255617).
- Update
patches.suse/cifs-Fix-lost-destroy-smbd-connection-when-MR-allocate-failed.patch
(bsc#1190317 CVE-2023-54260 bsc#1255878).
- Update
patches.suse/cifs-Fix-the-error-length-of-VALIDATE_NEGOTIATE_INFO-message.patch
(bsc#1190317 CVE-2022-50859 bsc#1256172).
- Update
patches.suse/cifs-Fix-xid-leak-in-cifs_copy_file_range-.patch
(bsc#1190317 CVE-2022-50643 bsc#1254631).
- Update
patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch
(git-fixes CVE-2023-54317 bsc#1255771).
- Update
patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch
(git-fixes CVE-2023-53786 bsc#1254916).
- Update
patches.suse/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-bo.patch
(bsc#1207620 CVE-2022-50638 bsc#1255469).
- Update
patches.suse/ext4-fix-deadlock-due-to-mbcache-entry-corruption.patch
(bsc#1207653 CVE-2022-50668 bsc#1254763).
- Update
patches.suse/ext4-set-goal-start-correctly-in-ext4_mb_normalize_r.patch
(bsc#1214940 CVE-2023-54021 bsc#1255600).
- Update
patches.suse/ext4-silence-the-warning-when-evicting-inode-with-di.patch
(bsc#1206889 CVE-2022-50730 bsc#1256048).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-bug.patch
(git-fixes CVE-2023-54264 bsc#1255872).
- Update patches.suse/hfs-Fix-OOB-Write-in-hfs_asc2mac.patch
(git-fixes CVE-2022-50747 bsc#1256432).
- Update
patches.suse/hfs-fix-missing-hfs_bnode_get-in-__hfs_bnode_create.patch
(git-fixes CVE-2023-53862 bsc#1254994).
- Update
patches.suse/hfs-hfsplus-avoid-WARN_ON-for-sanity-check-use-prope.patch
(git-fixes CVE-2023-54130 bsc#1256114).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(git-fixes CVE-2023-54070 bsc#1256364).
- Update
patches.suse/inotify-Avoid-reporting-event-with-invalid-wd.patch
(bsc#1213025 CVE-2023-54119 bsc#1256349).
- Update
patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch
(git-fixes CVE-2022-50677 bsc#1254692).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch
(bsc#1207088 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/l2tp-Avoid-possible-recursive-deadlock-in-l2tp_tunne.patch
(CVE-2023-53020 bsc#1240224 CVE-2023-53809 bsc#1254722).
- Update
patches.suse/md-raid1-stop-mdx_raid1-thread-when-raid1-array-run-failed-b611.patch
(git-fixes CVE-2022-50715 bsc#1255749).
- Update
patches.suse/md-raid10-fix-memleak-for-conf-bio_split-c9ac.patch
(git-fixes CVE-2023-54123 bsc#1256142).
- Update
patches.suse/md-raid10-fix-memleak-of-md-thread-f0dd.patch
(git-fixes CVE-2023-54294 bsc#1255802).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-in-raid10_sync_request-a405.patch
(git-fixes CVE-2023-53832 bsc#1254671).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-usb-siano-Fix-use-after-free-bugs-caused-by-do.patch
(bsc#1213969 CVE-2023-4132 CVE-2023-54270 bsc#1255901).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_FRAGS.patch
(git-fixes CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-ieee802154-don-t-warn-zero-sized-raw_sendmsg.patch
(CVE-2022-49975 bsc#1245196 CVE-2022-50706 bsc#1255581).
- Update
patches.suse/orangefs-Fix-kmemleak-in-orangefs_prepare_debugfs_help_string.patch
(git-fixes CVE-2022-50779 bsc#1256423).
- Update
patches.suse/perf-x86-intel-uncore-Fix-reference-count-leak-in-snr_uncore_mmio_map.patch
(jsc#PED-5023 bsc#1211439 (git-fixes) CVE-2022-50615
bsc#1254580).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1065729 CVE-2023-54017 bsc#1255605).
- Update
patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch
(bsc#1065729 CVE-2022-50870 bsc#1256154).
- Update
patches.suse/pstore-Avoid-kcore-oops-by-vmap-ing-with-VM_IOREMAP.patch
(git-fixes CVE-2022-50849 bsc#1256193).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1214962 CVE-2023-54177 bsc#1255993).
- Update
patches.suse/s390-lcs-Fix-return-type-of-lcs_start_xmit.patch
(git-fixes bsc#1212173 CVE-2022-50728 bsc#1256046).
- Update
patches.suse/s390-vfio-ap-fix-memory-leak-in-vfio_ap-device-drive.patch
(git-fixes CVE-2023-53746 bsc#1254617).
- Update
patches.suse/scsi-hpsa-Fix-possible-memory-leak-in-hpsa_init_one.patch
(git-fixes CVE-2022-50646 bsc#1254634).
- Update patches.suse/scsi-ipr-Fix-WARNING-in-ipr_init.patch
(git-fixes CVE-2022-50850 bsc#1256194).
- Update
patches.suse/scsi-lpfc-Fix-ioremap-issues-in-lpfc_sli4_pci_mem_setup.patch
(git-fixes CVE-2023-53754 bsc#1254609).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handling.patch
(git-fixes CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1213747 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_bsg_to.patch
(bsc#1213747 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch
(bsc#1208570 CVE-2023-54108 bsc#1256355).
- Update
patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_enclosure_data_process.patch
(git-fixes CVE-2023-53803 bsc#1255165).
- Update
patches.suse/scsi-snic-Fix-possible-UAF-in-snic_tgt_create.patch
(git-fixes CVE-2022-50840 bsc#1256208).
- Update
patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_change_pm.patch
(CVE-2023-53176 bsc#1249991 CVE-2023-54220 bsc#1255949).
- Update
patches.suse/tpm-tpm_tis-Add-the-missed-acpi_put_table-to-fix-mem.patch
(bsc#1082555 CVE-2022-50824 bsc#1256334).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx.patch
(bsc#1082555 CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_disable.patch
(git-fixes bsc#1217036 CVE-2023-54211 bsc#1255843).
- Update patches.suse/udf-Avoid-double-brelse-in-udf_rename.patch
(bsc#1213032 CVE-2022-50755 bsc#1256199).
- Update
patches.suse/usb-early-xhci-dbc-Fix-a-potential-out-of-bound-memo.patch
(git-fixes CVE-2023-53840 bsc#1254709).
- Update
patches.suse/usb-idmouse-fix-an-uninit-value-in-idmouse_open.patch
(git-fixes CVE-2022-50733 bsc#1256064).
- Update
patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
(CVE-2023-23559 bsc#1207051 CVE-2023-54110 bsc#1256353).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_check_.patch
(git-fixes CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-typec-altmodes-displayport-fix-pin_assignment_sh.patch
(git-fixes CVE-2023-54186 bsc#1255985).
- Update
patches.suse/x86-kexec-Fix-double-free-of-elf-header-buffer.patch
(git-fixes CVE-2022-49546 bsc#1238750 CVE-2023-54146
bsc#1256091).
- Update
patches.suse/x86-xen-Fix-memory-leak-in-xen_init_lock_cpu.patch
(git-fixes CVE-2022-50761 bsc#1256062).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit f394de5
- ext4: fix deadlock when converting an inline directory in
nojournal mode (bsc#1255773 CVE-2023-54311).
- commit a558ce8
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit e43869a
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit 3da8d7a
- Update
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch
(bsc#1213287, CVE-2023-20569, bsc#1256129, CVE-2022-50879).
- commit 63563aa
- dm cache: free background tracker's queued work in
btracker_destroy (CVE-2023-53765, bsc#1254912).
- commit b7e0246
- drm/amdgpu: Fix potential NULL dereference (bsc#1251238)
- commit d24edfc
- drm/amdgpu: Fix size validation for non-exclusive domains (v4) (CVE-2022-50527 bsc#1251738)
- commit 256fea7
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (CVE-2022-50678 bsc#1254902)
- commit 667f172
- mmc: core: Fix kernel panic when remove non-standard SDIO card (CVE-2022-50640 bsc#1254686)
Refresh patches/patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch for context.
- commit 86efd5b
- nfc: pn533: Clear nfc_target before being used (CVE-2022-50656 bsc#1254745)
- commit 7246feb
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (CVE-2025-40275 bsc#1254829)
- commit 8d37c6b
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit 51664e0
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: stmmac: Correctly handle Rx checksum offload errors
(CVE-2025-40337 bsc#1255081).
- iavf: use internal state to free traffic IRQs (CVE-2023-53850
bsc#1254677).
- net/net_failover: fix txq exceeding warning (CVE-2023-54236
bsc#1255922).
- commit ab9819b
- Bluetooth: L2CAP: Fix potential user-after-free (CVE-2023-54214
bsc#1255954).
- commit 99d8a13
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
backtrace (CVE-2023-54286 bsc#1255803).
- commit 119b74e
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
(CVE-2023-53788 bsc#1254917).
- commit d36df4f
- media: mediatek: vcodec: Fix potential array out-of-bounds in
decoder queue_setup (CVE-2023-53748 bsc#1254907).
- commit 31217ab
- Revert "btrfs: tree-checker: Refactor root key check into separate function (bsc#1251748)"
This reverts commit b60efb96f6512618cec7832baf77ad7d368cfc95.
- commit e85541c
- Revert "btrfs: reject invalid reloc tree root keys with stack dump (CVE-2023-53618 bsc#1251748)"
This reverts commit 1015f12fd5cca42dd5f38e97a308eeefc26f2dc5.
- commit 6191ab1
- Refresh patches.suse/ipv6-use-RCU-in-ip6_xmit.patch (bsc#1255959)
- commit 73489ad
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094 CVE-2025-40323)
- commit 33a4327
- wifi: ath9k: avoid referencing uninit memory in
ath9k_wmi_ctrl_rx (CVE-2023-54300 bsc#1255790).
- commit 2e30457
- fbdev: bitblit: bound-check glyph index in bit_putcs* (bsc#1255092 CVE-2025-40322)
- commit 66bfa5a
- wifi: ath10k: Delay the unmapping of the buffer (CVE-2022-50700
bsc#1255576).
- commit f2d1c9b
- kabi/severities: ignore kABI breakage in atheros WiFi
Extend kABI severity quirks to tot only ath9k but other atheros WiFi drivers
Those symbols are only used locally, hence not for 3rd parties
- commit 3e22274
- Bluetooth: bcsp: receive data only if registered (CVE-2025-40308
bsc#1255064).
- commit 68b7fd3
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
(CVE-2025-40269 bsc#1255035).
- commit 3a18895
- wifi: brcmfmac: fix crash while sending Action Frames in
standalone AP Mode (CVE-2025-40321 bsc#1254795).
- commit 807acc6
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit dacd4a6
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (bsc#1255034 CVE-2025-40304)
- commit c06cf4e
- sctp: avoid NULL dereference when chunk data buffer is missing
(CVE-2025-40240 bsc#1254869).
- commit 65c4aba
- hfs: validate record offset in hfsplus_bmap_alloc
(CVE-2025-40349 bsc#1255280).
- commit f2d5c12
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
(CVE-2025-40351 bsc#1255281).
- commit 726272a
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
bsc#1256730).
- commit e14b3fc
- ring-buffer: Do not swap cpu_buffer during resize process
(CVE-2023-53718 bsc#1252564).
- commit dde7681
- Move BPF kABI workarounds to the correct section
The kABI workaround for BPF backports are place at the end of
series.conf with the assumption that the "kABI consistency patches" is
at the end of series.conf. However that is not the case for SLE12-SP5.
Move them to under "kABI consistency patches".
- commit e8306c5
- Move kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch to patches.kabi
The kABI workaround was accidentally placed into patches.suse directly
by mistake, move it to the patches.kabi directory, where kABI workaround
should live.
- commit e2454a0
- kABI workaround for bpf: Enforce expected_attach_type for
tailcall compatibility (CVE-2025-40123 bsc#1253365).
- commit 15f8c57
- bpf: Enforce expected_attach_type for tailcall compatibility
(CVE-2025-40123 bsc#1253365).
- commit 0d4312e
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
(bsc#1246370 CVE-2025-38336).
- commit bc71668
- hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent() (CVE-2025-40244 bsc#1255033).
- commit 4a719f8
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit ffc47ed
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit e87e362
- kabi: hide include of <net/lwtunnel.h> in include/net/ip.h
(CVE-2025-40074 bsc#1252794).
- commit 22c64b3
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402).
- commit 38b553a
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 5962377
- tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (CVE-2025-40149 bsc#1253355).
- commit 9e73f75
- smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427).
- commit 0dd4401
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- commit 7f84325
- smc: Fix use-after-free in __pnet_find_base_ndev()
(CVE-2025-40064 bsc#1252845).
- commit a90974f
- tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795).
- commit b2b82f1
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit c6c59c0
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 89f66e5
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit 1204669
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 41c00f2
- kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794).
- ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794).
- ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342).
- net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794).
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40074 bsc#1252794).
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074
bsc#1252794).
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40074 bsc#1252794).
- ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794).
- refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40074 bsc#1252794).
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40074 bsc#1252794).
- net: dst: annotate data-races around dst->output (CVE-2025-40074
bsc#1252794).
- net: dst: annotate data-races around dst->input (CVE-2025-40074
bsc#1252794).
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40074 bsc#1252794).
- net: dst: annotate data-races around dst->expires
(CVE-2025-40074 bsc#1252794).
- refresh patches.suse/ipv4-use-RCU-protection-in-__ip_rt_update_pmtu.patch
also use backport closer to mainline commit to make further backports easier
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40074 bsc#1252794).
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40074 bsc#1252794).
- tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794).
- ndisc: ndisc_send_redirect() cleanup (CVE-2025-40074
bsc#1252794).
- ipv4: icmp: convert to dev_net_rcu() (CVE-2025-40074
bsc#1252794).
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40074 bsc#1252794).
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu (CVE-2022-49604 CVE-2025-40074
bsc#1238414 bsc#1252794).
- blacklist.conf: remove 60c158dc7b1f from blacklist
it was blacklisted as unneeded but now we need it as a prerequisity for
the CVE-2025-40074 / bsc#1252794 series
- refresh patches.suse/ipv4-use-RCU-protection-in-ip_dst_mtu_maybe_forward.patch
- ip: Fix data-races around sysctl_ip_default_ttl (CVE-2025-40074
bsc#1252794).
- refresh patches.suse/ipv4-add-RCU-protection-to-ip4_dst_hoplimit.patch
use backport closer to mainline version to make further backports easier
- ipv6: ip6_skb_dst_mtu() cleanups (CVE-2025-40074 bsc#1252794).
- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward
(CVE-2025-40074 bsc#1252794).
- refresh patches.suse/ipv4-use-RCU-protection-in-ip_dst_mtu_maybe_forward.patch
- commit 7269666
- btrfs: reject invalid reloc tree root keys with stack dump (CVE-2023-53618 bsc#1251748)
- commit 1015f12
- btrfs: tree-checker: Refactor root key check into separate function (bsc#1251748)
Refresh patches.suse/btrfs-tree-checker-fix-false-alert-caused-by-legacy-.patch.
- commit b60efb9
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 71c7413
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 59e6618
- smc: Fix use-after-free in tcp_write_timer_handler()
(CVE-2023-53781 bsc#1254751).
- commit bf67dae
- cifs: fix potential use-after-free bugs in
TCP_Server_Info::hostname (bsc#1254986, CVE-2023-53751).
- commit 14c9faa
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling
SR-IOV (CVE-2025-40219 bsc#1254518).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register
(CVE-2022-50625 bsc#1254559).
- commit 4c61e27
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid
UAF (CVE-2025-40283 bsc#1254858).
- commit 4b3fb60
- smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256,
CVE-2025-38728).
- commit 9fb41f0
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431
CVE-2025-38085 bsc#1245499).
- commit f2cb81d
- HID: multitouch: Add NULL check in mt_input_configured (bsc#1250759)
- commit 9963a0f
- mm/hugetlb: fix folio is still mapped when deleted
(CVE-2025-40006 bsc#1252342).
- commit 79253cf
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (CVE-2025-40153 bsc#1253408).
- commit 174ebb8
- usbnet: Fix using smp_processor_id() in preemptible code
warnings (CVE-2025-40164 bsc#1253407).
- commit b10a5dd
- Disable CONFIG_CPU5_WDT
The cpu5wdt driver doesn't implement a proper watchdog interface and
has many code issues. It only handles obscure and obsolete hardware.
Stop building and supporting this driver (jsc#PED-14062).
- commit 12d0d02
- ext4: fix string copying in parse_apply_sb_mount_options()
(bsc#1253453 CVE-2025-40198).
- commit a350880
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 5b1fcbf
- ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options() (bsc#1253453 CVE-2025-40198).
- commit f93c3a5
- net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808)
- commit 4dfabf1
- pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463)
- commit 80993d6
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
(CVE-2025-40110 bsc#1253275).
- commit 78a9e64
- Squashfs: reject negative file sizes in squashfs_read_inode() (CVE-2025-40200 bsc#1253448)
- commit ce2cf29
- Squashfs: add additional inode sanity checking (bsc#1253448)
- commit dda3d33
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (CVE-2025-40035 bsc#1252866)
- commit 27315ae
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776)
- commit dc2cb58
- mozilla-nss
-
- update to NSS 3.112.3
* bmo#2009552 - avoid integer overflow in platform-independent ghash
- util-linux
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- openssl-1_0_0
-
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* CVE-2026-31791: NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31791.patch
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22796.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
- libpng12
-
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng12-CVE-2026-25646.patch
- google-guest-configs
-
- Update to version 20260116.00 (bsc#1256906)
* set_multiqueue: Only set XPS on "multinic accelerator platforms"
- Update to version 20260112.00
* Make c4x a "multinic accelerator platform"
* Merge pull request #140 from a-r-n:xps-many-numa
* set_multiqueue xps: stop assuming 2 numa nodes
* Merge pull request #137 from a-r-n:a4x-pick
* Add IDPF irq setting; improve a4x-max performance
* Merge pull request #133 from a-r-n:master
* Allow test injection of the root directory and metadata server endpoint
* add nic naming support for connextx VF in baremetal
* bugfix for idpf only rename got skipped.
* add a4x-max to google_set_multiqueue is_multinic_accelerator_platform
* remove unnecessary link up and down
* fix inconsistent NIC index between smart NICs and GPU NICs.
- Mark %{_modprobedir}/gce-blacklist.conf as %config(noreplace) (bsc#1198323)
- Update to version 20251014.00
* No public description
- Update to version 20250913.00
* Swap guest-config rule from checking the build VM OS to taking
in a variable for target version
- from version 20250905.00
* No public description
- from version 20250826.00
* Merge pull request #119 from bk202:master
* Moved tx/rx IRQ logging after assignment
* Fix core assignment in set_irq_range
* Correct IRQ tx/rx affinity core assignment
- Update to version 20250807.00
* Merge pull request #96 from rjschwei:noDupMetaData
* Avoid duplicate entries for the metadata server in /etc/hosts
- Drop ggc-no-dup-metasrv-entry.patch, merged upstream
- Update to version 20250709.00
* Add comments in scripts to document the behavior in google
hostname setting.
* Always use primary NIC IP for NetworkManager dispatcher hook.
- from version 20250626.00
* Fix spelling error: "explicilty" -> "explicitly"
- Update to version 20250605.00
* Merge pull request (#112) from bk202:liujoh_416067717
* Added comment to the bitmap conversion functions
* Remove IRQ affinity overwrite to XPS affinity
* Update XPS affinity to assign the remaining unassigned CPUs
to the last queue when populating the last queue
* Fix set_xps_affinity to correctly parse cpus array
* Update XPS CPU assignment logic
* Update CPU assignment algorithm in XPS affinity
* Remove commented code
* Update XPS affinity vCPU distribution algorithm s.t. the vCPUs assigned
to a queue are on the same core - fixed IRQ affinity on NUMA1 not using
the correct bind_cores_index
* Fixed NUMA comparison error in set_xps_affinity
* Update XPS affinity setup to be NUMA aware and support 64 bit CPU mask
calculation
- from version 20250604.00
* Merge pull request (#114) from bk202:liujoh_irq_affinity_bug_fix
* Bug fix: bind_cores_begin -> bind_cores_index
* Name smart NICs in lexicographic order
- Run %postun to modify %{_sysconfdir}/sysconfig/network/ifcfg-eth0
during uninstall only to avoid removal of POST_UP_SCRIPT on upgrade
- gpg2
-
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- Security fix: [bsc#1256390] (gpg.fail/notdash)
* gpg2: Cleartext Signature Forgery in the NotDashEscaped header
implementation in GnuPG
* Add patch gnupg-notdash-escape.patch
* Add parse_compat_flags.patch
* Add compat_flags_base.patch
- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
* gpg: Fix possible memory corruption in the armor parser [T7906]
* Add gnupg-CVE-2025-68973.patch
- Security fix: [bsc#1256244] (gpg.fail/detached)
* gpg: Error out on unverified output for non-detached signatures [T7903]
* Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
- rsync
-
- Fix bsc#1252351
* Fix order of cihpers in rsync-fix-daemon-proto-32.patch
* rsync client from SLES 12SP5 LTSS fails with "auth failed on module" after installing rsync-3.1.3-3.31.1
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- Sync version 3.51.2 from Factory:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* bsc#1254670, CVE-2025-7709: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- perl-XML-Parser
-
- added patches
CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901)
* perl-XML-Parser-CVE-2006-10002.patch
CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902)
* perl-XML-Parser-CVE-2006-10003.patch
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch