sles-sap-15-sp4-hardened-v20260519-x86-64 Package Source Changes

000release-packages:SLES_SAP-release

n/a

kernel-default

- kabi assert: ptrace: slightly saner 'get_dumpable()' logic
  (bsc#1265308).
- kabi: ptrace: slightly saner 'get_dumpable()' logic
  (bsc#1265308).
- commit ac38eb1

- ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
- commit 5ad1196

- io-wq: check that the predecessor is hashed in
  io_wq_remove_pending() (git-fixes).
- commit 4cb695b

- x86/CPU/AMD: Prevent improper isolation of shared resources
  in Zen2's op cache (bsc#1264013 CVE-2025-54518).
- commit 7d7d368

- net: skbuff: propagate shared-frag marker through pskb_copy()
  (CVE-2026-46300 bsc#1265209).
- commit 01ffac9

- supported.conf: drop rxrpc and af_kfs (bsc#1264450)
- commit b263ed0

- xfrm: esp: avoid in-place decrypt on shared skb frags
  (bsc#1264449).
- commit 0affe48

dracut

- Update to version 055+suse.362.ge7032140:
  * fix: make iso-scan trigger udev events (bsc#1261274)

google-cloud-sap-agent

- Add CVE-2026-34986.patch to fix crafted JWE input with a missing encrypted
  key can lead to a denial of service (bsc#1262936, CVE-2026-34986)

grub2

- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
  * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
  * grub2-btrfs-09-get-default-subvolume.patch

haveged

- add CVE-2026-41054.patch (bsc#1264086, CVE-2026-41054)

freeipmi

- bsc#1260414 - CVE-2026-33554:
  freeipmi: improper memory handling and data validation can lead
  A ipmi-oem-fix-several-memory-out-of-bounds-errors.patch

Mesa

- bsc1261998-CVE-2026-40393-nir-Use-STACK_ARRAY-instead-of-NIR_VLA.patch
  bsc1261998-CVE-2026-40393-spirv-Use-STACK_ARRAY-instead-of-NIR_VLA.patch
  * Mesa: out-of-bounds memory access can occur in WebGPU because
    the amount of to-be-allocated data depends on an untrusted
    party (bsc#1261998, CVE-2026-40393)

mozjs60

- Add security fixes:
  + mozjs60-CVE-2026-32776.patch (bsc#1259728 CVE-2026-32776)
  + mozjs60-CVE-2026-32777.patch (bsc#1259713 CVE-2026-32777)
  + mozjs60-CVE-2026-32778.patch (bsc#1259731 CVE-2026-32778)

NetworkManager

- Add NetworkManager-CVE-2025-9615.patch: avoid that non-admin user
  using other users' certificates
  (bsc#1257359, CVE-2025-9615, glfd#NetworkManager/NetworkManager!2324).

tiff

- * CVE-2026-4775: Signed integer overflow in putcontig8bitYCbCr44tile (bsc#1260411)
    Add tiff-CVE-2026-4775.patch

000release-packages:sle-ha-release

n/a

000release-packages:sle-module-basesystem-release

n/a

000release-packages:sle-module-containers-release

n/a

000release-packages:sle-module-desktop-applications-release

n/a

000release-packages:sle-module-development-tools-release

n/a

000release-packages:sle-module-live-patching-release

n/a

000release-packages:sle-module-public-cloud-release

n/a

000release-packages:sle-module-python3-release

n/a

000release-packages:sle-module-sap-applications-release

n/a

000release-packages:sle-module-server-applications-release

n/a

000release-packages:sle-module-web-scripting-release

n/a

suse-build-key

- import all keys if they are not yet in the RPM db.

- Added post quantum cryptographic keys for SLES 15 and SLES 16.
  - build-pqc-15.pem
  - build-pqc-16.pem