suse-sles-15-sp6-v20260203-x86_64-ltd Package Source Changes

glib2

- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
  in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
  glgo#GNOME/glib#3851).

openssl-1_1

- Security fixes:
  * Missing ASN1_TYPE validation in PKCS#12 parsing
  * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
  - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
  * Missing ASN1_TYPE validation in TS_RESP_verify_response() function
  - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
  * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
  - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
  * Heap out-of-bounds write in BIO_f_linebuffer on short writes
  - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
  * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
  - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
  * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
  - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]

openssl-3

- Security fixes:
  * Missing ASN1_TYPE validation in PKCS#12 parsing
  - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
  * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
  - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
  * Missing ASN1_TYPE validation in TS_RESP_verify_response() function
  - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
  * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
  - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
  * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
  - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
  * Heap out-of-bounds write in BIO_f_linebuffer on short writes
  - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
  * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
  - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
  * Stack buffer overflow in CMS AuthEnvelopedData parsing
  - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
  - openssl-CVE-2025-15467-comments.patch
  - openssl-CVE-2025-15467-test.patch

libpng16

- security update
- added patches
  CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
  CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
  * libpng16-CVE-2025-28162,28164.patch

python311

- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
  CVE-2025-13836) to prevent reading an HTTP response from
  a server, if no read amount is specified, with using
  Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
  behavior in node ID cache clearing (CVE-2025-12084,
  bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
  against OOM when loading malicious content (CVE-2025-13837,
  bsc#1254401).

python-certifi

- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-idna

- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-importlib-metadata

- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-packaging

- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-pycparser

- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-pytz

- Add python36-pytz provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-py

- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-requests

- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

python-six

- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012

supportutils

- Changes to version 3.2.12
  + Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
  + Run in containers without errors (bsc#1245667, PR#272)
  + Removed pmap PID from memory.txt (bsc#1246011, PR#263)
  + Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
  + Improved database perforce with kGraft patching (bsc#1249657, PR#273)
  + Using last boot for journalctl for optimization (bsc#1250224, PR#287)
  + Fixed extraction failures (bsc#1252318, PR#275)
  + Update supportconfig.conf path in docs (bsc#1254425, PR#281)
  + drm_sub_info: Catch error when dir doesn't exist (PR#265)
  + Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
  + Add process affinity to slert logs (PR#269)
  + Reintroduce cgroup statistics (and v2) (PR#270)
  + Minor changes to basic-health-check: improve information level (PR#271)
  + Collect important machine health counters (PR#276)
  + powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
  + podman: collect podman disk usage (PR#279)
  + Exclude binary files in crondir (PR#282)
  + kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
  + Use short-iso for journalctl (PR#288)

- Changes to version 3.2.11
  + Collect rsyslog frule files (bsc#1244003, pr#257)
  + Remove proxy passwords (bsc#1244011, pr#257)
  + Missing NetworkManager information (bsc#1241284, pr#257)
  + Include agama logs bsc#1244937, pr#256)
  + Additional NFS conf files (pr#253)
  + New fadump sysfs files (pr#252)
  + Fixed change log dates

xen

- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
  with shadow paging + tracing (XSA-477)
  xsa477.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
  for vCPU isolation (XSA-479)
  xsa479.patch