From sle-container-updates at lists.suse.com Sat Nov 1 08:07:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:07:43 +0100 (CET) Subject: SUSE-CU-2025:7838-1: Recommended update of bci/bci-busybox Message-ID: <20251101080743.0750CF780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7838-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.41.2 Container Release : 41.2 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:08:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:08:12 +0100 (CET) Subject: SUSE-CU-2025:7839-1: Recommended update of bci/bci-micro Message-ID: <20251101080812.C1528F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7839-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.53.13 Container Release : 53.13 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-bci-base-15.6-f74ef9ec04860ce6d64c6a0557b0176c37f22cf1484dff9da1ac0f0b5c04b082-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:08:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:08:47 +0100 (CET) Subject: SUSE-CU-2025:7840-1: Recommended update of bci/bci-minimal Message-ID: <20251101080847.255ABF780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7840-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.44.3 Container Release : 44.3 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:09:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:09:41 +0100 (CET) Subject: SUSE-CU-2025:7841-1: Recommended update of suse/mariadb Message-ID: <20251101080941.401DCF780@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7841-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.14 , suse/mariadb:10.11.14-75.3 Container Release : 75.3 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:12:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:12:00 +0100 (CET) Subject: SUSE-CU-2025:7842-1: Recommended update of suse/sle15 Message-ID: <20251101081200.68A56F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7842-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.5 , suse/sle15:15.6 , suse/sle15:15.6.47.26.5 Container Release : 47.26.5 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:12:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:12:09 +0100 (CET) Subject: SUSE-CU-2025:7843-1: Recommended update of bci/bci-busybox Message-ID: <20251101081209.B1702F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7843-1 Container Tags : bci/bci-busybox:15.7 , bci/bci-busybox:15.7-15.3 , bci/bci-busybox:latest Container Release : 15.3 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:13:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:13:41 +0100 (CET) Subject: SUSE-CU-2025:7848-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251101081341.2C329F780@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7848-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-68.4 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 68.4 Severity : important Type : security References : 1226308 1241219 1245199 1251137 1251263 1251263 1251264 CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11713 CVE-2025-11714 CVE-2025-11715 CVE-2025-3576 CVE-2025-59728 CVE-2025-7700 CVE-2025-9187 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3715-1 Released: Wed Oct 22 09:11:23 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1226308,1251137,CVE-2025-59728,CVE-2025-7700 This update for ffmpeg-4 fixes the following issues: - CVE-2025-59728: allocated space for the appended '/' (bsc#1251137) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3775-1 Released: Fri Oct 24 14:23:37 2025 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1251263,CVE-2025-11708,CVE-2025-11709,CVE-2025-11710,CVE-2025-11711,CVE-2025-11712,CVE-2025-11713,CVE-2025-11714,CVE-2025-11715 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263). - CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() - CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures - CVE-2025-11710: Cross-process information leaked due to malicious IPC messages - CVE-2025-11711: Some non-writable Object properties could be modified - CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type - CVE-2025-11713: Potential user-assisted code execution in ???Copy as cURL??? command - CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 - CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - krb5-1.20.1-150600.11.14.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - libavutil56_70-4.4.6-150600.13.33.1 updated - libswresample3_9-4.4.6-150600.13.33.1 updated - libavcodec58_134-4.4.6-150600.13.33.1 updated - MozillaFirefox-140.4.0-150200.152.207.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:13:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:13:51 +0100 (CET) Subject: SUSE-CU-2025:7849-1: Recommended update of bci/bci-micro-fips Message-ID: <20251101081351.C15A1F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7849-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-12.10 , bci/bci-micro-fips:latest Container Release : 12.10 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:13:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:13:59 +0100 (CET) Subject: SUSE-CU-2025:7850-1: Recommended update of bci/bci-micro Message-ID: <20251101081359.5BF6BF780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7850-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-50.10 , bci/bci-micro:latest Container Release : 50.10 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:14:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:14:07 +0100 (CET) Subject: SUSE-CU-2025:7851-1: Recommended update of bci/bci-minimal Message-ID: <20251101081407.B7139F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7851-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-16.3 , bci/bci-minimal:latest Container Release : 16.3 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:14:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:14:42 +0100 (CET) Subject: SUSE-CU-2025:7853-1: Security update of bci/openjdk Message-ID: <20251101081442.F2C47F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7853-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-12.5 Container Release : 12.5 Severity : important Type : security References : 1245199 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - sed-4.9-150600.1.4 added - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-sysinit-3.112.2-150400.3.60.1 added - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:15:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:15:01 +0100 (CET) Subject: SUSE-CU-2025:7854-1: Security update of bci/openjdk Message-ID: <20251101081501.021EDF778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7854-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-15.6 , bci/openjdk:latest Container Release : 15.6 Severity : important Type : security References : 1245199 1246806 1251263 1252414 1252417 1252418 CVE-2025-53057 CVE-2025-53066 CVE-2025-61748 CVE-2025-9187 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3859-1 Released: Wed Oct 29 16:10:22 2025 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1246806,1252414,1252417,1252418,CVE-2025-53057,CVE-2025-53066,CVE-2025-61748 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). - CVE-2025-61748: Fixed unauthenticated attacker can achive unauthorized update, insert or delete access to some resources (bsc#1252418). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) The following package changes have been done: - sed-4.9-150600.1.4 added - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-sysinit-3.112.2-150400.3.60.1 added - java-21-openjdk-headless-21.0.9.0-150600.3.18.2 updated - java-21-openjdk-21.0.9.0-150600.3.18.2 updated - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:15:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:15:42 +0100 (CET) Subject: SUSE-CU-2025:7856-1: Recommended update of bci/php-apache Message-ID: <20251101081542.F0AD1F778@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7856-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-15.11 , bci/php-apache:latest Container Release : 15.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:16:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:16:31 +0100 (CET) Subject: SUSE-CU-2025:7859-1: Security update of suse/kiosk/pulseaudio Message-ID: <20251101081631.D03FDF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7859-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-66.12 , suse/kiosk/pulseaudio:latest Container Release : 66.12 Severity : important Type : security References : 1241219 1245199 1250232 1250304 CVE-2025-3576 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:3726-1 Released: Wed Oct 22 14:43:43 2025 Summary: Optional update for llvm19 Type: optional Severity: low References: 1250304 This update for llvm19 fixes the following issues: - Add llvm19-devel to Dev. Tools, no source changes. (bsc#1250304) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - libLLVM19-19.1.7-150700.3.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:17:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:17:57 +0100 (CET) Subject: SUSE-CU-2025:7863-1: Security update of bci/ruby Message-ID: <20251101081757.48D70F778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7863-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-17.5 , bci/ruby:latest Container Release : 17.5 Severity : important Type : security References : 1241219 1245199 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - xz-5.4.1-150600.3.3.1 added - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Sat Nov 1 08:18:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Nov 2025 09:18:34 +0100 (CET) Subject: SUSE-CU-2025:7865-1: Recommended update of suse/sle15 Message-ID: <20251101081834.E8864F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7865-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.5 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.5 , suse/sle15:latest Container Release : 5.11.5 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:03:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:03:01 +0100 (CET) Subject: SUSE-CU-2025:7866-1: Recommended update of containers/lmcache-lmstack-router Message-ID: <20251102080301.3956FF783@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7866-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.15 Container Release : 2.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:03:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:03:44 +0100 (CET) Subject: SUSE-CU-2025:7867-1: Recommended update of containers/milvus Message-ID: <20251102080344.48D36F783@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7867-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.207 Container Release : 7.207 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:05:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:05:07 +0100 (CET) Subject: SUSE-CU-2025:7868-1: Recommended update of containers/ollama Message-ID: <20251102080507.8621EF783@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7868-1 Container Tags : containers/ollama:0 , containers/ollama:0.11.4 , containers/ollama:0.11.4-10.88 Container Release : 10.88 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:06:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:06:57 +0100 (CET) Subject: SUSE-CU-2025:7869-1: Recommended update of containers/open-webui Message-ID: <20251102080657.42592F783@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7869-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.40 Container Release : 12.40 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:06:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:06:58 +0100 (CET) Subject: SUSE-CU-2025:7870-1: Recommended update of containers/open-webui-mcpo Message-ID: <20251102080658.C5FD8F783@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-mcpo ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7870-1 Container Tags : containers/open-webui-mcpo:0 , containers/open-webui-mcpo:0.0.17 , containers/open-webui-mcpo:0.0.17-1.3 Container Release : 1.3 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/open-webui-mcpo was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:07:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:07:10 +0100 (CET) Subject: SUSE-CU-2025:7871-1: Recommended update of containers/open-webui-pipelines Message-ID: <20251102080710.70267F783@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7871-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.11 Container Release : 7.11 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:07:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:07:30 +0100 (CET) Subject: SUSE-CU-2025:7872-1: Recommended update of containers/pytorch Message-ID: <20251102080730.D2CC0F783@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7872-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.12 Container Release : 3.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:08:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:08:38 +0100 (CET) Subject: SUSE-CU-2025:7875-1: Recommended update of private-registry/harbor-core Message-ID: <20251102080838.6BEFBF783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7875-1 Container Tags : private-registry/harbor-core:2.13 , private-registry/harbor-core:2.13.2 , private-registry/harbor-core:2.13.2-3.30 , private-registry/harbor-core:latest Container Release : 3.30 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:08:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:08:43 +0100 (CET) Subject: SUSE-CU-2025:7876-1: Recommended update of private-registry/harbor-db Message-ID: <20251102080843.D53B5F783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7876-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-3.31 , private-registry/harbor-db:latest Container Release : 3.31 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:08:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:08:48 +0100 (CET) Subject: SUSE-CU-2025:7877-1: Recommended update of private-registry/harbor-exporter Message-ID: <20251102080848.7E0D2F783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7877-1 Container Tags : private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2-3.30 , private-registry/harbor-exporter:latest Container Release : 3.30 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:08:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:08:52 +0100 (CET) Subject: SUSE-CU-2025:7878-1: Recommended update of private-registry/harbor-jobservice Message-ID: <20251102080852.8D160F783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7878-1 Container Tags : private-registry/harbor-jobservice:2.13 , private-registry/harbor-jobservice:2.13.2 , private-registry/harbor-jobservice:2.13.2-3.30 , private-registry/harbor-jobservice:latest Container Release : 3.30 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:09:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:09:00 +0100 (CET) Subject: SUSE-CU-2025:7879-1: Recommended update of private-registry/harbor-nginx Message-ID: <20251102080900.0FD4FF783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7879-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.70 , private-registry/harbor-nginx:latest Container Release : 2.70 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:09:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:09:07 +0100 (CET) Subject: SUSE-CU-2025:7880-1: Recommended update of private-registry/harbor-portal Message-ID: <20251102080907.955AFF783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7880-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.36 , private-registry/harbor-portal:latest Container Release : 3.36 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:09:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:09:12 +0100 (CET) Subject: SUSE-CU-2025:7881-1: Recommended update of private-registry/harbor-registry Message-ID: <20251102080912.A84DAF783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7881-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.71 , private-registry/harbor-registry:latest Container Release : 2.71 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:09:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:09:17 +0100 (CET) Subject: SUSE-CU-2025:7882-1: Recommended update of private-registry/harbor-registryctl Message-ID: <20251102080917.74474F783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7882-1 Container Tags : private-registry/harbor-registryctl:2.13 , private-registry/harbor-registryctl:2.13.2 , private-registry/harbor-registryctl:2.13.2-3.30 , private-registry/harbor-registryctl:latest Container Release : 3.30 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:09:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:09:24 +0100 (CET) Subject: SUSE-CU-2025:7883-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20251102080924.9607EF783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7883-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.68 , private-registry/harbor-trivy-adapter:latest Container Release : 2.68 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:09:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:09:28 +0100 (CET) Subject: SUSE-CU-2025:7884-1: Recommended update of private-registry/harbor-valkey Message-ID: <20251102080928.B0E8CF783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7884-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.59 , private-registry/harbor-valkey:latest Container Release : 2.59 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:18:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:18:34 +0100 (CET) Subject: SUSE-CU-2025:7888-1: Recommended update of bci/bci-base-fips Message-ID: <20251102081834.03715F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7888-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.36.14 Container Release : 36.14 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:19:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:19:31 +0100 (CET) Subject: SUSE-CU-2025:7889-1: Recommended update of bci/bci-init Message-ID: <20251102081931.32785F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7889-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.49.15 Container Release : 49.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:19:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:19:38 +0100 (CET) Subject: SUSE-CU-2025:7890-1: Recommended update of bci/bci-micro-fips Message-ID: <20251102081938.77D3CF780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7890-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.11.14 Container Release : 11.14 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 08:20:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 09:20:36 +0100 (CET) Subject: SUSE-CU-2025:7891-1: Recommended update of bci/nodejs Message-ID: <20251102082036.397D5F780@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7891-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-58.15 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-58.15 Container Release : 58.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:06:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:06:56 +0100 (CET) Subject: SUSE-CU-2025:7891-1: Recommended update of bci/nodejs Message-ID: <20251102100656.B856EF783@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7891-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-58.15 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-58.15 Container Release : 58.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:08:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:08:04 +0100 (CET) Subject: SUSE-CU-2025:7892-1: Recommended update of bci/python Message-ID: <20251102100804.0DE23F783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7892-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-75.15 Container Release : 75.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:08:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:08:42 +0100 (CET) Subject: SUSE-CU-2025:7893-1: Recommended update of suse/mariadb-client Message-ID: <20251102100842.D084BF783@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7893-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.14 , suse/mariadb-client:10.11.14-66.18 Container Release : 66.18 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated - container:registry.suse.com-bci-bci-micro-15.6-de02282d13de18ac616473dc078f56c8366f7402807505ba9dad37ebd32751d5-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:11:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:11:48 +0100 (CET) Subject: SUSE-CU-2025:7894-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251102101148.54145F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7894-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.15 Container Release : 54.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:13:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:13:18 +0100 (CET) Subject: SUSE-CU-2025:7895-1: Recommended update of bci/spack Message-ID: <20251102101318.C5F23F783@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7895-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.77 Container Release : 11.77 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-a39a3de90b433c3489f09e9a30faed05d52507365e9c4fd16786d18b1ecf2cd6-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:13:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:13:46 +0100 (CET) Subject: SUSE-CU-2025:7896-1: Recommended update of suse/389-ds Message-ID: <20251102101346.7D36DF783@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7896-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-64.14 , suse/389-ds:latest Container Release : 64.14 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:14:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:14:11 +0100 (CET) Subject: SUSE-CU-2025:7897-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251102101411.83993F783@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7897-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.21 , bci/dotnet-aspnet:8.0.21-73.7 Container Release : 73.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:14:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:14:32 +0100 (CET) Subject: SUSE-CU-2025:7898-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251102101432.43850F783@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7898-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.10 , bci/dotnet-aspnet:9.0.10-32.7 , bci/dotnet-aspnet:latest Container Release : 32.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:14:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:14:49 +0100 (CET) Subject: SUSE-CU-2025:7899-1: Recommended update of bci/bci-base-fips Message-ID: <20251102101449.D1100F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7899-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-10.11 , bci/bci-base-fips:latest Container Release : 10.11 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:15:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:15:04 +0100 (CET) Subject: SUSE-CU-2025:7900-1: Security update of suse/bind Message-ID: <20251102101504.945FEF780@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7900-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.15 , suse/bind:9.20.15-69.18 , suse/bind:latest Container Release : 69.18 Severity : important Type : security References : 1252160 1252378 1252379 1252380 CVE-2025-40778 CVE-2025-40780 CVE-2025-8677 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3903-1 Released: Fri Oct 31 18:08:19 2025 Summary: Security update for bind Type: security Severity: important References: 1252378,1252379,1252380,CVE-2025-40778,CVE-2025-40780,CVE-2025-8677 This update for bind fixes the following issues: Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - bind-utils-9.20.15-150700.3.12.1 updated - bind-9.20.15-150700.3.12.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:15:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:15:12 +0100 (CET) Subject: SUSE-CU-2025:7901-1: Recommended update of suse/cosign Message-ID: <20251102101512.B02DAF780@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7901-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-16.16 , suse/cosign:latest Container Release : 16.16 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:15:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:15:29 +0100 (CET) Subject: SUSE-CU-2025:7902-1: Recommended update of bci/dotnet-sdk Message-ID: <20251102101529.C133EF780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7902-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.21 , bci/dotnet-sdk:8.0.21-73.7 Container Release : 73.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:15:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:15:47 +0100 (CET) Subject: SUSE-CU-2025:7903-1: Recommended update of bci/dotnet-sdk Message-ID: <20251102101547.E4BD7F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7903-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.10 , bci/dotnet-sdk:9.0.10-33.7 , bci/dotnet-sdk:latest Container Release : 33.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:16:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:16:07 +0100 (CET) Subject: SUSE-CU-2025:7904-1: Recommended update of bci/dotnet-runtime Message-ID: <20251102101607.B2CB6F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7904-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.21 , bci/dotnet-runtime:8.0.21-73.7 Container Release : 73.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:16:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:16:26 +0100 (CET) Subject: SUSE-CU-2025:7905-1: Recommended update of bci/dotnet-runtime Message-ID: <20251102101626.250F2F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7905-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.10 , bci/dotnet-runtime:9.0.10-32.7 , bci/dotnet-runtime:latest Container Release : 32.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:16:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:16:41 +0100 (CET) Subject: SUSE-CU-2025:7906-1: Recommended update of bci/gcc Message-ID: <20251102101641.C3F65F780@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7906-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-14.12 , bci/gcc:latest Container Release : 14.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:16:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:16:53 +0100 (CET) Subject: SUSE-CU-2025:7907-1: Recommended update of suse/git Message-ID: <20251102101653.B9EF4F780@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7907-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-64.17 , suse/git:latest Container Release : 64.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:17:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:17:13 +0100 (CET) Subject: SUSE-CU-2025:7908-1: Recommended update of bci/golang Message-ID: <20251102101713.29ED8F780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7908-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-78.12 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-78.12 Container Release : 78.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:17:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:17:27 +0100 (CET) Subject: SUSE-CU-2025:7909-1: Recommended update of bci/golang Message-ID: <20251102101727.BD7B6F780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7909-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.75.11 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.75.11 Container Release : 75.11 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:17:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:17:47 +0100 (CET) Subject: SUSE-CU-2025:7910-1: Recommended update of bci/golang Message-ID: <20251102101747.C5D25F780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7910-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-78.12 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-78.12 Container Release : 78.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Sun Nov 2 10:17:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 2 Nov 2025 11:17:55 +0100 (CET) Subject: SUSE-CU-2025:7911-1: Recommended update of suse/helm Message-ID: <20251102101755.B13A6F780@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7911-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-66.16 , suse/helm:latest Container Release : 66.16 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:09:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:09:36 +0100 (CET) Subject: SUSE-CU-2025:7911-1: Recommended update of suse/helm Message-ID: <20251103080936.95EB1F780@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7911-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-66.16 , suse/helm:latest Container Release : 66.16 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:09:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:09:58 +0100 (CET) Subject: SUSE-CU-2025:7912-1: Recommended update of bci/bci-init Message-ID: <20251103080958.B4A73F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7912-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-46.12 , bci/bci-init:latest Container Release : 46.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:10:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:10:12 +0100 (CET) Subject: SUSE-CU-2025:7913-1: Recommended update of suse/kea Message-ID: <20251103081012.DF0FBF780@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7913-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-66.12 , suse/kea:latest Container Release : 66.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:10:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:10:34 +0100 (CET) Subject: SUSE-CU-2025:7914-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251103081034.E6E55F780@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7914-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-68.6 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 68.6 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:11:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:11:07 +0100 (CET) Subject: SUSE-CU-2025:7917-1: Recommended update of suse/nginx Message-ID: <20251103081107.A1381F780@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7917-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-65.13 , suse/nginx:latest Container Release : 65.13 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:11:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:11:23 +0100 (CET) Subject: SUSE-CU-2025:7918-1: Recommended update of bci/nodejs Message-ID: <20251103081123.B3668F780@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7918-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-13.12 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-13.12 , bci/nodejs:latest Container Release : 13.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:11:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:11:42 +0100 (CET) Subject: SUSE-CU-2025:7919-1: Recommended update of bci/openjdk-devel Message-ID: <20251103081142.EA06BF780@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7919-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-13.14 Container Release : 13.14 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-openjdk-17-15.7.17-12.6 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:12:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:12:02 +0100 (CET) Subject: SUSE-CU-2025:7920-1: Recommended update of bci/openjdk Message-ID: <20251103081202.3928CF780@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7920-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-12.6 Container Release : 12.6 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:12:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:12:23 +0100 (CET) Subject: SUSE-CU-2025:7921-1: Recommended update of bci/openjdk-devel Message-ID: <20251103081223.0AE47F780@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7921-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-16.15 , bci/openjdk-devel:latest Container Release : 16.15 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-openjdk-21-15.7.21-15.7 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:12:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:12:39 +0100 (CET) Subject: SUSE-CU-2025:7922-1: Recommended update of bci/openjdk Message-ID: <20251103081239.A6018F780@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7922-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-15.7 , bci/openjdk:latest Container Release : 15.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:13:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:13:00 +0100 (CET) Subject: SUSE-CU-2025:7923-1: Recommended update of suse/pcp Message-ID: <20251103081300.C82D6F780@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7923-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-67.11 , suse/pcp:latest Container Release : 67.11 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:bci-bci-init-15.7-ee40628acda23584f5bced90bbfc66d00d9e2a52b4e5cd2abe613c41bce0d67d-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:13:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:13:18 +0100 (CET) Subject: SUSE-CU-2025:7924-1: Recommended update of bci/php-apache Message-ID: <20251103081318.5E793F780@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7924-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-15.12 , bci/php-apache:latest Container Release : 15.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:13:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:13:34 +0100 (CET) Subject: SUSE-CU-2025:7925-1: Recommended update of bci/php-fpm Message-ID: <20251103081334.08F77F778@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7925-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-15.12 , bci/php-fpm:latest Container Release : 15.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:13:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:13:50 +0100 (CET) Subject: SUSE-CU-2025:7926-1: Recommended update of bci/php Message-ID: <20251103081350.B13F5F778@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7926-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-15.12 , bci/php:latest Container Release : 15.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:14:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:14:01 +0100 (CET) Subject: SUSE-CU-2025:7927-1: Recommended update of suse/postgres Message-ID: <20251103081401.D41F9F778@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7927-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-79.7 Container Release : 79.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:14:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:14:11 +0100 (CET) Subject: SUSE-CU-2025:7928-1: Recommended update of suse/postgres Message-ID: <20251103081411.9FAB0F778@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7928-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-69.7 , suse/postgres:latest Container Release : 69.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:14:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:14:25 +0100 (CET) Subject: SUSE-CU-2025:7929-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251103081425.6C06EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7929-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-66.14 , suse/kiosk/pulseaudio:latest Container Release : 66.14 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:14:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:14:45 +0100 (CET) Subject: SUSE-CU-2025:7930-1: Recommended update of bci/python Message-ID: <20251103081445.2D24BF778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7930-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-77.12 Container Release : 77.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:15:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:15:05 +0100 (CET) Subject: SUSE-CU-2025:7931-1: Recommended update of bci/python Message-ID: <20251103081505.F0385F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7931-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.7 , bci/python:3.13.7-79.12 , bci/python:latest Container Release : 79.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:15:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:15:28 +0100 (CET) Subject: SUSE-CU-2025:7932-1: Recommended update of bci/python Message-ID: <20251103081528.B021BF778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7932-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-76.12 Container Release : 76.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:15:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:15:38 +0100 (CET) Subject: SUSE-CU-2025:7933-1: Recommended update of suse/mariadb-client Message-ID: <20251103081538.7F23CF778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7933-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-64.17 , suse/mariadb-client:latest Container Release : 64.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:33:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:33:15 +0100 (CET) Subject: SUSE-CU-2025:7933-1: Recommended update of suse/mariadb-client Message-ID: <20251103083315.C7569F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7933-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-64.17 , suse/mariadb-client:latest Container Release : 64.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:33:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:33:28 +0100 (CET) Subject: SUSE-CU-2025:7934-1: Recommended update of suse/mariadb Message-ID: <20251103083328.082EDF778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7934-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-66.7 , suse/mariadb:latest Container Release : 66.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:33:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:33:43 +0100 (CET) Subject: SUSE-CU-2025:7935-1: Recommended update of suse/rmt-server Message-ID: <20251103083343.48E20F778@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7935-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-76.13 , suse/rmt-server:latest Container Release : 76.13 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:34:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:34:04 +0100 (CET) Subject: SUSE-CU-2025:7936-1: Recommended update of bci/ruby Message-ID: <20251103083404.82A39F778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7936-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.6 Container Release : 18.6 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:34:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:34:26 +0100 (CET) Subject: SUSE-CU-2025:7937-1: Recommended update of bci/ruby Message-ID: <20251103083426.037B4F778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7937-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-17.6 , bci/ruby:latest Container Release : 17.6 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:34:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:34:43 +0100 (CET) Subject: SUSE-CU-2025:7938-1: Recommended update of bci/rust Message-ID: <20251103083443.ADECEF778@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7938-1 Container Tags : bci/rust:1.89 , bci/rust:1.89.0 , bci/rust:1.89.0-2.3.9 , bci/rust:oldstable , bci/rust:oldstable-2.3.9 Container Release : 3.9 Severity : important Type : recommended References : 1245199 1252160 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:35:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:35:02 +0100 (CET) Subject: SUSE-CU-2025:7939-1: Recommended update of bci/rust Message-ID: <20251103083502.B9D99F778@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7939-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.3.9 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.9 Container Release : 3.9 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:35:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:35:17 +0100 (CET) Subject: SUSE-CU-2025:7940-1: Recommended update of suse/samba-client Message-ID: <20251103083517.6D41DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7940-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-68.17 , suse/samba-client:latest Container Release : 68.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:35:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:35:31 +0100 (CET) Subject: SUSE-CU-2025:7941-1: Recommended update of suse/samba-server Message-ID: <20251103083531.69672F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7941-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-68.17 , suse/samba-server:latest Container Release : 68.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:35:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:35:44 +0100 (CET) Subject: SUSE-CU-2025:7942-1: Recommended update of suse/samba-toolbox Message-ID: <20251103083544.E109EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7942-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-68.17 , suse/samba-toolbox:latest Container Release : 68.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:36:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:36:05 +0100 (CET) Subject: SUSE-CU-2025:7943-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251103083605.33284F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7943-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-51.12 , bci/bci-sle15-kernel-module-devel:latest Container Release : 51.12 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:36:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:36:15 +0100 (CET) Subject: SUSE-CU-2025:7944-1: Recommended update of suse/stunnel Message-ID: <20251103083615.CAC7AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7944-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-67.17 , suse/stunnel:latest Container Release : 67.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:36:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:36:27 +0100 (CET) Subject: SUSE-CU-2025:7945-1: Recommended update of suse/valkey Message-ID: <20251103083627.123F3F778@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7945-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-66.17 , suse/valkey:latest Container Release : 66.17 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Mon Nov 3 08:36:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 3 Nov 2025 09:36:42 +0100 (CET) Subject: SUSE-CU-2025:7946-1: Recommended update of suse/kiosk/xorg Message-ID: <20251103083642.56028F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7946-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-70.7 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 70.7 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:suse-sle15-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated - container:registry.suse.com-bci-bci-micro-15.7-80232da400bb9587e412e53e6101d7a650a75d1e448597ce1cef3c4fdda86e7f-0 updated From sle-container-updates at lists.suse.com Tue Nov 4 08:11:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Nov 2025 09:11:37 +0100 (CET) Subject: SUSE-CU-2025:7948-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251104081137.D8FE5F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7948-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.16 Container Release : 54.16 Severity : moderate Type : recommended References : 1248618 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3923-1 Released: Mon Nov 3 15:26:48 2025 Summary: Recommended update for pesign-obs-integration Type: recommended Severity: moderate References: 1248618 This update for pesign-obs-integration fixes the following issues: - Fixed pesign-obs-integration when no signed binary is produced (bsc#1248618) The following package changes have been done: - pesign-obs-integration-10.2+git20210804.ff18da1-150600.10.3.1 updated From sle-container-updates at lists.suse.com Tue Nov 4 08:11:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Nov 2025 09:11:58 +0100 (CET) Subject: SUSE-CU-2025:7949-1: Recommended update of bci/golang Message-ID: <20251104081158.3702AF780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7949-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.9 , bci/golang:1.24.9-2.75.11 , bci/golang:oldstable , bci/golang:oldstable-2.75.11 Container Release : 75.11 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Tue Nov 4 08:12:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Nov 2025 09:12:17 +0100 (CET) Subject: SUSE-CU-2025:7950-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251104081217.87BDFF780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7950-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-51.13 , bci/bci-sle15-kernel-module-devel:latest Container Release : 51.13 Severity : moderate Type : recommended References : 1248618 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3923-1 Released: Mon Nov 3 15:26:48 2025 Summary: Recommended update for pesign-obs-integration Type: recommended Severity: moderate References: 1248618 This update for pesign-obs-integration fixes the following issues: - Fixed pesign-obs-integration when no signed binary is produced (bsc#1248618) The following package changes have been done: - pesign-obs-integration-10.2+git20210804.ff18da1-150600.10.3.1 updated From sle-container-updates at lists.suse.com Tue Nov 4 08:12:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Nov 2025 09:12:43 +0100 (CET) Subject: SUSE-CU-2025:7951-1: Recommended update of bci/spack Message-ID: <20251104081243.1F6C4F780@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7951-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-18.11 , bci/spack:latest Container Release : 18.11 Severity : important Type : recommended References : 1252160 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) The following package changes have been done: - libselinux1-3.5-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:05:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:05:19 +0100 (CET) Subject: SUSE-IU-2025:3578-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251105080519.5E5D8F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3578-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.217 , suse/sle-micro/base-5.5:latest Image Release : 5.8.217 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:06:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:06:37 +0100 (CET) Subject: SUSE-IU-2025:3579-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251105080637.A85DFF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3579-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.416 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.416 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.217 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:08:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:08:38 +0100 (CET) Subject: SUSE-IU-2025:3580-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20251105080838.58FF9F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3580-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.524 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.524 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.397 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:10:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:10:31 +0100 (CET) Subject: SUSE-IU-2025:3581-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20251105081031.BD02DF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3581-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.397 , suse/sle-micro/5.5:latest Image Release : 5.5.397 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1252543 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3925-1 Released: Mon Nov 3 16:39:40 2025 Summary: Recommended update for buildah Type: recommended Severity: moderate References: 1252543 This update for buildah fixes the following issues: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - slirp4netns-1.2.0-150500.3.2.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.217 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:19 +0100 (CET) Subject: SUSE-CU-2025:7955-1: Recommended update of private-registry/harbor-core Message-ID: <20251105081319.4D02AF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7955-1 Container Tags : private-registry/harbor-core:2.13 , private-registry/harbor-core:2.13.2 , private-registry/harbor-core:2.13.2-3.34 , private-registry/harbor-core:latest Container Release : 3.34 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:25 +0100 (CET) Subject: SUSE-CU-2025:7956-1: Recommended update of private-registry/harbor-db Message-ID: <20251105081325.EDCC4F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7956-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-3.35 , private-registry/harbor-db:latest Container Release : 3.35 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - harbor213-db-2.13.2-150600.2.5 updated - container:suse-sle15-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:26 +0100 (CET) Subject: SUSE-CU-2025:7957-1: Recommended update of private-registry/harbor-db Message-ID: <20251105081326.DD1BAF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7957-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-3.36 , private-registry/harbor-db:latest Container Release : 3.36 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:33 +0100 (CET) Subject: SUSE-CU-2025:7959-1: Recommended update of private-registry/harbor-exporter Message-ID: <20251105081333.14C55F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7959-1 Container Tags : private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2-3.34 , private-registry/harbor-exporter:latest Container Release : 3.34 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:39 +0100 (CET) Subject: SUSE-CU-2025:7961-1: Recommended update of private-registry/harbor-jobservice Message-ID: <20251105081339.99227F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7961-1 Container Tags : private-registry/harbor-jobservice:2.13 , private-registry/harbor-jobservice:2.13.2 , private-registry/harbor-jobservice:2.13.2-3.34 , private-registry/harbor-jobservice:latest Container Release : 3.34 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:49 +0100 (CET) Subject: SUSE-CU-2025:7963-1: Recommended update of private-registry/harbor-nginx Message-ID: <20251105081349.544E6F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7963-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.74 , private-registry/harbor-nginx:latest Container Release : 2.74 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:13:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:13:59 +0100 (CET) Subject: SUSE-CU-2025:7965-1: Recommended update of private-registry/harbor-portal Message-ID: <20251105081359.07E84F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7965-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.40 , private-registry/harbor-portal:latest Container Release : 3.40 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:14:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:14:05 +0100 (CET) Subject: SUSE-CU-2025:7967-1: Recommended update of private-registry/harbor-registry Message-ID: <20251105081405.6EBDAF778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7967-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.75 , private-registry/harbor-registry:latest Container Release : 2.75 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:14:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:14:11 +0100 (CET) Subject: SUSE-CU-2025:7969-1: Recommended update of private-registry/harbor-registryctl Message-ID: <20251105081411.DA7B1F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7969-1 Container Tags : private-registry/harbor-registryctl:2.13 , private-registry/harbor-registryctl:2.13.2 , private-registry/harbor-registryctl:2.13.2-3.34 , private-registry/harbor-registryctl:latest Container Release : 3.34 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:14:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:14:20 +0100 (CET) Subject: SUSE-CU-2025:7970-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20251105081420.03EC7F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7970-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.72 , private-registry/harbor-trivy-adapter:latest Container Release : 2.72 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - system-user-harbor-2.13.2-150600.2.5 updated - container:suse-sle15-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:14:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:14:20 +0100 (CET) Subject: SUSE-CU-2025:7971-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20251105081420.E82B5F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7971-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.73 , private-registry/harbor-trivy-adapter:latest Container Release : 2.73 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:14:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:14:26 +0100 (CET) Subject: SUSE-CU-2025:7972-1: Recommended update of private-registry/harbor-valkey Message-ID: <20251105081426.38267F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7972-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.62 , private-registry/harbor-valkey:latest Container Release : 2.62 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:21:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:21:09 +0100 (CET) Subject: SUSE-CU-2025:7974-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20251105082109.67D83F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7974-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.207 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.207 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:24:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:24:45 +0100 (CET) Subject: SUSE-CU-2025:7975-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251105082445.B1ED4F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7975-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.84 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.84 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:26:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:26:42 +0100 (CET) Subject: SUSE-CU-2025:7976-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251105082642.20E8BF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7976-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.114 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.114 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:32:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:32:42 +0100 (CET) Subject: SUSE-CU-2025:7979-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251105083242.9D6CCF778@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7979-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.124 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.124 Severity : important Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 1252160 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - libselinux1-3.5-150600.3.3.1 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:34:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:34:01 +0100 (CET) Subject: SUSE-CU-2025:7980-1: Recommended update of bci/bci-init Message-ID: <20251105083401.DFC75F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7980-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.49.18 Container Release : 49.18 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:34:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:34:12 +0100 (CET) Subject: SUSE-CU-2025:7976-1: Recommended update of bci/bci-init Message-ID: <20251105083412.E6298F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7976-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.49.18 Container Release : 49.18 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:34:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:34:46 +0100 (CET) Subject: SUSE-CU-2025:7977-1: Recommended update of bci/bci-micro Message-ID: <20251105083446.C012FF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7977-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.53.17 Container Release : 53.17 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-bci-base-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:35:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:35:21 +0100 (CET) Subject: SUSE-CU-2025:7978-1: Recommended update of bci/bci-minimal Message-ID: <20251105083521.D1B08F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7978-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.44.4 Container Release : 44.4 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:36:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:36:49 +0100 (CET) Subject: SUSE-CU-2025:7979-1: Recommended update of bci/python Message-ID: <20251105083649.1C062F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7979-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-75.18 Container Release : 75.18 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:39:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:39:59 +0100 (CET) Subject: SUSE-CU-2025:7980-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251105083959.49986F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7980-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.19 Container Release : 54.19 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c7b1b965fc23e69ca04d73edd4500f76e1e1e4fb537d91802301da533bde40e0-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:41:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:41:04 +0100 (CET) Subject: SUSE-CU-2025:7981-1: Recommended update of suse/sle15 Message-ID: <20251105084104.98DDAF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7981-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.6 , suse/sle15:15.6 , suse/sle15:15.6.47.26.6 Container Release : 47.26.6 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:41:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:41:05 +0100 (CET) Subject: SUSE-CU-2025:7982-1: Recommended update of suse/sle15 Message-ID: <20251105084105.9F8A8F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7982-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.7 , suse/sle15:15.6 , suse/sle15:15.6.47.26.7 Container Release : 47.26.7 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:42:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:42:37 +0100 (CET) Subject: SUSE-CU-2025:7983-1: Recommended update of bci/spack Message-ID: <20251105084237.99FE2F778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7983-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.78 Container Release : 11.78 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:43:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:43:03 +0100 (CET) Subject: SUSE-CU-2025:7985-1: Recommended update of suse/389-ds Message-ID: <20251105084303.89F63F778@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7985-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-64.16 , suse/389-ds:latest Container Release : 64.16 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - cyrus-sasl-2.1.28-150600.7.9.2 updated - cyrus-sasl-plain-2.1.28-150600.7.9.2 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:43:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:43:06 +0100 (CET) Subject: SUSE-CU-2025:7986-1: Recommended update of suse/389-ds Message-ID: <20251105084306.3C6AFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7986-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-64.18 , suse/389-ds:latest Container Release : 64.18 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:43:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:43:29 +0100 (CET) Subject: SUSE-CU-2025:7987-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251105084329.90E28F778@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7987-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.21 , bci/dotnet-aspnet:8.0.21-73.9 Container Release : 73.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:43:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:43:47 +0100 (CET) Subject: SUSE-CU-2025:7988-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251105084347.213A6F778@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7988-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.10 , bci/dotnet-aspnet:9.0.10-32.9 , bci/dotnet-aspnet:latest Container Release : 32.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:44:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:44:05 +0100 (CET) Subject: SUSE-CU-2025:7989-1: Recommended update of suse/bind Message-ID: <20251105084405.8211AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7989-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.15 , suse/bind:9.20.15-69.22 , suse/bind:latest Container Release : 69.22 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:44:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:44:17 +0100 (CET) Subject: SUSE-CU-2025:7990-1: Recommended update of suse/cosign Message-ID: <20251105084417.13AF1F778@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7990-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-16.20 , suse/cosign:latest Container Release : 16.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:44:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:44:38 +0100 (CET) Subject: SUSE-CU-2025:7991-1: Recommended update of bci/dotnet-sdk Message-ID: <20251105084438.26752F778@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7991-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.21 , bci/dotnet-sdk:8.0.21-73.9 Container Release : 73.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:44:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:44:57 +0100 (CET) Subject: SUSE-CU-2025:7992-1: Recommended update of bci/dotnet-sdk Message-ID: <20251105084457.6D64EF778@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7992-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.10 , bci/dotnet-sdk:9.0.10-33.9 , bci/dotnet-sdk:latest Container Release : 33.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:45:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:45:16 +0100 (CET) Subject: SUSE-CU-2025:7993-1: Recommended update of bci/dotnet-runtime Message-ID: <20251105084516.D41A0F778@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7993-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.21 , bci/dotnet-runtime:8.0.21-73.9 Container Release : 73.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:45:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:45:35 +0100 (CET) Subject: SUSE-CU-2025:7994-1: Recommended update of bci/dotnet-runtime Message-ID: <20251105084535.A9BF9F778@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7994-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.10 , bci/dotnet-runtime:9.0.10-32.9 , bci/dotnet-runtime:latest Container Release : 32.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:45:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:45:53 +0100 (CET) Subject: SUSE-CU-2025:7995-1: Recommended update of bci/gcc Message-ID: <20251105084553.D9D19F778@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7995-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-14.14 , bci/gcc:latest Container Release : 14.14 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libasan8-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libhwasan0-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - libtsan2-15.2.0+git10201-150000.1.3.3 updated - libubsan1-15.2.0+git10201-150000.1.3.3 updated - libgfortran5-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:46:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:46:08 +0100 (CET) Subject: SUSE-CU-2025:7996-1: Recommended update of suse/git Message-ID: <20251105084608.7DF9AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7996-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-64.19 , suse/git:latest Container Release : 64.19 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:46:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:46:11 +0100 (CET) Subject: SUSE-CU-2025:7997-1: Recommended update of suse/git Message-ID: <20251105084611.03048F778@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7997-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-64.22 , suse/git:latest Container Release : 64.22 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:55:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:55:44 +0100 (CET) Subject: SUSE-CU-2025:7997-1: Recommended update of suse/git Message-ID: <20251105085544.61D02F778@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7997-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-64.22 , suse/git:latest Container Release : 64.22 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:56:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:56:05 +0100 (CET) Subject: SUSE-CU-2025:7998-1: Recommended update of bci/golang Message-ID: <20251105085605.71713F778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7998-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.75.13 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.75.13 Container Release : 75.13 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:56:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:56:18 +0100 (CET) Subject: SUSE-CU-2025:7999-1: Recommended update of suse/helm Message-ID: <20251105085618.1AB84F778@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7999-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-66.20 , suse/helm:latest Container Release : 66.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:56:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:56:40 +0100 (CET) Subject: SUSE-CU-2025:8000-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251105085640.56438F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8000-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-68.8 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 68.8 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:56:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:56:41 +0100 (CET) Subject: SUSE-CU-2025:8001-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251105085641.60C63F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8001-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-68.10 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 68.10 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:56:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:56:51 +0100 (CET) Subject: SUSE-CU-2025:8002-1: Recommended update of suse/kubectl Message-ID: <20251105085651.2478EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8002-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.66.19 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.66.19 Container Release : 66.19 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:57:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:57:01 +0100 (CET) Subject: SUSE-CU-2025:8003-1: Recommended update of suse/kubectl Message-ID: <20251105085701.79BF9F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8003-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.66.19 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.66.19 Container Release : 66.19 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:57:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:57:10 +0100 (CET) Subject: SUSE-CU-2025:8004-1: Recommended update of bci/bci-micro Message-ID: <20251105085710.4E472F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8004-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-50.13 , bci/bci-micro:latest Container Release : 50.13 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-bci-base-15.7-8e70bb7307ca65662baab1c1e7e29f27aa66f7ac7b8ef4a5220c77620851f351-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:57:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:57:19 +0100 (CET) Subject: SUSE-CU-2025:8005-1: Recommended update of bci/bci-minimal Message-ID: <20251105085719.09358F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8005-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-16.4 , bci/bci-minimal:latest Container Release : 16.4 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:57:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:57:40 +0100 (CET) Subject: SUSE-CU-2025:8006-1: Recommended update of bci/openjdk Message-ID: <20251105085740.BF44BF778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8006-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-12.10 Container Release : 12.10 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:58:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:58:26 +0100 (CET) Subject: SUSE-CU-2025:8007-1: Recommended update of bci/openjdk Message-ID: <20251105085826.BDA62F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8007-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-15.10 , bci/openjdk:latest Container Release : 15.10 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:58:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:58:55 +0100 (CET) Subject: SUSE-CU-2025:8008-1: Recommended update of suse/pcp Message-ID: <20251105085855.2D6F3F778@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8008-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-67.13 , suse/pcp:latest Container Release : 67.13 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - cyrus-sasl-2.1.28-150600.7.9.2 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:59:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:59:15 +0100 (CET) Subject: SUSE-CU-2025:8009-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251105085915.3C932F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8009-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-66.15 , suse/kiosk/pulseaudio:latest Container Release : 66.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgomp1-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:59:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:59:32 +0100 (CET) Subject: SUSE-CU-2025:8011-1: Recommended update of suse/mariadb Message-ID: <20251105085932.09B25F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8011-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-66.10 , suse/mariadb:latest Container Release : 66.10 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 08:59:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 09:59:51 +0100 (CET) Subject: SUSE-CU-2025:8012-1: Recommended update of suse/rmt-server Message-ID: <20251105085951.80CAEF778@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8012-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-76.15 , suse/rmt-server:latest Container Release : 76.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 09:00:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 10:00:19 +0100 (CET) Subject: SUSE-CU-2025:8013-1: Recommended update of suse/samba-server Message-ID: <20251105090019.73ED3F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8013-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-68.21 , suse/samba-server:latest Container Release : 68.21 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 09:00:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 10:00:50 +0100 (CET) Subject: SUSE-CU-2025:8014-1: Recommended update of suse/sle15 Message-ID: <20251105090050.74C56F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8014-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.7 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.7 , suse/sle15:latest Container Release : 5.11.7 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Wed Nov 5 09:01:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 10:01:09 +0100 (CET) Subject: SUSE-CU-2025:8015-1: Recommended update of suse/valkey Message-ID: <20251105090109.C8573F780@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8015-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-66.20 , suse/valkey:latest Container Release : 66.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 5 09:08:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Nov 2025 10:08:53 +0100 (CET) Subject: SUSE-CU-2025:8021-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20251105090853.2F670F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8021-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.197 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.197 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:03:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:03:00 +0100 (CET) Subject: SUSE-CU-2025:8022-1: Recommended update of containers/lmcache-lmstack-router Message-ID: <20251107080300.BFC6BFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8022-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.19 Container Release : 2.19 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - python311-certifi-2024.7.4-150600.1.56 updated - python311-bcrypt-4.3.0-150600.1.7 updated - python311-pydantic-core-2.35.1-150600.1.4 updated - python311-cryptography-43.0.1-150600.1.28 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:03:42 +0100 (CET) Subject: SUSE-CU-2025:8023-1: Recommended update of containers/milvus Message-ID: <20251107080342.5115CFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8023-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.210 Container Release : 7.210 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:03:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:03:43 +0100 (CET) Subject: SUSE-CU-2025:8024-1: Recommended update of containers/milvus Message-ID: <20251107080343.14932FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8024-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.211 Container Release : 7.211 Severity : moderate Type : recommended References : 1082318 1133233 1181869 1243195 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3968-1 Released: Thu Nov 6 11:58:36 2025 Summary: Recommended update for libaio Type: recommended Severity: moderate References: 1082318,1133233,1181869,1243195 This update for libaio fixes the following issues: libaio was updated to 0.3.113 (jsc#PED-13433): * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events * Various patches for architectures/etc The following package changes have been done: - libaio1-0.3.113-150600.15.3.1 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:05:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:05:04 +0100 (CET) Subject: SUSE-CU-2025:8025-1: Recommended update of containers/ollama Message-ID: <20251107080504.58980FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8025-1 Container Tags : containers/ollama:0 , containers/ollama:0.11.4 , containers/ollama:0.11.4-10.93 Container Release : 10.93 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - ollama-nvidia-0.11.4-150600.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:06:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:06:41 +0100 (CET) Subject: SUSE-CU-2025:8026-1: Recommended update of containers/open-webui Message-ID: <20251107080641.C9640FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8026-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.44 Container Release : 12.44 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - libubsan1-15.2.0+git10201-150000.1.3.3 updated - libgfortran5-15.2.0+git10201-150000.1.3.3 updated - python311-safetensors-0.4.3-150600.1.25 updated - python311-orjson-3.10.7-150600.1.29 updated - python311-jiter-0.5.0-150600.1.24 updated - python311-certifi-2024.7.4-150600.1.56 updated - python311-cchardet-2.1.19-150600.1.53 updated - python311-bcrypt-4.3.0-150600.1.7 updated - python311-pydantic-core-2.35.1-150600.1.4 updated - python311-scipy-1.14.1-150600.1.64 updated - python311-pandas-2.2.3-150600.1.73 updated - python311-cryptography-43.0.1-150600.1.28 updated - python311-pycrdt-0.12.26-150600.1.4 updated - python311-scikit-learn-1.5.1-150600.1.66 updated - python311-tiktoken-0.7.0-150600.1.26 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:06:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:06:44 +0100 (CET) Subject: SUSE-CU-2025:8028-1: Recommended update of containers/open-webui-mcpo Message-ID: <20251107080644.9454DFBA5@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-mcpo ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8028-1 Container Tags : containers/open-webui-mcpo:0 , containers/open-webui-mcpo:0.0.17 , containers/open-webui-mcpo:0.0.17-1.7 Container Release : 1.7 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container containers/open-webui-mcpo was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - python311-rpds-py-0.7.1-150600.1.25 updated - python311-certifi-2024.7.4-150600.1.56 updated - python311-pydantic-core-2.35.1-150600.1.4 updated - python311-uv-0.9.4-150600.1.5 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:06:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:06:56 +0100 (CET) Subject: SUSE-CU-2025:8029-1: Recommended update of containers/open-webui-pipelines Message-ID: <20251107080656.3FBD9FBA5@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8029-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.15 Container Release : 7.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - python311-certifi-2024.7.4-150600.1.56 updated - python311-bcrypt-4.3.0-150600.1.7 updated - python311-cryptography-43.0.1-150600.1.28 updated - python-open-webui-pipelines-0.20250819.030501-150600.1.7 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:11:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:11:31 +0100 (CET) Subject: SUSE-IU-2025:3587-1: Security update of suse/sle-micro/5.5 Message-ID: <20251107081131.5D687FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3587-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.398 , suse/sle-micro/5.5:latest Image Release : 5.5.398 Severity : important Type : security References : 1252232 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from The following package changes have been done: - runc-1.2.7-150000.80.1 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:13:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:13:48 +0100 (CET) Subject: SUSE-CU-2025:8035-1: Security update of private-registry/harbor-nginx Message-ID: <20251107081348.319ACFB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8035-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.75 , private-registry/harbor-nginx:latest Container Release : 2.75 Severity : important Type : security References : 1250413 CVE-2025-9900 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3941-1 Released: Wed Nov 5 08:15:04 2025 Summary: Security update for tiff Type: security Severity: important References: 1250413,CVE-2025-9900 This update for tiff fixes the following issues: - CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413). The following package changes have been done: - libtiff5-4.0.9-150000.45.60.1 updated - container:suse-sle15-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:13:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:13:56 +0100 (CET) Subject: SUSE-CU-2025:8036-1: Security update of private-registry/harbor-portal Message-ID: <20251107081356.DBB22FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8036-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.41 , private-registry/harbor-portal:latest Container Release : 3.41 Severity : important Type : security References : 1250413 CVE-2025-9900 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3941-1 Released: Wed Nov 5 08:15:04 2025 Summary: Security update for tiff Type: security Severity: important References: 1250413,CVE-2025-9900 This update for tiff fixes the following issues: - CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413). The following package changes have been done: - libtiff5-4.0.9-150000.45.60.1 updated - container:suse-sle15-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:06:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:06:42 +0100 (CET) Subject: SUSE-CU-2025:8027-1: Security update of containers/open-webui Message-ID: <20251107080642.AB6F1FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8027-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.46 Container Release : 12.46 Severity : important Type : security References : 1248278 1250413 CVE-2025-8851 CVE-2025-9900 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3957-1 Released: Wed Nov 5 16:45:18 2025 Summary: Security update for tiff Type: security Severity: important References: 1248278,1250413,CVE-2025-8851,CVE-2025-9900 This update for tiff fixes the following issues: Update to 4.7.1: - CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278). - CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413). The following package changes have been done: - libtiff6-4.7.1-150600.3.23.1 updated - python311-Pillow-11.3.0-150600.1.3 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:07:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:07:15 +0100 (CET) Subject: SUSE-CU-2025:8030-1: Recommended update of containers/pytorch Message-ID: <20251107080715.970C7FBA5@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8030-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.14 Container Release : 3.14 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - libubsan1-15.2.0+git10201-150000.1.3.3 updated - nccl-2.28.11-150600.1.7 updated - python311-torch-cuda-2.8.0-150600.2.2 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:15:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:15:45 +0100 (CET) Subject: SUSE-CU-2025:8037-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20251107081545.69129FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8037-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.207 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.207 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:16:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:16:19 +0100 (CET) Subject: SUSE-IU-2025:3588-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251107081619.7F832FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3588-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.28 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.28 Severity : important Type : recommended References : 1246080 1246934 1250628 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 327 Released: Mon Nov 3 08:33:37 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1246934 This update for libgcrypt fixes the following issues: - Fix running the test suite in FIPS mode (bsc#1246934) ----------------------------------------------------------------- Advisory ID: 328 Released: Mon Nov 3 17:18:08 2025 Summary: Recommended update for selinux-policy Type: recommended Severity: important References: 1246080,1250628 This update for selinux-policy fixes the following issues: - Mark configfs_t as mountpoint (bsc#1246080, bsc#1250628) The following package changes have been done: - libgcrypt20-1.10.3-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.66 updated - selinux-policy-20241031+git12.52417acff-slfo.1.1_1.1 updated - selinux-policy-targeted-20241031+git12.52417acff-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.48 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:17:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:17:01 +0100 (CET) Subject: SUSE-IU-2025:3589-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20251107081701.8FBA8FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3589-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.48 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.48 Severity : moderate Type : recommended References : 1246934 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 327 Released: Mon Nov 3 08:33:37 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1246934 This update for libgcrypt fixes the following issues: - Fix running the test suite in FIPS mode (bsc#1246934) The following package changes have been done: - libgcrypt20-1.10.3-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.66 updated - container:suse-toolbox-image-1.0.0-4.85 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:17:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:17:44 +0100 (CET) Subject: SUSE-IU-2025:3590-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251107081744.3AC3CFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3590-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.51 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.51 Severity : moderate Type : recommended References : 1246934 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 327 Released: Mon Nov 3 08:33:37 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1246934 This update for libgcrypt fixes the following issues: - Fix running the test suite in FIPS mode (bsc#1246934) The following package changes have been done: - libgcrypt20-1.10.3-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.66 updated - container:SL-Micro-base-container-2.2.1-5.48 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:18:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:18:30 +0100 (CET) Subject: SUSE-IU-2025:3591-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251107081830.93732FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3591-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.40 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.40 Severity : moderate Type : recommended References : 1246934 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 327 Released: Mon Nov 3 08:33:37 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1246934 This update for libgcrypt fixes the following issues: - Fix running the test suite in FIPS mode (bsc#1246934) The following package changes have been done: - libgcrypt20-1.10.3-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.66 updated - container:SL-Micro-container-2.2.1-7.28 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:28:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:28:00 +0100 (CET) Subject: SUSE-CU-2025:8044-1: Recommended update of bci/bci-base-fips Message-ID: <20251107082800.089E7FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8044-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.36.20 Container Release : 36.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:29:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:29:05 +0100 (CET) Subject: SUSE-CU-2025:8046-1: Recommended update of bci/bci-micro-fips Message-ID: <20251107082905.EC027FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8046-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.11.20 Container Release : 11.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:30:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:30:01 +0100 (CET) Subject: SUSE-CU-2025:8047-1: Recommended update of bci/nodejs Message-ID: <20251107083001.8972AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8047-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-58.20 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-58.20 Container Release : 58.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Fri Nov 7 08:31:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Nov 2025 09:31:06 +0100 (CET) Subject: SUSE-CU-2025:8048-1: Recommended update of bci/python Message-ID: <20251107083106.0BC73FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8048-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-75.20 Container Release : 75.20 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:05:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:05:07 +0100 (CET) Subject: SUSE-CU-2025:8049-1: Recommended update of containers/open-webui Message-ID: <20251108080507.4840AFBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8049-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.47 Container Release : 12.47 Severity : moderate Type : recommended References : 1247985 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:07:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:07:11 +0100 (CET) Subject: SUSE-IU-2025:3596-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251108080711.064F1FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3596-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.218 , suse/sle-micro/base-5.5:latest Image Release : 5.8.218 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:12:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:12:29 +0100 (CET) Subject: SUSE-IU-2025:3599-1: Security update of suse/sle-micro/5.5 Message-ID: <20251108081229.45C9EFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3599-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.400 , suse/sle-micro/5.5:latest Image Release : 5.5.400 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.218 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:21:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:21:54 +0100 (CET) Subject: SUSE-CU-2025:8053-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251108082154.6246DFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8053-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.208 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.208 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:25:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:25:24 +0100 (CET) Subject: SUSE-CU-2025:8054-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251108082524.89FB1FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8054-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.85 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.85 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:27:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:27:40 +0100 (CET) Subject: SUSE-CU-2025:8055-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251108082740.397D8FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8055-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.208 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.208 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:29:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:29:33 +0100 (CET) Subject: SUSE-CU-2025:8056-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20251108082933.249FEFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8056-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.115 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.115 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:34:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:34:05 +0100 (CET) Subject: SUSE-CU-2025:8048-1: Recommended update of bci/python Message-ID: <20251108083405.25A9CFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8048-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-75.20 Container Release : 75.20 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:34:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:34:47 +0100 (CET) Subject: SUSE-CU-2025:8057-1: Recommended update of suse/mariadb-client Message-ID: <20251108083447.EAAD8FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8057-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.14 , suse/mariadb-client:10.11.14-66.27 Container Release : 66.27 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:35:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:35:41 +0100 (CET) Subject: SUSE-CU-2025:8058-1: Recommended update of suse/mariadb Message-ID: <20251108083541.5141CFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8058-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.14 , suse/mariadb:10.11.14-75.11 Container Release : 75.11 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated - container:registry.suse.com-bci-bci-micro-15.6-147d83e7fbd2f05100066971b2e088b55492a80d10f55d7c21510347aecb1ac5-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:38:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:38:42 +0100 (CET) Subject: SUSE-CU-2025:8059-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251108083842.733BDFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8059-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.21 Container Release : 54.21 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:40:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:40:16 +0100 (CET) Subject: SUSE-CU-2025:8060-1: Recommended update of bci/spack Message-ID: <20251108084016.A9766FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8060-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.80 Container Release : 11.80 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:40:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:40:37 +0100 (CET) Subject: SUSE-CU-2025:8061-1: Recommended update of bci/bci-base-fips Message-ID: <20251108084037.5E8E7FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8061-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-11.1 , bci/bci-base-fips:latest Container Release : 11.1 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:40:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:40:55 +0100 (CET) Subject: SUSE-CU-2025:8062-1: Recommended update of bci/gcc Message-ID: <20251108084055.03E64FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8062-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-14.16 , bci/gcc:latest Container Release : 14.16 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:41:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:41:16 +0100 (CET) Subject: SUSE-CU-2025:8063-1: Recommended update of bci/golang Message-ID: <20251108084116.BA8D5FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8063-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-78.15 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-78.15 Container Release : 78.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:41:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:41:36 +0100 (CET) Subject: SUSE-CU-2025:8064-1: Recommended update of bci/golang Message-ID: <20251108084136.DB4ADFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8064-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.75.14 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.75.14 Container Release : 75.14 Severity : moderate Type : recommended References : 1247498 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:41:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:41:56 +0100 (CET) Subject: SUSE-CU-2025:8065-1: Recommended update of bci/golang Message-ID: <20251108084156.F048EFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8065-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-78.16 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-78.16 Container Release : 78.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:42:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:42:18 +0100 (CET) Subject: SUSE-CU-2025:8066-1: Recommended update of bci/bci-init Message-ID: <20251108084218.BB3CCFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8066-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-46.15 , bci/bci-init:latest Container Release : 46.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:42:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:42:32 +0100 (CET) Subject: SUSE-CU-2025:8067-1: Recommended update of suse/kea Message-ID: <20251108084232.B694AFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8067-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-66.16 , suse/kea:latest Container Release : 66.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:42:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:42:56 +0100 (CET) Subject: SUSE-CU-2025:8068-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251108084256.44C15FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8068-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-68.12 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 68.12 Severity : important Type : security References : 1248278 1250413 1250750 CVE-2021-42523 CVE-2025-8851 CVE-2025-9900 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3949-1 Released: Wed Nov 5 11:04:35 2025 Summary: Security update for colord Type: security Severity: moderate References: 1250750,CVE-2021-42523 This update for colord fixes the following issues: - CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3957-1 Released: Wed Nov 5 16:45:18 2025 Summary: Security update for tiff Type: security Severity: important References: 1248278,1250413,CVE-2025-8851,CVE-2025-9900 This update for tiff fixes the following issues: Update to 4.7.1: - CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278). - CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413). The following package changes have been done: - libtiff6-4.7.1-150600.3.23.1 updated - libcolord2-1.4.6-150600.3.8.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 08:43:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 09:43:04 +0100 (CET) Subject: SUSE-CU-2025:8069-1: Recommended update of suse/kubectl Message-ID: <20251108084304.AE47DFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8069-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.66.20 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.66.20 Container Release : 66.20 Severity : moderate Type : recommended References : 1251168 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3953-1 Released: Wed Nov 5 11:44:39 2025 Summary: Recommended update for kubernetes-old Type: recommended Severity: moderate References: 1251168 This update for kubernetes-old fixes the following issues: Added `Recommends: diffutils` to Kubernetes*-client package, bsc#1251168 This fixes errors like: kubectl kustomize . --enable-helm | kubectl diff -n '$NAMESPACE' -f - error: failed to run 'diff': executable file not found in $PATH ``` The following package changes have been done: - kubernetes1.31-client-1.31.9-150600.13.13.1 updated - kubernetes1.31-client-common-1.31.9-150600.13.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:52:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:52:04 +0100 (CET) Subject: SUSE-CU-2025:8069-1: Recommended update of suse/kubectl Message-ID: <20251108165204.BEC99FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8069-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.66.20 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.66.20 Container Release : 66.20 Severity : moderate Type : recommended References : 1251168 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3953-1 Released: Wed Nov 5 11:44:39 2025 Summary: Recommended update for kubernetes-old Type: recommended Severity: moderate References: 1251168 This update for kubernetes-old fixes the following issues: Added `Recommends: diffutils` to Kubernetes*-client package, bsc#1251168 This fixes errors like: kubectl kustomize . --enable-helm | kubectl diff -n '$NAMESPACE' -f - error: failed to run 'diff': executable file not found in $PATH ``` The following package changes have been done: - kubernetes1.31-client-1.31.9-150600.13.13.1 updated - kubernetes1.31-client-common-1.31.9-150600.13.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:52:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:52:14 +0100 (CET) Subject: SUSE-CU-2025:8070-1: Recommended update of suse/kubectl Message-ID: <20251108165214.54012FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8070-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.66.20 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.66.20 Container Release : 66.20 Severity : moderate Type : recommended References : 1251168 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3952-1 Released: Wed Nov 5 11:43:18 2025 Summary: Recommended update for kubernetes Type: recommended Severity: moderate References: 1251168 This update for kubernetes fixes the following issues: Added `Recommends: diffutils` to Kubernetes*-client package (bsc#1251168) * This fixes errors like: kubectl kustomize . --enable-helm | kubectl diff -n '$NAMESPACE' -f - error: failed to run 'diff': executable file not found in $PATH The following package changes have been done: - kubernetes1.33-client-1.33.1-150600.13.13.1 updated - kubernetes1.33-client-common-1.33.1-150600.13.13.1 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:52:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:52:26 +0100 (CET) Subject: SUSE-CU-2025:8071-1: Recommended update of bci/bci-micro-fips Message-ID: <20251108165226.2DEE9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8071-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-13.1 , bci/bci-micro-fips:latest Container Release : 13.1 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:52:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:52:47 +0100 (CET) Subject: SUSE-CU-2025:8072-1: Recommended update of bci/nodejs Message-ID: <20251108165247.13781FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8072-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-13.16 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-13.16 , bci/nodejs:latest Container Release : 13.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:53:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:53:09 +0100 (CET) Subject: SUSE-CU-2025:8073-1: Recommended update of bci/openjdk-devel Message-ID: <20251108165309.BD488FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8073-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-13.18 Container Release : 13.18 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-openjdk-17-15.7.17-12.10 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:53:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:53:32 +0100 (CET) Subject: SUSE-CU-2025:8074-1: Recommended update of bci/openjdk-devel Message-ID: <20251108165332.99F8CFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8074-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-16.18 , bci/openjdk-devel:latest Container Release : 16.18 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-openjdk-21-15.7.21-15.10 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:54:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:54:01 +0100 (CET) Subject: SUSE-CU-2025:8075-1: Recommended update of suse/pcp Message-ID: <20251108165401.420C0FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8075-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-67.16 , suse/pcp:latest Container Release : 67.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:bci-bci-init-15.7-9191fc994f718cf9e3b7a39daba59eaac6fb50cad8db1b34ffc4b1e628e106b4-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:54:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:54:23 +0100 (CET) Subject: SUSE-CU-2025:8076-1: Recommended update of bci/php-apache Message-ID: <20251108165423.579C3FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8076-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-15.16 , bci/php-apache:latest Container Release : 15.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:54:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:54:43 +0100 (CET) Subject: SUSE-CU-2025:8077-1: Recommended update of bci/php-fpm Message-ID: <20251108165443.21340FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8077-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-15.16 , bci/php-fpm:latest Container Release : 15.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:55:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:55:04 +0100 (CET) Subject: SUSE-CU-2025:8078-1: Recommended update of bci/php Message-ID: <20251108165504.5789CFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8078-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-15.16 , bci/php:latest Container Release : 15.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:55:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:55:18 +0100 (CET) Subject: SUSE-CU-2025:8079-1: Recommended update of suse/postgres Message-ID: <20251108165518.D37D5FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8079-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-79.11 Container Release : 79.11 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:55:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:55:32 +0100 (CET) Subject: SUSE-CU-2025:8080-1: Recommended update of suse/postgres Message-ID: <20251108165532.E759AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8080-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-69.11 , suse/postgres:latest Container Release : 69.11 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:55:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:55:56 +0100 (CET) Subject: SUSE-CU-2025:8081-1: Recommended update of bci/python Message-ID: <20251108165556.B1FB5FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8081-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-77.15 Container Release : 77.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:56:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:56:22 +0100 (CET) Subject: SUSE-CU-2025:8082-1: Recommended update of bci/python Message-ID: <20251108165622.B0722FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8082-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.7 , bci/python:3.13.7-79.15 , bci/python:latest Container Release : 79.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:56:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:56:48 +0100 (CET) Subject: SUSE-CU-2025:8083-1: Recommended update of bci/python Message-ID: <20251108165648.54BE5FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8083-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-76.15 Container Release : 76.15 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:57:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:57:00 +0100 (CET) Subject: SUSE-CU-2025:8084-1: Recommended update of suse/mariadb-client Message-ID: <20251108165700.5DC90FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8084-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-64.20 , suse/mariadb-client:latest Container Release : 64.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:57:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:57:24 +0100 (CET) Subject: SUSE-CU-2025:8085-1: Recommended update of bci/ruby Message-ID: <20251108165724.C109FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8085-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.9 Container Release : 18.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:57:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:57:48 +0100 (CET) Subject: SUSE-CU-2025:8086-1: Recommended update of bci/ruby Message-ID: <20251108165748.EF144FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8086-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-17.9 , bci/ruby:latest Container Release : 17.9 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:58:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:58:09 +0100 (CET) Subject: SUSE-CU-2025:8087-1: Recommended update of bci/rust Message-ID: <20251108165809.71596FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8087-1 Container Tags : bci/rust:1.89 , bci/rust:1.89.0 , bci/rust:1.89.0-2.3.12 , bci/rust:oldstable , bci/rust:oldstable-2.3.12 Container Release : 3.12 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libasan8-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libhwasan0-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libtsan2-15.2.0+git10201-150000.1.3.3 updated - libubsan1-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:58:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:58:33 +0100 (CET) Subject: SUSE-CU-2025:8088-1: Recommended update of bci/rust Message-ID: <20251108165833.02B45FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8088-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.3.13 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.13 Container Release : 3.13 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 1252698 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3940-1 Released: Tue Nov 4 17:04:59 2025 Summary: Recommended update for rust1.90 Type: recommended Severity: moderate References: 1252698 This update for rust1.90 fixes the following issues: - define default linker when versioned gcc is in use (bsc#1252698) - Add target bpfel-unknown-none The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libasan8-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libhwasan0-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libtsan2-15.2.0+git10201-150000.1.3.3 updated - libubsan1-15.2.0+git10201-150000.1.3.3 updated - rust1.90-1.90.0-150300.7.14.1 updated - cargo1.90-1.90.0-150300.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sat Nov 8 16:58:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Nov 2025 17:58:51 +0100 (CET) Subject: SUSE-CU-2025:8089-1: Recommended update of suse/samba-client Message-ID: <20251108165851.83224FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8089-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-68.21 , suse/samba-client:latest Container Release : 68.21 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:08:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:08:10 +0100 (CET) Subject: SUSE-CU-2025:8089-1: Recommended update of suse/samba-client Message-ID: <20251109080810.8E14EFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8089-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-68.21 , suse/samba-client:latest Container Release : 68.21 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:08:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:08:23 +0100 (CET) Subject: SUSE-CU-2025:8090-1: Recommended update of suse/samba-toolbox Message-ID: <20251109080823.607DAFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8090-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-68.21 , suse/samba-toolbox:latest Container Release : 68.21 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:08:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:08:43 +0100 (CET) Subject: SUSE-CU-2025:8091-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251109080843.75418FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8091-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-51.16 , bci/bci-sle15-kernel-module-devel:latest Container Release : 51.16 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:09:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:09:07 +0100 (CET) Subject: SUSE-CU-2025:8092-1: Recommended update of bci/spack Message-ID: <20251109080907.8FA25FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8092-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-18.14 , bci/spack:latest Container Release : 18.14 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:09:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:09:18 +0100 (CET) Subject: SUSE-CU-2025:8093-1: Recommended update of suse/stunnel Message-ID: <20251109080918.801CDFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8093-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-67.20 , suse/stunnel:latest Container Release : 67.20 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:09:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:09:33 +0100 (CET) Subject: SUSE-CU-2025:8094-1: Recommended update of suse/kiosk/xorg Message-ID: <20251109080933.28B44FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8094-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-70.10 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 70.10 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:09:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:09:33 +0100 (CET) Subject: SUSE-CU-2025:8095-1: Security update of suse/kiosk/xorg Message-ID: <20251109080933.ED867FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8095-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-70.11 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 70.11 Severity : important Type : security References : 1248278 1250413 CVE-2025-8851 CVE-2025-9900 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3957-1 Released: Wed Nov 5 16:45:18 2025 Summary: Security update for tiff Type: security Severity: important References: 1248278,1250413,CVE-2025-8851,CVE-2025-9900 This update for tiff fixes the following issues: Update to 4.7.1: - CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278). - CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413). The following package changes have been done: - libtiff6-4.7.1-150600.3.23.1 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:13:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:13:00 +0100 (CET) Subject: SUSE-CU-2025:8114-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20251109081300.DCA8BFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8114-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.5 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.5 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-4.4 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:14:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:14:14 +0100 (CET) Subject: SUSE-CU-2025:8115-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251109081414.97F3FFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8115-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.1 , suse/manager/4.3/proxy-salt-broker:4.3.16.1.9.60.5 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.60.5 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-4.4 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:15:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:15:29 +0100 (CET) Subject: SUSE-CU-2025:8116-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20251109081529.A720EFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8116-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16.1 , suse/manager/4.3/proxy-squid:4.3.16.1.9.69.5 , suse/manager/4.3/proxy-squid:latest Container Release : 9.69.5 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-4.4 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:16:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:16:47 +0100 (CET) Subject: SUSE-CU-2025:8117-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20251109081647.64FF8FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8117-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16.1 , suse/manager/4.3/proxy-ssh:4.3.16.1.9.60.4 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.60.4 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-4.4 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:18:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:18:01 +0100 (CET) Subject: SUSE-CU-2025:8118-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20251109081801.EFCCDFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8118-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16.1 , suse/manager/4.3/proxy-tftpd:4.3.16.1.9.60.4 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.60.4 Severity : moderate Type : recommended References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-4.4 updated From sle-container-updates at lists.suse.com Sun Nov 9 08:23:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 9 Nov 2025 09:23:40 +0100 (CET) Subject: SUSE-CU-2025:8120-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251109082340.1715BFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8120-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.198 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.198 Severity : low Type : security References : 1239119 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3986-1 Released: Fri Nov 7 11:31:03 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) The following package changes have been done: - gpg2-2.2.27-150300.3.13.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:15:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:15:09 +0100 (CET) Subject: SUSE-IU-2025:3661-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251111081509.B5259FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3661-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.29 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.29 Severity : important Type : security References : 1205042 1217782 1222650 1230371 1231589 1231838 1236664 1252110 1252232 1253029 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 333 Released: Mon Nov 10 15:24:13 2025 Summary: Security update for runc Type: security Severity: important References: 1222650,1230371,1231838,1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 - Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. ----------------------------------------------------------------- Advisory ID: 334 Released: Mon Nov 10 15:24:13 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1205042,1217782,1231589,1236664,1253029 This update for dracut fixes the following issues: Update to version 059+suse.641.g906a3d31: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.641.g906a3d31-slfo.1.1_1.1 updated - runc-1.3.3-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.49 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:15:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:15:56 +0100 (CET) Subject: SUSE-IU-2025:3662-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20251111081556.65240FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3662-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.49 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.49 Severity : moderate Type : recommended References : 1205042 1217782 1231589 1236664 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 334 Released: Mon Nov 10 15:24:13 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1205042,1217782,1231589,1236664,1253029 This update for dracut fixes the following issues: Update to version 059+suse.641.g906a3d31: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.641.g906a3d31-slfo.1.1_1.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:17:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:17:34 +0100 (CET) Subject: SUSE-IU-2025:3664-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251111081734.731DCFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3664-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.41 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.41 Severity : moderate Type : recommended References : 1205042 1217782 1231589 1236664 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 334 Released: Mon Nov 10 15:24:13 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1205042,1217782,1231589,1236664,1253029 This update for dracut fixes the following issues: Update to version 059+suse.641.g906a3d31: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.641.g906a3d31-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.1-7.29 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:23:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:23:34 +0100 (CET) Subject: SUSE-CU-2025:8147-1: Recommended update of bci/bci-base-fips Message-ID: <20251111082334.4B975FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8147-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.37.3 Container Release : 37.3 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-bb13800fef052852c050b67d90231c75c63731d0fac5b2ca0964282c055b713b-0 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:23:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:23:53 +0100 (CET) Subject: SUSE-CU-2025:8148-1: Recommended update of bci/bci-busybox Message-ID: <20251111082353.C7E71FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8148-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.42.1 Container Release : 42.1 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:24:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:24:57 +0100 (CET) Subject: SUSE-CU-2025:8149-1: Recommended update of bci/bci-init Message-ID: <20251111082457.1B487FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8149-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.50.1 Container Release : 50.1 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:25:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:25:05 +0100 (CET) Subject: SUSE-CU-2025:8150-1: Recommended update of bci/bci-micro-fips Message-ID: <20251111082505.606A1FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8150-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.12.1 Container Release : 12.1 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:25:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:25:31 +0100 (CET) Subject: SUSE-CU-2025:8151-1: Recommended update of bci/bci-micro Message-ID: <20251111082531.80D69FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8151-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.54.1 Container Release : 54.1 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated - container:bci-bci-base-15.6-870cf8a72de5ac099a1ea4301c6a85716c9f43de9eaa2f25ef6ac3ab8705ab90-0 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:26:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:26:00 +0100 (CET) Subject: SUSE-CU-2025:8152-1: Recommended update of bci/bci-minimal Message-ID: <20251111082600.1BBFDFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8152-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.45.1 Container Release : 45.1 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:16:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:16:44 +0100 (CET) Subject: SUSE-IU-2025:3663-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251111081644.B4A1DFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3663-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.52 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.52 Severity : moderate Type : recommended References : 1205042 1217782 1231589 1236664 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 334 Released: Mon Nov 10 15:24:13 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1205042,1217782,1231589,1236664,1253029 This update for dracut fixes the following issues: Update to version 059+suse.641.g906a3d31: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.641.g906a3d31-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.49 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:29:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:29:39 +0100 (CET) Subject: SUSE-CU-2025:8159-1: Recommended update of suse/mariadb Message-ID: <20251111082939.266EAFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8159-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.14 , suse/mariadb:10.11.14-76.5 Container Release : 76.5 Severity : moderate Type : recommended References : 1082318 1133233 1181869 1243195 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3968-1 Released: Thu Nov 6 11:58:36 2025 Summary: Recommended update for libaio Type: recommended Severity: moderate References: 1082318,1133233,1181869,1243195 This update for libaio fixes the following issues: libaio was updated to 0.3.113 (jsc#PED-13433): * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events * Various patches for architectures/etc The following package changes have been done: - libaio1-0.3.113-150600.15.3.1 updated - container:suse-sle15-15.6-bb13800fef052852c050b67d90231c75c63731d0fac5b2ca0964282c055b713b-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0591572591b683d59cd3863516b222ae90b7c8e03e43188af94118ef61f3e409-0 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:32:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:32:16 +0100 (CET) Subject: SUSE-CU-2025:8160-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251111083216.EBBE4FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8160-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.55.1 Container Release : 55.1 Severity : low Type : recommended References : ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:33:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:33:11 +0100 (CET) Subject: SUSE-CU-2025:8161-1: Recommended update of suse/sle15 Message-ID: <20251111083311.5763FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8161-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.8 , suse/sle15:15.6 , suse/sle15:15.6.47.26.8 Container Release : 47.26.8 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. The following package changes have been done: - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:39:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:39:27 +0100 (CET) Subject: SUSE-CU-2025:8181-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251111083927.15CC8FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8181-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-69.1 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.1 Severity : moderate Type : recommended References : 1247985 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:40:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:40:08 +0100 (CET) Subject: SUSE-CU-2025:8185-1: Security update of suse/nginx Message-ID: <20251111084008.67902FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8185-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-66.1 , suse/nginx:latest Container Release : 66.1 Severity : important Type : security References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1250413 CVE-2025-9900 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3941-1 Released: Wed Nov 5 08:15:04 2025 Summary: Security update for tiff Type: security Severity: important References: 1250413,CVE-2025-9900 This update for tiff fixes the following issues: - CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libtiff5-4.0.9-150000.45.60.1 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:40:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:40:41 +0100 (CET) Subject: SUSE-CU-2025:8187-1: Security update of bci/openjdk-devel Message-ID: <20251111084041.ED861FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8187-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.17.0 , bci/openjdk-devel:17.0.17.0-14.4 Container Release : 14.4 Severity : important Type : security References : 1246806 1247985 1252414 1252417 CVE-2025-53057 CVE-2025-53066 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3997-1 Released: Fri Nov 7 16:50:17 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated - java-17-openjdk-headless-17.0.17.0-150400.3.60.2 updated - java-17-openjdk-17.0.17.0-150400.3.60.2 updated - java-17-openjdk-devel-17.0.17.0-150400.3.60.2 updated - container:bci-openjdk-17-15.7.17-13.2 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:40:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:40:58 +0100 (CET) Subject: SUSE-CU-2025:8188-1: Security update of bci/openjdk Message-ID: <20251111084058.BBBE8FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8188-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.2 Container Release : 13.2 Severity : important Type : security References : 1246806 1247985 1252414 1252417 CVE-2025-53057 CVE-2025-53066 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3997-1 Released: Fri Nov 7 16:50:17 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated - java-17-openjdk-headless-17.0.17.0-150400.3.60.2 updated - java-17-openjdk-17.0.17.0-150400.3.60.2 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:43:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:43:36 +0100 (CET) Subject: SUSE-CU-2025:8198-1: Recommended update of suse/mariadb-client Message-ID: <20251111084336.6AEC5FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8198-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-65.1 , suse/mariadb-client:latest Container Release : 65.1 Severity : moderate Type : recommended References : 1082318 1133233 1181869 1243195 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3968-1 Released: Thu Nov 6 11:58:36 2025 Summary: Recommended update for libaio Type: recommended Severity: moderate References: 1082318,1133233,1181869,1243195 This update for libaio fixes the following issues: libaio was updated to 0.3.113 (jsc#PED-13433): * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events * Various patches for architectures/etc The following package changes have been done: - libaio1-0.3.113-150600.15.3.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:43:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:43:47 +0100 (CET) Subject: SUSE-CU-2025:8199-1: Recommended update of suse/mariadb Message-ID: <20251111084347.2A348FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8199-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-67.1 , suse/mariadb:latest Container Release : 67.1 Severity : moderate Type : recommended References : 1082318 1133233 1181869 1243195 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3968-1 Released: Thu Nov 6 11:58:36 2025 Summary: Recommended update for libaio Type: recommended Severity: moderate References: 1082318,1133233,1181869,1243195 This update for libaio fixes the following issues: libaio was updated to 0.3.113 (jsc#PED-13433): * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events * Various patches for architectures/etc The following package changes have been done: - libaio1-0.3.113-150600.15.3.1 updated From sle-container-updates at lists.suse.com Tue Nov 11 08:46:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Nov 2025 09:46:16 +0100 (CET) Subject: SUSE-CU-2025:8209-1: Security update of suse/kiosk/xorg-client Message-ID: <20251111084616.18F03FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8209-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.1 , suse/kiosk/xorg-client:latest Container Release : 69.1 Severity : important Type : security References : 1226308 1232526 1238491 1239566 1239938 1240788 1241219 1243794 1243991 1244050 1245199 1251137 1252160 CVE-2025-3576 CVE-2025-59728 CVE-2025-7700 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3715-1 Released: Wed Oct 22 09:11:23 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1226308,1251137,CVE-2025-59728,CVE-2025-7700 This update for ffmpeg-4 fixes the following issues: - CVE-2025-59728: allocated space for the appended '/' (bsc#1251137) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libselinux1-3.5-150600.3.3.1 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - libavutil56_70-4.4.6-150600.13.33.1 updated - libswresample3_9-4.4.6-150600.13.33.1 updated - libavcodec58_134-4.4.6-150600.13.33.1 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 updated From sle-container-updates at lists.suse.com Wed Nov 12 08:04:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Nov 2025 09:04:44 +0100 (CET) Subject: SUSE-CU-2025:8213-1: Security update of containers/open-webui Message-ID: <20251112080444.DB5D6FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8213-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.49 Container Release : 12.49 Severity : critical Type : security References : 1212476 1216545 1218588 1218664 1223435 1243197 1243381 1245190 1245938 1245939 1245942 1245943 1245946 1249036 1250754 CVE-2025-27613 CVE-2025-27614 CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-9375 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2319-1 Released: Mon Jul 8 13:12:55 2024 Summary: Recommended update for Azure stack Type: recommended Severity: moderate References: 1223435 This update ships the Python 3.11 enabled Azure stack to openSUSE Leap 15.5 and 15.6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3012-1 Released: Fri Aug 29 02:07:38 2025 Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML Type: security Severity: important References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3511-1 Released: Thu Oct 9 10:33:54 2025 Summary: Security update for python-xmltodict Type: security Severity: moderate References: 1249036,CVE-2025-9375 This update for python-xmltodict fixes the following issues: - CVE-2025-9375: XML injection vulnerability in `xmltodict` allows input data manipulation (bsc#1249036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:05:59 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) The following package changes have been done: - python311-xmltodict-0.13.0-150600.3.7.2 updated - python311-PyYAML-6.0.2-150600.10.3.1 updated From sle-container-updates at lists.suse.com Thu Nov 13 08:07:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Nov 2025 09:07:16 +0100 (CET) Subject: SUSE-IU-2025:3669-1: Security update of suse/sle-micro/5.5 Message-ID: <20251113080716.94268FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3669-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.402 , suse/sle-micro/5.5:latest Image Release : 5.5.402 Severity : important Type : security References : 1252110 1252232 1252376 1252543 CVE-2025-31133 CVE-2025-31133 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4081-1 Released: Wed Nov 12 13:49:31 2025 Summary: Security update for podman Type: security Severity: important References: 1252376,1252543,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376) - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376) - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376) Other fixes: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) The following package changes have been done: - runc-1.3.3-150000.85.1 updated - podman-4.9.5-150500.3.56.2 updated From sle-container-updates at lists.suse.com Thu Nov 13 08:16:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Nov 2025 09:16:32 +0100 (CET) Subject: SUSE-CU-2025:8244-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251113081632.0D995FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8244-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.126 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.126 Severity : moderate Type : security References : 1082318 1133233 1181869 1243195 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3968-1 Released: Thu Nov 6 11:58:36 2025 Summary: Recommended update for libaio Type: recommended Severity: moderate References: 1082318,1133233,1181869,1243195 This update for libaio fixes the following issues: libaio was updated to 0.3.113 (jsc#PED-13433): * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events * Various patches for architectures/etc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) The following package changes have been done: - libaio1-0.3.113-150600.15.3.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-9.6p1-150600.6.34.1 updated - sles-release-15.6-150600.64.6.1 updated From sle-container-updates at lists.suse.com Thu Nov 13 08:17:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Nov 2025 09:17:57 +0100 (CET) Subject: SUSE-CU-2025:8245-1: Security update of suse/registry Message-ID: <20251113081757.B56A8FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8245-1 Container Tags : suse/registry:2.8 , suse/registry:2.8 , suse/registry:2.8-18.1 , suse/registry:latest Container Release : 18.1 Severity : important Type : security References : 1232526 1238491 1239566 1239938 1240788 1241219 1243794 1243991 1244050 1245199 1247498 1249584 1250232 1252160 CVE-2025-3576 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libselinux1-3.5-150600.3.3.1 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - libsasl2-3-2.1.28-150600.7.9.2 updated - libopenssl3-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 added - container:registry.suse.com-bci-bci-micro-15.7-b43c2c783170982214ceb18c7ab5b77bcc6ded97928ba82c368ecfd29edd8226-0 added - container:bci-bci-micro-15.7-f98a5deb3bf91c48bf953f57d3a0bfe7a691340a7abe2a2157c3f8ceb87f4e57-0 removed - perl-5.26.1-150300.17.20.1 removed From sle-container-updates at lists.suse.com Thu Nov 13 08:18:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Nov 2025 09:18:11 +0100 (CET) Subject: SUSE-CU-2025:8246-1: Security update of suse/git Message-ID: <20251113081811.ECB6DFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8246-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-65.2 , suse/git:latest Container Release : 65.2 Severity : moderate Type : security References : 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) The following package changes have been done: - openssh-common-9.6p1-150600.6.34.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated From sle-container-updates at lists.suse.com Thu Nov 13 08:18:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Nov 2025 09:18:28 +0100 (CET) Subject: SUSE-CU-2025:8247-1: Recommended update of bci/golang Message-ID: <20251113081828.F26D4FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8247-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.10 , bci/golang:1.24.10-2.76.2 , bci/golang:oldstable , bci/golang:oldstable-2.76.2 Container Release : 76.2 Severity : moderate Type : recommended References : 1232526 1236217 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1247498 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4071-1 Released: Wed Nov 12 09:25:30 2025 Summary: Recommended update for go1.24 Type: recommended Severity: moderate References: 1236217 This update for go1.24 fixes the following issues: go1.24.10 (released 2025-11-05) includes fixes to the encoding/pem and net/url packages. (bsc#1236217) * go#75831 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75951 encoding/pem: regression when decoding blocks with leading garbage * go#76028 pem/encoding: malformed line endings can cause panics The following package changes have been done: - libsasl2-3-2.1.28-150600.7.9.2 updated - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - go1.24-doc-1.24.10-150000.1.47.1 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - go1.24-1.24.10-150000.1.47.1 updated - go1.24-race-1.24.10-150000.1.47.1 updated - container:registry.suse.com-bci-bci-base-15.7-355365ed1220d1d8c94041197156b2b908b1f16fc22472e50c15e185f74d6a8c-0 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:06:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:06:19 +0100 (CET) Subject: SUSE-IU-2025:3675-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251114080619.F3A8AFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3675-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.219 , suse/sle-micro/base-5.5:latest Image Release : 5.8.219 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libasm1-0.185-150400.5.8.3 updated - elfutils-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:07:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:07:21 +0100 (CET) Subject: SUSE-IU-2025:3676-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251114080721.7A8D3FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3676-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.420 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.420 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.219 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:08:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:08:58 +0100 (CET) Subject: SUSE-IU-2025:3677-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20251114080858.A7F2BFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3677-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.532 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.532 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.404 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:10:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:10:30 +0100 (CET) Subject: SUSE-IU-2025:3678-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20251114081030.DF01BFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3678-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.404 , suse/sle-micro/5.5:latest Image Release : 5.5.404 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libasm1-0.185-150400.5.8.3 updated - elfutils-0.185-150400.5.8.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.219 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:19:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:19:54 +0100 (CET) Subject: SUSE-CU-2025:8261-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251114081954.7B1A9FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8261-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.87 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.87 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - elfutils-0.185-150400.5.8.3 updated - libasm1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:32:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:32:30 +0100 (CET) Subject: SUSE-CU-2025:8267-1: Recommended update of bci/bci-minimal Message-ID: <20251114083230.D4F15FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8267-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.45.2 Container Release : 45.2 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:34:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:34:28 +0100 (CET) Subject: SUSE-CU-2025:8268-1: Recommended update of suse/sle15 Message-ID: <20251114083428.7DAE7FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8268-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.9 , suse/sle15:15.6 , suse/sle15:15.6.47.26.9 Container Release : 47.26.9 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:34:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:34:45 +0100 (CET) Subject: SUSE-CU-2025:8274-1: Recommended update of bci/bci-minimal Message-ID: <20251114083445.7A6CCFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8274-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-17.2 , bci/bci-minimal:latest Container Release : 17.2 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 12:51:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 13:51:40 +0100 (CET) Subject: SUSE-CU-2025:8295-1: Recommended update of containers/pytorch Message-ID: <20251114125140.4D3B6FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8295-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.17 Container Release : 3.17 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - nccl-2.28.11-150600.1.8 updated - python311-torch-cuda-2.8.0-150600.2.4 updated From sle-container-updates at lists.suse.com Fri Nov 14 12:55:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 13:55:44 +0100 (CET) Subject: SUSE-CU-2025:8297-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20251114125544.26AA9FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8297-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.210 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.210 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdebuginfod1-dummy-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 12:58:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 13:58:05 +0100 (CET) Subject: SUSE-CU-2025:8298-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20251114125805.67926FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8298-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.210 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.210 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdebuginfod1-dummy-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:00:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:00:07 +0100 (CET) Subject: SUSE-CU-2025:8299-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251114130007.32A2CFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8299-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.117 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.117 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdebuginfod1-dummy-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:06:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:06:33 +0100 (CET) Subject: SUSE-CU-2025:8301-1: Security update of bci/gcc Message-ID: <20251114130633.86D67FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8301-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-15.2 , bci/gcc:latest Container Release : 15.2 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:06:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:06:58 +0100 (CET) Subject: SUSE-CU-2025:8302-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251114130658.BAF3BFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8302-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-69.3 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.3 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:07:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:07:18 +0100 (CET) Subject: SUSE-CU-2025:8303-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251114130718.40834FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8303-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.3 , suse/kiosk/pulseaudio:latest Container Release : 67.3 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:08:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:08:03 +0100 (CET) Subject: SUSE-CU-2025:8305-1: Recommended update of suse/sle15 Message-ID: <20251114130803.172EDFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8305-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.8 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.8 , suse/sle15:latest Container Release : 5.11.8 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:08:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:08:23 +0100 (CET) Subject: SUSE-CU-2025:8306-1: Recommended update of suse/kiosk/xorg Message-ID: <20251114130823.C07FAFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8306-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.3 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.3 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:06:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:06:34 +0100 (CET) Subject: SUSE-CU-2025:8310-1: Recommended update of containers/open-webui Message-ID: <20251115080634.10B7DFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8310-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.50 Container Release : 12.50 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - python311-certifi-2024.7.4-150600.1.57 updated - python311-cchardet-2.1.19-150600.1.54 updated - python311-scipy-1.14.1-150600.1.65 updated - python311-pandas-2.2.3-150600.1.74 updated - python311-scikit-learn-1.5.1-150600.1.67 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:06:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:06:34 +0100 (CET) Subject: SUSE-CU-2025:8311-1: Security update of containers/open-webui Message-ID: <20251115080634.D3694FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8311-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.51 Container Release : 12.51 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:33 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libalternatives1-1.2+30.a5431e9-150600.1.15 updated - libgeos3_12_2-3.12.2-150600.1.14 updated - libgflags2_2-2.2.2-150600.1.13 updated - libsqlite3-0-3.50.4-150600.1.2 updated - libtbb12-2022.2.0-150600.1.2 updated - libutf8_range-29_3_0-29.3-150600.3.2 updated - libyaml-0-2-0.2.5-150600.1.2 updated - libzstd1-1.5.6-150600.1.11 updated - alts-1.2+30.a5431e9-150600.1.15 updated - libgeos_c1-3.12.2-150600.1.14 updated - libglog-4-0-0.4.0-150600.1.13 updated - zstd-1.5.6-150600.1.11 updated - libprotobuf29_3_0-29.3-150600.3.2 updated - libpng16-16-1.6.44-150600.1.2 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libctranslate2-4-4.4.0-150600.1.13 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - libarrow1700-17.0.0-150600.2.25 updated - libzstd-devel-1.5.6-150600.1.11 updated - libarrow_acero1700-17.0.0-150600.2.25 updated - libthrift-0_17_0-0.17.0-150600.1.17 updated - libparquet1700-17.0.0-150600.2.25 updated - libarrow_flight1700-17.0.0-150600.2.25 updated - libarrow_dataset1700-17.0.0-150600.2.25 updated - python311-xxhash-3.5.0-150600.1.2 updated - python311-wrapt-1.16.0-150600.1.15 updated - python311-sentencepiece-0.2.0-150600.1.3 updated - python311-regex-2024.5.15-150600.1.16 updated - python311-pymongo-4.6.3-150600.1.18 updated - python311-pyclipper-1.3.0.post5-150600.1.15 updated - python311-psycopg2-2.9.9-150600.1.25 updated - python311-psutil-7.0.0-150600.1.2 updated - python311-protobuf-5.29.3-150600.3.4 updated - python311-propcache-0.2.0-150600.1.8 updated - python311-peewee-3.18.2-150600.1.4 updated - python311-onnxruntime-1.20.1-150600.1.3 updated - python311-mmh3-4.1.0-150600.1.20 updated - python311-grpcio-1.69.0-150600.1.10 updated - python311-greenlet-3.1.0-150600.1.22 updated - python311-ctranslate2-4.4.0-150600.1.17 updated - python311-certifi-2024.7.4-150600.1.58 updated - python311-cchardet-2.1.19-150600.1.55 updated - python311-bitarray-2.9.2-150600.1.15 updated - python311-Brotli-1.1.0-150600.1.3 updated - python311-cffi-1.17.0-150600.1.17 updated - python311-Pillow-11.3.0-150600.1.4 updated - python311-scipy-1.14.1-150600.1.66 updated - python311-pyarrow-17.0.0-150600.2.52 updated - python311-chroma-hnswlib-0.7.6-150600.2.16 updated - python311-Shapely-2.0.6-150600.1.18 updated - python311-yarl-1.18.3-150600.1.8 updated - python311-grpcio-tools-1.68.1-150600.1.12 updated - python311-SQLAlchemy-2.0.40-150600.1.4 updated - python311-lxml-5.3.2-150600.1.4 updated - python311-av-11.0.0-150600.1.22 updated - python311-pandas-2.2.3-150600.1.75 updated - python311-brotlicffi-1.0.9.2-150600.1.3 updated - python311-aiohttp-3.11.11-150600.1.11 updated - python311-scikit-learn-1.5.1-150600.1.68 updated - python311-torch-2.8.0-150600.2.2 updated - container:registry.suse.com-bci-bci-base-15.6-f24f9ad57a8e52bf3185761f16d047af6591f1fda67cc243ff41c691ea7b769a-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:07:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:07:09 +0100 (CET) Subject: SUSE-CU-2025:8314-1: Security update of containers/pytorch Message-ID: <20251115080709.3763BFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8314-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.18 Container Release : 3.18 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:33 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libsqlite3-0-3.50.4-150600.1.2 updated - libzstd1-1.5.6-150600.1.11 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - nccl-2.28.11-150600.1.9 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - libzstd-devel-1.5.6-150600.1.11 updated - python311-torch-cuda-2.8.0-150600.2.5 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:09:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:09:54 +0100 (CET) Subject: SUSE-IU-2025:3687-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251115080954.E2FDAFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3687-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.101 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.101 Severity : moderate Type : security References : 1081723 1224113 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 521 Released: Fri Nov 14 10:46:19 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198). - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199). ----------------------------------------------------------------- Advisory ID: 518 Released: Fri Nov 14 10:52:24 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1224113 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check Update to NSS 3.111: * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script Update to NSS 3.108: * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Use a hardcoded, static key to generate the checksums (*.chk-files) - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using key from openssl (bsc#1081723) - FIPS: Exclude the SHA-1 hash from SLI approval. The following package changes have been done: - SL-Micro-release-6.0-25.55 updated - libfreebl3-3.112.2-1.1 updated - mozilla-nspr-4.36-1.1 updated - mozilla-nss-certs-3.112.2-1.1 updated - mozilla-nss-3.112.2-1.1 updated - libsoftokn3-3.112.2-1.1 updated - openssh-common-9.6p1-4.1 updated - openssh-server-9.6p1-4.1 updated - openssh-clients-9.6p1-4.1 updated - openssh-9.6p1-4.1 updated - container:SL-Micro-base-container-2.1.3-7.66 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:10:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:10:42 +0100 (CET) Subject: SUSE-IU-2025:3688-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20251115081042.96E1BFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3688-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.66 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.66 Severity : moderate Type : recommended References : 1081723 1224113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 518 Released: Fri Nov 14 10:52:24 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1224113 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check Update to NSS 3.111: * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script Update to NSS 3.108: * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Use a hardcoded, static key to generate the checksums (*.chk-files) - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using key from openssl (bsc#1081723) - FIPS: Exclude the SHA-1 hash from SLI approval. The following package changes have been done: - SL-Micro-release-6.0-25.55 updated - libfreebl3-3.112.2-1.1 updated - mozilla-nspr-4.36-1.1 updated - mozilla-nss-certs-3.112.2-1.1 updated - mozilla-nss-3.112.2-1.1 updated - libsoftokn3-3.112.2-1.1 updated - container:suse-toolbox-image-1.0.0-9.46 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:11:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:11:33 +0100 (CET) Subject: SUSE-IU-2025:3689-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251115081133.28623FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3689-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.89 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.89 Severity : moderate Type : recommended References : 1081723 1224113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 518 Released: Fri Nov 14 10:52:24 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1224113 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check Update to NSS 3.111: * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script Update to NSS 3.108: * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Use a hardcoded, static key to generate the checksums (*.chk-files) - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using key from openssl (bsc#1081723) - FIPS: Exclude the SHA-1 hash from SLI approval. The following package changes have been done: - SL-Micro-release-6.0-25.55 updated - libfreebl3-3.112.2-1.1 updated - mozilla-nspr-4.36-1.1 updated - mozilla-nss-certs-3.112.2-1.1 updated - mozilla-nss-3.112.2-1.1 updated - libsoftokn3-3.112.2-1.1 updated - container:SL-Micro-base-container-2.1.3-7.66 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:12:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:12:29 +0100 (CET) Subject: SUSE-IU-2025:3690-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251115081229.5B578FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3690-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.102 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.102 Severity : moderate Type : recommended References : 1081723 1224113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 518 Released: Fri Nov 14 10:52:24 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1224113 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check Update to NSS 3.111: * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script Update to NSS 3.108: * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Use a hardcoded, static key to generate the checksums (*.chk-files) - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using key from openssl (bsc#1081723) - FIPS: Exclude the SHA-1 hash from SLI approval. The following package changes have been done: - SL-Micro-release-6.0-25.55 updated - libfreebl3-3.112.2-1.1 updated - mozilla-nspr-4.36-1.1 updated - mozilla-nss-certs-3.112.2-1.1 updated - mozilla-nss-3.112.2-1.1 updated - libsoftokn3-3.112.2-1.1 updated - container:SL-Micro-container-2.1.3-6.101 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:14:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:14:29 +0100 (CET) Subject: SUSE-CU-2025:8327-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20251115081429.BAE93FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8327-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.154 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.154 Severity : moderate Type : security References : 1247850 1249076 CVE-2025-8732 CVE-2025-9714 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4104-1 Released: Fri Nov 14 11:04:04 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) The following package changes have been done: - libxml2-2-2.9.4-46.93.1 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:23:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:23:59 +0100 (CET) Subject: SUSE-CU-2025:8332-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251115082359.923C1FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8332-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.55.5 Container Release : 55.5 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236 1237240 1237241 1237242 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - libelf-devel-0.185-150400.5.8.3 updated - container:registry.suse.com-bci-bci-base-15.6-f24f9ad57a8e52bf3185761f16d047af6591f1fda67cc243ff41c691ea7b769a-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:25:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:25:17 +0100 (CET) Subject: SUSE-CU-2025:8333-1: Security update of bci/spack Message-ID: <20251115082517.EE856FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8333-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.83 Container Release : 11.83 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236 1237240 1237241 1237242 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.6-f24f9ad57a8e52bf3185761f16d047af6591f1fda67cc243ff41c691ea7b769a-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:25:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:25:41 +0100 (CET) Subject: SUSE-CU-2025:8334-1: Recommended update of suse/389-ds Message-ID: <20251115082541.355F0FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8334-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-65.3 , suse/389-ds:latest Container Release : 65.3 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:27:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:27:46 +0100 (CET) Subject: SUSE-CU-2025:8344-1: Security update of bci/golang Message-ID: <20251115082746.DAD38FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8344-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-79.3 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-79.3 Container Release : 79.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:28:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:28:05 +0100 (CET) Subject: SUSE-CU-2025:8345-1: Security update of bci/golang Message-ID: <20251115082805.66B45FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8345-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.76.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.3 Container Release : 76.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:28:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:28:24 +0100 (CET) Subject: SUSE-CU-2025:8346-1: Security update of bci/golang Message-ID: <20251115082824.EEB96FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8346-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-79.3 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-79.3 Container Release : 79.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:30:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:30:08 +0100 (CET) Subject: SUSE-CU-2025:8352-1: Recommended update of bci/openjdk-devel Message-ID: <20251115083008.E6CACFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8352-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-17.4 , bci/openjdk-devel:latest Container Release : 17.4 Severity : moderate Type : recommended References : 1247985 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated - container:bci-openjdk-21-15.7.21-16.2 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:30:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:30:25 +0100 (CET) Subject: SUSE-CU-2025:8353-1: Recommended update of bci/openjdk Message-ID: <20251115083025.3D6EFFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8353-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-16.2 , bci/openjdk:latest Container Release : 16.2 Severity : moderate Type : recommended References : 1247985 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:31:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:31:40 +0100 (CET) Subject: SUSE-CU-2025:8357-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251115083140.2D8A1FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8357-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-52.5 , bci/bci-sle15-kernel-module-devel:latest Container Release : 52.5 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:32:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:32:05 +0100 (CET) Subject: SUSE-CU-2025:8358-1: Security update of bci/spack Message-ID: <20251115083205.10369FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8358-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-19.4 , bci/spack:latest Container Release : 19.4 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236 1237240 1237241 1237242 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:34:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:34:15 +0100 (CET) Subject: SUSE-CU-2025:8359-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20251115083415.2753CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8359-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.9 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.9 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - container:sles15-ltss-image-15.4.0-5.2 updated From sle-container-updates at lists.suse.com Sat Nov 15 08:35:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 09:35:27 +0100 (CET) Subject: SUSE-CU-2025:8360-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251115083527.14C0AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8360-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.1 , suse/manager/4.3/proxy-salt-broker:4.3.16.1.9.60.9 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.60.9 Severity : moderate Type : recommended References : 1237236 1237240 1237241 1237242 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - container:sles15-ltss-image-15.4.0-5.2 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:21:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:21:39 +0100 (CET) Subject: SUSE-IU-2025:3680-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20251114082139.4F2BFFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3680-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.65 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.65 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206 1244939 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-204 Released: Thu Nov 13 16:32:12 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,CVE-2023 -53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-2023-53707, CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-202 5-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non-security bugs were fixed: - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SEV: Read save fields from GHCB exactly once (git-fixes). - KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes). - KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes). - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes). - KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes). - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes). - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PM: runtime: Add new devm functions (stable-fixes). - Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - add bug reference to existing hv_netvsc change (bsc#1252265) - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - cpuidle: menu: Avoid discarding useful information (stable-fixes). - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes). - ext4: check fast symlink for ea_inode correctly (git-fixes). - ext4: do not convert the unwritten extents if data writeback fails (git-fixes). - ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes). - ext4: ensure i_size is smaller than maxbytes (git-fixes). - ext4: factor out ext4_get_maxbytes() (git-fixes). - ext4: fix calculation of credits for extent tree modification (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: fix fsmap end of range reporting with bigalloc (git-fixes). - ext4: fix hole length calculation overflow in non-extent inodes (git-fixes). - ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes). - ext4: fix reserved gdt blocks handling in fsmap (git-fixes). - ext4: fix zombie groups in average fragment size lists (git-fixes). - ext4: preserve SB_I_VERSION on remount (git-fixes). - ext4: reorder capability check last (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - i2c: ocores: use devm_ managed clks (git-fixes). - iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes). - iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - isofs: Verify inode mode when loading from disk (git-fixes). - jbd2: do not try to recover wiped journal (git-fixes). - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: tunner: xc5000: Refactor firmware load (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: sysfs: Fix /sys/class/net/<iface> path (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - ovl: fix file reference leak when submitting aio (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf: Extract a few helpers (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - r8152: add error handling in rtl8152_driver_init (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes). - udf: Verify partition map count (git-fixes). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes). - usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). The following package changes have been done: - kernel-default-6.4.0-36.1 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:22:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:22:33 +0100 (CET) Subject: SUSE-IU-2025:3681-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251114082233.2F88FFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3681-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.88 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.88 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206 1244939 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-204 Released: Thu Nov 13 16:32:12 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,CVE-2023 -53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-2023-53707, CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-202 5-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non-security bugs were fixed: - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SEV: Read save fields from GHCB exactly once (git-fixes). - KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes). - KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes). - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes). - KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes). - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes). - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PM: runtime: Add new devm functions (stable-fixes). - Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - add bug reference to existing hv_netvsc change (bsc#1252265) - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - cpuidle: menu: Avoid discarding useful information (stable-fixes). - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes). - ext4: check fast symlink for ea_inode correctly (git-fixes). - ext4: do not convert the unwritten extents if data writeback fails (git-fixes). - ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes). - ext4: ensure i_size is smaller than maxbytes (git-fixes). - ext4: factor out ext4_get_maxbytes() (git-fixes). - ext4: fix calculation of credits for extent tree modification (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: fix fsmap end of range reporting with bigalloc (git-fixes). - ext4: fix hole length calculation overflow in non-extent inodes (git-fixes). - ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes). - ext4: fix reserved gdt blocks handling in fsmap (git-fixes). - ext4: fix zombie groups in average fragment size lists (git-fixes). - ext4: preserve SB_I_VERSION on remount (git-fixes). - ext4: reorder capability check last (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - i2c: ocores: use devm_ managed clks (git-fixes). - iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes). - iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - isofs: Verify inode mode when loading from disk (git-fixes). - jbd2: do not try to recover wiped journal (git-fixes). - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: tunner: xc5000: Refactor firmware load (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: sysfs: Fix /sys/class/net/<iface> path (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - ovl: fix file reference leak when submitting aio (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf: Extract a few helpers (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - r8152: add error handling in rtl8152_driver_init (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes). - udf: Verify partition map count (git-fixes). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes). - usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-36.1.21.13 updated - container:SL-Micro-base-container-2.1.3-7.65 updated From sle-container-updates at lists.suse.com Fri Nov 14 08:25:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 09:25:46 +0100 (CET) Subject: SUSE-IU-2025:3683-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251114082546.E6DA6FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3683-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.53 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.53 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206 1244939 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-204 Released: Thu Nov 13 16:32:12 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,CVE-2023 -53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-2023-53707, CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-202 5-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non-security bugs were fixed: - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SEV: Read save fields from GHCB exactly once (git-fixes). - KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes). - KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes). - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes). - KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes). - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes). - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PM: runtime: Add new devm functions (stable-fixes). - Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - add bug reference to existing hv_netvsc change (bsc#1252265) - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - cpuidle: menu: Avoid discarding useful information (stable-fixes). - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes). - ext4: check fast symlink for ea_inode correctly (git-fixes). - ext4: do not convert the unwritten extents if data writeback fails (git-fixes). - ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes). - ext4: ensure i_size is smaller than maxbytes (git-fixes). - ext4: factor out ext4_get_maxbytes() (git-fixes). - ext4: fix calculation of credits for extent tree modification (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: fix fsmap end of range reporting with bigalloc (git-fixes). - ext4: fix hole length calculation overflow in non-extent inodes (git-fixes). - ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes). - ext4: fix reserved gdt blocks handling in fsmap (git-fixes). - ext4: fix zombie groups in average fragment size lists (git-fixes). - ext4: preserve SB_I_VERSION on remount (git-fixes). - ext4: reorder capability check last (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - i2c: ocores: use devm_ managed clks (git-fixes). - iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes). - iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - isofs: Verify inode mode when loading from disk (git-fixes). - jbd2: do not try to recover wiped journal (git-fixes). - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: tunner: xc5000: Refactor firmware load (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: sysfs: Fix /sys/class/net/<iface> path (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - ovl: fix file reference leak when submitting aio (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf: Extract a few helpers (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - r8152: add error handling in rtl8152_driver_init (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes). - udf: Verify partition map count (git-fixes). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes). - usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-36.1.21.13 updated From sle-container-updates at lists.suse.com Fri Nov 14 13:07:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Nov 2025 14:07:43 +0100 (CET) Subject: SUSE-CU-2025:8304-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251114130743.8BAE7FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8304-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-52.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 52.3 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1214954 1215143 1215150 1215199 1215696 1216396 1216436 1216976 1220186 1220419 1229165 1237236 1237240 1237241 1237242 1239206 1243100 1243112 1244939 1245193 1245260 1246125 1247118 1247222 1247500 1247683 1248111 1248211 1248230 1248517 1248630 1248735 1248754 1248847 1248886 1249123 1249159 1249161 1249164 1249166 1249169 1249170 1249177 1249182 1249190 1249194 1249195 1249196 1249200 1249203 1249204 1249215 1249220 1249221 1249224 1249254 1249255 1249257 1249260 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249285 1249286 1249288 1249292 1249296 1249299 1249302 1249304 1249308 1249312 1249317 1249318 1249319 1249320 1249321 1249323 1249324 1249338 1249397 1249413 1249479 1249486 1249489 1249490 1249506 1249512 1249515 1249522 1249523 1249538 1249542 1249548 1249554 1249595 1249598 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249735 1249756 1249758 1249761 1249762 1249768 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250004 1250006 1250007 1250012 1250022 1250024 1250028 1250029 1250032 1250035 1250049 1250055 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250119 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250180 1250186 1250196 1250198 1250199 1250201 1250202 1250203 1250204 1250205 1250206 1250208 1250237 1250241 1250242 1250243 1250247 1250249 1250262 1250263 1250266 1250268 1250274 1250275 1250276 1250281 1250290 1250291 1250292 1250296 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250337 1250358 1250371 1250377 1250379 1250384 1250389 1250395 1250397 1250400 1250402 1250406 1250426 1250450 1250455 1250459 1250491 1250519 1250650 1250702 1250704 1250712 1250713 1250721 1250732 1250736 1250741 1250742 1250758 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250946 1250949 1250957 1250964 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252081 1252082 1252083 1252236 1252253 1252265 1252330 1252332 1252336 1252346 1252348 1252349 1252364 1252469 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252734 1252735 1252772 1252775 1252785 1252787 1252789 1252797 1252819 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252915 1252918 1252921 1252939 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2024-26584 CVE-2024-58240 CVE-2025-38008 CVE-2025-38465 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38699 CVE-2025-38700 CVE-2025-38702 CVE-2025-38706 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38718 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39673 CVE-2025-39675 CVE-2025-39676 CVE-2025-39679 CVE-2025-39683 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39693 CVE-2025-39694 CVE-2025-39697 CVE-2025-39701 CVE-2025-39702 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39750 CVE-2025-39751 CVE-2025-39756 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39772 CVE-2025-39783 CVE-2025-39790 CVE-2025-39794 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39812 CVE-2025-39813 CVE-2025-39824 CVE-2025-39826 CVE-2025-39827 CVE-2025-39828 CVE-2025-39832 CVE-2025-39833 CVE-2025-39839 CVE-2025-39841 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39851 CVE-2025-39853 CVE-2025-39854 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39866 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39876 CVE-2025-39881 CVE-2025-39882 CVE-2025-39889 CVE-2025-39891 CVE-2025-39895 CVE-2025-39898 CVE-2025-39900 CVE-2025-39902 CVE-2025-39907 CVE-2025-39911 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39984 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40012 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40037 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40091 CVE-2025-40096 CVE-2025-40100 CVE-2025-40104 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4057-1 Released: Tue Nov 11 19:35:57 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1214954,1215143,1215150,1215199,1215696,1216396,1216436,1216976,1220186,1220419,1229165,1239206,1243100,1243112,1244939,1245193,1245260,1246125,1247118,1247222,1247500,1247683,1248111,1248211,1248230,1248517,1248630,1248735,1248754,1248847,1248886,1249123,1249159,1249161,1249164,1249166,1249169,1249170,1249177,1249182,1249190,1249194,1249195,1249196,1249200,1249203,1249204,1249215,1249220,1249221,1249224,1249254,1249255,1249257,1249260,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1249281,1249282,1249285,1249286,1249288,1249292,1249296,1249299,1249302,1249304,1249308,1249312,1249317,1249318,1249319,1249320,1249321,1249323,1249324,1249338,1249397,1249413,1249479,1249486,1249489,1249490,1249506,1249512,1249515,1249522,1249523,1249538,1249542,1249548,1249554,1249595,1249598,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1 249712,1249730,1249735,1249756,1249758,1249761,1249762,1249768,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,1249994,1249997,1250004,1250006,1250007,1250012,1250022,1250024,1250028,1250029,1250032,1250035,1250049,1250055,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250119,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250180,1250186,1250196,1250198,1250199,1250201,1250202,1250203,1250204,1250205,1250206,1250208,1250237,1250241,1250242,1250243,1250247,1250249,1250262,1250263,1250266,1250268,1250274,125027 5,1250276,1250281,1250290,1250291,1250292,1250296,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250337,1250358,1250371,1250377,1250379,1250384,1250389,1250395,1250397,1250400,1250402,1250406,1250426,1250450,1250455,1250459,1250491,1250519,1250650,1250702,1250704,1250712,1250713,1250721,1250732,1250736,1250741,1250742,1250758,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250946,1250949,1250957,1250964,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,125 1161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252081,1252082,1252083,1252236,1252253,1252265,1252330,1252332,1252336,1252346,1252348,1252349,1252364,1252469,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252734,1252735,1252772,1252775,1252785,1252787,1252789,1252797,1252819,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858, 1252865,1252866,1252873,1252902,1252904,1252909,1252915,1252918,1252921,1252939,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE -2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-5 3444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CV E-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-2023-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023- 53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2024-26584,CVE-2024-58240,CVE-2025-38008,CVE-2025-38465,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38699,CVE-2025-38700,CVE-2025-38702,CVE-2025-38706,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38718,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39673,CVE-2025-39675,CVE-2025-39676,CVE-2025-39679,CVE-2025-39683,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39693,CVE-2025-39694,CVE-2025-39697,CVE-2025-39701,CVE-2025-39702,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,C VE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39750,CVE-2025-39751,CVE-2025-39756,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39772,CVE-2025-39783,CVE-2025-39790,CVE-2025-39794,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39812,CVE-2025-39813,CVE-2025-39824,CVE-2025-39826,CVE-2025-39827,CVE-2025-39828,CVE-2025-39832,CVE-2025-39833,CVE-2025-39839,CVE-2025-39841,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39851,CVE-2025-39853,CVE-2025-39854,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39866,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39876,CVE-2025-39881,CVE-2025-39882,CVE-2025-39889,CVE-2025-39891,CVE-2025-39895,CVE-2025-39898,CVE-2025-39900,CVE-2025-39902,CVE-2025-39907,CVE-2025-39911,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025 -39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39984,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40012,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40037,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40091,CVE-2025-40096, CVE-2025-40100,CVE-2025-40104 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815). - dpll: Make ZL3073X invisible (bsc#1252253). - dpll: zl3073x: Add firmware loading functionality (bsc#1252253). - dpll: zl3073x: Add functions to access hardware registers (bsc#1252253). - dpll: zl3073x: Add low-level flash functions (bsc#1252253). - dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253). - dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253). - dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253). - dpll: zl3073x: Fix build failure (bsc#1252253). - dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253). - dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253). - dpll: zl3073x: Implement devlink flash callback (bsc#1252253). - dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253). - dpll: zl3073x: Refactor DPLL initialization (bsc#1252253). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222). - ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222). - ixgbevf: fix getting link speed data for E610 devices (bsc#1247222). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nvme-auth: update bi_directional flag (git-fixes bsc#1249735). - nvme-auth: update sc_c in host response (git-fixes bsc#1249397). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112). - platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112). - platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112). - platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112). - platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112). - platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112). - platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112). - platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112). - platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112). - platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112). - platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112). - platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112). - platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112). - platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469) Re-enable CONFIG_SERIAL_SC16IS7X for aarch64 and x86_64 default configurations, but keep it disabled for kvmsmall configurations. For ppc64 and s390x drivers was not enabled, so keep it that way. Add sc16is7xx_spi and sc16is7xx_i2c drivers to supported list. - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734). - x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. The following package changes have been done: - kernel-macros-6.4.0-150700.53.22.1 updated - kernel-devel-6.4.0-150700.53.22.1 updated - libelf-devel-0.185-150400.5.8.3 updated - kernel-default-devel-6.4.0-150700.53.22.1 updated - kernel-syms-6.4.0-150700.53.22.1 updated From sle-container-updates at lists.suse.com Sat Nov 15 20:11:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 21:11:45 +0100 (CET) Subject: SUSE-CU-2025:8371-1: Security update of bci/ruby Message-ID: <20251115201145.9176AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8371-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.3 Container Release : 19.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 20:12:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 21:12:03 +0100 (CET) Subject: SUSE-CU-2025:8372-1: Security update of bci/ruby Message-ID: <20251115201203.199A8FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8372-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-18.3 , bci/ruby:latest Container Release : 18.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 20:12:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 21:12:17 +0100 (CET) Subject: SUSE-CU-2025:8373-1: Security update of bci/rust Message-ID: <20251115201217.957D1FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8373-1 Container Tags : bci/rust:1.89 , bci/rust:1.89.0 , bci/rust:1.89.0-2.4.3 , bci/rust:oldstable , bci/rust:oldstable-2.4.3 Container Release : 4.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sat Nov 15 20:12:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Nov 2025 21:12:33 +0100 (CET) Subject: SUSE-CU-2025:8374-1: Security update of bci/rust Message-ID: <20251115201233.F0205FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8374-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.4.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.3 Container Release : 4.3 Severity : important Type : security References : 1040589 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Sun Nov 16 08:06:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 16 Nov 2025 09:06:56 +0100 (CET) Subject: SUSE-IU-2025:3692-1: Security update of suse/sle-micro/5.5 Message-ID: <20251116080657.020AEFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3692-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.405 , suse/sle-micro/5.5:latest Image Release : 5.5.405 Severity : moderate Type : security References : 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) The following package changes have been done: - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated From sle-container-updates at lists.suse.com Sun Nov 16 08:16:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 16 Nov 2025 09:16:10 +0100 (CET) Subject: SUSE-CU-2025:8379-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251116081610.2338EFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8379-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.89 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.89 Severity : important Type : security References : 1065729 1205128 1206893 1207612 1207619 1210763 1211162 1211692 1213098 1213114 1213747 1214954 1214992 1215148 1217366 1236104 1249479 1249608 1249857 1249859 1249988 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251040 1251043 1251045 1251047 1251052 1251057 1251059 1251061 1251063 1251064 1251065 1251066 1251068 1251072 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251154 1251159 1251164 1251166 1251169 1251170 1251173 1251178 1251180 1251182 1251197 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251222 1251223 1251230 1251247 1251268 1251281 1251282 1251283 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251302 1251303 1251306 1251310 1251312 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251823 1251930 1251967 1252033 1252035 1252047 1252069 1252265 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252634 1252688 1252785 1252893 1252904 1252919 CVE-2022-43945 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50525 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2023-52923 CVE-2023-53365 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53541 CVE-2023-53542 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53559 CVE-2023-53560 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53576 CVE-2023-53579 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-7324 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39978 CVE-2025-40018 CVE-2025-40044 CVE-2025-40088 CVE-2025-40102 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4111-1 Released: Sat Nov 15 19:38:39 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214954,1214992,1215148,1217366,1236104,1249479,1249608,1249857,1249859,1249988,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251040,1251043,1251045,1251047,1251052,1251057,1251059,1251061,1251063,1251064,1251065,1251066,1251068,1251072,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251154,1251159,1251164,1251166,1251169,1251170,1251173,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251302,1251303,1251306,1251310,1251312,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1 251737,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252069,1252265,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252634,1252688,1252785,1252893,1252904,1252919,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-50488,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50 512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50525,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE-2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53541,CVE-2023-53542,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53559,CVE-2023-53560,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53576,CVE -2023-53579,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-39742,CVE-2025-39 797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-40018,CVE-2025-40044,CVE-2025-40088,CVE-2025-40102 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). - CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). The following non security issues were fixed: - fbcon: Fix OOB access in font allocation (bsc#1252033) - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). The following package changes have been done: - kernel-default-5.14.21-150400.24.184.1 updated From sle-container-updates at lists.suse.com Sun Nov 16 08:16:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 16 Nov 2025 09:16:11 +0100 (CET) Subject: SUSE-CU-2025:8380-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251116081611.0EABFFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8380-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.90 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.90 Severity : moderate Type : security References : 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) The following package changes have been done: - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-common-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated From sle-container-updates at lists.suse.com Sun Nov 16 08:21:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 16 Nov 2025 09:21:41 +0100 (CET) Subject: SUSE-CU-2025:8381-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20251116082141.90F92FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8381-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16.1 , suse/manager/4.3/proxy-ssh:4.3.16.1.9.60.7 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.60.7 Severity : moderate Type : security References : 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4112-1 Released: Sat Nov 15 23:38:15 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) The following package changes have been done: - openssh-common-8.4p1-150300.3.57.1 updated - openssh-fips-8.4p1-150300.3.57.1 updated - openssh-server-8.4p1-150300.3.57.1 updated - openssh-clients-8.4p1-150300.3.57.1 updated - openssh-8.4p1-150300.3.57.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:07:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:07:07 +0100 (CET) Subject: SUSE-CU-2025:8386-1: Recommended update of containers/open-webui Message-ID: <20251118080707.193F3FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8386-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.53 Container Release : 12.53 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:10:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:10:13 +0100 (CET) Subject: SUSE-IU-2025:3693-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251118081013.28F15FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3693-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.220 , suse/sle-micro/base-5.5:latest Image Release : 5.8.220 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:17:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:17:45 +0100 (CET) Subject: SUSE-CU-2025:8399-1: Recommended update of private-registry/harbor-nginx Message-ID: <20251118081745.F32F7FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8399-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.81 , private-registry/harbor-nginx:latest Container Release : 2.81 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:17:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:17:57 +0100 (CET) Subject: SUSE-CU-2025:8401-1: Recommended update of private-registry/harbor-portal Message-ID: <20251118081757.0E344FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8401-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.47 , private-registry/harbor-portal:latest Container Release : 3.47 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:24:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:24:19 +0100 (CET) Subject: SUSE-CU-2025:8408-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251118082419.648DAFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8408-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.212 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.212 Severity : moderate Type : security References : 1247850 1249076 CVE-2025-8732 CVE-2025-9714 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) The following package changes have been done: - libxml2-2-2.9.14-150400.5.50.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:27:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:27:21 +0100 (CET) Subject: SUSE-CU-2025:8409-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251118082721.20EF4FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8409-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.91 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.91 Severity : important Type : security References : 1247850 1249076 1252148 CVE-2025-8732 CVE-2025-9714 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - libxml2-2-2.9.14-150400.5.50.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:29:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:29:13 +0100 (CET) Subject: SUSE-CU-2025:8410-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251118082913.88D74FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8410-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.212 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.212 Severity : moderate Type : security References : 1247850 1249076 CVE-2025-8732 CVE-2025-9714 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) The following package changes have been done: - libxml2-2-2.9.14-150400.5.50.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:32:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:32:40 +0100 (CET) Subject: SUSE-CU-2025:8411-1: Recommended update of bci/bci-base-fips Message-ID: <20251118083240.1BCB1FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8411-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.37.6 Container Release : 37.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:32:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:32:59 +0100 (CET) Subject: SUSE-CU-2025:8412-1: Recommended update of bci/bci-busybox Message-ID: <20251118083259.66A83FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8412-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.42.2 Container Release : 42.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:34:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:34:08 +0100 (CET) Subject: SUSE-CU-2025:8413-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251118083408.B259AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8413-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.129 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.129 Severity : important Type : recommended References : 1237236 1237240 1237241 1237242 1252148 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4092-1 Released: Thu Nov 13 19:28:03 2025 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1237236,1237240,1237241,1237242 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242). - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - elfutils-0.185-150400.5.8.3 updated - libasm1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libfreetype6-2.10.4-150000.4.25.1 updated - sles-release-15.6-150600.64.9.2 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:35:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:35:13 +0100 (CET) Subject: SUSE-CU-2025:8414-1: Recommended update of bci/bci-init Message-ID: <20251118083513.70FF6FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8414-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.50.6 Container Release : 50.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:35:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:35:23 +0100 (CET) Subject: SUSE-CU-2025:8415-1: Recommended update of bci/bci-micro-fips Message-ID: <20251118083523.21679FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8415-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.12.6 Container Release : 12.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated - container:bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:35:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:35:48 +0100 (CET) Subject: SUSE-CU-2025:8416-1: Recommended update of bci/bci-micro Message-ID: <20251118083548.A05E8FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8416-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.54.6 Container Release : 54.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated - container:bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:36:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:36:17 +0100 (CET) Subject: SUSE-CU-2025:8417-1: Recommended update of bci/bci-minimal Message-ID: <20251118083617.8A94FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8417-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.45.3 Container Release : 45.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:40:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:40:12 +0100 (CET) Subject: SUSE-CU-2025:8420-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251118084012.667BDFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8420-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.55.7 Container Release : 55.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sles-release-15.6-150600.64.9.2 updated - container:registry.suse.com-bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:41:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:41:04 +0100 (CET) Subject: SUSE-CU-2025:8421-1: Recommended update of suse/sle15 Message-ID: <20251118084104.AE47DFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8421-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.10 , suse/sle15:15.6 , suse/sle15:15.6.47.26.10 Container Release : 47.26.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. The following package changes have been done: - sle-module-python3-release-15.6-150600.41.1 updated - sles-release-15.6-150600.64.9.2 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:43:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:43:01 +0100 (CET) Subject: SUSE-CU-2025:8424-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251118084301.90D2CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8424-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-69.5 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.5 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:43:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:43:19 +0100 (CET) Subject: SUSE-CU-2025:8425-1: Recommended update of suse/nginx Message-ID: <20251118084319.D42E7FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8425-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-66.3 , suse/nginx:latest Container Release : 66.3 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:43:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:43:38 +0100 (CET) Subject: SUSE-CU-2025:8426-1: Recommended update of bci/openjdk-devel Message-ID: <20251118084338.C5B63FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8426-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.17.0 , bci/openjdk-devel:17.0.17.0-14.6 Container Release : 14.6 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:bci-openjdk-17-15.7.17-13.4 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:43:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:43:55 +0100 (CET) Subject: SUSE-CU-2025:8427-1: Recommended update of bci/openjdk Message-ID: <20251118084355.031E9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8427-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.4 Container Release : 13.4 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated From sle-container-updates at lists.suse.com Tue Nov 18 08:44:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Nov 2025 09:44:12 +0100 (CET) Subject: SUSE-CU-2025:8428-1: Recommended update of bci/openjdk-devel Message-ID: <20251118084412.E2568FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8428-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-17.5 , bci/openjdk-devel:latest Container Release : 17.5 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:bci-openjdk-21-15.7.21-16.3 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:07:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:07:19 +0100 (CET) Subject: SUSE-IU-2025:3697-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251119080719.C5D73FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3697-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.102 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.102 Severity : important Type : recommended References : 1231055 1252425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 524 Released: Tue Nov 18 19:04:44 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055). * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 The following package changes have been done: - SL-Micro-release-6.0-25.56 updated - libgpgme11-1.23.0-2.1 updated - container:SL-Micro-base-container-2.1.3-7.67 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:08:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:08:27 +0100 (CET) Subject: SUSE-IU-2025:3698-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20251119080827.53DC3FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3698-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.67 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.67 Severity : important Type : recommended References : 1231055 1252425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 524 Released: Tue Nov 18 19:04:44 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055). * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 The following package changes have been done: - SL-Micro-release-6.0-25.56 updated - libgpgme11-1.23.0-2.1 updated - container:suse-toolbox-image-1.0.0-9.47 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:13:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:13:22 +0100 (CET) Subject: SUSE-CU-2025:8438-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20251119081322.DC103FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8438-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.47 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.47 Severity : important Type : recommended References : 1231055 1252425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 524 Released: Tue Nov 18 19:04:44 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055). * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 The following package changes have been done: - SL-Micro-release-6.0-25.56 updated - libgpgme11-1.23.0-2.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.55 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:19:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:19:58 +0100 (CET) Subject: SUSE-CU-2025:8428-1: Recommended update of bci/openjdk-devel Message-ID: <20251119081958.49B82FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8428-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-17.5 , bci/openjdk-devel:latest Container Release : 17.5 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:bci-openjdk-21-15.7.21-16.3 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:20:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:20:18 +0100 (CET) Subject: SUSE-CU-2025:8440-1: Recommended update of bci/openjdk Message-ID: <20251119082018.BBB34FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8440-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-16.3 , bci/openjdk:latest Container Release : 16.3 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:20:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:20:39 +0100 (CET) Subject: SUSE-CU-2025:8441-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251119082039.508A6FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8441-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.5 , suse/kiosk/pulseaudio:latest Container Release : 67.5 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:20:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:20:50 +0100 (CET) Subject: SUSE-CU-2025:8442-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20251119082050.2936CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8442-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.4 , suse/kiosk/xorg-client:latest Container Release : 69.4 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:21:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:21:10 +0100 (CET) Subject: SUSE-CU-2025:8443-1: Recommended update of suse/kiosk/xorg Message-ID: <20251119082110.6BC66FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8443-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.5 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.5 Severity : important Type : recommended References : 1252148 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license The following package changes have been done: - libfreetype6-2.10.4-150000.4.25.1 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:23:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:23:50 +0100 (CET) Subject: SUSE-CU-2025:8444-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251119082350.C943CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8444-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.10 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.10 Severity : moderate Type : security References : 1247850 1249076 CVE-2025-8732 CVE-2025-9714 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4116-1 Released: Mon Nov 17 08:26:11 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) The following package changes have been done: - python3-libxml2-2.9.14-150400.5.50.1 updated From sle-container-updates at lists.suse.com Wed Nov 19 08:30:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 09:30:25 +0100 (CET) Subject: SUSE-CU-2025:8446-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251119083025.61B0BFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8446-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.201 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.201 Severity : moderate Type : security References : 1247850 1249076 CVE-2025-8732 CVE-2025-9714 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4115-1 Released: Mon Nov 17 08:25:53 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1249076,CVE-2025-8732,CVE-2025-9714 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) The following package changes have been done: - libxml2-2-2.9.7-150000.3.88.1 updated From sle-container-updates at lists.suse.com Wed Nov 19 15:53:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 16:53:49 +0100 (CET) Subject: SUSE-CU-2025:8447-1: Recommended update of private-registry/harbor-db Message-ID: <20251119155349.AED52FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8447-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-4.2 , private-registry/harbor-db:2.13.2-4.2 , private-registry/harbor-db:latest Container Release : 4.2 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Wed Nov 19 15:53:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Nov 2025 16:53:56 +0100 (CET) Subject: SUSE-CU-2025:8448-1: Recommended update of private-registry/harbor-valkey Message-ID: <20251119155356.1D2AEFB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8448-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.69 , private-registry/harbor-valkey:latest Container Release : 2.69 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:03:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:03:21 +0100 (CET) Subject: SUSE-CU-2025:8449-1: Recommended update of containers/lmcache-lmstack-router Message-ID: <20251120080321.27344FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8449-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.25 Container Release : 2.25 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:04:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:04:17 +0100 (CET) Subject: SUSE-CU-2025:8450-1: Recommended update of containers/milvus Message-ID: <20251120080418.00913FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8450-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-8.2 Container Release : 8.2 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:06:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:06:26 +0100 (CET) Subject: SUSE-CU-2025:8451-1: Recommended update of containers/open-webui Message-ID: <20251120080626.AF4A2FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8451-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.55 Container Release : 12.55 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:06:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:06:55 +0100 (CET) Subject: SUSE-CU-2025:8452-1: Recommended update of containers/pytorch Message-ID: <20251120080655.4C32CFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8452-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.20 Container Release : 3.20 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - python311-torch-cuda-2.8.0-150600.2.6 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:09:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:09:21 +0100 (CET) Subject: SUSE-IU-2025:3703-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251120080921.2D553FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3703-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.103 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.103 Severity : moderate Type : recommended References : 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 525 Released: Wed Nov 19 14:57:58 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1253029 This update for dracut fixes the following issues: Update to version 059+suse.607.g05002594: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.607.g05002594-1.1 updated - container:SL-Micro-base-container-2.1.3-7.68 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:10:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:10:28 +0100 (CET) Subject: SUSE-IU-2025:3704-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20251120081028.9F44BFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3704-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.68 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.68 Severity : moderate Type : recommended References : 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 525 Released: Wed Nov 19 14:57:58 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1253029 This update for dracut fixes the following issues: Update to version 059+suse.607.g05002594: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.607.g05002594-1.1 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:11:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:11:38 +0100 (CET) Subject: SUSE-IU-2025:3705-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251120081138.9FD00FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3705-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.91 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.91 Severity : moderate Type : recommended References : 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 525 Released: Wed Nov 19 14:57:58 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1253029 This update for dracut fixes the following issues: Update to version 059+suse.607.g05002594: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.607.g05002594-1.1 updated - container:SL-Micro-base-container-2.1.3-7.68 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:12:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:12:52 +0100 (CET) Subject: SUSE-IU-2025:3706-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251120081252.D86D2FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3706-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.104 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.104 Severity : moderate Type : recommended References : 1253029 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 525 Released: Wed Nov 19 14:57:58 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1253029 This update for dracut fixes the following issues: Update to version 059+suse.607.g05002594: * fix(kernel-modules-extra): remove stray \ before / (bsc#1253029) The following package changes have been done: - dracut-059+suse.607.g05002594-1.1 updated - container:SL-Micro-container-2.1.3-6.103 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:15:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:15:34 +0100 (CET) Subject: SUSE-IU-2025:3707-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251120081534.06809FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3707-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.31 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.31 Severity : important Type : security References : 1081723 1218345 1222834 1222834 1224113 1224113 1231055 1240310 1240311 1240750 1240752 1240754 1240756 1240757 1240997 1241162 1241164 1241214 1241222 1241223 1241226 1241238 1241252 1241263 1241686 1241688 1247519 1247520 1247522 1252425 CVE-2025-2784 CVE-2025-32050 CVE-2025-32051 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32907 CVE-2025-32908 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 CVE-2025-46420 CVE-2025-46421 CVE-2025-54349 CVE-2025-54350 CVE-2025-54351 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 269 Released: Fri Sep 19 09:54:22 2025 Summary: Security update for iperf Type: security Severity: important References: 1222834,1224113,1247519,1247520,1247522,CVE-2025-54349,CVE-2025-54350,CVE-2025-54351 This update for iperf fixes the following issues: - updated to 3.19.1: * CVE-2025-54349: Fixed off-by-one error heap based buffer overflow in iperf_auth.c (bsc#1247519) * CVE-2025-54350: Fixed Base64Decode assertion failure in iperf_auth.c (bsc#1247520) * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used in net.c (bsc#1247522) - updated to 3.19 * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) ----------------------------------------------------------------- Advisory ID: 339 Released: Wed Nov 19 10:44:59 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1218345,1231055,1240310,1240311,1240997,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055). * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: 340 Released: Wed Nov 19 15:42:27 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1222834,1224113,1240750,1240752,1240754,1240756,1240757,1241162,1241164,1241214,1241222,1241223,1241226,1241238,1241252,1241263,1241686,1241688,CVE-2025-2784,CVE-2025-32050,CVE-2025-32051,CVE-2025-32052,CVE-2025-32053,CVE-2025-32906,CVE-2025-32907,CVE-2025-32908,CVE-2025-32909,CVE-2025-32910,CVE-2025-32911,CVE-2025-32912,CVE-2025-32913,CVE-2025-32914,CVE-2025-46420,CVE-2025-46421 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2 * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check - update to NSS 3.111 * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script - update to NSS 3.108 * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using a static key from openssl (bsc#1081723) - FIPS: exclude the SHA-1 hash from SLI approval. - FIPS: do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.68 updated - libfreebl3-3.112.2-slfo.1.1_1.1 updated - mozilla-nspr-4.36-slfo.1.1_1.1 updated - mozilla-nss-certs-3.112.2-slfo.1.1_1.1 updated - mozilla-nss-3.112.2-slfo.1.1_1.1 updated - libsoftokn3-3.112.2-slfo.1.1_1.1 updated - libgpgme11-1.23.0-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.1-5.52 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:17:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:17:24 +0100 (CET) Subject: SUSE-IU-2025:3709-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251120081724.164ADFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3709-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.55 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.55 Severity : important Type : security References : 1081723 1222834 1222834 1224113 1224113 1240750 1240752 1240754 1240756 1240757 1241162 1241164 1241214 1241222 1241223 1241226 1241238 1241252 1241263 1241686 1241688 1247519 1247520 1247522 CVE-2025-2784 CVE-2025-32050 CVE-2025-32051 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32907 CVE-2025-32908 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 CVE-2025-46420 CVE-2025-46421 CVE-2025-54349 CVE-2025-54350 CVE-2025-54351 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 269 Released: Fri Sep 19 09:54:22 2025 Summary: Security update for iperf Type: security Severity: important References: 1222834,1224113,1247519,1247520,1247522,CVE-2025-54349,CVE-2025-54350,CVE-2025-54351 This update for iperf fixes the following issues: - updated to 3.19.1: * CVE-2025-54349: Fixed off-by-one error heap based buffer overflow in iperf_auth.c (bsc#1247519) * CVE-2025-54350: Fixed Base64Decode assertion failure in iperf_auth.c (bsc#1247520) * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used in net.c (bsc#1247522) - updated to 3.19 * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) ----------------------------------------------------------------- Advisory ID: 340 Released: Wed Nov 19 15:42:27 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1222834,1224113,1240750,1240752,1240754,1240756,1240757,1241162,1241164,1241214,1241222,1241223,1241226,1241238,1241252,1241263,1241686,1241688,CVE-2025-2784,CVE-2025-32050,CVE-2025-32051,CVE-2025-32052,CVE-2025-32053,CVE-2025-32906,CVE-2025-32907,CVE-2025-32908,CVE-2025-32909,CVE-2025-32910,CVE-2025-32911,CVE-2025-32912,CVE-2025-32913,CVE-2025-32914,CVE-2025-46420,CVE-2025-46421 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2 * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check - update to NSS 3.111 * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script - update to NSS 3.108 * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using a static key from openssl (bsc#1081723) - FIPS: exclude the SHA-1 hash from SLI approval. - FIPS: do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.68 updated - libfreebl3-3.112.2-slfo.1.1_1.1 updated - mozilla-nspr-4.36-slfo.1.1_1.1 updated - mozilla-nss-certs-3.112.2-slfo.1.1_1.1 updated - mozilla-nss-3.112.2-slfo.1.1_1.1 updated - libsoftokn3-3.112.2-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.52 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:18:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:18:20 +0100 (CET) Subject: SUSE-IU-2025:3710-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251120081820.3935AFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3710-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.43 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.43 Severity : important Type : security References : 1081723 1222834 1222834 1224113 1224113 1240750 1240752 1240754 1240756 1240757 1241162 1241164 1241214 1241222 1241223 1241226 1241238 1241252 1241263 1241686 1241688 1247519 1247520 1247522 CVE-2025-2784 CVE-2025-32050 CVE-2025-32051 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32907 CVE-2025-32908 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 CVE-2025-46420 CVE-2025-46421 CVE-2025-54349 CVE-2025-54350 CVE-2025-54351 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 269 Released: Fri Sep 19 09:54:22 2025 Summary: Security update for iperf Type: security Severity: important References: 1222834,1224113,1247519,1247520,1247522,CVE-2025-54349,CVE-2025-54350,CVE-2025-54351 This update for iperf fixes the following issues: - updated to 3.19.1: * CVE-2025-54349: Fixed off-by-one error heap based buffer overflow in iperf_auth.c (bsc#1247519) * CVE-2025-54350: Fixed Base64Decode assertion failure in iperf_auth.c (bsc#1247520) * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used in net.c (bsc#1247522) - updated to 3.19 * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) ----------------------------------------------------------------- Advisory ID: 340 Released: Wed Nov 19 15:42:27 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1222834,1224113,1240750,1240752,1240754,1240756,1240757,1241162,1241164,1241214,1241222,1241223,1241226,1241238,1241252,1241263,1241686,1241688,CVE-2025-2784,CVE-2025-32050,CVE-2025-32051,CVE-2025-32052,CVE-2025-32053,CVE-2025-32906,CVE-2025-32907,CVE-2025-32908,CVE-2025-32909,CVE-2025-32910,CVE-2025-32911,CVE-2025-32912,CVE-2025-32913,CVE-2025-32914,CVE-2025-46420,CVE-2025-46421 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2 * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check - update to NSS 3.111 * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script - update to NSS 3.108 * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using a static key from openssl (bsc#1081723) - FIPS: exclude the SHA-1 hash from SLI approval. - FIPS: do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.68 updated - libfreebl3-3.112.2-slfo.1.1_1.1 updated - mozilla-nspr-4.36-slfo.1.1_1.1 updated - mozilla-nss-certs-3.112.2-slfo.1.1_1.1 updated - mozilla-nss-3.112.2-slfo.1.1_1.1 updated - libsoftokn3-3.112.2-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.1-7.31 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:25:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:25:26 +0100 (CET) Subject: SUSE-CU-2025:8459-1: Recommended update of suse/mariadb Message-ID: <20251120082526.F0613FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8459-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.14 , suse/mariadb:10.11.14-76.9 Container Release : 76.9 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:28:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:28:25 +0100 (CET) Subject: SUSE-CU-2025:8460-1: Recommended update of bci/spack Message-ID: <20251120082825.C94AEFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8460-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.85 Container Release : 11.85 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:29:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:29:22 +0100 (CET) Subject: SUSE-CU-2025:8464-1: Recommended update of suse/cosign Message-ID: <20251120082922.6997AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8464-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-17.4 , suse/cosign:latest Container Release : 17.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:31:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:31:02 +0100 (CET) Subject: SUSE-CU-2025:8471-1: Recommended update of suse/git Message-ID: <20251120083102.AFC4EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8471-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-65.5 , suse/git:latest Container Release : 65.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:31:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:31:15 +0100 (CET) Subject: SUSE-CU-2025:8472-1: Recommended update of suse/postgres Message-ID: <20251120083115.8840CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8472-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-80.4 Container Release : 80.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:31:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:31:29 +0100 (CET) Subject: SUSE-CU-2025:8473-1: Recommended update of suse/postgres Message-ID: <20251120083129.28137FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8473-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-70.4 , suse/postgres:latest Container Release : 70.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:31:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:31:42 +0100 (CET) Subject: SUSE-CU-2025:8474-1: Recommended update of suse/mariadb Message-ID: <20251120083142.3A374FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8474-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-67.4 , suse/mariadb:latest Container Release : 67.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:31:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:31:58 +0100 (CET) Subject: SUSE-CU-2025:8475-1: Recommended update of suse/samba-toolbox Message-ID: <20251120083158.1030BFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8475-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-69.4 , suse/samba-toolbox:latest Container Release : 69.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Thu Nov 20 08:32:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:32:16 +0100 (CET) Subject: SUSE-CU-2025:8476-1: Recommended update of suse/sle15 Message-ID: <20251120083216.DB744FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8476-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.9 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.9 , suse/sle15:latest Container Release : 5.11.9 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:05:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:05:49 +0100 (CET) Subject: SUSE-IU-2025:3711-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251121080549.EEF26FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3711-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.535 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.535 Severity : important Type : security References : 1065729 1205128 1206843 1206893 1207612 1207619 1210763 1211162 1211692 1213098 1213114 1213747 1214754 1214954 1214992 1215148 1217366 1236104 1242960 1245498 1245499 1246211 1247317 1248754 1249479 1249608 1249857 1249859 1249988 1250237 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251037 1251040 1251043 1251045 1251046 1251047 1251052 1251054 1251057 1251059 1251060 1251061 1251063 1251065 1251066 1251068 1251072 1251079 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251105 1251106 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251153 1251154 1251159 1251162 1251164 1251166 1251167 1251169 1251170 1251173 1251174 1251178 1251180 1251182 1251197 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251221 1251222 1251223 1251230 1251247 1251268 1251281 1251282 1251283 1251284 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251301 1251302 1251303 1251306 1251307 1251310 1251312 1251315 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251738 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251823 1251930 1251967 1252033 1252035 1252047 1252060 1252069 1252265 1252473 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252494 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252534 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252632 1252634 1252688 1252785 1252893 CVE-2022-43945 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50479 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50515 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50524 CVE-2022-50525 CVE-2022-50526 CVE-2022-50527 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50543 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50577 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2023-52923 CVE-2023-53365 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53539 CVE-2023-53541 CVE-2023-53542 CVE-2023-53546 CVE-2023-53547 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53557 CVE-2023-53559 CVE-2023-53560 CVE-2023-53562 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53578 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53591 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53598 CVE-2023-53601 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53697 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53707 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53716 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-7324 CVE-2025-37885 CVE-2025-38084 CVE-2025-38085 CVE-2025-38476 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-40018 CVE-2025-40044 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4149-1 Released: Thu Nov 20 16:41:45 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206843,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214754,1214954,1214992,1215148,1217366,1236104,1242960,1245498,1245499,1246211,1247317,1248754,1249479,1249608,1249857,1249859,1249988,1250237,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251037,1251040,1251043,1251045,1251046,1251047,1251052,1251054,1251057,1251059,1251060,1251061,1251063,1251065,1251066,1251068,1251072,1251079,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251105,1251106,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251153,1251154,1251159,1251162,1251164,1251166,1251167,1251169,1251170,1251173,1251174,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251221,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251284,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251301,1251302,1251303,1 251306,1251307,1251310,1251312,1251315,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1251737,1251738,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252060,1252069,1252265,1252473,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252494,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252534,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252632,1252634,1252688,1252785,1252893,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50479,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-504 88,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50515,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50524,CVE-2022-50525,CVE-2022-50526,CVE-2022-50527,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50543,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50577,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE- 2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53539,CVE-2023-53541,CVE-2023-53542,CVE-2023-53546,CVE-2023-53547,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53557,CVE-2023-53559,CVE-2023-53560,CVE-2023-53562,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53578,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53591,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53598,CVE-2023-53601,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53 668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53697,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53707,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53716,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-37885,CVE-2025-38084,CVE-2025-38085,CVE-2025-38476,CVE-2025-39742,CVE-2025-39797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-40018,CVE-2025-40044 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). The following non security issues were fixed: - NFS: remove revoked delegation from server's delegation list (bsc#1246211). - NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - fbcon: Fix OOB access in font allocation (bsc#1252033) - kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). - net: mana: Switch to page pool for jumbo frames (bsc#1248754). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). No CVE available yet, please see the bugzilla ticket referenced. The following package changes have been done: - kernel-rt-5.14.21-150500.13.112.1 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:11:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:11:27 +0100 (CET) Subject: SUSE-CU-2025:8477-1: Recommended update of suse/389-ds Message-ID: <20251121081127.17C7FFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8477-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-65.5 , suse/389-ds:latest Container Release : 65.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:12:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:12:09 +0100 (CET) Subject: SUSE-CU-2025:8479-1: Recommended update of bci/gcc Message-ID: <20251121081209.8333CFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8479-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-15.5 , bci/gcc:latest Container Release : 15.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:12:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:12:34 +0100 (CET) Subject: SUSE-CU-2025:8480-1: Recommended update of bci/bci-init Message-ID: <20251121081234.24B49FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8480-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-47.4 , bci/bci-init:latest Container Release : 47.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:13:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:13:16 +0100 (CET) Subject: SUSE-CU-2025:8482-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251121081316.D4FA8FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8482-1 Container Tags : suse/kiosk/firefox-esr:140.4 , suse/kiosk/firefox-esr:140.4-69.7 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:13:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:13:58 +0100 (CET) Subject: SUSE-CU-2025:8484-1: Recommended update of bci/nodejs Message-ID: <20251121081358.C009BFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8484-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-14.4 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-14.4 , bci/nodejs:latest Container Release : 14.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:14:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:14:42 +0100 (CET) Subject: SUSE-CU-2025:8486-1: Recommended update of bci/openjdk Message-ID: <20251121081442.205DCFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8486-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.6 Container Release : 13.6 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:15:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:15:29 +0100 (CET) Subject: SUSE-CU-2025:8488-1: Recommended update of bci/openjdk Message-ID: <20251121081529.AB0A0FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8488-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-16.5 , bci/openjdk:latest Container Release : 16.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:15:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:15:53 +0100 (CET) Subject: SUSE-CU-2025:8489-1: Recommended update of bci/php-apache Message-ID: <20251121081553.8BDEBFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8489-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-16.4 , bci/php-apache:latest Container Release : 16.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:16:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:16:13 +0100 (CET) Subject: SUSE-CU-2025:8490-1: Recommended update of bci/php-fpm Message-ID: <20251121081613.D17D9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8490-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-16.4 , bci/php-fpm:latest Container Release : 16.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:16:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:16:34 +0100 (CET) Subject: SUSE-CU-2025:8491-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251121081634.ADEABFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8491-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.7 , suse/kiosk/pulseaudio:latest Container Release : 67.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:16:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:16:57 +0100 (CET) Subject: SUSE-CU-2025:8492-1: Recommended update of bci/python Message-ID: <20251121081657.F174AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8492-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-78.4 Container Release : 78.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:17:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:17:22 +0100 (CET) Subject: SUSE-CU-2025:8493-1: Recommended update of bci/python Message-ID: <20251121081722.71DF9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8493-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-77.4 Container Release : 77.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:17:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:17:41 +0100 (CET) Subject: SUSE-CU-2025:8494-1: Recommended update of suse/rmt-server Message-ID: <20251121081741.CBE96FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8494-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-77.4 , suse/rmt-server:latest Container Release : 77.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:18:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:18:06 +0100 (CET) Subject: SUSE-CU-2025:8495-1: Recommended update of bci/ruby Message-ID: <20251121081806.F064AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8495-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.5 Container Release : 19.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:18:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:18:30 +0100 (CET) Subject: SUSE-CU-2025:8496-1: Recommended update of bci/ruby Message-ID: <20251121081830.EDBDCFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8496-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-18.5 , bci/ruby:latest Container Release : 18.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:19:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:19:09 +0100 (CET) Subject: SUSE-CU-2025:8498-1: Recommended update of suse/samba-client Message-ID: <20251121081909.B4602FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8498-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-69.5 , suse/samba-client:latest Container Release : 69.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:19:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:19:26 +0100 (CET) Subject: SUSE-CU-2025:8499-1: Recommended update of suse/samba-server Message-ID: <20251121081926.63914FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8499-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-69.5 , suse/samba-server:latest Container Release : 69.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:20:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:20:10 +0100 (CET) Subject: SUSE-CU-2025:8476-1: Recommended update of suse/sle15 Message-ID: <20251121082010.50D37FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8476-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.9 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.9 , suse/sle15:latest Container Release : 5.11.9 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:20:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:20:24 +0100 (CET) Subject: SUSE-CU-2025:8501-1: Recommended update of suse/valkey Message-ID: <20251121082024.0BA1EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8501-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-67.4 , suse/valkey:latest Container Release : 67.4 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-266903891f60344ede43d81d2d366622f7ac266afb3e57c61a5b796feacf1fa4-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 08:20:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 09:20:43 +0100 (CET) Subject: SUSE-CU-2025:8502-1: Recommended update of suse/kiosk/xorg Message-ID: <20251121082043.890C9FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8502-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.7 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 09:58:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 10:58:21 +0100 (CET) Subject: SUSE-CU-2025:8502-1: Recommended update of suse/kiosk/xorg Message-ID: <20251121095821.D56CDFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8502-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.7 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Fri Nov 21 09:58:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Nov 2025 10:58:57 +0100 (CET) Subject: SUSE-CU-2025:8503-1: Security update of suse/sles/16.0/toolbox Message-ID: <20251121095857.0A8CDFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8503-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.2 , suse/sles/16.0/toolbox:latest Container Release : 1.2 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Nov 19 10:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584) The following package changes have been done: - libexpat1-2.7.1-160000.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:05:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:05:06 +0100 (CET) Subject: SUSE-IU-2025:3713-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251122080506.D91ECFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3713-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.221 , suse/sle-micro/base-5.5:latest Image Release : 5.8.221 Severity : moderate Type : security References : 1252931 1252932 1252933 1252934 1252935 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4152-1 Released: Fri Nov 21 10:10:35 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 The following package changes have been done: - grub2-2.06-150500.29.59.1 updated - grub2-i386-pc-2.06-150500.29.59.1 updated - grub2-x86_64-efi-2.06-150500.29.59.1 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:13:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:13:23 +0100 (CET) Subject: SUSE-CU-2025:8507-1: Recommended update of private-registry/harbor-db Message-ID: <20251122081323.B3121FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8507-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-4.3 , private-registry/harbor-db:2.13.2-4.3 , private-registry/harbor-db:latest Container Release : 4.3 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:13:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:13:35 +0100 (CET) Subject: SUSE-CU-2025:8508-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20251122081335.85518FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8508-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.83 , private-registry/harbor-trivy-adapter:latest Container Release : 2.83 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:14:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:14:28 +0100 (CET) Subject: SUSE-IU-2025:3717-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251122081428.0FAD9FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3717-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.32 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.32 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 342 Released: Fri Nov 21 14:15:09 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.69 updated - libglib-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_5.1 updated - glib2-tools-2.78.6-slfo.1.1_5.1 updated - container:SL-Micro-base-container-2.2.1-5.53 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:15:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:15:24 +0100 (CET) Subject: SUSE-IU-2025:3718-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251122081524.392B4FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3718-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.53 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.53 Severity : moderate Type : security References : 1249055 1252930 1252931 1252932 1252933 1252934 1252935 CVE-2025-54770 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 341 Released: Fri Nov 21 14:08:21 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54770: Missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: grub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) ----------------------------------------------------------------- Advisory ID: 342 Released: Fri Nov 21 14:15:09 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - grub2-2.12-slfo.1.1_3.1 updated - grub2-i386-pc-2.12-slfo.1.1_3.1 updated - grub2-x86_64-efi-2.12-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.69 updated - libglib-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_5.1 updated - glib2-tools-2.78.6-slfo.1.1_5.1 updated - container:suse-toolbox-image-1.0.0-4.89 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:16:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:16:23 +0100 (CET) Subject: SUSE-IU-2025:3719-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251122081623.B2A6CFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3719-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.56 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.56 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 342 Released: Fri Nov 21 14:15:09 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.69 updated - libglib-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_5.1 updated - glib2-tools-2.78.6-slfo.1.1_5.1 updated - container:SL-Micro-base-container-2.2.1-5.53 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:17:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:17:22 +0100 (CET) Subject: SUSE-IU-2025:3720-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251122081722.93CB8FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3720-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.44 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.44 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 342 Released: Fri Nov 21 14:15:09 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.69 updated - libglib-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_5.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_5.1 updated - glib2-tools-2.78.6-slfo.1.1_5.1 updated - container:SL-Micro-container-2.2.1-7.32 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:25:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:25:02 +0100 (CET) Subject: SUSE-CU-2025:8513-1: Recommended update of bci/bci-init Message-ID: <20251122082502.85B78FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8513-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.50.7 Container Release : 50.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:26:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:26:59 +0100 (CET) Subject: SUSE-CU-2025:8514-1: Recommended update of bci/golang Message-ID: <20251122082659.125D4FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8514-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.76.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.5 Container Release : 76.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:27:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:27:22 +0100 (CET) Subject: SUSE-CU-2025:8515-1: Recommended update of bci/golang Message-ID: <20251122082722.02897FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8515-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-79.5 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-79.5 Container Release : 79.5 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:27:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:27:50 +0100 (CET) Subject: SUSE-CU-2025:8516-1: Recommended update of suse/pcp Message-ID: <20251122082750.7E8CFFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8516-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-68.6 , suse/pcp:latest Container Release : 68.6 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - container:bci-bci-init-15.7-abcd1f331ededb3cb8fd68ff9818e05a02fd9204442b51333e8b5c8b95a3e3d0-0 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:28:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:28:22 +0100 (CET) Subject: SUSE-CU-2025:8517-1: Recommended update of bci/spack Message-ID: <20251122082822.5E24BFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8517-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-19.6 , bci/spack:latest Container Release : 19.6 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-150600.4.46.2 updated - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Sat Nov 22 08:28:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Nov 2025 09:28:34 +0100 (CET) Subject: SUSE-CU-2025:8518-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20251122082834.4086EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8518-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.6 , suse/kiosk/xorg-client:latest Container Release : 69.6 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:03:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:03:14 +0100 (CET) Subject: SUSE-CU-2025:8519-1: Recommended update of containers/lmcache-lmstack-router Message-ID: <20251124080314.6DD0AFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8519-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.26 Container Release : 2.26 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:04:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:04:09 +0100 (CET) Subject: SUSE-CU-2025:8520-1: Recommended update of containers/milvus Message-ID: <20251124080409.78EAAFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8520-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-8.3 Container Release : 8.3 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:06:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:06:31 +0100 (CET) Subject: SUSE-CU-2025:8522-1: Recommended update of containers/open-webui-mcpo Message-ID: <20251124080631.4C9B1FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-mcpo ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8522-1 Container Tags : containers/open-webui-mcpo:0 , containers/open-webui-mcpo:0.0.17 , containers/open-webui-mcpo:0.0.17-1.14 Container Release : 1.14 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container containers/open-webui-mcpo was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - python311-uv-0.9.4-150600.1.9 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:06:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:06:46 +0100 (CET) Subject: SUSE-CU-2025:8523-1: Recommended update of containers/open-webui-pipelines Message-ID: <20251124080646.B9EB2FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8523-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.21 Container Release : 7.21 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - python-open-webui-pipelines-0.20250819.030501-150600.1.11 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:07:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:07:14 +0100 (CET) Subject: SUSE-CU-2025:8524-1: Recommended update of containers/pytorch Message-ID: <20251124080714.66C57FBA0@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8524-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.21 Container Release : 3.21 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:12:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:12:27 +0100 (CET) Subject: SUSE-CU-2025:8525-1: Recommended update of bci/nodejs Message-ID: <20251124081227.27DCBFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8525-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-59.7 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-59.7 Container Release : 59.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.6-79a9d265bd95d9bee2c9822ccbbab6b8437b31ad624a534a918c25a6587fcbe3-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:13:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:13:43 +0100 (CET) Subject: SUSE-CU-2025:8526-1: Recommended update of bci/python Message-ID: <20251124081343.ACE1AFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8526-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-76.7 Container Release : 76.7 Severity : moderate Type : recommended References : 1224386 1248501 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libsystemd0-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:06:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:06:26 +0100 (CET) Subject: SUSE-CU-2025:8521-1: Recommended update of containers/open-webui Message-ID: <20251124080626.77F23FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8521-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.56 Container Release : 12.56 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - python311-pandas-2.2.3-150600.1.76 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:16:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:16:29 +0100 (CET) Subject: SUSE-CU-2025:8527-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251124081629.20B8FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8527-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.55.9 Container Release : 55.9 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206 1244939 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252236 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4140-1 Released: Wed Nov 19 14:15:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252236,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987 ,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). The following package changes have been done: - kernel-macros-6.4.0-150600.23.78.1 updated - kernel-devel-6.4.0-150600.23.78.1 updated - kernel-default-devel-6.4.0-150600.23.78.1 updated - kernel-syms-6.4.0-150600.23.78.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:16:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:16:54 +0100 (CET) Subject: SUSE-CU-2025:8528-1: Recommended update of suse/389-ds Message-ID: <20251124081654.AB597FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8528-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-65.6 , suse/389-ds:latest Container Release : 65.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - cyrus-sasl-2.1.28-150600.7.14.1 updated - cyrus-sasl-plain-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:17:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:17:03 +0100 (CET) Subject: SUSE-CU-2025:8529-1: Recommended update of suse/registry Message-ID: <20251124081703.081A9FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8529-1 Container Tags : suse/registry:2.8 , suse/registry:2.8 , suse/registry:2.8-18.5 , suse/registry:latest Container Release : 18.5 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:17:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:17:18 +0100 (CET) Subject: SUSE-CU-2025:8530-1: Recommended update of suse/git Message-ID: <20251124081718.0F924FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8530-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-65.7 , suse/git:latest Container Release : 65.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:17:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:17:35 +0100 (CET) Subject: SUSE-CU-2025:8531-1: Security update of bci/golang Message-ID: <20251124081735.D6675FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8531-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.10 , bci/golang:1.24.10-2.76.7 , bci/golang:oldstable , bci/golang:oldstable-2.76.7 Container Release : 76.7 Severity : important Type : security References : 1040589 1224386 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1240870 1241916 1243756 1243760 1246481 1246486 1247105 1247114 1247117 1248501 1250632 1251275 1251276 1251277 1251794 1251795 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-3198 CVE-2025-5244 CVE-2025-5245 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libctf-nobfd0-2.45-150100.7.57.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - container:registry.suse.com-bci-bci-base-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:18:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:18:00 +0100 (CET) Subject: SUSE-CU-2025:8532-1: Recommended update of suse/pcp Message-ID: <20251124081800.4CC80FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8532-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-68.7 , suse/pcp:latest Container Release : 68.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - cyrus-sasl-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:18:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:18:13 +0100 (CET) Subject: SUSE-CU-2025:8533-1: Recommended update of suse/postgres Message-ID: <20251124081813.72770FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8533-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-80.6 Container Release : 80.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:18:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:18:26 +0100 (CET) Subject: SUSE-CU-2025:8534-1: Recommended update of suse/postgres Message-ID: <20251124081826.37B12FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8534-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-70.6 , suse/postgres:latest Container Release : 70.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:18:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:18:41 +0100 (CET) Subject: SUSE-CU-2025:8535-1: Recommended update of suse/samba-client Message-ID: <20251124081841.363D6FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8535-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-69.6 , suse/samba-client:latest Container Release : 69.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:18:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:18:56 +0100 (CET) Subject: SUSE-CU-2025:8536-1: Recommended update of suse/samba-server Message-ID: <20251124081856.1A575FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8536-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-69.6 , suse/samba-server:latest Container Release : 69.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:19:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:19:10 +0100 (CET) Subject: SUSE-CU-2025:8537-1: Recommended update of suse/samba-toolbox Message-ID: <20251124081910.78C2FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8537-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-69.6 , suse/samba-toolbox:latest Container Release : 69.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:suse-sle15-15.7-ac5b42e5d36d556e6bb6a242a1e3e5020ae4e60379c240879cf37e3a97cdba3c-0 updated From sle-container-updates at lists.suse.com Mon Nov 24 08:19:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 24 Nov 2025 09:19:27 +0100 (CET) Subject: SUSE-CU-2025:8538-1: Recommended update of suse/sle15 Message-ID: <20251124081927.7563FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8538-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.10 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.10 , suse/sle15:latest Container Release : 5.11.10 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated From sle-container-updates at lists.suse.com Tue Nov 25 08:37:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 09:37:17 +0100 (CET) Subject: SUSE-IU-2025:3724-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251125083717.74892FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3724-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.222 , suse/sle-micro/base-5.5:latest Image Release : 5.8.222 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated From sle-container-updates at lists.suse.com Tue Nov 25 08:38:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 09:38:21 +0100 (CET) Subject: SUSE-IU-2025:3725-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251125083821.D0060FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3725-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.425 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.425 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.222 updated From sle-container-updates at lists.suse.com Tue Nov 25 08:40:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 09:40:03 +0100 (CET) Subject: SUSE-IU-2025:3726-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20251125084003.75F37FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3726-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.539 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.539 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.410 updated From sle-container-updates at lists.suse.com Tue Nov 25 08:41:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 09:41:34 +0100 (CET) Subject: SUSE-IU-2025:3727-1: Security update of suse/sle-micro/5.5 Message-ID: <20251125084134.E709AFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3727-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.410 , suse/sle-micro/5.5:latest Image Release : 5.5.410 Severity : important Type : security References : 1253542 CVE-2025-47913 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4185-1 Released: Mon Nov 24 08:57:17 2025 Summary: Security update for podman Type: security Severity: important References: 1253542,CVE-2025-47913 This update for podman fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542) The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated - podman-4.9.5-150500.3.59.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.222 updated From sle-container-updates at lists.suse.com Tue Nov 25 08:51:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 09:51:13 +0100 (CET) Subject: SUSE-CU-2025:8543-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251125085113.C4170FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8543-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.94 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.94 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:24:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:24:16 +0100 (CET) Subject: SUSE-CU-2025:8544-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251125102416.7A716FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8544-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.134 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.134 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1224386 1233529 1236743 1236744 1239206 1241132 1244939 1245953 1248211 1248230 1248501 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252236 1252265 1252269 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252930 1252931 1252932 1252933 1252934 1252935 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 CVE-2025-54770 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4140-1 Released: Wed Nov 19 14:15:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252236,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987 ,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4196-1 Released: Mon Nov 24 11:54:23 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1236744,1241132,1245953,1252269,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269) The following package changes have been done: - grub2-i386-pc-2.12-150600.8.44.2 updated - grub2-x86_64-efi-2.12-150600.8.44.2 updated - grub2-2.12-150600.8.44.2 updated - kernel-default-6.4.0-150600.23.78.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libudev1-254.27-150600.4.46.2 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:27:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:27:03 +0100 (CET) Subject: SUSE-CU-2025:8545-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251125102703.6A8C3FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8545-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.55.10 Container Release : 55.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:28:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:28:01 +0100 (CET) Subject: SUSE-CU-2025:8546-1: Recommended update of suse/sle15 Message-ID: <20251125102801.960BAFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8546-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.12 , suse/sle15:15.6 , suse/sle15:15.6.47.26.12 Container Release : 47.26.12 Severity : moderate Type : recommended References : 1224386 1233529 1248501 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libudev1-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:28:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:28:26 +0100 (CET) Subject: SUSE-CU-2025:8547-1: Recommended update of suse/389-ds Message-ID: <20251125102826.7D3F5FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8547-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-65.8 , suse/389-ds:latest Container Release : 65.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:30:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:30:52 +0100 (CET) Subject: SUSE-CU-2025:8558-1: Recommended update of bci/gcc Message-ID: <20251125103052.A3265FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8558-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-15.7 , bci/gcc:latest Container Release : 15.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:31:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:31:08 +0100 (CET) Subject: SUSE-CU-2025:8559-1: Recommended update of bci/golang Message-ID: <20251125103108.D8A2FFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8559-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.10 , bci/golang:1.24.10-2.76.8 , bci/golang:oldstable , bci/golang:oldstable-2.76.8 Container Release : 76.8 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:31:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:31:27 +0100 (CET) Subject: SUSE-CU-2025:8560-1: Recommended update of bci/golang Message-ID: <20251125103127.413CCFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8560-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-79.7 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-79.7 Container Release : 79.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:32:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:32:02 +0100 (CET) Subject: SUSE-CU-2025:8562-1: Recommended update of suse/kea Message-ID: <20251125103202.466EDFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8562-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-67.5 , suse/kea:latest Container Release : 67.5 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:32:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:32:25 +0100 (CET) Subject: SUSE-CU-2025:8563-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251125103225.500B1FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8563-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.11 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.11 Severity : important Type : security References : 1233529 1253188 CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11713 CVE-2025-11714 CVE-2025-11715 CVE-2025-13012 CVE-2025-13013 CVE-2025-13014 CVE-2025-13015 CVE-2025-13016 CVE-2025-13017 CVE-2025-13018 CVE-2025-13019 CVE-2025-13020 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4173-1 Released: Mon Nov 24 03:50:01 2025 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1253188,CVE-2025-11708,CVE-2025-11709,CVE-2025-11710,CVE-2025-11711,CVE-2025-11712,CVE-2025-11713,CVE-2025-11714,CVE-2025-11715,CVE-2025-13012,CVE-2025-13013,CVE-2025-13014,CVE-2025-13015,CVE-2025-13016,CVE-2025-13017,CVE-2025-13018,CVE-2025-13019,CVE-2025-13020 This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 140.5.0 ESR (bsc#1253188) - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. - CVE-2025-13018: Mitigation bypass in the DOM: Security component. - CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. - CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. - CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. - CVE-2025-13014: Use-after-free in the Audio/Video component. - CVE-2025-13015: Spoofing issue in Firefox. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - MozillaFirefox-140.5.0-150200.152.210.1 updated - container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:32:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:32:42 +0100 (CET) Subject: SUSE-CU-2025:8564-1: Recommended update of bci/nodejs Message-ID: <20251125103242.0FEF0FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8564-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-14.6 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-14.6 , bci/nodejs:latest Container Release : 14.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:33:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:33:20 +0100 (CET) Subject: SUSE-CU-2025:8566-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251125103320.21322FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8566-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-52.9 , bci/bci-sle15-kernel-module-devel:latest Container Release : 52.9 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 10:39:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 11:39:59 +0100 (CET) Subject: SUSE-CU-2025:8585-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251125103959.710BAFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8585-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.204 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.204 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4180-1 Released: Mon Nov 24 08:54:45 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4186-1 Released: Mon Nov 24 08:57:53 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - curl-8.14.1-150200.4.94.1 updated - libcurl4-8.14.1-150200.4.94.1 updated - libglib-2_0-0-2.62.6-150200.3.33.1 updated - libgmodule-2_0-0-2.62.6-150200.3.33.1 updated From sle-container-updates at lists.suse.com Tue Nov 25 11:14:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 12:14:29 +0100 (CET) Subject: SUSE-CU-2025:8586-1: Recommended update of bci/golang Message-ID: <20251125111429.E5CA0FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8586-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.76.7 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.7 Container Release : 76.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Tue Nov 25 16:39:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Nov 2025 17:39:01 +0100 (CET) Subject: SUSE-CU-2025:8588-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251125163901.0F74DFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8588-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.96 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.96 Severity : moderate Type : security References : 1252931 1252932 1252933 1252934 1252935 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4224-1 Released: Tue Nov 25 10:53:48 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1252931,1252932,1252933,1252934,1252935,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 The following package changes have been done: - grub2-i386-pc-2.06-150400.11.66.1 updated - grub2-x86_64-efi-2.06-150400.11.66.1 updated - grub2-2.06-150400.11.66.1 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:03:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:03:03 +0100 (CET) Subject: SUSE-CU-2025:8594-1: Security update of containers/lmcache-lmstack-router Message-ID: <20251126080303.CFAAAFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8594-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.27 Container Release : 2.27 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150600.4.31.1 updated - python311-bcrypt-4.3.0-150600.1.8 updated - python311-pydantic-core-2.35.1-150600.1.5 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:03:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:03:53 +0100 (CET) Subject: SUSE-CU-2025:8595-1: Security update of containers/milvus Message-ID: <20251126080353.5CD95FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8595-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-8.5 Container Release : 8.5 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150600.4.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:05:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:05:49 +0100 (CET) Subject: SUSE-CU-2025:8596-1: Security update of containers/open-webui Message-ID: <20251126080549.8420CFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8596-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.58 Container Release : 12.58 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150600.4.31.1 updated - python311-safetensors-0.4.3-150600.1.26 updated - python311-orjson-3.10.7-150600.1.30 updated - python311-jiter-0.5.0-150600.1.25 updated - python311-bcrypt-4.3.0-150600.1.8 updated - python311-pydantic-core-2.35.1-150600.1.5 updated - python311-pandas-2.2.3-150600.1.77 updated - python311-pycrdt-0.12.26-150600.1.5 updated - python311-tiktoken-0.7.0-150600.1.27 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:05:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:05:54 +0100 (CET) Subject: SUSE-CU-2025:8597-1: Security update of containers/open-webui-mcpo Message-ID: <20251126080554.75031FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-mcpo ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8597-1 Container Tags : containers/open-webui-mcpo:0 , containers/open-webui-mcpo:0.0.17 , containers/open-webui-mcpo:0.0.17-1.15 Container Release : 1.15 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container containers/open-webui-mcpo was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - python311-rpds-py-0.7.1-150600.1.26 updated - python311-pydantic-core-2.35.1-150600.1.5 updated - libcurl4-8.14.1-150600.4.31.1 updated - curl-8.14.1-150600.4.31.1 updated - python311-uv-0.9.4-150600.1.11 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:06:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:06:09 +0100 (CET) Subject: SUSE-CU-2025:8598-1: Security update of containers/open-webui-pipelines Message-ID: <20251126080609.B193EFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8598-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.22 Container Release : 7.22 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150600.4.31.1 updated - curl-8.14.1-150600.4.31.1 updated - python311-bcrypt-4.3.0-150600.1.8 updated - python-open-webui-pipelines-0.20250819.030501-150600.1.13 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:06:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:06:34 +0100 (CET) Subject: SUSE-CU-2025:8599-1: Security update of containers/pytorch Message-ID: <20251126080634.EA3ECFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8599-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.23 Container Release : 3.23 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150600.4.31.1 updated - python311-torch-cuda-2.8.0-150600.2.7 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:10:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:10:48 +0100 (CET) Subject: SUSE-IU-2025:3737-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20251126081048.AEB93FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3737-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.411 , suse/sle-micro/5.5:latest Image Release : 5.5.411 Severity : important Type : recommended References : 1252151 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4238-1 Released: Tue Nov 25 17:12:57 2025 Summary: Recommended update for hdparm Type: recommended Severity: important References: 1252151 This update for hdparm fixes the following issues: - Fix the %licence tag for hdparm (bsc#1252151) The following package changes have been done: - hdparm-9.62-150400.3.5.2 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:13:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:13:23 +0100 (CET) Subject: SUSE-CU-2025:8602-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20251126081323.2AF24FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8602-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.86 , private-registry/harbor-trivy-adapter:latest Container Release : 2.86 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150600.4.31.1 updated - container:suse-sle15-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:20:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:20:28 +0100 (CET) Subject: SUSE-CU-2025:8604-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251126082028.F247CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8604-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.97 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.97 Severity : important Type : recommended References : 1252151 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4238-1 Released: Tue Nov 25 17:12:57 2025 Summary: Recommended update for hdparm Type: recommended Severity: important References: 1252151 This update for hdparm fixes the following issues: - Fix the %licence tag for hdparm (bsc#1252151) The following package changes have been done: - hdparm-9.62-150400.3.5.2 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:29:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:29:59 +0100 (CET) Subject: SUSE-CU-2025:8606-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251126082959.53839FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8606-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.135 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.135 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150600.4.31.1 updated - libcurl4-8.14.1-150600.4.31.1 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:31:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:31:39 +0100 (CET) Subject: SUSE-CU-2025:8607-1: Recommended update of bci/golang Message-ID: <20251126083139.CC81BFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8607-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-79.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-79.7 Container Release : 79.7 Severity : moderate Type : recommended References : 1224386 1233529 1248501 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:31:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:31:50 +0100 (CET) Subject: SUSE-CU-2025:8608-1: Security update of suse/helm Message-ID: <20251126083150.490D9FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8608-1 Container Tags : suse/helm:3 , suse/helm:3.19 , suse/helm:3.19.1 , suse/helm:3.19.1-61.1 , suse/helm:latest Container Release : 61.1 Severity : important Type : security References : 1246152 1251442 1251649 CVE-2025-47911 CVE-2025-53547 CVE-2025-58190 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4190-1 Released: Mon Nov 24 10:19:40 2025 Summary: Security update for helm Type: security Severity: important References: 1246152,1251442,1251649,CVE-2025-47911,CVE-2025-53547,CVE-2025-58190 This update for helm fixes the following issues: - Update to version 3.19.1 - CVE-2025-53547: Fixed local code execution in Helm Chart. (bsc#1246152) - CVE-2025-58190: Fixed excessive memory consumption by `html.ParseFragment` when processing specially crafted input. (bsc#1251649) - CVE-2025-47911: Fixed various algorithms with quadratic complexity when parsing HTML documents. (bsc#1251442) The following package changes have been done: - helm-3.19.1-150000.1.57.1 updated - container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated - container:registry.suse.com-bci-bci-micro-15.7-2823ba3a4854c7bb7072f94d16ef903ae64f2ca3341659a15cfa91409729df2c-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:32:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:32:12 +0100 (CET) Subject: SUSE-CU-2025:8609-1: Recommended update of bci/openjdk-devel Message-ID: <20251126083212.69418FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8609-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.17.0 , bci/openjdk-devel:17.0.17.0-14.11 Container Release : 14.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:bci-openjdk-17-15.7.17-13.9 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:32:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:32:32 +0100 (CET) Subject: SUSE-CU-2025:8610-1: Recommended update of bci/openjdk Message-ID: <20251126083232.B74D0FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8610-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.9 Container Release : 13.9 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:32:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:32:53 +0100 (CET) Subject: SUSE-CU-2025:8611-1: Recommended update of bci/openjdk-devel Message-ID: <20251126083253.9B619FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8611-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-17.10 , bci/openjdk-devel:latest Container Release : 17.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:bci-openjdk-21-15.7.21-16.8 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:33:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:33:14 +0100 (CET) Subject: SUSE-CU-2025:8612-1: Recommended update of bci/php-apache Message-ID: <20251126083314.2D0E4FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8612-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-17.1 , bci/php-apache:latest Container Release : 17.1 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:33:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:33:33 +0100 (CET) Subject: SUSE-CU-2025:8613-1: Recommended update of bci/php-fpm Message-ID: <20251126083333.1CA98FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8613-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-17.1 , bci/php-fpm:latest Container Release : 17.1 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:33:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:33:51 +0100 (CET) Subject: SUSE-CU-2025:8614-1: Recommended update of bci/php Message-ID: <20251126083351.17527FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8614-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-17.1 , bci/php:latest Container Release : 17.1 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:34:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:34:11 +0100 (CET) Subject: SUSE-CU-2025:8615-1: Recommended update of bci/python Message-ID: <20251126083411.11047FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8615-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-78.6 Container Release : 78.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:57:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:57:47 +0100 (CET) Subject: SUSE-CU-2025:8615-1: Recommended update of bci/python Message-ID: <20251126085747.92952FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8615-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-78.6 Container Release : 78.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:58:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:58:08 +0100 (CET) Subject: SUSE-CU-2025:8616-1: Recommended update of bci/python Message-ID: <20251126085808.D2011FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8616-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-77.6 Container Release : 77.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:58:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:58:29 +0100 (CET) Subject: SUSE-CU-2025:8617-1: Recommended update of bci/ruby Message-ID: <20251126085829.906AFFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8617-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.7 Container Release : 19.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:58:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:58:50 +0100 (CET) Subject: SUSE-CU-2025:8618-1: Recommended update of bci/ruby Message-ID: <20251126085850.16DFDFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8618-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-18.7 , bci/ruby:latest Container Release : 18.7 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:59:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:59:08 +0100 (CET) Subject: SUSE-CU-2025:8619-1: Recommended update of bci/rust Message-ID: <20251126085908.D8919FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8619-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.4.6 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.6 Container Release : 4.6 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:05:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:05:41 +0100 (CET) Subject: SUSE-IU-2025:3743-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251127080541.8F2AFFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3743-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.4 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.4 Severity : critical Type : security References : 1205770 1229587 1232226 1235731 1238137 1238848 1240883 1242998 1243503 1244573 1245470 1247106 1247108 1247581 1247582 1247875 1248117 1248330 1249052 1249370 1249435 1249584 1250413 1250553 1250661 1250696 1250974 1251227 1251793 1251862 1251923 1251952 1251979 1252110 1252232 1253260 CVE-2024-13978 CVE-2025-10911 CVE-2025-11731 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 CVE-2025-59375 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8961 CVE-2025-9165 CVE-2025-9900 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 20 Released: Mon Nov 17 16:06:01 2025 Summary: Recommended update for selinux-policy Type: recommended Severity: critical References: 1205770,1229587,1232226,1235731,1238137,1240883,1242998,1244573,1245470,1247875,1249052,1249370,1249435,1250661,1250696,1250974,1251227,1251793,1251862,1251923,1251952 This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git239.fcbf2d509: * fail2ban: bump module version * fail2ban: allow fail2ban to watch all log files and dirs (bsc#1251952) * fail2ban: fix typos in interface descriptions * fail2ban: tweak file context regex for /run/fail2ban * fail2ban: drop file context for old rc.d file * Allow wicket to manage its proc directories (bsc#1235731) * Allow NM to manage wicked pid files (bsc#1235731) * Allow NM to reach systemd unit files (bsc#1235731) * Make wicked script backwards compatible (bsc#1251923) * Allow snapper grub plugin to domtrans to bootloader_t (bsc#1251862) * Allow salt_t transition to rpm_script_t (bsc#1250696) * grub snapper plugin is now named 00-grub (bsc#1251793) * Assign alts_exec_t exec_file attribute (bsc#1250974) * Add equivalency between /srv/tomcat and /var/lib/tomcat (bsc#1251227) * Allow sshd_session_t write to wtmpdb * Support /usr/libexec/ssh as well as openssh folder * Set xenstored_use_store_type_domain boolean true(bsc#1247875) * Adjust guest and xguest users policy for sshd-session * Allow valkey-server create and use netlink_rdma_socket * Allow blueman get attributes of filesystems with extended attributes * Update files_search_base_file_types() * Introduce unconfined wicked_script_t (bsc#1205770, bsc#1250661) * Allow geoclue get attributes of the /dev/shm filesystem * Allow apcupsd get attributes of the /dev/shm filesystem * Allow sshd-session read cockpit pid files * Add /opt/.snapshots to the snapper file context (bsc#1232226) * Allow nfs generator create and use netlink sockets * Conditionally allow virt guests to read certificates in user home directories * xenstored_t needs CAP_SYS_ADMIN for XENSTORETYPE=domain (bsc#1247875) * Allow nfs-generator create and use udp sockets * Allow kdump search kdumpctl_tmp_t directories * Allow init open and read user tmp files * Fix the systemd_logind_stream_connect() interface * Allow staff and sysadm execute iotop using sudo * Allow sudodomains connect to systemd-logind over a unix socket * /boot/efi is dosfs_t and kdump needs to access it (bsc#1249370) * Add default contexts for sshd-seesion * Define types for new openssh executables * Fix systemd_manage_unit_symlinks() interface definition * Support coreos installation methods * Add a new type for systemd-ssh-issue PID files * Allow gnome-remote-desktop connect to unreserved ports * Zypper moves files in /var/tmp to /var/cache (bsc#1249052, bsc#1249435) * Allow mdadm the CAP_SYS_PTRACE capability * Allow iptables manage its private fifo_files in /tmp * Allow auditd manage its private run dirs * Revert 'Allow virt_domain write to virt_image_t files' * Allow gdm create /etc/.pwd.lock with a file transition * Allow gdm bind a socket in the /run/systemd/userdbd directory * Allow nsswitch_domain connect to xdm over a unix domain socket * Allow systemd homed getattr all tmpfs files (bsc#1240883) * Allow systemd (PID 1) create lastlog entries * Allow systemd_homework_t transition pid files to lvm_var_run_t (bsc#1240883) * Allow gnome-remote-desktop speak with tabrmd over dbus (bsc#1244573) * Allow nm-dispatcher iscsi and sendmail plugins get pidfs attributes * Allow systemd-oomd watch tmpfs dirs * Allow chronyc the setgid and setuid capabilities * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * Fix selinux-autorelabel-generator label after upstream changes * Revert 'Remove the mysql module sources' * Revert 'Allow rasdaemon write access to sysfs (bsc#1229587)' * Reset postfix.fc to upstream, add alias instead * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state * Allow systemd-networkd to create leases directory * Apply generator template to selinux-autorelabel generator * Support virtqemud handle hotplug hostdev devices * Allow virtstoraged create qemu /var/run files * Allow unconfined_domain_type cap2_userns capabilities * Label /usr/libexec/postfix/tlsproxy with postfix_smtp_exec_t * Remove the mysql module sources * dist/targeted/modules.conf: Enable kmscon module (bsc#1238137) * Update kmscon policy module to kmscon version 9 (bsc#1238137) * Allow login to getattr pidfs * Allow systemd to map files under /sys * systemd: drop duplicate init_nnp_daemon_domain lines * Fix typo * Allow logwatch stream connect to opensmtpd * Allow geoclue read NetworkManager pid files * Allow unconfined user a file transition for creating sudo log directory * Allow virtqemud read/write inherited dri devices * Allow xdm_t create user namespaces * Update policy for login_userdomain * Add ppd_base_profile to file transition to get tuned_rw_etc_t type * Update policy for bootupd * Allow logwatch work with opensmtpd * Update dovecot policy for dovecot 2.4.1 * Allow ras-mc-ctl write to sysfs files * Allow anaconda-generator get attributes of all filesystems * Add the rhcd_rw_fifo_files() interface * Allow systemd-coredump the sys_chroot capability * Allow hostapd write to socket files in /tmp * Recognize /var/home as an alternate path for /home * Label /var/lib/lastlog with lastlog_t * Allow virtqemud write to sysfs files * Allow irqbalance search sssd lib directories * Allow samba-dcerpcd send sigkills to passwd * Allow systemd-oomd watch dbus pid sock files * Allow some confined users read and map generic log files * Allow login_userdomain watch the /run/log/journal directory * Allow login_userdomain dbus chat with tuned-ppd * Allow login_userdomain dbus chat with switcheroo-control * Allow userdomain to connect to systemd-oomd over a unix socket * Add insights_client_delete_lib_dirs() interface * Allow virtqemud_t use its private tmpfs files (bsc#1242998) * Allow virtqemud_t setattr to /dev/userfaultfd (bsc#1242998) * Allow virtqemud_t read and write /dev/ptmx (bsc#1242998) * Extend virtqemud_t tcp_socket permissions (bsc#1242998) * Allow virtqemud_t to read and write generic pty (bsc#1242998) * Allow systemd-importd create and unlink init pid socket * Allow virtqemud handle virt_content_t chr files * Allow svirt read virtqemud fifo files * All sblim-sfcbd the dac_read_search capability * Allow sblim domain read systemd session files * Allow sblim-sfcbd execute dnsdomainname * Confine nfs-server generator * Allow systemd-timedated start/stop timemaster services * Allow 'hostapd_cli ping' run as a systemd service * Allow power-profiles-daemon get attributes of filesystems with extended attributes * Allow 'oomctl dump' to interact with systemd-oomd * Basic functionality for systemd-oomd * Basic enablement for systemd-oomd * Allow samba-bgqd send to smbd over a unix datagram socket * Update kernel_secretmem_use() * Add the file/watch_mountns permission * Update systemd-generators policy * Allow plymouthd_t read proc files of systemd_passwd_agent (bsc#1245470) * Allow insights-client file transition for files in /var/tmp * Allow tuned-ppd manage tuned log files * Allow systemd-coredump mount on tmpfs filesystems * Update sssd_dontaudit_read_public_files() * Allow zram-generator raw read fixed disk device * Add fs_write_cgroup_dirs() and fs_setattr_cgroup_dirs() interfaces ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Nov 19 10:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584) ----------------------------------------------------------------- Advisory ID: 24 Released: Wed Nov 19 10:40:24 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: Changes in libxslt: - CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979) - CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553) ----------------------------------------------------------------- Advisory ID: 23 Released: Wed Nov 19 10:40:24 2025 Summary: Security update for tiff Type: security Severity: important References: 1243503,1247106,1247108,1247581,1247582,1248117,1248330,1250413,CVE-2024-13978,CVE-2025-8176,CVE-2025-8177,CVE-2025-8534,CVE-2025-8961,CVE-2025-9165,CVE-2025-9900 This update for tiff fixes the following issues: tiff was updated to 4.7.1: * Software configuration changes: * Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h. * CMake: define WORDS_BIGENDIAN via tif_config.h * doc/CMakeLists.txt: remove useless cmake_minimum_required() * CMake: fix build with LLVM/Clang 17 (fixes issue #651) * CMake: set CMP0074 new policy * Set LINKER_LANGUAGE for C targets with C deps * Export tiffxx cmake target (fixes issue #674) * autogen.sh: Enable verbose wget. * configure.ac: Syntax updates for Autoconf 2.71 * autogen.sh: Re-implement based on autoreconf. Failure to update config.guess/config.sub does not return error (fixes issue #672) * CMake: fix CMake 4.0 warning when minimum required version is < 3.10. * CMake: Add build option tiff-static (fixes issue #709) Library changes: * Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control about emitting warnings for unknown tags. No longer emit warnings about unknown tags by default * tif_predict.c: speed-up decompression in some cases. * Bug fixes: * tif_fax3: For fax group 3 data if no EOL is detected, reading is retried without synchronisation for EOLs. (fixes issue #54) * Updating TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue #532) * tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in the DNG 1.7 specification * TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes issue #648) * Do not error out on a tag whose tag count value is zero, just issue a warning. Fix parsing a private tag 0x80a6 (fixes issue #647) * TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 Fixes https://github.com/OSGeo/gdal/issues/10875) * tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175) * Fix writing a Predictor=3 file with non-native endianness * _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds * read / nullptr dereference) in case of out-of-memory situation when dealing with custom tags (fixes issue #663) * tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and PlanarConfiguration = Contiguous (fixes issue #26) * tif_fax3.c: error out after a number of times end-of-line or unexpected bad code words have been reached. (fixes issue #670) * Fix memory leak in TIFFSetupStrips() (fixes issue #665) * tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with -DZ_SOLO inflating will fail. * Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676) * tif_predict.c: Don???t overwrite input buffer of TIFFWriteScanline() if 'prediction' is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5) * tif_getimage.c: update some integer overflow checks (fixes issue #79) * tif_getimage.c: Fix buffer underflow crash for less raster rows at TIFFReadRGBAImageOriented() (fixes issue #704, bsc#1250413, CVE-2025-9900) * TIFFReadRGBAImage(): several fixes to avoid buffer overflows. * Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative() if HAVE_IEEEFP is not defined. (fixes issue #699) * LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker has been found with remaining output bytes (fixes issue #698) * TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return. * TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when clearing tif_rawdata (fixes issue #711) * JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid out-of-bounds access (fixes issue #714) * tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for 8/12bit dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0. Fixes issue #717 * add assert for TIFFReadCustomDirectory infoarray check. * ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line were written wrongly. (fixes issue #467) * fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649) * tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650) * tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by zero. Fixes issue #654 * tiff2pdf: avoid null pointer dereference. (fixes issue #741) * Improve non-secure integer overflow check (comparison of division result with multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba. Fixes issue #546 * tiff2rgba: fix some 'a partial expression can generate an overflow before it is assigned to a broader type' warnings. (fixes issue #682) * tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703) * tiffdither: avoid out-of-bounds read identified in issue #733 * tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707) * tiffmedian: close input file. (fixes issue #735) * thumbail: avoid potential out of bounds access (fixes issue #715) * tiffcrop: close open TIFF files and release allocated buffers before exiting in case of error to avoid memory leaks. (fixes issue #716) * tiffcrop: fix double-free and memory leak exposed by issue #721 * tiffcrop: avoid buffer overflow. (fixes issue #740) * tiffcrop: avoid nullptr dereference. (fixes issue #734) * tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem to PrintData, which uses it as a divisor or modulus. * tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718) * tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729) * tiffcp: fix setting compression level for lossless codecs. (fixes issue #730) * raw2tiff: close input file before exit (fixes issue #742) Tools changes: * tiffinfo: add a -W switch to warn about unknown tags. * tiffdither: process all pages in input TIFF file. * Documentation: * TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation from 5 (LeftTop) to 8 (LeftBottom) in the raster. * TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67) * Update 'Defining New TIFF Tags' description. (fixes issue #642) * Fix return type of TIFFReadEncodedTile() * Update the documentation to reflect deprecated typedefs. * TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image data and not for IFD data. * Update documentation on re-entrancy and thread safety. * Remove dead links to no more existing Awaresystems web-site. * Updating BigTIFF specification and some miscelaneous editions. * Replace some last links and remove last todos. * Added hints for correct allocation of TIFFYCbCrtoRGB structure and its associated buffers. (fixes issue #681) * Added chapter to 'Using the TIFF Library' with links to handling multi-page TIFF and custom directories. (fixes issue #43) * update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12) Security issues fixed: * CVE-2025-8961: Fix segmentation fault via main function of tiffcrop utility [bsc#1248117] * CVE-2025-8534: Fix null pointer dereference in function PS_Lvl2page [bsc#1247582] * CVE-2025-9165: Fix local execution manipulation can lead to memory leak [bsc#1248330] * CVE-2024-13978: Fix null pointer dereference in tiff2pdf [bsc#1247581] * CVE-2025-8176: Fix heap use-after-free in tools/tiffmedian.c [bsc#1247108] * CVE-2025-8177: Fix possible buffer overflow in tools/thumbnail.c:setrow() [bsc#1247106] - Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503) ----------------------------------------------------------------- Advisory ID: 27 Released: Wed Nov 19 10:41:40 2025 Summary: Recommended update for wpa_supplicant Type: recommended Severity: moderate References: This update for wpa_supplicant fixes the following issues: - Build wpa_gui with qt6 instead of obsolete qt5 - Update build config: * Enable 802.11ax support ----------------------------------------------------------------- Advisory ID: 26 Released: Wed Nov 19 10:43:19 2025 Summary: Recommended update for dracut Type: recommended Severity: important References: 1238848 This update for dracut fixes the following issues: - Additional fixes for PXE boot with filled-in NBFT (bsc#1238848): * fix (74nvmf): make sure autoconnect script is run at least once * fix (74nvmf): only set netroot if it's yet empty ----------------------------------------------------------------- Advisory ID: 46 Released: Thu Nov 20 17:44:20 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - Update to runc v1.3.3: * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252232) ----------------------------------------------------------------- Advisory ID: 49 Released: Mon Nov 24 18:01:34 2025 Summary: Recommended update for colord Type: recommended Severity: moderate References: This update for colord fixes the following issues: - Update to version 1.4.8: + New Features: - Add AppStream metainfo XML with hardware provide info. - Add support for -Dsystemd_root_prefix to make local building easier. - Install sysusers.d config file if configured user is not root. + Bugfixes: - Add the source attribute for each man page. - Drop component type from AppStream metadata XML to avoid parsing error. - Fix a critical warning when running the self tests. - Fix USB scanners not working with RestrictAddressFamilies. - Fix writing to the database with ProtectSystem=strict. - Properly set the status to CD_SESSION_STATUS_RUNNING. - Use g_ascii_strtod instead of atof(). - Use sqlite3_errmsg() to avoid getting a mutable error message. - Changes from version 1.4.7: + Bugfixes: - Add various hardenings to the systemd service. - Always close the ICC profile when loading fails. - Avoid destructing LCMS plugin twice with lcms 2.14. - Do not make state files executable in tmpfiles.d/colord.conf. - Fix a double free spotted by Coverity. - Fix an error check when parsing the DTP94 data. - Fix a -Wincompatible-pointer-types warning. - Fix potential crash when reading from broken Huey hardware. - Set FILE_OFFSET_BITS explicitly. - Use a 64-bit time_t. - Use thread context for Gamut Alarm codes. ----------------------------------------------------------------- Advisory ID: 54 Released: Tue Nov 25 17:12:46 2025 Summary: Recommended update for multipath-tools Type: recommended Severity: moderate References: 1253260 This update for multipath-tools fixes the following issues: - Fixes from upstream 0.11.3 (bsc#1253260) * Improved the communication with **udev** and **systemd** by triggering uevents when path devices are added to or removed from multipath maps, or when `multipathd reconfigure` is executed after changing blacklist directives in `multipath.conf`. * Failed paths should be checked every `polling_interval`. In certain cases, this wouldn't happen, because the check interval wasn't reset by multipathd. * It could happen that multipathd would accidentally release a SCSI persistent reservation held by another node. * After manually failing some paths and then reinstating them, sometimes the reinstated paths were immediately failed again by multipathd. * Various minor fixes reported by coverity. The following package changes have been done: - libexpat1-2.7.1-160000.3.1 updated - dracut-059+suse.700.g40f7c5c4-160000.1.1 updated - wpa_supplicant-2.11-160000.3.1 updated - kpartx-0.11.3+184+suse.e1501732-160000.1.1 updated - libxslt1-1.1.43-160000.3.1 updated - runc-1.3.3-160000.1.1 updated - libtiff6-4.7.1-160000.1.1 updated - libcolord2-1.4.8-160000.1.1 updated - libmpath0-0.11.3+184+suse.e1501732-160000.1.1 updated - multipath-tools-0.11.3+184+suse.e1501732-160000.1.1 updated - selinux-policy-20250627+git239.fcbf2d509-160000.1.1 updated - selinux-policy-targeted-20250627+git239.fcbf2d509-160000.1.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-eed3216f44346e966f8ec1aa82ecac4b17c6b24f06daeaccd98bfcfc2da3cd21-0 added - container:SL-Micro-base-container-2.3.0-6.1 removed From sle-container-updates at lists.suse.com Thu Nov 27 08:05:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:05:42 +0100 (CET) Subject: SUSE-IU-2025:3744-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251127080542.5A037FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3744-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.5 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.5 Severity : important Type : security References : 1233529 1249191 1249348 1249367 1253757 CVE-2025-10148 CVE-2025-11563 CVE-2025-9086 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 57 Released: Wed Nov 26 15:30:14 2025 Summary: Security update for curl Type: security Severity: important References: 1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086 This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) - CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) Other fixes: - tool_operate: fix return code when --retry is used but not triggered (bsc#1249367) ----------------------------------------------------------------- Advisory ID: 60 Released: Wed Nov 26 15:34:50 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Fixed Python3 error log upon importing pycurl (bsc#1233529) The following package changes have been done: - libsasl2-3-2.1.28-160000.3.1 updated - libcurl4-8.14.1-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-c4430274632b2dd287586993bb029b64d0b19981aaf2a83a43188e529678c71d-0 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:08:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:08:46 +0100 (CET) Subject: SUSE-IU-2025:3753-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251127080846.26CBDFBA1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3753-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.5 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.5 Severity : important Type : security References : 1233529 1249191 1249348 1249367 1253757 CVE-2025-10148 CVE-2025-11563 CVE-2025-9086 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 57 Released: Wed Nov 26 15:30:14 2025 Summary: Security update for curl Type: security Severity: important References: 1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086 This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) - CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) Other fixes: - tool_operate: fix return code when --retry is used but not triggered (bsc#1249367) ----------------------------------------------------------------- Advisory ID: 60 Released: Wed Nov 26 15:34:50 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Fixed Python3 error log upon importing pycurl (bsc#1233529) The following package changes have been done: - libsasl2-3-2.1.28-160000.3.1 updated - libcurl4-8.14.1-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-c4430274632b2dd287586993bb029b64d0b19981aaf2a83a43188e529678c71d-0 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:08:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:08:54 +0100 (CET) Subject: SUSE-IU-2025:3758-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20251127080854.1284BFBAD@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3758-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-5.5 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 5.5 Severity : important Type : security References : 1233529 1249191 1249348 1249367 1253757 CVE-2025-10148 CVE-2025-11563 CVE-2025-9086 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 57 Released: Wed Nov 26 15:30:14 2025 Summary: Security update for curl Type: security Severity: important References: 1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086 This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) - CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) Other fixes: - tool_operate: fix return code when --retry is used but not triggered (bsc#1249367) ----------------------------------------------------------------- Advisory ID: 60 Released: Wed Nov 26 15:34:50 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Fixed Python3 error log upon importing pycurl (bsc#1233529) The following package changes have been done: - libsasl2-3-2.1.28-160000.3.1 updated - libcurl4-8.14.1-160000.3.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-1afc4b5e2fe5d39622f63eca55d99def4a1b563c6d31db1deeca9502df4d5976-0 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:14:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:14:48 +0100 (CET) Subject: SUSE-CU-2025:8643-1: Recommended update of bci/python Message-ID: <20251127081448.CF8D1FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8643-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.7 , bci/python:3.13.7-80.6 , bci/python:latest Container Release : 80.6 Severity : moderate Type : recommended References : 1224386 1233529 1248501 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:15:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:15:11 +0100 (CET) Subject: SUSE-CU-2025:8644-1: Security update of bci/ruby Message-ID: <20251127081511.A7E76FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8644-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.8 Container Release : 19.8 Severity : important Type : security References : 1225905 1230930 1232440 1235773 1237804 1237805 1237806 1245254 1246430 1246697 1250232 CVE-2024-35221 CVE-2024-47220 CVE-2024-49761 CVE-2025-24294 CVE-2025-27219 CVE-2025-27220 CVE-2025-27221 CVE-2025-6442 CVE-2025-9230 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4264-1 Released: Wed Nov 26 16:52:41 2025 Summary: Security update for ruby2.5 Type: security Severity: important References: 1225905,1230930,1232440,1235773,1237804,1237805,1237806,1245254,1246430,CVE-2024-35221,CVE-2024-47220,CVE-2024-49761,CVE-2025-24294,CVE-2025-27219,CVE-2025-27220,CVE-2025-27221,CVE-2025-6442 This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest (bsc#1225905) - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 (bsc#1232440) - CVE-2025-24294: Fixed denial of service (DoS) caused by an insufficient check on the length of a decompressed domain name within a DNS packet in resolv gem (bsc#1246430) - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) - CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805) - CVE-2025-6442: Fixed ruby WEBrick read_header HTTP request smuggling vulnerability (bsc#1245254) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 added - libruby2_5-2_5-2.5.9-150700.24.3.1 updated - ruby2.5-stdlib-2.5.9-150700.24.3.1 updated - ruby2.5-2.5.9-150700.24.3.1 updated - ruby2.5-devel-2.5.9-150700.24.3.1 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:15:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:15:28 +0100 (CET) Subject: SUSE-CU-2025:8645-1: Recommended update of bci/rust Message-ID: <20251127081528.D3CB7FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8645-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-2.2.1 , bci/rust:oldstable , bci/rust:oldstable-2.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : 1233529 1242170 1252698 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3678-1 Released: Mon Oct 20 10:47:02 2025 Summary: Recommended update for rust, rust1.90 Type: recommended Severity: moderate References: 1242170 This update for rust, rust1.90 fixes the following issues: Version 1.90.0 (2025-09-18) =========================== # Language - Split up the `unknown_or_malformed_diagnostic_attributes` lint. This lint has been split up into four finer-grained lints, with `unknown_or_malformed_diagnostic_attributes` now being the lint group that contains these lints: 1. `unknown_diagnostic_attributes`: unknown to the current compiler 2. `misplaced_diagnostic_attributes`: placed on the wrong item 3. `malformed_diagnostic_attributes`: malformed attribute syntax or options 4. `malformed_diagnostic_format_literals`: malformed format string literal - Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns - Allow volatile access to non-Rust memory, including address 0 # Compiler - Use `lld` by default on `x86_64-unknown-linux-gnu` - Tier 3 `musl` targets now link dynamically by default. Affected targets: - `mips64-unknown-linux-muslabi64` - `powerpc64-unknown-linux-musl` - `powerpc-unknown-linux-musl` - `powerpc-unknown-linux-muslspe` - `riscv32gc-unknown-linux-musl` - `s390x-unknown-linux-musl` - `thumbv7neon-unknown-linux-musleabihf` # Platform Support - Demote `x86_64-apple-darwin` to Tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. # Libraries - Stabilize `u*::{checked,overflowing,saturating,wrapping}_sub_signed` - Allow comparisons between `CStr`, `CString`, and `Cow` - Remove some unsized tuple impls since unsized tuples can't be constructed - Set `MSG_NOSIGNAL` for `UnixStream` - `proc_macro::Ident::new` now supports `$crate`. - Guarantee the pointer returned from `Thread::into_raw` has at least 8 bytes of alignment # Stabilized APIs - `u{n}::checked_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.checked_sub_signed - `u{n}::overflowing_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.overflowing_sub_signed - `u{n}::saturating_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.saturating_sub_signed - `u{n}::wrapping_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.wrapping_sub_signed) - `impl Copy for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Copy-for-IntErrorKind - `impl Hash for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Hash-for-IntErrorKind - `impl PartialEq<&CStr> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3C%26CStr%3E-for-CStr - `impl PartialEq for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCString%3E-for-CStr - `impl PartialEq> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CStr - `impl PartialEq<&CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3C%26CStr%3E-for-CString - `impl PartialEq for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCStr%3E-for-CString - `impl PartialEq> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CString - `impl PartialEq<&CStr> for Cow` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3C%26CStr%3E-for-Cow%3C'_,+CStr%3E - `impl PartialEq for Cow` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCStr%3E-for-Cow%3C'_,+CStr%3E - `impl PartialEq for Cow` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCString%3E-for-Cow%3C'_,+CStr%3E These previously stable APIs are now stable in const contexts: - `<[T]>::reverse` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.reverse - `f32::floor` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.floor - `f32::ceil` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.ceil - `f32::trunc` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.trunc - `f32::fract` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.fract - `f32::round` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round - `f32::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even - `f64::floor` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.floor - `f64::ceil` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.ceil - `f64::trunc` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.trunc - `f64::fract` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.fract - `f64::round` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round - `f64::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even # Cargo - Add `http.proxy-cainfo` config for proxy certs - Use `gix` for `cargo package` - feat(publish): Stabilize multi-package publishing # Rustdoc - Add ways to collapse all impl blocks. Previously the 'Summary' button and '-' keyboard shortcut would never collapse `impl` blocks, now they do when shift is held - Display unsafe attributes with `unsafe()` wrappers # Compatibility Notes - Use `lld` by default on `x86_64-unknown-linux-gnu` See also . - Make `core::iter::Fuse`'s `Default` impl construct `I::default()` internally as promised in the docs instead of always being empty - Set `MSG_NOSIGNAL` for `UnixStream` This may change program behavior but results in the same behavior as other primitives (e.g., stdout, network sockets). Programs relying on signals to terminate them should update handling of sockets to handle errors on write by exiting. - On Unix `std::env::home_dir` will use the fallback if the `HOME` environment variable is empty - We now reject unsupported `extern '{abi}'`s consistently in all positions. This primarily affects the use of implementing traits on an `extern '{abi}'` function pointer, like `extern 'stdcall' fn()`, on a platform that doesn't support that, like aarch64-unknown-linux-gnu. Direct usage of these unsupported ABI strings by declaring or defining functions was already rejected, so this is only a change for consistency. - const-eval: error when initializing a static writes to that static - Check that the `proc_macro_derive` macro has correct arguments when applied to the crate root ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3940-1 Released: Tue Nov 4 17:04:59 2025 Summary: Recommended update for rust1.90 Type: recommended Severity: moderate References: 1252698 This update for rust1.90 fixes the following issues: - define default linker when versioned gcc is in use (bsc#1252698) - Add target bpfel-unknown-none ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - cpp14-14.3.0+git11799-150000.1.11.1 added - gcc14-14.3.0+git11799-150000.1.11.1 added - rust1.90-1.90.0-150300.7.14.1 added - cargo1.90-1.90.0-150300.7.14.1 added - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated - cargo1.89-1.89.0-150300.7.3.1 removed - cpp13-13.3.1+git9426-150000.1.18.1 removed - gcc13-13.3.1+git9426-150000.1.18.1 removed - rust1.89-1.89.0-150300.7.3.1 removed From sle-container-updates at lists.suse.com Thu Nov 27 08:15:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:15:49 +0100 (CET) Subject: SUSE-CU-2025:8646-1: Recommended update of bci/rust Message-ID: <20251127081549.4CDFEFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8646-1 Container Tags : bci/rust:1.91 , bci/rust:1.91.0 , bci/rust:1.91.0-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4234-1 Released: Tue Nov 25 16:34:42 2025 Summary: Recommended update for rust, rust1.91 Type: recommended Severity: moderate References: This update for rust fixes the following issues: Rust is shipped in 1.91.0 version. Please see https://github.com/rust-lang/rust/releases/tag/1.91.0 for changes. The following package changes have been done: - cpp15-15.2.0+git10201-150000.1.3.3 added - gcc15-15.2.0+git10201-150000.1.3.3 added - rust1.91-1.91.0-150300.7.3.1 added - cargo1.91-1.91.0-150300.7.3.1 added - cargo1.90-1.90.0-150300.7.14.1 removed - cpp14-14.3.0+git11799-150000.1.11.1 removed - gcc14-14.3.0+git11799-150000.1.11.1 removed - rust1.90-1.90.0-150300.7.14.1 removed From sle-container-updates at lists.suse.com Thu Nov 20 08:16:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Nov 2025 09:16:27 +0100 (CET) Subject: SUSE-IU-2025:3708-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251120081627.62071FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3708-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.52 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.52 Severity : important Type : security References : 1012628 1081723 1214954 1215143 1215199 1216396 1218345 1220419 1222834 1222834 1224113 1224113 1231055 1236743 1239206 1240310 1240311 1240750 1240752 1240754 1240756 1240757 1240997 1241162 1241164 1241214 1241222 1241223 1241226 1241238 1241252 1241263 1241686 1241688 1244939 1247519 1247520 1247522 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252425 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-2784 CVE-2025-32050 CVE-2025-32051 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906 CVE-2025-32907 CVE-2025-32908 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 CVE-2025-46420 CVE-2025-46421 CVE-2025-54349 CVE-2025-54350 CVE-2025-54351 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 269 Released: Fri Sep 19 09:54:22 2025 Summary: Security update for iperf Type: security Severity: important References: 1222834,1224113,1247519,1247520,1247522,CVE-2025-54349,CVE-2025-54350,CVE-2025-54351 This update for iperf fixes the following issues: - updated to 3.19.1: * CVE-2025-54349: Fixed off-by-one error heap based buffer overflow in iperf_auth.c (bsc#1247519) * CVE-2025-54350: Fixed Base64Decode assertion failure in iperf_auth.c (bsc#1247520) * CVE-2025-54351: Fixed buffer overflow when --skip-rx-copy is used in net.c (bsc#1247522) - updated to 3.19 * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) ----------------------------------------------------------------- Advisory ID: kernel-204 Released: Thu Nov 13 16:32:12 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,CVE-2023 -53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-2023-53707, CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-202 5-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non-security bugs were fixed: - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SEV: Read save fields from GHCB exactly once (git-fixes). - KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes). - KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes). - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes). - KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes). - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes). - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PM: runtime: Add new devm functions (stable-fixes). - Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - add bug reference to existing hv_netvsc change (bsc#1252265) - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - cpuidle: menu: Avoid discarding useful information (stable-fixes). - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes). - ext4: check fast symlink for ea_inode correctly (git-fixes). - ext4: do not convert the unwritten extents if data writeback fails (git-fixes). - ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes). - ext4: ensure i_size is smaller than maxbytes (git-fixes). - ext4: factor out ext4_get_maxbytes() (git-fixes). - ext4: fix calculation of credits for extent tree modification (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: fix fsmap end of range reporting with bigalloc (git-fixes). - ext4: fix hole length calculation overflow in non-extent inodes (git-fixes). - ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes). - ext4: fix reserved gdt blocks handling in fsmap (git-fixes). - ext4: fix zombie groups in average fragment size lists (git-fixes). - ext4: preserve SB_I_VERSION on remount (git-fixes). - ext4: reorder capability check last (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - i2c: ocores: use devm_ managed clks (git-fixes). - iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes). - iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - isofs: Verify inode mode when loading from disk (git-fixes). - jbd2: do not try to recover wiped journal (git-fixes). - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: tunner: xc5000: Refactor firmware load (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: sysfs: Fix /sys/class/net/<iface> path (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - ovl: fix file reference leak when submitting aio (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf: Extract a few helpers (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - r8152: add error handling in rtl8152_driver_init (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes). - udf: Verify partition map count (git-fixes). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes). - usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). ----------------------------------------------------------------- Advisory ID: 339 Released: Wed Nov 19 10:44:59 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1218345,1231055,1240310,1240311,1240997,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055). * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: 340 Released: Wed Nov 19 15:42:27 2025 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1081723,1222834,1224113,1240750,1240752,1240754,1240756,1240757,1241162,1241164,1241214,1241222,1241223,1241226,1241238,1241252,1241263,1241686,1241688,CVE-2025-2784,CVE-2025-32050,CVE-2025-32051,CVE-2025-32052,CVE-2025-32053,CVE-2025-32906,CVE-2025-32907,CVE-2025-32908,CVE-2025-32909,CVE-2025-32910,CVE-2025-32911,CVE-2025-32912,CVE-2025-32913,CVE-2025-32914,CVE-2025-46420,CVE-2025-46421 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.36: * various build, test and automation script fixes * major parts of the source code were reformatted mozilla-nss: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2 * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Update to NSS 3.112: * Fix alias for mac workers on try * ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault * ABI/API break in ssl certificate processing * remove unnecessary assertion in sec_asn1d_init_state_based_on_template * update taskgraph to v14.2.1 * Workflow for automation of the release on GitHub when pushing a tag * fix faulty assertions in SEC_ASN1DecoderUpdate * Renegotiations should use a fresh ECH GREASE buffer * update taskgraph to v14.1.1 * Partial fix for ACVP build CI job * Initialize find in sftk_searchDatabase * Add clang-18 to extra builds * Fault tolerant git fetch for fuzzing * Tolerate intermittent failures in ssl_policy_pkix_ocsp * fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set * fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls * Remove Cryptofuzz CI version check - update to NSS 3.111 * FIPS changes need to be upstreamed: force ems policy * Turn off Websites Trust Bit from CAs * Update nssckbi version following April 2025 Batch of Changes * Disable SMIME ???trust bit??? for GoDaddy CAs * Replaced deprecated sprintf function with snprintf in dbtool.c * Need up update NSS for PKCS 3.1 * avoid leaking localCert if it is already set in ssl3_FillInCachedSID * Decrease ASAN quarantine size for Cryptofuzz in CI * selfserv: Add support for zlib certificate compression Update to NSS 3.110: * FIPS changes need to be upstreamed: force ems policy * Prevent excess allocations in sslBuffer_Grow * Remove Crl templates from ASN1 fuzz target * Remove CERT_CrlTemplate from ASN1 fuzz target * Fix memory leak in NSS_CMSMessage_IsSigned * NSS policy updates * Improve locking in nssPKIObject_GetInstances * Fix race in sdb_GetMetaData * Fix member access within null pointer * Increase smime fuzzer memory limit * Enable resumption when using custom extensions * change CN of server12 test certificate * Part 2: Add missing check in NSS_CMSDigestContext_FinishSingle * Part 1: Fix smime UBSan errors * FIPS changes need to be upstreamed: updated key checks * Don't build libpkix in static builds * handle `-p all` in try syntax * fix opt-make builds to actually be opt * fix opt-static builds to actually be opt * Remove extraneous assert Update to NSS 3.109: * Call BL_Init before RNG_RNGInit() so that special SHA instructions can be used if available * NSS policy updates - fix inaccurate key policy issues * SMIME fuzz target * ASN1 decoder fuzz target * Part 2: Revert ???Extract testcases from ssl gtests for fuzzing??? * Add fuzz/README.md * Part 4: Fix tstclnt arguments script * Extend pkcs7 fuzz target * Extend certDN fuzz target * revert changes to HACL* files from bug 1866841 * Part 3: Package frida corpus script - update to NSS 3.108 * libclang-16 -> libclang-19 * Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * Remove SwissSign Silver CA ??? G2 * Add D-Trust 2023 TLS Roots to NSS * fix fips test failure on windows * change default sensitivity of KEM keys * Part 1: Introduce frida hooks and script * add missing arm_neon.h include to gcm.c * ci: update windows workers to win2022 * strip trailing carriage returns in tools tests * work around unix/windows path translation issues in cert test script * ci: let the windows setup script work without $m * detect msys * add a specialized CTR_Update variant for AES-GCM * NSS policy updates * FIPS changes need to be upstreamed: FIPS 140-3 RNG * FIPS changes need to be upstreamed: Add SafeZero * FIPS changes need to be upstreamed - updated POST * Segmentation fault in SECITEM_Hash during pkcs12 processing * Extending NSS with LoadModuleFromFunction functionality * Ensure zero-initialization of collectArgs.cert * pkcs7 fuzz target use CERT_DestroyCertificate * Fix actual underlying ODR violations issue * mozilla::pkix: allow reference ID labels to begin and/or end with hyphens * don't look for secmod.db in nssutil_ReadSecmodDB if NSS_DISABLE_DBM is set * Fix memory leak in pkcs7 fuzz target * Set -O2 for ASan builds in CI * Change branch of tlsfuzzer dependency * Run tests in CI for ASan builds with detect_odr_violation=1 * Fix coverage failure in CI * Add fuzzing for delegated credentials, DTLS short header and Tls13BackendEch * Add fuzzing for SSL_EnableTls13GreaseEch and SSL_SetDtls13VersionWorkaround * Part 3: Restructure fuzz/ * Extract testcases from ssl gtests for fuzzing * Force Cryptofuzz to use NSS in CI * Fix Cryptofuzz on 32 bit in CI * Update Cryptofuzz repository link * fix build error from 9505f79d * simplify error handling in get_token_objects_for_cache * nss doc: fix a warning * pkcs12 fixes from RHEL need to be picked up Update to NSS 3.107: * Remove MPI fuzz targets. * Remove globals `lockStatus` and `locksEverDisabled`. * Enable PKCS8 fuzz target. * Integrate Cryptofuzz in CI. * Part 2: Set tls server target socket options in config class * Part 1: Set tls client target socket options in config class * Support building with thread sanitizer. * set nssckbi version number to 2.72. * remove Websites Trust Bit from Entrust Root Certification Authority - G4. * remove Security Communication RootCA3 root cert. * remove SecureSign RootCA11 root cert. * Add distrust-after for TLS to Entrust Roots. * update expected error code in pk12util pbmac1 tests. * Use random tstclnt args with handshake collection script * Remove extraneous assert in ssl3gthr.c. * Adding missing release notes for NSS_3_105. * Enable the disabled mlkem tests for dtls. * NSS gtests filter cleans up the constucted buffer before the use. * Make ssl_SetDefaultsFromEnvironment thread-safe. * Remove short circuit test from ssl_Init. Update to NSS 3.106: * NSS 3.106 should be distributed with NSPR 4.36. * pk12util: improve error handling in p12U_ReadPKCS12File. * Correctly destroy bulkkey in error scenario. * PKCS7 fuzz target, r=djackson,nss-reviewers. * Extract certificates with handshake collection script. * Specify len_control for fuzz targets. * Fix memory leak in dumpCertificatePEM. * Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo. * add new error codes to mozilla::pkix for Firefox to use. * allow null phKey in NSC_DeriveKey. * Only create seed corpus zip from existing corpus. * Use explicit allowlist for for KDF PRFS. * Increase optimization level for fuzz builds. * Remove incorrect assert. * Use libFuzzer options from fuzz/options/\*.options in CI. * Polish corpus collection for automation. * Detect new and unfuzzed SSL options. * PKCS12 fuzzing target. - requires NSPR 4.36 Update to NSS 3.105: * Allow importing PKCS#8 private EC keys missing public key * UBSAN fix: applying zero offset to null pointer in sslsnce.c * set KRML_MUSTINLINE=inline in makefile builds * Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * override default definition of KRML_MUSTINLINE * libssl support for mlkem768x25519 * support for ML-KEM-768 in softoken and pk11wrap * Add Libcrux implementation of ML-KEM 768 to FreeBL * Avoid misuse of ctype(3) functions * part 2: run clang-format * part 1: upgrade to clang-format 13 * clang-format fuzz * DTLS client message buffer may not empty be on retransmit * Optionally print config for TLS client and server fuzz target * Fix some simple documentation issues in NSS. * improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN Update to NSS 3.104: * Copy original corpus to heap-allocated buffer * Fix min ssl version for DTLS client fuzzer * Remove OS2 support just like we did on NSPR * clang-format NSS improvements * Adding basicutil.h to use HexString2SECItem function * removing dirent.c from build * Allow handing in keymaterial to shlibsign to make the output reproducible * remove nec4.3, sunos4, riscos and SNI references * remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * remove mentions of WIN95 * remove mentions of WIN16 * More explicit directory naming * Add more options to TLS server fuzz target * Add more options to TLS client fuzz target * Use OSS-Fuzz corpus in NSS CI * set nssckbi version number to 2.70. * Remove Email Trust bit from ACCVRAIZ1 root cert. * Remove Email Trust bit from certSIGN ROOT CA. * Add Cybertrust Japan Roots to NSS. * Add Taiwan CA Roots to NSS. * remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * Fix tstclnt CI build failure * vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * Enable all supported protocol versions for UDP * Actually use random PSK hash type * Initialize NSS DB once * Additional ECH cipher suites and PSK hash types * Automate corpus file generation for TLS client Fuzzer * Fix crash with UNSAFE_FUZZER_MODE * clang-format shlibsign.c Update to NSS 3.103: * move list size check after lock acquisition in sftk_PutObjectToList. * Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * Adjust libFuzzer size limits * Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). Update to NSS 3.102.1: * ChaChaXor to return after the function Update to NSS 3.102: * Add Valgrind annotations to freebl Chacha20-Poly1305. * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling. * correct length of raw SPKI data before printing in pp utility. - Make NSS-build reproducible by using a static key from openssl (bsc#1081723) - FIPS: exclude the SHA-1 hash from SLI approval. - FIPS: do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.68 updated - kernel-default-6.4.0-36.1 updated - libfreebl3-3.112.2-slfo.1.1_1.1 updated - mozilla-nspr-4.36-slfo.1.1_1.1 updated - mozilla-nss-certs-3.112.2-slfo.1.1_1.1 updated - mozilla-nss-3.112.2-slfo.1.1_1.1 updated - libsoftokn3-3.112.2-slfo.1.1_1.1 updated - libgpgme11-1.23.0-slfo.1.1_2.1 updated - container:suse-toolbox-image-1.0.0-4.88 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:21:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:21:40 +0100 (CET) Subject: SUSE-IU-2025:3738-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251126082140.BCF81FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3738-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.105 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.105 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206 1244939 1246244 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-206 Released: Tue Nov 25 19:51:32 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1246244,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1 251759,1251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986 ,CVE-2025-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non-security bugs were fixed: - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SEV: Read save fields from GHCB exactly once (git-fixes). - KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes). - KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes). - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes). - KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes). - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes). - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PM: runtime: Add new devm functions (stable-fixes). - Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - add bug reference to existing hv_netvsc change (bsc#1252265) - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - cpuidle: menu: Avoid discarding useful information (stable-fixes). - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes). - ext4: check fast symlink for ea_inode correctly (git-fixes). - ext4: do not convert the unwritten extents if data writeback fails (git-fixes). - ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes). - ext4: ensure i_size is smaller than maxbytes (git-fixes). - ext4: factor out ext4_get_maxbytes() (git-fixes). - ext4: fix calculation of credits for extent tree modification (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: fix fsmap end of range reporting with bigalloc (git-fixes). - ext4: fix hole length calculation overflow in non-extent inodes (git-fixes). - ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes). - ext4: fix reserved gdt blocks handling in fsmap (git-fixes). - ext4: fix zombie groups in average fragment size lists (git-fixes). - ext4: preserve SB_I_VERSION on remount (git-fixes). - ext4: reorder capability check last (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - i2c: ocores: use devm_ managed clks (git-fixes). - iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes). - iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - isofs: Verify inode mode when loading from disk (git-fixes). - jbd2: do not try to recover wiped journal (git-fixes). - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: tunner: xc5000: Refactor firmware load (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: sysfs: Fix /sys/class/net/<iface> path (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - ovl: fix file reference leak when submitting aio (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf: Extract a few helpers (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - r8152: add error handling in rtl8152_driver_init (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes). - udf: Verify partition map count (git-fixes). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes). - usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). The following package changes have been done: - kernel-rt-6.4.0-38.1 updated From sle-container-updates at lists.suse.com Wed Nov 26 08:22:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Nov 2025 09:22:33 +0100 (CET) Subject: SUSE-IU-2025:3739-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251126082233.AE96CFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3739-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.45 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.45 Severity : important Type : security References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206 1244939 1246244 1248211 1248230 1248517 1248630 1248754 1248886 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-206 Released: Tue Nov 25 19:51:32 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1246244,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1 251759,1251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986 ,CVE-2025-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non-security bugs were fixed: - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes). - ACPI: battery: allocate driver data through devm_ APIs (stable-fixes). - ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes). - ACPI: button: Call input_free_device() on failing input device registration (git-fixes). - ACPI: property: Add code comments explaining what is going on (stable-fixes). - ACPI: property: Disregard references in data-only subnode lists (stable-fixes). - ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes). - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: Allow to skip Global Lock initialization (stable-fixes). - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes). - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes). - ALSA: usb-audio: fix control pipe direction (git-fixes). - ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes). - ASoC: fsl_sai: fix bit order for DSD format (git-fixes). - ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes). - ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes). - ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes). - ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes). - HID: hid-input: only ignore 0 battery events for digitizers (git-fixes). - HID: multitouch: fix name of Stylus input devices (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SEV: Read save fields from GHCB exactly once (git-fixes). - KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes). - KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes). - KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes). - KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes). - KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes). - KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes). - KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes). - KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes). - KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes). - KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes). - KVM: x86: Introduce kvm_set_mp_state() (git-fixes). - KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - KVM: x86: Replace static_call_cond() with static_call() (git-fixes). - KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes). - KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix crash in nfsd4_read_release() (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Minor cleanup in layoutcommit processing (git-fixes). - NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes). - PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes). - PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes). - PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes). - PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes). - PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PM: runtime: Add new devm functions (stable-fixes). - Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (git-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes). - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes). - add bug reference to existing hv_netvsc change (bsc#1252265) - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes) - arm64: cputype: Add Neoverse-V3AE definitions (git-fixes) - arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes). - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes). - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes). - can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes). - cpuidle: menu: Avoid discarding useful information (stable-fixes). - cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes). - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes). - drm/amd: Check whether secure display TA loaded successfully (stable-fixes). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes). - drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes). - drm/etnaviv: fix flush sequence logic (git-fixes). - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes). - drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes). - drm/i915/guc: Skip communication warning on reset in progress (git-fixes). - drm/mediatek: Fix device use-after-free on unbind (git-fixes). - drm/msm/a6xx: Fix GMU firmware parser (git-fixes). - drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes). - drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes). - drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes). - drm/rockchip: vop2: use correct destination rectangle height check (git-fixes). - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes). - ext4: check fast symlink for ea_inode correctly (git-fixes). - ext4: do not convert the unwritten extents if data writeback fails (git-fixes). - ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes). - ext4: ensure i_size is smaller than maxbytes (git-fixes). - ext4: factor out ext4_get_maxbytes() (git-fixes). - ext4: fix calculation of credits for extent tree modification (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: fix fsmap end of range reporting with bigalloc (git-fixes). - ext4: fix hole length calculation overflow in non-extent inodes (git-fixes). - ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes). - ext4: fix reserved gdt blocks handling in fsmap (git-fixes). - ext4: fix zombie groups in average fragment size lists (git-fixes). - ext4: preserve SB_I_VERSION on remount (git-fixes). - ext4: reorder capability check last (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes). - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes). - firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes). - fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - hfs: validate record offset in hfsplus_bmap_alloc (git-fixes). - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - i2c: ocores: use devm_ managed clks (git-fixes). - iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes). - iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - isofs: Verify inode mode when loading from disk (git-fixes). - jbd2: do not try to recover wiped journal (git-fixes). - kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes). - locking/mutex: Introduce devm_mutex_init() (stable-fixes). - locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes). - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: tunner: xc5000: Refactor firmware load (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes). - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes). - misc: fastrpc: Add missing dev_err newlines (stable-fixes). - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - mmc: core: SPI mode remove cmd7 (stable-fixes). - most: usb: Fix use-after-free in hdm_disconnect (git-fixes). - most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes). - mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes). - net: sysfs: Fix /sys/class/net/<iface> path (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes). - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes). - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes). - net: usb: rtl8150: Fix frame padding (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes). - nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes). - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes). - nvme/tcp: handle tls partially sent records in write_space() (git-fixes). - overlayfs: set ctime when setting mtime and atime (stable-fixes). - ovl: Always reevaluate the file signature for IMA (stable-fixes). - ovl: fix file reference leak when submitting aio (stable-fixes). - ovl: fix incorrect fdput() on aio completion (stable-fixes). - perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes). - perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes). - perf/amd: Prevent grouping of IBS events (git-fixes). - perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes). - perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes). - perf/core: Fix WARN in perf_cgroup_switch() (git-fixes). - perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes). - perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes). - perf/core: Fix low freq setting via IOC_PERIOD (git-fixes). - perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes). - perf/core: Fix small negative period being ignored (git-fixes). - perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes). - perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes). - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes). - perf/x86/amd: Warn only on new bits set (git-fixes). - perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes). - perf/x86/intel/pt: Fix sampling synchronization (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes). - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes). - perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Apply static call for drain_pebs (git-fixes). - perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - perf/x86/intel: Only check the group flag for X86 leader (git-fixes). - perf/x86/intel: Use better start period for frequency mode (git-fixes). - perf/x86: Fix low freqency setting issue (git-fixes). - perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes). - perf: Ensure bpf_perf_link path is properly serialized (git-fixes). - perf: Extract a few helpers (git-fixes). - perf: Fix cgroup state vs ERROR (git-fixes). - phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - r8152: add error handling in rtl8152_driver_init (git-fixes). - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes). - regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes). - regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946). - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes). - rtc: interface: Fix long-standing race when setting alarm (stable-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - sched/fair: set_load_weight() must also call reweight_task() (git-fixes) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes). - selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes). - selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes). - selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes). - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes). - selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes). - selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes). - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes). - selftests/bpf: Fix cross-compiling urandom_read (git-fixes). - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix error compiling test_lru_map.c (git-fixes). - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes). - selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes). - selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes). - selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes). - selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes). - selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes). - selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes). - serial: 8250_dw: handle reset control deassert error (git-fixes). - serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes). - udf: Verify partition map count (git-fixes). - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes). - usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes). - usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes). - usb: xhci: Limit Stop Endpoint retries (git-fixes). - usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes). - usbnet: Prevents free active kevent (git-fixes). - wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes). - wifi: ath11k: Add missing platform IDs for quirk table (git-fixes). - wifi: ath12k: free skb during idr cleanup callback (git-fixes). - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes). - wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes). - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). - xfs: rename the old_crc variable in xlog_recover_process (git-fixes). - xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). The following package changes have been done: - kernel-rt-6.4.0-38.1 updated From sle-container-updates at lists.suse.com Thu Nov 27 08:08:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:08:51 +0100 (CET) Subject: SUSE-IU-2025:3757-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20251127080851.12725FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3757-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-5.4 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 5.4 Severity : important Type : security References : 1215199 1218644 1218644 1230062 1234634 1234693 1234863 1235953 1236897 1237108 1237131 1237542 1237776 1238472 1238972 1239206 1239206 1240324 1240696 1240966 1240998 1241166 1241166 1241353 1241403 1241435 1241637 1242034 1242086 1242414 1242782 1242864 1242965 1242995 1243000 1243055 1243068 1243100 1243112 1243774 1244309 1244723 1244734 1244749 1244792 1244812 1244930 1244939 1245000 1245151 1245193 1245206 1245216 1245260 1245410 1245457 1245504 1245506 1245508 1245510 1245596 1245621 1245630 1245654 1245657 1245658 1245659 1245663 1245664 1245665 1245666 1245668 1245669 1245670 1245671 1245675 1245676 1245678 1245683 1245684 1245686 1245688 1245690 1245691 1245695 1245700 1245703 1245705 1245710 1245711 1245713 1245714 1245715 1245717 1245719 1245721 1245723 1245726 1245728 1245729 1245730 1245731 1245735 1245737 1245744 1245745 1245746 1245747 1245748 1245749 1245751 1245757 1245763 1245765 1245767 1245769 1245777 1245780 1245781 1245784 1245785 1245787 1245812 1245814 1245815 1245937 1245945 1245952 1245955 1245956 1245963 1245966 1245970 1245973 1245976 1245977 1245986 1246000 1246002 1246005 1246008 1246012 1246022 1246023 1246031 1246034 1246037 1246041 1246042 1246047 1246049 1246050 1246053 1246054 1246055 1246057 1246098 1246109 1246125 1246166 1246171 1246176 1246181 1246183 1246185 1246186 1246188 1246190 1246192 1246193 1246195 1246220 1246234 1246236 1246240 1246243 1246244 1246245 1246246 1246248 1246250 1246252 1246253 1246255 1246258 1246259 1246260 1246262 1246266 1246268 1246283 1246285 1246286 1246287 1246290 1246292 1246293 1246295 1246297 1246333 1246334 1246337 1246342 1246349 1246351 1246353 1246354 1246358 1246364 1246366 1246370 1246375 1246376 1246385 1246386 1246387 1246438 1246443 1246444 1246447 1246450 1246453 1246473 1246490 1246509 1246547 1246631 1246651 1246688 1246777 1246781 1246782 1246868 1246896 1246911 1246979 1247018 1247020 1247022 1247023 1247024 1247027 1247028 1247031 1247033 1247035 1247061 1247062 1247064 1247076 1247078 1247079 1247088 1247089 1247091 1247097 1247098 1247099 1247101 1247102 1247103 1247104 1247112 1247113 1247116 1247118 1247119 1247123 1247125 1247126 1247128 1247130 1247131 1247132 1247136 1247137 1247138 1247141 1247143 1247145 1247146 1247147 1247149 1247150 1247151 1247152 1247153 1247154 1247155 1247156 1247157 1247160 1247162 1247163 1247164 1247167 1247169 1247170 1247171 1247174 1247176 1247177 1247178 1247181 1247209 1247210 1247220 1247222 1247223 1247227 1247229 1247231 1247233 1247234 1247235 1247236 1247238 1247239 1247241 1247243 1247250 1247251 1247252 1247253 1247255 1247262 1247265 1247270 1247271 1247273 1247274 1247276 1247277 1247278 1247279 1247280 1247282 1247283 1247284 1247285 1247288 1247289 1247290 1247293 1247308 1247311 1247313 1247314 1247317 1247325 1247347 1247348 1247349 1247366 1247372 1247376 1247426 1247437 1247442 1247483 1247500 1247712 1247837 1247838 1247935 1247936 1247949 1247950 1247963 1247976 1248088 1248111 1248121 1248183 1248186 1248190 1248192 1248194 1248198 1248199 1248200 1248202 1248205 1248211 1248223 1248224 1248225 1248230 1248235 1248255 1248296 1248297 1248299 1248302 1248304 1248306 1248312 1248333 1248334 1248337 1248338 1248340 1248341 1248343 1248345 1248349 1248350 1248354 1248355 1248357 1248359 1248361 1248363 1248365 1248367 1248368 1248374 1248377 1248378 1248380 1248386 1248390 1248392 1248395 1248396 1248399 1248401 1248511 1248512 1248573 1248575 1248577 1248609 1248610 1248616 1248617 1248619 1248621 1248622 1248624 1248627 1248628 1248630 1248634 1248635 1248639 1248643 1248647 1248648 1248652 1248655 1248662 1248664 1248666 1248669 1248674 1248681 1248727 1248728 1248748 1248754 1248775 1249022 1249038 1249060 1249061 1249062 1249064 1249065 1249066 1249126 1249143 1249156 1249159 1249160 1249161 1249163 1249164 1249166 1249167 1249169 1249170 1249172 1249176 1249177 1249182 1249186 1249190 1249193 1249195 1249199 1249201 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249226 1249254 1249258 1249262 1249263 1249265 1249266 1249269 1249271 1249272 1249273 1249274 1249278 1249279 1249281 1249282 1249284 1249285 1249286 1249288 1249290 1249292 1249295 1249296 1249297 1249299 1249300 1249301 1249302 1249303 1249304 1249305 1249306 1249308 1249309 1249312 1249313 1249314 1249315 1249316 1249317 1249318 1249319 1249320 1249321 1249322 1249323 1249324 1249333 1249334 1249338 1249346 1249374 1249397 1249398 1249413 1249477 1249478 1249479 1249486 1249490 1249494 1249495 1249500 1249504 1249506 1249508 1249509 1249510 1249512 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249547 1249548 1249550 1249552 1249554 1249562 1249566 1249584 1249587 1249598 1249604 1249608 1249608 1249615 1249618 1249735 1249774 1249833 1249887 1249888 1249901 1249904 1249906 1249915 1249974 1249975 1250002 1250007 1250021 1250025 1250028 1250032 1250087 1250088 1250119 1250123 1250124 1250177 1250179 1250202 1250203 1250204 1250205 1250237 1250242 1250247 1250249 1250251 1250258 1250262 1250266 1250267 1250268 1250275 1250276 1250281 1250291 1250292 1250294 1250296 1250297 1250298 1250334 1250344 1250365 1250371 1250377 1250379 1250386 1250389 1250398 1250400 1250402 1250406 1250407 1250408 1250450 1250455 1250491 1250491 1250519 1250522 1250650 1250655 1250671 1250702 1250704 1250711 1250712 1250713 1250716 1250719 1250721 1250722 1250729 1250736 1250737 1250739 1250741 1250742 1250749 1250758 1250946 1250952 1251100 1251114 1251134 1251135 1251143 1251146 1251176 1251177 1251186 1251216 1251230 1251232 1251233 1251804 1251809 1251810 1251819 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252067 1252069 1252070 1252072 1252074 1252075 1252076 1252078 1252079 1252081 1252082 1252083 1252084 1252253 1252265 1252267 1252270 1252330 1252333 1252336 1252346 1252348 1252349 1252678 1252679 1252688 1252725 1252734 1252772 1252774 1252780 1252785 1252787 1252789 1252797 1252819 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252862 1252865 1252866 1252873 1252902 1252909 1252915 1252918 1252921 1252939 CVE-2024-53164 CVE-2024-57891 CVE-2024-57951 CVE-2024-57952 CVE-2024-58090 CVE-2025-21816 CVE-2025-22034 CVE-2025-22077 CVE-2025-23141 CVE-2025-37798 CVE-2025-37821 CVE-2025-37849 CVE-2025-37856 CVE-2025-37861 CVE-2025-37864 CVE-2025-38006 CVE-2025-38008 CVE-2025-38019 CVE-2025-38034 CVE-2025-38038 CVE-2025-38052 CVE-2025-38058 CVE-2025-38062 CVE-2025-38075 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38091 CVE-2025-38095 CVE-2025-38096 CVE-2025-38098 CVE-2025-38099 CVE-2025-38101 CVE-2025-38102 CVE-2025-38103 CVE-2025-38106 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38114 CVE-2025-38117 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38125 CVE-2025-38127 CVE-2025-38128 CVE-2025-38129 CVE-2025-38134 CVE-2025-38135 CVE-2025-38136 CVE-2025-38137 CVE-2025-38138 CVE-2025-38140 CVE-2025-38141 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38156 CVE-2025-38157 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38165 CVE-2025-38168 CVE-2025-38169 CVE-2025-38170 CVE-2025-38172 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38184 CVE-2025-38185 CVE-2025-38186 CVE-2025-38188 CVE-2025-38189 CVE-2025-38190 CVE-2025-38193 CVE-2025-38197 CVE-2025-38198 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38209 CVE-2025-38211 CVE-2025-38213 CVE-2025-38214 CVE-2025-38215 CVE-2025-38216 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38224 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38228 CVE-2025-38229 CVE-2025-38231 CVE-2025-38232 CVE-2025-38233 CVE-2025-38234 CVE-2025-38242 CVE-2025-38244 CVE-2025-38245 CVE-2025-38246 CVE-2025-38249 CVE-2025-38251 CVE-2025-38253 CVE-2025-38255 CVE-2025-38256 CVE-2025-38257 CVE-2025-38258 CVE-2025-38259 CVE-2025-38263 CVE-2025-38265 CVE-2025-38267 CVE-2025-38268 CVE-2025-38270 CVE-2025-38272 CVE-2025-38273 CVE-2025-38274 CVE-2025-38275 CVE-2025-38277 CVE-2025-38278 CVE-2025-38286 CVE-2025-38287 CVE-2025-38288 CVE-2025-38289 CVE-2025-38290 CVE-2025-38291 CVE-2025-38292 CVE-2025-38293 CVE-2025-38299 CVE-2025-38300 CVE-2025-38301 CVE-2025-38302 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38306 CVE-2025-38307 CVE-2025-38311 CVE-2025-38312 CVE-2025-38313 CVE-2025-38315 CVE-2025-38317 CVE-2025-38318 CVE-2025-38319 CVE-2025-38322 CVE-2025-38323 CVE-2025-38326 CVE-2025-38332 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38339 CVE-2025-38341 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38351 CVE-2025-38352 CVE-2025-38353 CVE-2025-38354 CVE-2025-38355 CVE-2025-38356 CVE-2025-38359 CVE-2025-38360 CVE-2025-38361 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38368 CVE-2025-38369 CVE-2025-38371 CVE-2025-38372 CVE-2025-38373 CVE-2025-38374 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38381 CVE-2025-38382 CVE-2025-38383 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38390 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38397 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38402 CVE-2025-38403 CVE-2025-38404 CVE-2025-38405 CVE-2025-38406 CVE-2025-38408 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38413 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38417 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38421 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38427 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38438 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38446 CVE-2025-38448 CVE-2025-38449 CVE-2025-38450 CVE-2025-38451 CVE-2025-38453 CVE-2025-38454 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38475 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38484 CVE-2025-38485 CVE-2025-38487 CVE-2025-38488 CVE-2025-38489 CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38508 CVE-2025-38514 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38531 CVE-2025-38533 CVE-2025-38539 CVE-2025-38544 CVE-2025-38545 CVE-2025-38546 CVE-2025-38549 CVE-2025-38552 CVE-2025-38553 CVE-2025-38554 CVE-2025-38555 CVE-2025-38556 CVE-2025-38557 CVE-2025-38559 CVE-2025-38560 CVE-2025-38563 CVE-2025-38564 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38573 CVE-2025-38574 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38584 CVE-2025-38585 CVE-2025-38586 CVE-2025-38587 CVE-2025-38588 CVE-2025-38591 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38614 CVE-2025-38616 CVE-2025-38617 CVE-2025-38618 CVE-2025-38619 CVE-2025-38621 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624 CVE-2025-38628 CVE-2025-38630 CVE-2025-38631 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38644 CVE-2025-38646 CVE-2025-38648 CVE-2025-38653 CVE-2025-38656 CVE-2025-38658 CVE-2025-38659 CVE-2025-38660 CVE-2025-38662 CVE-2025-38664 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38686 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38700 CVE-2025-38701 CVE-2025-38702 CVE-2025-38703 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38710 CVE-2025-38717 CVE-2025-38718 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38733 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39673 CVE-2025-39675 CVE-2025-39676 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39683 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39687 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39695 CVE-2025-39697 CVE-2025-39698 CVE-2025-39700 CVE-2025-39701 CVE-2025-39702 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39707 CVE-2025-39709 CVE-2025-39710 CVE-2025-39711 CVE-2025-39712 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39722 CVE-2025-39723 CVE-2025-39724 CVE-2025-39726 CVE-2025-39727 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39744 CVE-2025-39746 CVE-2025-39747 CVE-2025-39748 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39756 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39765 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39775 CVE-2025-39779 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39788 CVE-2025-39790 CVE-2025-39791 CVE-2025-39792 CVE-2025-39797 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39807 CVE-2025-39808 CVE-2025-39810 CVE-2025-39811 CVE-2025-39812 CVE-2025-39813 CVE-2025-39816 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39828 CVE-2025-39830 CVE-2025-39832 CVE-2025-39833 CVE-2025-39834 CVE-2025-39835 CVE-2025-39836 CVE-2025-39838 CVE-2025-39839 CVE-2025-39841 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39851 CVE-2025-39852 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39866 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39875 CVE-2025-39876 CVE-2025-39877 CVE-2025-39881 CVE-2025-39882 CVE-2025-39884 CVE-2025-39885 CVE-2025-39889 CVE-2025-39890 CVE-2025-39891 CVE-2025-39895 CVE-2025-39896 CVE-2025-39898 CVE-2025-39899 CVE-2025-39900 CVE-2025-39902 CVE-2025-39903 CVE-2025-39907 CVE-2025-39909 CVE-2025-39911 CVE-2025-39916 CVE-2025-39918 CVE-2025-39922 CVE-2025-39923 CVE-2025-39925 CVE-2025-39926 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39950 CVE-2025-39952 CVE-2025-39955 CVE-2025-39956 CVE-2025-39957 CVE-2025-39963 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39979 CVE-2025-39981 CVE-2025-39982 CVE-2025-39984 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39992 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40009 CVE-2025-40011 CVE-2025-40012 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40037 CVE-2025-40040 CVE-2025-40043 CVE-2025-40044 CVE-2025-40048 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40085 CVE-2025-40087 CVE-2025-40091 CVE-2025-40096 CVE-2025-40100 CVE-2025-40104 CVE-2025-40300 CVE-2025-40364 CVE-2025-59375 CVE-2026-38264 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Nov 19 10:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584) ----------------------------------------------------------------- Advisory ID: 27 Released: Wed Nov 19 10:41:40 2025 Summary: Recommended update for wpa_supplicant Type: recommended Severity: moderate References: This update for wpa_supplicant fixes the following issues: - Build wpa_gui with qt6 instead of obsolete qt5 - Update build config: * Enable 802.11ax support ----------------------------------------------------------------- Advisory ID: 50 Released: Tue Nov 25 08:35:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1218644,1230062,1234634,1234693,1234863,1235953,1236897,1237108,1237131,1237542,1237776,1238972,1239206,1240324,1240696,1240966,1240998,1241166,1241353,1241403,1241435,1242034,1242086,1242414,1242782,1242864,1242965,1242995,1243000,1243055,1243068,1243100,1243112,1243774,1244309,1244723,1244734,1244749,1244792,1244812,1244930,1244939,1245000,1245151,1245193,1245206,1245216,1245260,1245410,1245457,1245504,1245506,1245508,1245510,1245596,1245621,1245630,1245654,1245657,1245658,1245659,1245663,1245664,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245678,1245683,1245684,1245686,1245688,1245690,1245691,1245695,1245700,1245703,1245705,1245710,1245711,1245713,1245714,1245715,1245717,1245719,1245721,1245723,1245726,1245728,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245751,1245757,1245763,1245765,1245767,1245769,1245777,1245780,1245781,1245784,1245785,1245787,1245812,1245814,1245815,1245937,1245945,1245952,1 245955,1245956,1245963,1245966,1245970,1245973,1245976,1245977,1245986,1246000,1246002,1246005,1246008,1246012,1246022,1246023,1246031,1246034,1246037,1246041,1246042,1246047,1246049,1246050,1246053,1246054,1246055,1246057,1246098,1246109,1246125,1246166,1246171,1246176,1246181,1246183,1246185,1246186,1246188,1246190,1246192,1246193,1246195,1246220,1246234,1246236,1246240,1246243,1246244,1246245,1246246,1246248,1246250,1246252,1246253,1246255,1246258,1246259,1246260,1246262,1246266,1246268,1246283,1246285,1246286,1246287,1246290,1246292,1246293,1246295,1246297,1246333,1246334,1246337,1246342,1246349,1246351,1246353,1246354,1246358,1246364,1246366,1246370,1246375,1246376,1246385,1246386,1246387,1246438,1246443,1246444,1246447,1246450,1246453,1246473,1246490,1246509,1246547,1246631,1246651,1246688,1246777,1246781,1246782,1246868,1246896,1246911,1246979,1247018,1247020,1247022,1247023,1247024,1247027,1247028,1247031,1247033,1247035,1247061,1247062,1247064,1247076,1247078,1247079,124708 8,1247089,1247091,1247097,1247098,1247099,1247101,1247102,1247103,1247104,1247112,1247113,1247116,1247118,1247119,1247123,1247125,1247126,1247128,1247130,1247131,1247132,1247136,1247137,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247152,1247153,1247154,1247155,1247156,1247157,1247160,1247162,1247163,1247164,1247167,1247169,1247170,1247171,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247220,1247223,1247227,1247229,1247231,1247233,1247234,1247235,1247236,1247238,1247239,1247241,1247243,1247250,1247251,1247252,1247253,1247255,1247262,1247265,1247270,1247271,1247273,1247274,1247276,1247277,1247278,1247279,1247280,1247282,1247283,1247284,1247285,1247288,1247289,1247290,1247293,1247308,1247311,1247313,1247314,1247317,1247325,1247347,1247348,1247349,1247366,1247372,1247376,1247426,1247437,1247442,1247483,1247500,1247712,1247837,1247838,1247935,1247936,1247949,1247950,1247963,1247976,1248088,1248111,1248121,1248183,1248186,1248190,1248192,1248194,124 8198,1248199,1248200,1248202,1248205,1248211,1248223,1248224,1248225,1248230,1248235,1248255,1248296,1248297,1248299,1248302,1248304,1248306,1248312,1248333,1248334,1248337,1248338,1248340,1248341,1248343,1248345,1248349,1248350,1248354,1248355,1248357,1248359,1248361,1248363,1248365,1248367,1248368,1248374,1248377,1248378,1248380,1248386,1248390,1248392,1248395,1248396,1248399,1248401,1248511,1248512,1248573,1248575,1248577,1248609,1248610,1248616,1248617,1248619,1248621,1248622,1248624,1248627,1248628,1248634,1248635,1248639,1248643,1248647,1248648,1248652,1248655,1248662,1248664,1248666,1248669,1248674,1248681,1248727,1248728,1248748,1248754,1248775,1249022,1249038,1249060,1249061,1249062,1249064,1249065,1249066,1249126,1249143,1249156,1249159,1249160,1249163,1249164,1249166,1249167,1249169,1249170,1249172,1249176,1249177,1249182,1249186,1249190,1249193,1249195,1249199,1249201,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249258,1249262,1249263,1249265,1249266, 1249269,1249271,1249272,1249273,1249274,1249278,1249279,1249281,1249282,1249284,1249285,1249286,1249288,1249290,1249292,1249295,1249296,1249297,1249299,1249300,1249301,1249303,1249304,1249305,1249306,1249308,1249309,1249312,1249313,1249314,1249315,1249316,1249318,1249319,1249320,1249321,1249322,1249323,1249324,1249333,1249334,1249338,1249346,1249374,1249413,1249477,1249478,1249479,1249486,1249490,1249494,1249500,1249504,1249506,1249508,1249509,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249547,1249548,1249550,1249552,1249554,1249562,1249566,1249587,1249598,1249604,1249608,1249615,1249618,1249774,1249833,1249887,1249888,1249901,1249904,1249906,1249915,1249974,1249975,1250002,1250007,1250021,1250025,1250028,1250032,1250087,1250088,1250119,1250123,1250124,1250177,1250179,1250203,1250204,1250205,1250237,1250242,1250247,1250249,1250251,1250258,1250262,1250266,1250267,1250268,1250275,1250276,1250281,1250291,1250292,1250294,12502 96,1250297,1250298,1250334,1250344,1250365,1250371,1250377,1250386,1250389,1250398,1250402,1250406,1250407,1250408,1250450,1250491,1250519,1250522,1250650,1250655,1250671,1250702,1250711,1250712,1250713,1250716,1250719,1250722,1250729,1250736,1250737,1250739,1250741,1250742,1250758,1250952,1251100,1251114,1251134,1251135,1251143,1251146,1251186,1251216,1251230,1251810,1252084,CVE-2024-53164,CVE-2024-57891,CVE-2024-57951,CVE-2024-57952,CVE-2024-58090,CVE-2025-22034,CVE-2025-22077,CVE-2025-23141,CVE-2025-37798,CVE-2025-37821,CVE-2025-37849,CVE-2025-37856,CVE-2025-37861,CVE-2025-37864,CVE-2025-38006,CVE-2025-38008,CVE-2025-38019,CVE-2025-38034,CVE-2025-38038,CVE-2025-38052,CVE-2025-38058,CVE-2025-38062,CVE-2025-38075,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38091,CVE-2025-38095,CVE-2025-38096,CVE-2025-38098,CVE-2025-38099,CVE-2025-38101,CVE-2025-38102,CVE-2025-38103,CVE-2025-38106,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE -2025-38112,CVE-2025-38113,CVE-2025-38114,CVE-2025-38117,CVE-2025-38118,CVE-2025-38119,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-38124,CVE-2025-38125,CVE-2025-38127,CVE-2025-38128,CVE-2025-38129,CVE-2025-38134,CVE-2025-38135,CVE-2025-38136,CVE-2025-38137,CVE-2025-38138,CVE-2025-38140,CVE-2025-38141,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38146,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38156,CVE-2025-38157,CVE-2025-38159,CVE-2025-38160,CVE-2025-38161,CVE-2025-38165,CVE-2025-38168,CVE-2025-38169,CVE-2025-38170,CVE-2025-38172,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38184,CVE-2025-38185,CVE-2025-38186,CVE-2025-38188,CVE-2025-38189,CVE-2025-38190,CVE-2025-38193,CVE-2025-38197,CVE-2025-38198,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38209,CVE-2025-38211,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38216,CVE-2025-38217,CVE-2025-3 8220,CVE-2025-38222,CVE-2025-38224,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38228,CVE-2025-38229,CVE-2025-38231,CVE-2025-38232,CVE-2025-38233,CVE-2025-38234,CVE-2025-38242,CVE-2025-38244,CVE-2025-38245,CVE-2025-38246,CVE-2025-38249,CVE-2025-38251,CVE-2025-38253,CVE-2025-38255,CVE-2025-38256,CVE-2025-38257,CVE-2025-38258,CVE-2025-38259,CVE-2025-38263,CVE-2025-38265,CVE-2025-38267,CVE-2025-38268,CVE-2025-38270,CVE-2025-38272,CVE-2025-38273,CVE-2025-38274,CVE-2025-38275,CVE-2025-38277,CVE-2025-38278,CVE-2025-38286,CVE-2025-38287,CVE-2025-38288,CVE-2025-38289,CVE-2025-38290,CVE-2025-38291,CVE-2025-38292,CVE-2025-38293,CVE-2025-38299,CVE-2025-38300,CVE-2025-38301,CVE-2025-38302,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38306,CVE-2025-38307,CVE-2025-38311,CVE-2025-38312,CVE-2025-38313,CVE-2025-38315,CVE-2025-38317,CVE-2025-38318,CVE-2025-38319,CVE-2025-38322,CVE-2025-38323,CVE-2025-38326,CVE-2025-38332,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CV E-2025-38339,CVE-2025-38341,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38351,CVE-2025-38352,CVE-2025-38353,CVE-2025-38354,CVE-2025-38355,CVE-2025-38356,CVE-2025-38359,CVE-2025-38360,CVE-2025-38361,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38368,CVE-2025-38369,CVE-2025-38371,CVE-2025-38372,CVE-2025-38373,CVE-2025-38374,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38381,CVE-2025-38382,CVE-2025-38383,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38390,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38397,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38402,CVE-2025-38403,CVE-2025-38404,CVE-2025-38405,CVE-2025-38406,CVE-2025-38408,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38413,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38417,CVE-2025-38418,CVE-2025-38419,CVE-2025- 38420,CVE-2025-38421,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38427,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38438,CVE-2025-38439,CVE-2025-38440,CVE-2025-38441,CVE-2025-38443,CVE-2025-38444,CVE-2025-38445,CVE-2025-38446,CVE-2025-38448,CVE-2025-38449,CVE-2025-38450,CVE-2025-38451,CVE-2025-38453,CVE-2025-38454,CVE-2025-38455,CVE-2025-38456,CVE-2025-38457,CVE-2025-38458,CVE-2025-38459,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38464,CVE-2025-38465,CVE-2025-38466,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38472,CVE-2025-38473,CVE-2025-38474,CVE-2025-38475,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38484,CVE-2025-38485,CVE-2025-38487,CVE-2025-38488,CVE-2025-38489,CVE-2025-38490,CVE-2025-38491,CVE-2025-38493,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38508,C VE-2025-38514,CVE-2025-38524,CVE-2025-38526,CVE-2025-38527,CVE-2025-38528,CVE-2025-38531,CVE-2025-38533,CVE-2025-38539,CVE-2025-38544,CVE-2025-38545,CVE-2025-38546,CVE-2025-38549,CVE-2025-38552,CVE-2025-38553,CVE-2025-38554,CVE-2025-38555,CVE-2025-38556,CVE-2025-38557,CVE-2025-38559,CVE-2025-38560,CVE-2025-38563,CVE-2025-38564,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38573,CVE-2025-38574,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,CVE-2025-38584,CVE-2025-38585,CVE-2025-38586,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38605,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38614,CVE-2025-38616,CVE-2025-38617,CVE-2025-38618,CVE-2025-38619,CVE-2025-38621,CVE-2025-38622,CVE-2025-38623,CVE-2025-38624,CVE-2025-38628,CVE-2025-38630,CVE-2025-38631,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38639,CVE-2025 -38640,CVE-2025-38643,CVE-2025-38644,CVE-2025-38646,CVE-2025-38648,CVE-2025-38656,CVE-2025-38658,CVE-2025-38659,CVE-2025-38660,CVE-2025-38662,CVE-2025-38664,CVE-2025-38665,CVE-2025-38668,CVE-2025-38670,CVE-2025-38671,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38686,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38700,CVE-2025-38701,CVE-2025-38702,CVE-2025-38703,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38710,CVE-2025-38717,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38733,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39673,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39683,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39687,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39695, CVE-2025-39697,CVE-2025-39698,CVE-2025-39700,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39707,CVE-2025-39709,CVE-2025-39710,CVE-2025-39711,CVE-2025-39712,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39722,CVE-2025-39723,CVE-2025-39724,CVE-2025-39726,CVE-2025-39727,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39744,CVE-2025-39746,CVE-2025-39747,CVE-2025-39748,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39765,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39775,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39788,CVE-2025-39790,CVE-2025-39791,CVE-2025-39792,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39807,CVE-2025-39808,CVE-2025-39810,CVE-2025-39811,CVE-2025-39813,CVE-2025-39816,CVE-202 5-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39828,CVE-2025-39830,CVE-2025-39832,CVE-2025-39833,CVE-2025-39834,CVE-2025-39835,CVE-2025-39836,CVE-2025-39838,CVE-2025-39839,CVE-2025-39841,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39851,CVE-2025-39852,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39875,CVE-2025-39877,CVE-2025-39882,CVE-2025-39884,CVE-2025-39885,CVE-2025-39889,CVE-2025-39890,CVE-2025-39891,CVE-2025-39896,CVE-2025-39898,CVE-2025-39899,CVE-2025-39900,CVE-2025-39902,CVE-2025-39907,CVE-2025-39909,CVE-2025-39916,CVE-2025-39918,CVE-2025-39922,CVE-2025-39923,CVE-2025-39925,CVE-2025-39926,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39952,CVE-2025-39957,CVE-2025-40300,CVE-2026-38264 The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953). - CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108). - CVE-2024-57952: Revert 'libfs: fix infinite directory reads for offset dir' (bsc#1237131). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435). - CVE-2025-22077: Revert 'smb: client: fix TCP timers deadlock after rmmod' (bsc#1241403). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864). - CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188). - CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245). - CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351). - CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366). - CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376). - CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444). - CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102). - CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235). - CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374). - CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550). - CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032). - CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205). - CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722). - CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). - CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387). The following non-security bugs were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes). - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes). - ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: timer: fix ida_free call while not allocated (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes). - ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes). - ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes). - ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes). - ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: qcom: use drvdata instead of component to keep id (stable-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: ISO: free rx_skb if not consumed (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes). - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes). - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Disable CET before shutdown by tboot (bsc#1247950). - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation/x86: Document new attack vector controls (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: KVM: Fix unexpected unindent warning (git-fixes). - Documentation: KVM: Fix unexpected unindent warnings (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Drop ath12k patch that was reverted in the upstream (git-fixes) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone using CMA or investigating CMA issues, with a small and simple code base and no runtime overhead. - Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325) - Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256). - Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself. - Fix dma_unmap_sg() nents value (git-fixes) - HID: amd_sfh: Add sync across amd sfh work functions (git-fixes). - HID: apple: avoid setting up battery timer for devices without battery (git-fixes). - HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes). - HID: asus: add support for missing PX series fn keys (stable-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: hidraw: tighten ioctl command parsing (git-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes). - HID: magicmouse: avoid setting up battery timer when not needed (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes). - KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes). - KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes). - KVM: Conditionally reschedule when resetting the dirty ring (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes). - KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302). - KVM: TDX: Do not report base TDVMCALLs (git-fixes). - KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302). - KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302). - KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302). - KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302). - KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302). - KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes). - KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes). - KVM: arm64: Fix error path in init_hyp_mode() (git-fixes). - KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Limit patch filenames to 100 characters (bsc#1249604). - Move upstreamed SPI patch into sorted section - NFS: Fix a race when updating an existing write (git-fixes). - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - Octeontx2-af: Skip overlap check for SPI field (git-fixes). - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI/pwrctrl: Fix device leak at registration (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes). - PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes). - PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes). - PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes). - PCI: rcar-gen4: Fix PHY initialization (git-fixes). - PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PCI: xilinx-nwl: Fix ECAM programming (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - PM / devfreq: Fix a index typo in trans_stat (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes). - PM: EM: use kfree_rcu() to simplify the code (stable-fixes). - PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mana_ib: Add device statistics support (bsc#1246651). - RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135). - RDMA/mana_ib: Extend modify QP (bsc#1251135). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: add additional port counters (git-fixes). - RDMA/mana_ib: add support of multiple ports (git-fixes). - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - README.BRANCH: mfranc at suse.cz leaving SUSE - RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348). - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Reapply 'x86/smp: Eliminate mwait_play_dead_cpuid_hint()' (jsc#PED-13815). - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - Revert 'drm/nouveau: check ioctl command codes better' (git-fixes). - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - Revert 'leds: trigger: netdev: Configure LED blink interval for HW offload' (git-fixes). - Revert 'mac80211: Dynamically set CoDel parameters per station' (stable-fixes). - Revert 'usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - Revert 'wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO' (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - Update config files: revive pwc driver for Leap (bsc#1249060) - accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes). - accel/ivpu: Correct DCT interrupt handling (git-fixes). - accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes). - accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes). - accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes). - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes) - arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes) - arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes) - arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: config: Make tpm_tis_spi module build-in (bsc#1246896) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: add big-endian property back into watchdog node (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes) - arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes) - arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes) - arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes) - arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes) - arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes) - arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes). - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes) - arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes) - arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes) - arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: dts: st: fix timer used for ticks (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - arm64: map [_text, _stext) virtual address range (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - arm64: poe: Handle spurious Overlay faults (git-fixes) - arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes) - arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes) - arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: ahci: Disable DIPM if host lacks support (stable-fixes). - ata: ahci: Disallow LPM policy control if not supported (stable-fixes). - ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes). - ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - benet: fix BUG when creating VFs (git-fixes). - block: Introduce bio_needs_zone_write_plugging() (git-fixes). - block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552). - block: ensure discard_granularity is zero when discard is not supported (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - block: sanitize chunk_sectors for atomic write limits (git-fixes). - bnxt_en: Add a helper function to configure MRU and RSS (git-fixes). - bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes). - bnxt_en: Fix DCB ETS validation (git-fixes). - bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes). - bnxt_en: Fix stats context reservation logic (git-fixes). - bnxt_en: Flush FW trace before copying to the coredump (git-fixes). - bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes). - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes). - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes) - bpf, arm64: Fix fp initialization for exception boundary (git-fixes) - bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes). - bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes). - bpf: Forget ranges when refining tnum after JSET (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes). - bpf: Reject %p% format string in bprintf-like helpers (git-fixes). - bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes). - bpf: Reject narrower access to pointer ctx fields (git-fixes). - bpf: Return prog btf_id without capable check (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes). - bpf: fix possible endless loop in BPF map iteration (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes). - btrfs: add debug build only WARN (bsc#1249038). - btrfs: add function comment for check_committed_ref() (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes). - btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes). - btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes). - btrfs: codify pattern for adding block_group to bg_list (git-fixes). - btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes). - btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: enhance ASSERT() to take optional format string (bsc#1249038). - btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes). - btrfs: exit after state split error at set_extent_bit() (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949). - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix incorrect log message for nobarrier mount option (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: fix squota compressed stats leak (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes). - btrfs: fix the inode leak in btrfs_iget() (git-fixes). - btrfs: fix two misuses of folio_shift() (git-fixes). - btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes). - btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038). - btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes). - btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes). - btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes). - btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes). - btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes). - btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes). - btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes). - btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949). - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes). - btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes). - btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes). - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes). - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes). - btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes). - btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes). - btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes). - btrfs: remove redundant path release when replaying a log tree (git-fixes). - btrfs: remove the snapshot check from check_committed_ref() (git-fixes). - btrfs: restore mount option info messages during mount (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: return any hit error from extent_writepage_io() (git-fixes). - btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes). - btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes). - btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949). - btrfs: simplify error detection flow during log replay (git-fixes). - btrfs: simplify return logic at check_committed_ref() (git-fixes). - btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: unfold transaction aborts when replaying log trees (git-fixes). - btrfs: unify ordering of btrfs_key initializations (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - btrfs: use filemap_get_folio() helper (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes). - btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes). - btrfs: use verbose ASSERT() in volumes.c (bsc#1249038). - build_bug.h: Add KABI assert (bsc#1249186). - bus: firewall: Fix missing static inline annotations for stubs (git-fixes). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: ep: Fix chained transfer handling in read path (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405). - cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: at91: sam9x7: update pll clk ranges (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: imx95-blk-ctl: Fix synchronous abort (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes). - clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes). - clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes). - clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes). - clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes). - clk: samsung: exynos850: fix a comment (git-fixes). - clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes). - clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: SLFO 1.2 branched in IBS - config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206) - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cpu: Define attack vectors (git-fixes). - cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes). - cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes). - cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes) - cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes). - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes). - cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes). - cpufreq: armada-8k: make both cpu masks static (git-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: mediatek: fix device leak on probe failure (git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: sun50i: prevent out-of-bounds access (git-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes). - crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes). - crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - devlink: Add support for u64 parameters (jsc#PED-13331). - devlink: avoid param type value translations (jsc#PED-13331). - devlink: define enum for attr types of dynamic attributes (jsc#PED-13331). - devlink: introduce devlink_nl_put_u64() (jsc#PED-13331). - devlink: let driver opt out of automatic phys_port_name generation (git-fixes). - dm-mpath: do not print the 'loaded' message if registering fails (git-fixes). - dm-stripe: limit chunk_sectors to the stripe size (git-fixes). - dm-table: fix checking for rq stackable devices (git-fixes). - dm: Check for forbidden splitting of zone write operations (git-fixes). - dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - dpll: Add basic Microchip ZL3073x support (jsc#PED-13331). - dpll: Make ZL3073X invisible (jsc#PED-13331). - dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331). - dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331). - dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331). - dpll: zl3073x: Fix build failure (jsc#PED-13331). - dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331). - dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331). - dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331). - dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers: base: handle module_kobject creation (git-fixes). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Allow DCN301 to clear update flags (git-fixes). - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes). - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes). - drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/display: Do not print errors for nonexistent connectors (git-fixes). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Fix mismatch type comparison (stable-fixes). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: Free memory allocation (stable-fixes). - drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes). - drm/amd/display: Initialize mode_select to 0 (stable-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: fix initial backlight brightness calculation (git-fixes). - drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/display: remove output_tf_change flag (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amd/pm: fix null pointer access (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/discovery: fix fw based ip discovery (git-fixes). - drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes). - drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes). - drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/mes: add missing locking in helper functions (stable-fixes). - drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes). - drm/amdgpu/mes: optimize compute loop handling (stable-fixes). - drm/amdgpu/swm14: Update power limit logic (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes). - drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Increase reset counter only on success (stable-fixes). - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes). - drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes). - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes). - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes). - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: fix vram reservation issue (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/ast: Use msleep instead of mdelay for edid read (git-fixes). - drm/bridge: fix OF node leak (git-fixes). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/cirrus-qemu: Fix pitch programming (git-fixes). - drm/connector: hdmi: Evaluate limited range after computing format (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes). - drm/gem: Internally test import_attach for imported objects (git-fixes). - drm/gem: Test for imported GEM buffers with helper (stable-fixes). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes). - drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes). - drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes). - drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes). - drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes). - drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes). - drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes). - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). - drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes). - drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes). - drm/i915/icl+/tc: Cache the max lane count value (stable-fixes). - drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes). - drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Add error handling for krealloc in metadata setup (stable-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: update the high bitfield of certain DSI registers (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes). - drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes). - drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes). - drm/panthor: validate group queue count (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/simpledrm: Do not upcast in release helpers (git-fixes). - drm/tests: Fix endian warning (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - drm/xe/bmg: Add new PCI IDs (stable-fixes). - drm/xe/bmg: Add one additional PCI ID (stable-fixes). - drm/xe/bmg: Update Wa_22019338487 (git-fixes). - drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes). - drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes). - drm/xe/mocs: Initialize MOCS index early (stable-fixes). - drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes). - drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes). - drm/xe/tile: Release kobject for the failure path (git-fixes). - drm/xe/uapi: Correct sync type definition in comments (git-fixes). - drm/xe/uapi: loosen used tracking restriction (git-fixes). - drm/xe/vf: Disable CSC support on VF (git-fixes). - drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes). - drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes). - drm/xe/xe_sync: avoid race during ufence signaling (git-fixes). - drm/xe: Allow dropping kunit dependency as built-in (git-fixes). - drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes). - drm/xe: Carve out wopcm portion from the stolen memory (git-fixes). - drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes). - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes). - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes). - drm/xe: Fix build without debugfs (git-fixes). - drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes). - drm/xe: Move page fault init after topology init (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes). - dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331). - dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331). - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes). - e1000e: ignore uninitialized checksum word on tgp (git-fixes). - efi: stmm: Fix incorrect buffer allocation method (git-fixes). - erofs: avoid reading more for fragment maps (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes). - fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes). - firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes). - firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes). - firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes). - firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes). - firmware: firmware: meson-sm: fix compile-test default (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - firmware: tegra: Fix IVC dependency problems (stable-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes). - fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450 - ftrace: Fix function profiler's filtering functionality (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220). - gfs2: Clean up delete work processing (bsc#1247220). - gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220). - gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220). - gfs2: Minor delete_work_func cleanup (bsc#1247220). - gfs2: Only defer deletes when we have an iopen glock (bsc#1247220). - gfs2: Prevent inode creation race (2) (bsc#1247220). - gfs2: Prevent inode creation race (bsc#1247220). - gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220). - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220). - gfs2: Rename dinode_demise to evict_behavior (bsc#1247220). - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220). - gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220). - gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220). - gfs2: Update to the evict / remote delete documentation (bsc#1247220). - gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220). - gfs2: gfs2_evict_inode clarification (bsc#1247220). - gfs2: minor evict fix (bsc#1247220). - gfs2: skip if we cannot defer delete (bsc#1247220). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - gpiolib: Extend software-node support to support secondary software-nodes (git-fixes). - gve: Fix stuck TX queue for DQ queue format (git-fixes). - gve: prevent ethtool ops after shutdown (git-fixes). - habanalabs: fix UAF in export_dmabuf() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Link queues to NAPIs (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: designware: Add quirk for Intel Xe (stable-fixes). - i2c: designware: Fix clock issue when PM is disabled (git-fixes). - i2c: designware: Use temporary variable for struct device (stable-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes). - i2c: omap: Add support for setting mux (stable-fixes). - i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes). - i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes). - i2c: omap: fix deprecated of_property_read_bool() use (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: add missing include to internal header (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - i3c: master: svc: Use manual response for IBI events (git-fixes). - i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes). - i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes). - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice/ptp: fix crosstimestamp reporting (git-fixes). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762). - ice: check correct pointer in fwlog debugfs (git-fixes). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: do not leave device non-functional if Tx scheduler config fails (git-fixes). - ice: enable_rdma devlink param (bsc#1247712). - ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728). - ice: fix incorrect counter for buffer allocation failures (git-fixes). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - ice: use fixed adapter index for E825C embedded devices (git-fixes). - idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762). - idpf: add cross timestamping (jsc#PED-13728). - idpf: add flow steering support (jsc#PED-13728). - idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762). - idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728). - idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762). - idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762). - idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728). - idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762). - idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762). - idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762). - idpf: improve when to set RE bit logic (jsc#PED-13728). - idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762). - idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762). - idpf: preserve coalescing settings across resets (jsc#PED-13728). - idpf: remove obsolete stashing code (jsc#PED-13728). - idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762). - idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728). - idpf: set mac type when adding and removing MAC filters (jsc#PED-13728). - idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728). - idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728). - idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762). - igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes). - igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes). - igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes). - iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762). - iio/adc/pac1934: fix channel disable configuration (git-fixes). - iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes). - iio: accel: fxls8962af: Fix temperature calculation (git-fixes). - iio: adc: ad7173: fix setting ODR in probe (git-fixes). - iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes). - iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes). - iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes). - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes). - iio: hid-sensor-prox: Restore lost scale assignments (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes). - iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes). - iio: light: as73211: Ensure buffer holes are zeroed (git-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - interconnect: qcom: sc8180x: specify num_nodes (git-fixes). - interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes). - io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting. - io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542). - io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes). - iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes). - iommu/amd: Fix alias device DTE setting (git-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes). - iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - iommu: Handle race with default domain setup (git-fixes). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410). - ixgbe: prevent from unwanted interface name changes (git-fixes). - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes). - kABI fix after Add TDX support for vSphere (jsc#PED-13302). - kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for amd_sfh (git-fixes). - kABI workaround for drm_gem.h (git-fixes). - kABI workaround for struct mtk_base_afe changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes). - kABI: netfilter: supress warnings for nft_set_ops (git-fixes). - kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes). - kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally - kabi/severities: ignore two unused/dropped symbols from MEI - kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kbuild: rust: add rustc-min-version support function (git-fixes) - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel: globalize lookup_or_create_module_kobject() (stable-fixes). - kernel: param: rename locate_module_kobject (stable-fixes). - leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes). - leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - leds: leds-lp55xx: Use correct address for memory programming (git-fixes). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes). - libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762). - livepatch: Add stack_order sysfs attribute (poo#187320). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes). - mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes). - mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes). - mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes). - mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes). - mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - maple_tree: fix status setup on restore to active (git-fixes). - maple_tree: fix testing for 32 bit builds (git-fixes). - mctp: no longer rely on net->dev_index_head (git-fixes). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: Fix reset GPIO timings (stable-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ipu-bridge: Add _HID for OV5670 (stable-fixes). - media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes). - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes). - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: pci: mg4b: fix uninitialized iio scan data (git-fixes). - media: pisp_be: Fix pm_runtime underrun in probe (git-fixes). - media: qcom: camss: cleanup media device allocated resource on error path (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: s5p-mfc: remove an unused/uninitialized variable (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes). - media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes). - media: ti: j721e-csi2rx: fix list_del corruption (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: uvcvideo: Rollback non processed entities on error (git-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: Fix MSM8998 frequency table (git-fixes). - media: venus: Fix OOB read due to missing payload bound check (git-fixes). - media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: verisilicon: Fix AV1 decoder clock frequency (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - mei: vsc: Destroy mutex after freeing the IRQ (git-fixes). - mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes). - mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes). - mei: vsc: Event notifier fixes (git-fixes). - mei: vsc: Fix 'BUG: Invalid wait context' lockdep error (git-fixes). - mei: vsc: Run event callback from a workqueue (git-fixes). - mei: vsc: Unset the event callback on remove and probe errors (git-fixes). - memory: mtk-smi: Add ostd setting for mt8186 (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes). - mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes). - mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - microchip: lan865x: Fix LAN8651 autoloading (git-fixes). - microchip: lan865x: Fix module autoloading (git-fixes). - microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes). - microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes). - misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes). - mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes). - mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes). - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes). - mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes). - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes). - mm/damon/sysfs: fix use-after-free in state_show() (git-fixes). - mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes). - mm: close theoretical race where stale TLB entries could linger (git-fixes). - mm: fault in complete folios instead of individual pages for tmpfs (git-fixes). - mm: fix the inaccurate memory statistics issue for users (bsc#1244723). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes). - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes). - mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes). - mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fix spurious wake-up on under memory pressure (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes). - net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes). - net/mlx5: CT: Use the correct counter offset (git-fixes). - net/mlx5: Check device memory pointer before usage (git-fixes). - net/mlx5: Correctly set gso_segs when LRO is used (git-fixes). - net/mlx5: Correctly set gso_size when LRO is used (git-fixes). - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes). - net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes). - net/mlx5: Fix memory leak in cmd_exec() (git-fixes). - net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes). - net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes). - net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes). - net/mlx5: Nack sync reset when SFs are present (git-fixes). - net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes). - net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes). - net/mlx5e: Add new prio for promiscuous mode (git-fixes). - net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes). - net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes). - net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes). - net/mlx5e: Set local Xoff after FW update (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes). - net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes). - net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes). - net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes). - net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes). - net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: ieee8021q: fix insufficient table-size assertion (stable-fixes). - net: llc: reset skb->transport_header (git-fixes). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726). - net: mana: Add support for net_shaper_ops (bsc#1245726). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes). - net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728). - net: mana: Handle unsupported HWC commands (bsc#1245726). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mctp: handle skb cleanup on sock_queue failures (git-fixes). - net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes). - net: phy: bcm54811: PHY initialization (stable-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netfilter: ctnetlink: fix refcount leak on table dump (git-fixes). - netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes). - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes). - netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes). - netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes). - netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes). - netfilter: nf_tables: adjust lockdep assertions handling (git-fixes). - netfilter: nf_tables: fix set size with rbtree backend (git-fixes). - netfilter: nf_tables: imbalance in flowtable binding (git-fixes). - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes). - netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes). - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes). - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes). - netfilter: nft_tunnel: fix geneve_opt dump (git-fixes). - netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes). - netlink: fix policy dump for int with validation callback (jsc#PED-13331). - netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs/localio: add direct IO enablement with sync and async IO support (git-fixes). - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes). - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes). - nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-auth: update bi_directional flag (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvme-tcp: log TLS handshake failures at error level (git-fixes). - nvme-tcp: send only permitted commands for secure concat (git-fixes). - nvme: fix PI insert on write (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - nvmet: exit debugfs after discovery subsystem exits (git-fixes). - nvmet: initialize discovery subsys after debugfs is initialized (git-fixes). - nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes). - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes). - objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes). - objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes). - of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes). - of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes). - of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes). - of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes). - of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes). - of: unittest: Unlock on error in unittest_data_add() (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - percpu: fix race on alloc failed warning limit (git-fixes). - perf bpf-event: Fix use-after-free in synthesis (git-fixes). - perf bpf-utils: Constify bpil_array_desc (git-fixes). - perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes). - perf dso: Add missed dso__put to dso__load_kcore (git-fixes). - perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes). - perf parse-events: Set default GH modifier properly (git-fixes). - perf record: Cache build-ID of hit DSOs only (git-fixes). - perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes). - perf sched: Fix memory leaks in 'perf sched latency' (git-fixes). - perf sched: Fix memory leaks in 'perf sched map' (git-fixes). - perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes). - perf sched: Free thread->priv using priv_destructor (git-fixes). - perf sched: Make sure it frees the usage string (git-fixes). - perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes). - perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes). - perf test: Fix a build error in x86 topdown test (git-fixes). - perf tests bp_account: Fix leaked file descriptor (git-fixes). - perf tools: Remove libtraceevent in .gitignore (git-fixes). - perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes). - perf trace: Remove --map-dump documentation (git-fixes). - phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: mscc: Fix timestamping for vsc8584 (git-fixes). - phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes). - phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - phy: ti: omap-usb2: fix device leak at unbind (git-fixes). - pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113). - pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes). - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes). - platform/x86: Fix initialization order for firmware_attributes_class (git-fixes). - platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes). - platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes). - platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes). - platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes). - platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - pptp: fix pptp_xmit() error path (git-fixes). - printk: nbcon: Allow reacquire during panic (bsc#1246688). - psample: adjust size if rate_as_probability is set (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - pwm: rockchip: Round period/duty down on apply, up on get (git-fixes). - pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - r8169: add support for RTL8125D (stable-fixes). - r8169: disable RTL8126 ZRX-DC timeout (stable-fixes). - r8169: do not scan PHY addresses > 0 (stable-fixes). - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - reset: eyeq: fix OF node leak (git-fixes). - resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762). - resource: fix false warning in __request_region() (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - ring-buffer: Make reading page consistent with the code logic (git-fixes). - rpm/config.sh: SLFO 1.2 is now synced to OBS as well - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477). - s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes). - s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372). - s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838). - s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066). - s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478). - s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249065). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - samples: mei: Fix building on musl libc (git-fixes). - sched/deadline: Always stop dl-server before changing parameters (bsc#1247936). - sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936). - sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936). - sched/deadline: Fix dl_server_stopped() (bsc#1247936). - sched/deadline: Initialize dl_servers after SMP (git-fixes) - sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes) - scsi: Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519). - scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: mpi3mr: Event processing debug improvement (bsc#1251186). - scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186). - scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186). - scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186). - scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - scsi: smartpqi: Enhance WWID logging logic (bsc#1246631). - scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631). - scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631). - scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes). - scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes). - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes). - scsi: ufs: core: Add missing post notify for power mode change (git-fixes). - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes). - scsi: ufs: core: Always initialize the UIC done completion (git-fixes). - scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes). - scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes). - scsi: ufs: core: Fix error return with query response (git-fixes). - scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes). - scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes). - scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes). - scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes). - scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes). - scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes). - scsi: ufs: core: Remove redundant query_complete trace (git-fixes). - scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes). - scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes). - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes). - scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes). - scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes). - scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes). - scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes). - scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes). - scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes). - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes). - scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes). - scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes). - scsi: ufs: exynos: Remove empty drv_init method (git-fixes). - scsi: ufs: exynos: Remove superfluous function parameter (git-fixes). - scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes). - scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes). - scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes). - scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes). - scsi: ufs: qcom: Fix crypto key eviction (git-fixes). - scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes). - scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes). - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671). - selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320). - selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320). - selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320). - selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: ALSA: fix memory leak in utimer test (git-fixes). - selftests: livepatch: add new ftrace helpers functions (poo#187320). - selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320). - selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320). - selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320). - selftests: livepatch: save and restore kprobe state (poo#187320). - selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320). - selftests: livepatch: test livepatching a kprobed function (poo#187320). - selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443). - selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes). - serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix netns refcount leak after net_passive changes (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes). - soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes). - soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes). - soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes). - soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes). - soundwire: amd: fix for handling slave alerts after link is down (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes). - spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979). - spi: fix return code when spi device has too many chipselects (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes). - spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes). - sprintf.h requires stdarg.h (git-fixes). - sprintf.h: mask additional include (git-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes). - struct cdc_ncm_ctx: move new member to end (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - supported.conf: Mark ZL3073X modules supported - supported.conf: mark hyperv_drm as external - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes). - tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes). - tools/power turbostat: Fix build with musl (stable-fixes). - tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes). - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - trace/fgraph: Fix error handling (git-fixes). - trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes). - tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Fix using ret variable in tracing_set_tracer() (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - tracing: Switch trace.c code over to use guard() (git-fixes). - tracing: Switch trace_events_hist.c code over to use guard() (git-fixes). - tracing: fprobe events: Fix possible UAF on modules (git-fixes). - tracing: tprobe-events: Fix leakage of module refcount (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - tty: serial: fix print format specifiers (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes). - usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes). - vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes). - vhost: Reintroduce kthread API and add mode selection (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - virtchnl2: add flow steering support (jsc#PED-13728). - virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728). - virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762). - virtio_net: Enforce minimum TX ring size for reliability (git-fixes). - virtio_ring: Fix error reporting in virtqueue_resize (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: Validate length in packet header before skb_put() (git-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes). - wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes). - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath12k: fix the fetching of combined rssi (git-fixes). - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath12k: fix wrong logging ID used for CE (git-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: Remove redundant header files (git-fixes). - wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes). - wifi: mac80211: avoid weird state in error path (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: fix linked list corruption (git-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes). - wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes). - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes). - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes). - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes). - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes). - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtw88: Fix macid assigned to TDLS station (git-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes). - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704). - x86/Kconfig: Add arch attack vector support (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/boot: Sanitize boot params before parsing command line (git-fixes). - x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes). - x86/bugs: Add attack vector controls for BHI (git-fixes). - x86/bugs: Add attack vector controls for GDS (git-fixes). - x86/bugs: Add attack vector controls for ITS (git-fixes). - x86/bugs: Add attack vector controls for L1TF (git-fixes). - x86/bugs: Add attack vector controls for MDS (git-fixes). - x86/bugs: Add attack vector controls for MMIO (git-fixes). - x86/bugs: Add attack vector controls for RFDS (git-fixes). - x86/bugs: Add attack vector controls for SRBDS (git-fixes). - x86/bugs: Add attack vector controls for SRSO (git-fixes). - x86/bugs: Add attack vector controls for SSB (git-fixes). - x86/bugs: Add attack vector controls for TAA (git-fixes). - x86/bugs: Add attack vector controls for TSA (git-fixes). - x86/bugs: Add attack vector controls for retbleed (git-fixes). - x86/bugs: Add attack vector controls for spectre_v1 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes). - x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes). - x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes). - x86/bugs: Avoid warning when overriding return thunk (git-fixes). - x86/bugs: Clean up SRSO microcode handling (git-fixes). - x86/bugs: Define attack vectors relevant for each bug (git-fixes). - x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes). - x86/bugs: Introduce cdt_possible() (git-fixes). - x86/bugs: Print enabled attack vectors (git-fixes). - x86/bugs: Remove its=stuff dependency on retbleed (git-fixes). - x86/bugs: Select best SRSO mitigation (git-fixes). - x86/bugs: Simplify the retbleed=stuff checks (git-fixes). - x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes). - x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes). - x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes). - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes). - x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes). - x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes). - x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes). - x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/microcode: Update the Intel processor flag scan check (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/mm/pat: do not collapse pages without PSE set (git-fixes). - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes). - x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes). - x86/pkeys: Simplify PKRU update in signal frame (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/pti: Add attack vector controls for PTI (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: fix UAF in dmabuf_exp_from_pages() (git-fixes). - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes). - xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes). - xfs: do not propagate ENODATA disk errors into xattr code (git-fixes). - xfs: fix scrub trace with null pointer in quotacheck (git-fixes). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_discard_rtrelax (git-fixes). - xfs: remove unused trace event xfs_log_cil_return (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: dbc: decouple endpoint allocation from initialization (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). - zram: permit only one post-processing operation at a time (git-fixes). ----------------------------------------------------------------- Advisory ID: 58 Released: Wed Nov 26 18:04:24 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1218644,1238472,1239206,1241166,1241637,1247222,1248630,1249161,1249226,1249302,1249317,1249397,1249398,1249495,1249512,1249608,1249735,1250202,1250379,1250400,1250455,1250491,1250704,1250721,1250749,1250946,1251176,1251177,1251232,1251233,1251804,1251809,1251819,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252067,1252069,1252070,1252072,1252074,1252075,1252076,1252078,1252079,1252081,1252082,1252083,1252253,1252265,1252267,1252270,1252330,1252333,1252336,1252346,1252348,1252349,1252678,1252679,1252688,1252725,1252734,1252772,1252774,1252780,1252785,1252787,1252789,1252797,1252819,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252862,1252865,1252866,1252873,1252902,1252909,1252915,1252918,1252921,1252939,CVE-2025-21816,CVE-2025-38653,CVE-2025-38718,CVE-2025-39676,CVE-2025-39702,CVE-2025-39756,CVE-2025-39779,CVE-2025-39797,CVE-2025-39812,CVE-2025-39866,CVE-2025-39876,CVE-2025-398 81,CVE-2025-39895,CVE-2025-39903,CVE-2025-39911,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39950,CVE-2025-39955,CVE-2025-39956,CVE-2025-39963,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39979,CVE-2025-39981,CVE-2025-39982,CVE-2025-39984,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39992,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40009,CVE-2025-40011,CVE-2025-40012,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40037,CVE-2025-40040,CVE-2025-40043,CVE-2025-40044,CVE-2025-40048,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40085,CVE-2025-40087,CVE- 2025-40091,CVE-2025-40096,CVE-2025-40100,CVE-2025-40104,CVE-2025-40364 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809). - CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067). - CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081). - CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - add bug reference to existing hv_netvsc change (bsc#1252265) - amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226). - cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166). - cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166). - cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166). - doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT The character was previously 'N', but upstream used it for TAINT_TEST, which prompted the change of TAINT_NO_SUPPORT to 'n'. - dpll: zl3073x: Add firmware loading functionality (bsc#1252253). - dpll: zl3073x: Add functions to access hardware registers (bsc#1252253). - dpll: zl3073x: Add low-level flash functions (bsc#1252253). - dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253). - dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253). - dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253). - dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253). - dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253). - dpll: zl3073x: Implement devlink flash callback (bsc#1252253). - dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253). - dpll: zl3073x: Refactor DPLL initialization (bsc#1252253). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes). - ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222). - ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222). - ixgbevf: fix getting link speed data for E610 devices (bsc#1247222). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222). - kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - nvme-auth: update sc_c in host response (git-fixes bsc#1249397). - perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725). - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734). - x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734). - x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348). The following package changes have been done: - libexpat1-2.7.1-160000.3.1 updated - wpa_supplicant-2.11-160000.3.1 updated - kernel-rt-6.12.0-160000.7.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-05c47258cf9819bc7a932e2649be7c5b4c5059b93fa734e28716ba73c39c4c31-0 added - container:SL-Micro-baremetal-container-2.3.0-6.1 removed From sle-container-updates at lists.suse.com Thu Nov 27 08:08:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 09:08:45 +0100 (CET) Subject: SUSE-IU-2025:3752-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251127080845.5E382FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3752-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.4 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.4 Severity : important Type : security References : 1215199 1218644 1230062 1234634 1234693 1234863 1235953 1236897 1237108 1237131 1237542 1237776 1238972 1239206 1240324 1240696 1240966 1240998 1241166 1241353 1241403 1241435 1242034 1242086 1242414 1242782 1242864 1242965 1242995 1243000 1243055 1243068 1243100 1243112 1243774 1244309 1244723 1244734 1244749 1244792 1244812 1244930 1244939 1245000 1245151 1245193 1245206 1245216 1245260 1245410 1245457 1245504 1245506 1245508 1245510 1245596 1245621 1245630 1245654 1245657 1245658 1245659 1245663 1245664 1245665 1245666 1245668 1245669 1245670 1245671 1245675 1245676 1245678 1245683 1245684 1245686 1245688 1245690 1245691 1245695 1245700 1245703 1245705 1245710 1245711 1245713 1245714 1245715 1245717 1245719 1245721 1245723 1245726 1245728 1245729 1245730 1245731 1245735 1245737 1245744 1245745 1245746 1245747 1245748 1245749 1245751 1245757 1245763 1245765 1245767 1245769 1245777 1245780 1245781 1245784 1245785 1245787 1245812 1245814 1245815 1245937 1245945 1245952 1245955 1245956 1245963 1245966 1245970 1245973 1245976 1245977 1245986 1246000 1246002 1246005 1246008 1246012 1246022 1246023 1246031 1246034 1246037 1246041 1246042 1246047 1246049 1246050 1246053 1246054 1246055 1246057 1246098 1246109 1246125 1246166 1246171 1246176 1246181 1246183 1246185 1246186 1246188 1246190 1246192 1246193 1246195 1246220 1246234 1246236 1246240 1246243 1246244 1246245 1246246 1246248 1246250 1246252 1246253 1246255 1246258 1246259 1246260 1246262 1246266 1246268 1246283 1246285 1246286 1246287 1246290 1246292 1246293 1246295 1246297 1246333 1246334 1246337 1246342 1246349 1246351 1246353 1246354 1246358 1246364 1246366 1246370 1246375 1246376 1246385 1246386 1246387 1246438 1246443 1246444 1246447 1246450 1246453 1246473 1246490 1246509 1246547 1246631 1246651 1246688 1246777 1246781 1246782 1246868 1246896 1246911 1246979 1247018 1247020 1247022 1247023 1247024 1247027 1247028 1247031 1247033 1247035 1247061 1247062 1247064 1247076 1247078 1247079 1247088 1247089 1247091 1247097 1247098 1247099 1247101 1247102 1247103 1247104 1247112 1247113 1247116 1247118 1247119 1247123 1247125 1247126 1247128 1247130 1247131 1247132 1247136 1247137 1247138 1247141 1247143 1247145 1247146 1247147 1247149 1247150 1247151 1247152 1247153 1247154 1247155 1247156 1247157 1247160 1247162 1247163 1247164 1247167 1247169 1247170 1247171 1247174 1247176 1247177 1247178 1247181 1247209 1247210 1247220 1247223 1247227 1247229 1247231 1247233 1247234 1247235 1247236 1247238 1247239 1247241 1247243 1247250 1247251 1247252 1247253 1247255 1247262 1247265 1247270 1247271 1247273 1247274 1247276 1247277 1247278 1247279 1247280 1247282 1247283 1247284 1247285 1247288 1247289 1247290 1247293 1247308 1247311 1247313 1247314 1247317 1247325 1247347 1247348 1247349 1247366 1247372 1247376 1247426 1247437 1247442 1247483 1247500 1247712 1247837 1247838 1247935 1247936 1247949 1247950 1247963 1247976 1248088 1248111 1248121 1248183 1248186 1248190 1248192 1248194 1248198 1248199 1248200 1248202 1248205 1248211 1248223 1248224 1248225 1248230 1248235 1248255 1248296 1248297 1248299 1248302 1248304 1248306 1248312 1248333 1248334 1248337 1248338 1248340 1248341 1248343 1248345 1248349 1248350 1248354 1248355 1248357 1248359 1248361 1248363 1248365 1248367 1248368 1248374 1248377 1248378 1248380 1248386 1248390 1248392 1248395 1248396 1248399 1248401 1248511 1248512 1248573 1248575 1248577 1248609 1248610 1248616 1248617 1248619 1248621 1248622 1248624 1248627 1248628 1248634 1248635 1248639 1248643 1248647 1248648 1248652 1248655 1248662 1248664 1248666 1248669 1248674 1248681 1248727 1248728 1248748 1248754 1248775 1249022 1249038 1249060 1249061 1249062 1249064 1249065 1249066 1249126 1249143 1249156 1249159 1249160 1249163 1249164 1249166 1249167 1249169 1249170 1249172 1249176 1249177 1249182 1249186 1249190 1249193 1249195 1249199 1249201 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249258 1249262 1249263 1249265 1249266 1249269 1249271 1249272 1249273 1249274 1249278 1249279 1249281 1249282 1249284 1249285 1249286 1249288 1249290 1249292 1249295 1249296 1249297 1249299 1249300 1249301 1249303 1249304 1249305 1249306 1249308 1249309 1249312 1249313 1249314 1249315 1249316 1249318 1249319 1249320 1249321 1249322 1249323 1249324 1249333 1249334 1249338 1249346 1249374 1249413 1249477 1249478 1249479 1249486 1249490 1249494 1249500 1249504 1249506 1249508 1249509 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249547 1249548 1249550 1249552 1249554 1249562 1249566 1249584 1249587 1249598 1249604 1249608 1249615 1249618 1249774 1249833 1249887 1249888 1249901 1249904 1249906 1249915 1249974 1249975 1250002 1250007 1250021 1250025 1250028 1250032 1250087 1250088 1250119 1250123 1250124 1250177 1250179 1250203 1250204 1250205 1250237 1250242 1250247 1250249 1250251 1250258 1250262 1250266 1250267 1250268 1250275 1250276 1250281 1250291 1250292 1250294 1250296 1250297 1250298 1250334 1250344 1250365 1250371 1250377 1250386 1250389 1250398 1250402 1250406 1250407 1250408 1250450 1250491 1250519 1250522 1250650 1250655 1250671 1250702 1250711 1250712 1250713 1250716 1250719 1250722 1250729 1250736 1250737 1250739 1250741 1250742 1250758 1250952 1251100 1251114 1251134 1251135 1251143 1251146 1251186 1251216 1251230 1251810 1252084 CVE-2024-53164 CVE-2024-57891 CVE-2024-57951 CVE-2024-57952 CVE-2024-58090 CVE-2025-22034 CVE-2025-22077 CVE-2025-23141 CVE-2025-37798 CVE-2025-37821 CVE-2025-37849 CVE-2025-37856 CVE-2025-37861 CVE-2025-37864 CVE-2025-38006 CVE-2025-38008 CVE-2025-38019 CVE-2025-38034 CVE-2025-38038 CVE-2025-38052 CVE-2025-38058 CVE-2025-38062 CVE-2025-38075 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38091 CVE-2025-38095 CVE-2025-38096 CVE-2025-38098 CVE-2025-38099 CVE-2025-38101 CVE-2025-38102 CVE-2025-38103 CVE-2025-38106 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38114 CVE-2025-38117 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38125 CVE-2025-38127 CVE-2025-38128 CVE-2025-38129 CVE-2025-38134 CVE-2025-38135 CVE-2025-38136 CVE-2025-38137 CVE-2025-38138 CVE-2025-38140 CVE-2025-38141 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38156 CVE-2025-38157 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38165 CVE-2025-38168 CVE-2025-38169 CVE-2025-38170 CVE-2025-38172 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38184 CVE-2025-38185 CVE-2025-38186 CVE-2025-38188 CVE-2025-38189 CVE-2025-38190 CVE-2025-38193 CVE-2025-38197 CVE-2025-38198 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38209 CVE-2025-38211 CVE-2025-38213 CVE-2025-38214 CVE-2025-38215 CVE-2025-38216 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38224 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38228 CVE-2025-38229 CVE-2025-38231 CVE-2025-38232 CVE-2025-38233 CVE-2025-38234 CVE-2025-38242 CVE-2025-38244 CVE-2025-38245 CVE-2025-38246 CVE-2025-38249 CVE-2025-38251 CVE-2025-38253 CVE-2025-38255 CVE-2025-38256 CVE-2025-38257 CVE-2025-38258 CVE-2025-38259 CVE-2025-38263 CVE-2025-38265 CVE-2025-38267 CVE-2025-38268 CVE-2025-38270 CVE-2025-38272 CVE-2025-38273 CVE-2025-38274 CVE-2025-38275 CVE-2025-38277 CVE-2025-38278 CVE-2025-38286 CVE-2025-38287 CVE-2025-38288 CVE-2025-38289 CVE-2025-38290 CVE-2025-38291 CVE-2025-38292 CVE-2025-38293 CVE-2025-38299 CVE-2025-38300 CVE-2025-38301 CVE-2025-38302 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38306 CVE-2025-38307 CVE-2025-38311 CVE-2025-38312 CVE-2025-38313 CVE-2025-38315 CVE-2025-38317 CVE-2025-38318 CVE-2025-38319 CVE-2025-38322 CVE-2025-38323 CVE-2025-38326 CVE-2025-38332 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38339 CVE-2025-38341 CVE-2025-38342 CVE-2025-38343 CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350 CVE-2025-38351 CVE-2025-38352 CVE-2025-38353 CVE-2025-38354 CVE-2025-38355 CVE-2025-38356 CVE-2025-38359 CVE-2025-38360 CVE-2025-38361 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38368 CVE-2025-38369 CVE-2025-38371 CVE-2025-38372 CVE-2025-38373 CVE-2025-38374 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38381 CVE-2025-38382 CVE-2025-38383 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38390 CVE-2025-38391 CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38397 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38402 CVE-2025-38403 CVE-2025-38404 CVE-2025-38405 CVE-2025-38406 CVE-2025-38408 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38413 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416 CVE-2025-38417 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38421 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38427 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38438 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38446 CVE-2025-38448 CVE-2025-38449 CVE-2025-38450 CVE-2025-38451 CVE-2025-38453 CVE-2025-38454 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38475 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38484 CVE-2025-38485 CVE-2025-38487 CVE-2025-38488 CVE-2025-38489 CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38508 CVE-2025-38514 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38531 CVE-2025-38533 CVE-2025-38539 CVE-2025-38544 CVE-2025-38545 CVE-2025-38546 CVE-2025-38549 CVE-2025-38552 CVE-2025-38553 CVE-2025-38554 CVE-2025-38555 CVE-2025-38556 CVE-2025-38557 CVE-2025-38559 CVE-2025-38560 CVE-2025-38563 CVE-2025-38564 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38573 CVE-2025-38574 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38584 CVE-2025-38585 CVE-2025-38586 CVE-2025-38587 CVE-2025-38588 CVE-2025-38591 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38614 CVE-2025-38616 CVE-2025-38617 CVE-2025-38618 CVE-2025-38619 CVE-2025-38621 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624 CVE-2025-38628 CVE-2025-38630 CVE-2025-38631 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38644 CVE-2025-38646 CVE-2025-38648 CVE-2025-38656 CVE-2025-38658 CVE-2025-38659 CVE-2025-38660 CVE-2025-38662 CVE-2025-38664 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38686 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38700 CVE-2025-38701 CVE-2025-38702 CVE-2025-38703 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38710 CVE-2025-38717 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38733 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39673 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39683 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39687 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39695 CVE-2025-39697 CVE-2025-39698 CVE-2025-39700 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39707 CVE-2025-39709 CVE-2025-39710 CVE-2025-39711 CVE-2025-39712 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39722 CVE-2025-39723 CVE-2025-39724 CVE-2025-39726 CVE-2025-39727 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39744 CVE-2025-39746 CVE-2025-39747 CVE-2025-39748 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39765 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39775 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39788 CVE-2025-39790 CVE-2025-39791 CVE-2025-39792 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39807 CVE-2025-39808 CVE-2025-39810 CVE-2025-39811 CVE-2025-39813 CVE-2025-39816 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39828 CVE-2025-39830 CVE-2025-39832 CVE-2025-39833 CVE-2025-39834 CVE-2025-39835 CVE-2025-39836 CVE-2025-39838 CVE-2025-39839 CVE-2025-39841 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39851 CVE-2025-39852 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39875 CVE-2025-39877 CVE-2025-39882 CVE-2025-39884 CVE-2025-39885 CVE-2025-39889 CVE-2025-39890 CVE-2025-39891 CVE-2025-39896 CVE-2025-39898 CVE-2025-39899 CVE-2025-39900 CVE-2025-39902 CVE-2025-39907 CVE-2025-39909 CVE-2025-39916 CVE-2025-39918 CVE-2025-39922 CVE-2025-39923 CVE-2025-39925 CVE-2025-39926 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39952 CVE-2025-39957 CVE-2025-40300 CVE-2025-59375 CVE-2026-38264 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Nov 19 10:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584) ----------------------------------------------------------------- Advisory ID: 27 Released: Wed Nov 19 10:41:40 2025 Summary: Recommended update for wpa_supplicant Type: recommended Severity: moderate References: This update for wpa_supplicant fixes the following issues: - Build wpa_gui with qt6 instead of obsolete qt5 - Update build config: * Enable 802.11ax support ----------------------------------------------------------------- Advisory ID: 43 Released: Thu Nov 20 14:37:22 2025 Summary: Recommended update for liburing Type: recommended Severity: moderate References: This update for liburing fixes the following issues: - Add upstream patch to fix test on ppc64le ----------------------------------------------------------------- Advisory ID: 50 Released: Tue Nov 25 08:35:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1218644,1230062,1234634,1234693,1234863,1235953,1236897,1237108,1237131,1237542,1237776,1238972,1239206,1240324,1240696,1240966,1240998,1241166,1241353,1241403,1241435,1242034,1242086,1242414,1242782,1242864,1242965,1242995,1243000,1243055,1243068,1243100,1243112,1243774,1244309,1244723,1244734,1244749,1244792,1244812,1244930,1244939,1245000,1245151,1245193,1245206,1245216,1245260,1245410,1245457,1245504,1245506,1245508,1245510,1245596,1245621,1245630,1245654,1245657,1245658,1245659,1245663,1245664,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245678,1245683,1245684,1245686,1245688,1245690,1245691,1245695,1245700,1245703,1245705,1245710,1245711,1245713,1245714,1245715,1245717,1245719,1245721,1245723,1245726,1245728,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245751,1245757,1245763,1245765,1245767,1245769,1245777,1245780,1245781,1245784,1245785,1245787,1245812,1245814,1245815,1245937,1245945,1245952,1 245955,1245956,1245963,1245966,1245970,1245973,1245976,1245977,1245986,1246000,1246002,1246005,1246008,1246012,1246022,1246023,1246031,1246034,1246037,1246041,1246042,1246047,1246049,1246050,1246053,1246054,1246055,1246057,1246098,1246109,1246125,1246166,1246171,1246176,1246181,1246183,1246185,1246186,1246188,1246190,1246192,1246193,1246195,1246220,1246234,1246236,1246240,1246243,1246244,1246245,1246246,1246248,1246250,1246252,1246253,1246255,1246258,1246259,1246260,1246262,1246266,1246268,1246283,1246285,1246286,1246287,1246290,1246292,1246293,1246295,1246297,1246333,1246334,1246337,1246342,1246349,1246351,1246353,1246354,1246358,1246364,1246366,1246370,1246375,1246376,1246385,1246386,1246387,1246438,1246443,1246444,1246447,1246450,1246453,1246473,1246490,1246509,1246547,1246631,1246651,1246688,1246777,1246781,1246782,1246868,1246896,1246911,1246979,1247018,1247020,1247022,1247023,1247024,1247027,1247028,1247031,1247033,1247035,1247061,1247062,1247064,1247076,1247078,1247079,124708 8,1247089,1247091,1247097,1247098,1247099,1247101,1247102,1247103,1247104,1247112,1247113,1247116,1247118,1247119,1247123,1247125,1247126,1247128,1247130,1247131,1247132,1247136,1247137,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247152,1247153,1247154,1247155,1247156,1247157,1247160,1247162,1247163,1247164,1247167,1247169,1247170,1247171,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247220,1247223,1247227,1247229,1247231,1247233,1247234,1247235,1247236,1247238,1247239,1247241,1247243,1247250,1247251,1247252,1247253,1247255,1247262,1247265,1247270,1247271,1247273,1247274,1247276,1247277,1247278,1247279,1247280,1247282,1247283,1247284,1247285,1247288,1247289,1247290,1247293,1247308,1247311,1247313,1247314,1247317,1247325,1247347,1247348,1247349,1247366,1247372,1247376,1247426,1247437,1247442,1247483,1247500,1247712,1247837,1247838,1247935,1247936,1247949,1247950,1247963,1247976,1248088,1248111,1248121,1248183,1248186,1248190,1248192,1248194,124 8198,1248199,1248200,1248202,1248205,1248211,1248223,1248224,1248225,1248230,1248235,1248255,1248296,1248297,1248299,1248302,1248304,1248306,1248312,1248333,1248334,1248337,1248338,1248340,1248341,1248343,1248345,1248349,1248350,1248354,1248355,1248357,1248359,1248361,1248363,1248365,1248367,1248368,1248374,1248377,1248378,1248380,1248386,1248390,1248392,1248395,1248396,1248399,1248401,1248511,1248512,1248573,1248575,1248577,1248609,1248610,1248616,1248617,1248619,1248621,1248622,1248624,1248627,1248628,1248634,1248635,1248639,1248643,1248647,1248648,1248652,1248655,1248662,1248664,1248666,1248669,1248674,1248681,1248727,1248728,1248748,1248754,1248775,1249022,1249038,1249060,1249061,1249062,1249064,1249065,1249066,1249126,1249143,1249156,1249159,1249160,1249163,1249164,1249166,1249167,1249169,1249170,1249172,1249176,1249177,1249182,1249186,1249190,1249193,1249195,1249199,1249201,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249258,1249262,1249263,1249265,1249266, 1249269,1249271,1249272,1249273,1249274,1249278,1249279,1249281,1249282,1249284,1249285,1249286,1249288,1249290,1249292,1249295,1249296,1249297,1249299,1249300,1249301,1249303,1249304,1249305,1249306,1249308,1249309,1249312,1249313,1249314,1249315,1249316,1249318,1249319,1249320,1249321,1249322,1249323,1249324,1249333,1249334,1249338,1249346,1249374,1249413,1249477,1249478,1249479,1249486,1249490,1249494,1249500,1249504,1249506,1249508,1249509,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249547,1249548,1249550,1249552,1249554,1249562,1249566,1249587,1249598,1249604,1249608,1249615,1249618,1249774,1249833,1249887,1249888,1249901,1249904,1249906,1249915,1249974,1249975,1250002,1250007,1250021,1250025,1250028,1250032,1250087,1250088,1250119,1250123,1250124,1250177,1250179,1250203,1250204,1250205,1250237,1250242,1250247,1250249,1250251,1250258,1250262,1250266,1250267,1250268,1250275,1250276,1250281,1250291,1250292,1250294,12502 96,1250297,1250298,1250334,1250344,1250365,1250371,1250377,1250386,1250389,1250398,1250402,1250406,1250407,1250408,1250450,1250491,1250519,1250522,1250650,1250655,1250671,1250702,1250711,1250712,1250713,1250716,1250719,1250722,1250729,1250736,1250737,1250739,1250741,1250742,1250758,1250952,1251100,1251114,1251134,1251135,1251143,1251146,1251186,1251216,1251230,1251810,1252084,CVE-2024-53164,CVE-2024-57891,CVE-2024-57951,CVE-2024-57952,CVE-2024-58090,CVE-2025-22034,CVE-2025-22077,CVE-2025-23141,CVE-2025-37798,CVE-2025-37821,CVE-2025-37849,CVE-2025-37856,CVE-2025-37861,CVE-2025-37864,CVE-2025-38006,CVE-2025-38008,CVE-2025-38019,CVE-2025-38034,CVE-2025-38038,CVE-2025-38052,CVE-2025-38058,CVE-2025-38062,CVE-2025-38075,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38091,CVE-2025-38095,CVE-2025-38096,CVE-2025-38098,CVE-2025-38099,CVE-2025-38101,CVE-2025-38102,CVE-2025-38103,CVE-2025-38106,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE -2025-38112,CVE-2025-38113,CVE-2025-38114,CVE-2025-38117,CVE-2025-38118,CVE-2025-38119,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-38124,CVE-2025-38125,CVE-2025-38127,CVE-2025-38128,CVE-2025-38129,CVE-2025-38134,CVE-2025-38135,CVE-2025-38136,CVE-2025-38137,CVE-2025-38138,CVE-2025-38140,CVE-2025-38141,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38146,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38156,CVE-2025-38157,CVE-2025-38159,CVE-2025-38160,CVE-2025-38161,CVE-2025-38165,CVE-2025-38168,CVE-2025-38169,CVE-2025-38170,CVE-2025-38172,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38184,CVE-2025-38185,CVE-2025-38186,CVE-2025-38188,CVE-2025-38189,CVE-2025-38190,CVE-2025-38193,CVE-2025-38197,CVE-2025-38198,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38209,CVE-2025-38211,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38216,CVE-2025-38217,CVE-2025-3 8220,CVE-2025-38222,CVE-2025-38224,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38228,CVE-2025-38229,CVE-2025-38231,CVE-2025-38232,CVE-2025-38233,CVE-2025-38234,CVE-2025-38242,CVE-2025-38244,CVE-2025-38245,CVE-2025-38246,CVE-2025-38249,CVE-2025-38251,CVE-2025-38253,CVE-2025-38255,CVE-2025-38256,CVE-2025-38257,CVE-2025-38258,CVE-2025-38259,CVE-2025-38263,CVE-2025-38265,CVE-2025-38267,CVE-2025-38268,CVE-2025-38270,CVE-2025-38272,CVE-2025-38273,CVE-2025-38274,CVE-2025-38275,CVE-2025-38277,CVE-2025-38278,CVE-2025-38286,CVE-2025-38287,CVE-2025-38288,CVE-2025-38289,CVE-2025-38290,CVE-2025-38291,CVE-2025-38292,CVE-2025-38293,CVE-2025-38299,CVE-2025-38300,CVE-2025-38301,CVE-2025-38302,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38306,CVE-2025-38307,CVE-2025-38311,CVE-2025-38312,CVE-2025-38313,CVE-2025-38315,CVE-2025-38317,CVE-2025-38318,CVE-2025-38319,CVE-2025-38322,CVE-2025-38323,CVE-2025-38326,CVE-2025-38332,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CV E-2025-38339,CVE-2025-38341,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38351,CVE-2025-38352,CVE-2025-38353,CVE-2025-38354,CVE-2025-38355,CVE-2025-38356,CVE-2025-38359,CVE-2025-38360,CVE-2025-38361,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38368,CVE-2025-38369,CVE-2025-38371,CVE-2025-38372,CVE-2025-38373,CVE-2025-38374,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38381,CVE-2025-38382,CVE-2025-38383,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38390,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38397,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38402,CVE-2025-38403,CVE-2025-38404,CVE-2025-38405,CVE-2025-38406,CVE-2025-38408,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38413,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38417,CVE-2025-38418,CVE-2025-38419,CVE-2025- 38420,CVE-2025-38421,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38427,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38438,CVE-2025-38439,CVE-2025-38440,CVE-2025-38441,CVE-2025-38443,CVE-2025-38444,CVE-2025-38445,CVE-2025-38446,CVE-2025-38448,CVE-2025-38449,CVE-2025-38450,CVE-2025-38451,CVE-2025-38453,CVE-2025-38454,CVE-2025-38455,CVE-2025-38456,CVE-2025-38457,CVE-2025-38458,CVE-2025-38459,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38464,CVE-2025-38465,CVE-2025-38466,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38472,CVE-2025-38473,CVE-2025-38474,CVE-2025-38475,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38484,CVE-2025-38485,CVE-2025-38487,CVE-2025-38488,CVE-2025-38489,CVE-2025-38490,CVE-2025-38491,CVE-2025-38493,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38508,C VE-2025-38514,CVE-2025-38524,CVE-2025-38526,CVE-2025-38527,CVE-2025-38528,CVE-2025-38531,CVE-2025-38533,CVE-2025-38539,CVE-2025-38544,CVE-2025-38545,CVE-2025-38546,CVE-2025-38549,CVE-2025-38552,CVE-2025-38553,CVE-2025-38554,CVE-2025-38555,CVE-2025-38556,CVE-2025-38557,CVE-2025-38559,CVE-2025-38560,CVE-2025-38563,CVE-2025-38564,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38573,CVE-2025-38574,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,CVE-2025-38584,CVE-2025-38585,CVE-2025-38586,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38605,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38614,CVE-2025-38616,CVE-2025-38617,CVE-2025-38618,CVE-2025-38619,CVE-2025-38621,CVE-2025-38622,CVE-2025-38623,CVE-2025-38624,CVE-2025-38628,CVE-2025-38630,CVE-2025-38631,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38639,CVE-2025 -38640,CVE-2025-38643,CVE-2025-38644,CVE-2025-38646,CVE-2025-38648,CVE-2025-38656,CVE-2025-38658,CVE-2025-38659,CVE-2025-38660,CVE-2025-38662,CVE-2025-38664,CVE-2025-38665,CVE-2025-38668,CVE-2025-38670,CVE-2025-38671,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38686,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38700,CVE-2025-38701,CVE-2025-38702,CVE-2025-38703,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38710,CVE-2025-38717,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38733,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39673,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39683,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39687,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39695, CVE-2025-39697,CVE-2025-39698,CVE-2025-39700,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39707,CVE-2025-39709,CVE-2025-39710,CVE-2025-39711,CVE-2025-39712,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39722,CVE-2025-39723,CVE-2025-39724,CVE-2025-39726,CVE-2025-39727,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39744,CVE-2025-39746,CVE-2025-39747,CVE-2025-39748,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39765,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39775,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39788,CVE-2025-39790,CVE-2025-39791,CVE-2025-39792,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39807,CVE-2025-39808,CVE-2025-39810,CVE-2025-39811,CVE-2025-39813,CVE-2025-39816,CVE-202 5-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39828,CVE-2025-39830,CVE-2025-39832,CVE-2025-39833,CVE-2025-39834,CVE-2025-39835,CVE-2025-39836,CVE-2025-39838,CVE-2025-39839,CVE-2025-39841,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39851,CVE-2025-39852,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39875,CVE-2025-39877,CVE-2025-39882,CVE-2025-39884,CVE-2025-39885,CVE-2025-39889,CVE-2025-39890,CVE-2025-39891,CVE-2025-39896,CVE-2025-39898,CVE-2025-39899,CVE-2025-39900,CVE-2025-39902,CVE-2025-39907,CVE-2025-39909,CVE-2025-39916,CVE-2025-39918,CVE-2025-39922,CVE-2025-39923,CVE-2025-39925,CVE-2025-39926,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39952,CVE-2025-39957,CVE-2025-40300,CVE-2026-38264 The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953). - CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108). - CVE-2024-57952: Revert 'libfs: fix infinite directory reads for offset dir' (bsc#1237131). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435). - CVE-2025-22077: Revert 'smb: client: fix TCP timers deadlock after rmmod' (bsc#1241403). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864). - CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188). - CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245). - CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351). - CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366). - CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376). - CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444). - CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102). - CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235). - CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374). - CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550). - CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032). - CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205). - CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722). - CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). - CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387). The following non-security bugs were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes). - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes). - ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: timer: fix ida_free call while not allocated (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes). - ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes). - ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes). - ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes). - ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: qcom: use drvdata instead of component to keep id (stable-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: ISO: free rx_skb if not consumed (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes). - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes). - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Disable CET before shutdown by tboot (bsc#1247950). - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation/x86: Document new attack vector controls (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: KVM: Fix unexpected unindent warning (git-fixes). - Documentation: KVM: Fix unexpected unindent warnings (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Drop ath12k patch that was reverted in the upstream (git-fixes) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone using CMA or investigating CMA issues, with a small and simple code base and no runtime overhead. - Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325) - Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256). - Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself. - Fix dma_unmap_sg() nents value (git-fixes) - HID: amd_sfh: Add sync across amd sfh work functions (git-fixes). - HID: apple: avoid setting up battery timer for devices without battery (git-fixes). - HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes). - HID: asus: add support for missing PX series fn keys (stable-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: hidraw: tighten ioctl command parsing (git-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes). - HID: magicmouse: avoid setting up battery timer when not needed (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes). - KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes). - KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes). - KVM: Conditionally reschedule when resetting the dirty ring (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes). - KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302). - KVM: TDX: Do not report base TDVMCALLs (git-fixes). - KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302). - KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302). - KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302). - KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302). - KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302). - KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes). - KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes). - KVM: arm64: Fix error path in init_hyp_mode() (git-fixes). - KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Limit patch filenames to 100 characters (bsc#1249604). - Move upstreamed SPI patch into sorted section - NFS: Fix a race when updating an existing write (git-fixes). - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - Octeontx2-af: Skip overlap check for SPI field (git-fixes). - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI/pwrctrl: Fix device leak at registration (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes). - PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes). - PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes). - PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes). - PCI: rcar-gen4: Fix PHY initialization (git-fixes). - PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PCI: xilinx-nwl: Fix ECAM programming (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - PM / devfreq: Fix a index typo in trans_stat (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes). - PM: EM: use kfree_rcu() to simplify the code (stable-fixes). - PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mana_ib: Add device statistics support (bsc#1246651). - RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135). - RDMA/mana_ib: Extend modify QP (bsc#1251135). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: add additional port counters (git-fixes). - RDMA/mana_ib: add support of multiple ports (git-fixes). - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - README.BRANCH: mfranc at suse.cz leaving SUSE - RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348). - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Reapply 'x86/smp: Eliminate mwait_play_dead_cpuid_hint()' (jsc#PED-13815). - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - Revert 'drm/nouveau: check ioctl command codes better' (git-fixes). - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - Revert 'leds: trigger: netdev: Configure LED blink interval for HW offload' (git-fixes). - Revert 'mac80211: Dynamically set CoDel parameters per station' (stable-fixes). - Revert 'usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - Revert 'wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO' (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - Update config files: revive pwc driver for Leap (bsc#1249060) - accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes). - accel/ivpu: Correct DCT interrupt handling (git-fixes). - accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes). - accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes). - accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes). - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes) - arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes) - arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes) - arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: config: Make tpm_tis_spi module build-in (bsc#1246896) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: add big-endian property back into watchdog node (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes) - arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes) - arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes) - arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes) - arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes) - arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes) - arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes). - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes) - arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes) - arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes) - arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: dts: st: fix timer used for ticks (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - arm64: map [_text, _stext) virtual address range (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - arm64: poe: Handle spurious Overlay faults (git-fixes) - arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes) - arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes) - arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: ahci: Disable DIPM if host lacks support (stable-fixes). - ata: ahci: Disallow LPM policy control if not supported (stable-fixes). - ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes). - ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - benet: fix BUG when creating VFs (git-fixes). - block: Introduce bio_needs_zone_write_plugging() (git-fixes). - block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552). - block: ensure discard_granularity is zero when discard is not supported (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - block: sanitize chunk_sectors for atomic write limits (git-fixes). - bnxt_en: Add a helper function to configure MRU and RSS (git-fixes). - bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes). - bnxt_en: Fix DCB ETS validation (git-fixes). - bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes). - bnxt_en: Fix stats context reservation logic (git-fixes). - bnxt_en: Flush FW trace before copying to the coredump (git-fixes). - bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes). - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes). - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes) - bpf, arm64: Fix fp initialization for exception boundary (git-fixes) - bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes). - bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes). - bpf: Forget ranges when refining tnum after JSET (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes). - bpf: Reject %p% format string in bprintf-like helpers (git-fixes). - bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes). - bpf: Reject narrower access to pointer ctx fields (git-fixes). - bpf: Return prog btf_id without capable check (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes). - bpf: fix possible endless loop in BPF map iteration (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes). - btrfs: add debug build only WARN (bsc#1249038). - btrfs: add function comment for check_committed_ref() (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes). - btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes). - btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes). - btrfs: codify pattern for adding block_group to bg_list (git-fixes). - btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes). - btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: enhance ASSERT() to take optional format string (bsc#1249038). - btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes). - btrfs: exit after state split error at set_extent_bit() (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949). - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix incorrect log message for nobarrier mount option (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: fix squota compressed stats leak (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes). - btrfs: fix the inode leak in btrfs_iget() (git-fixes). - btrfs: fix two misuses of folio_shift() (git-fixes). - btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes). - btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038). - btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes). - btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes). - btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes). - btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes). - btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes). - btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes). - btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes). - btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949). - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes). - btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes). - btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes). - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes). - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes). - btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes). - btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes). - btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes). - btrfs: remove redundant path release when replaying a log tree (git-fixes). - btrfs: remove the snapshot check from check_committed_ref() (git-fixes). - btrfs: restore mount option info messages during mount (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: return any hit error from extent_writepage_io() (git-fixes). - btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes). - btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes). - btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949). - btrfs: simplify error detection flow during log replay (git-fixes). - btrfs: simplify return logic at check_committed_ref() (git-fixes). - btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: unfold transaction aborts when replaying log trees (git-fixes). - btrfs: unify ordering of btrfs_key initializations (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - btrfs: use filemap_get_folio() helper (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes). - btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes). - btrfs: use verbose ASSERT() in volumes.c (bsc#1249038). - build_bug.h: Add KABI assert (bsc#1249186). - bus: firewall: Fix missing static inline annotations for stubs (git-fixes). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: ep: Fix chained transfer handling in read path (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405). - cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: at91: sam9x7: update pll clk ranges (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: imx95-blk-ctl: Fix synchronous abort (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes). - clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes). - clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes). - clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes). - clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes). - clk: samsung: exynos850: fix a comment (git-fixes). - clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes). - clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: SLFO 1.2 branched in IBS - config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206) - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cpu: Define attack vectors (git-fixes). - cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes). - cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes). - cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes) - cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes). - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes). - cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes). - cpufreq: armada-8k: make both cpu masks static (git-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: mediatek: fix device leak on probe failure (git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: sun50i: prevent out-of-bounds access (git-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes). - crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes). - crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - devlink: Add support for u64 parameters (jsc#PED-13331). - devlink: avoid param type value translations (jsc#PED-13331). - devlink: define enum for attr types of dynamic attributes (jsc#PED-13331). - devlink: introduce devlink_nl_put_u64() (jsc#PED-13331). - devlink: let driver opt out of automatic phys_port_name generation (git-fixes). - dm-mpath: do not print the 'loaded' message if registering fails (git-fixes). - dm-stripe: limit chunk_sectors to the stripe size (git-fixes). - dm-table: fix checking for rq stackable devices (git-fixes). - dm: Check for forbidden splitting of zone write operations (git-fixes). - dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - dpll: Add basic Microchip ZL3073x support (jsc#PED-13331). - dpll: Make ZL3073X invisible (jsc#PED-13331). - dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331). - dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331). - dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331). - dpll: zl3073x: Fix build failure (jsc#PED-13331). - dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331). - dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331). - dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331). - dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers: base: handle module_kobject creation (git-fixes). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Allow DCN301 to clear update flags (git-fixes). - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes). - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes). - drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/display: Do not print errors for nonexistent connectors (git-fixes). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Fix mismatch type comparison (stable-fixes). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: Free memory allocation (stable-fixes). - drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes). - drm/amd/display: Initialize mode_select to 0 (stable-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: fix initial backlight brightness calculation (git-fixes). - drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/display: remove output_tf_change flag (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amd/pm: fix null pointer access (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/discovery: fix fw based ip discovery (git-fixes). - drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes). - drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes). - drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/mes: add missing locking in helper functions (stable-fixes). - drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes). - drm/amdgpu/mes: optimize compute loop handling (stable-fixes). - drm/amdgpu/swm14: Update power limit logic (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes). - drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Increase reset counter only on success (stable-fixes). - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes). - drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes). - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes). - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes). - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: fix vram reservation issue (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/ast: Use msleep instead of mdelay for edid read (git-fixes). - drm/bridge: fix OF node leak (git-fixes). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/cirrus-qemu: Fix pitch programming (git-fixes). - drm/connector: hdmi: Evaluate limited range after computing format (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes). - drm/gem: Internally test import_attach for imported objects (git-fixes). - drm/gem: Test for imported GEM buffers with helper (stable-fixes). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes). - drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes). - drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes). - drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes). - drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes). - drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes). - drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes). - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). - drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes). - drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes). - drm/i915/icl+/tc: Cache the max lane count value (stable-fixes). - drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes). - drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Add error handling for krealloc in metadata setup (stable-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: update the high bitfield of certain DSI registers (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes). - drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes). - drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes). - drm/panthor: validate group queue count (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/simpledrm: Do not upcast in release helpers (git-fixes). - drm/tests: Fix endian warning (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - drm/xe/bmg: Add new PCI IDs (stable-fixes). - drm/xe/bmg: Add one additional PCI ID (stable-fixes). - drm/xe/bmg: Update Wa_22019338487 (git-fixes). - drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes). - drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes). - drm/xe/mocs: Initialize MOCS index early (stable-fixes). - drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes). - drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes). - drm/xe/tile: Release kobject for the failure path (git-fixes). - drm/xe/uapi: Correct sync type definition in comments (git-fixes). - drm/xe/uapi: loosen used tracking restriction (git-fixes). - drm/xe/vf: Disable CSC support on VF (git-fixes). - drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes). - drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes). - drm/xe/xe_sync: avoid race during ufence signaling (git-fixes). - drm/xe: Allow dropping kunit dependency as built-in (git-fixes). - drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes). - drm/xe: Carve out wopcm portion from the stolen memory (git-fixes). - drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes). - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes). - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes). - drm/xe: Fix build without debugfs (git-fixes). - drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes). - drm/xe: Move page fault init after topology init (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes). - dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331). - dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331). - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes). - e1000e: ignore uninitialized checksum word on tgp (git-fixes). - efi: stmm: Fix incorrect buffer allocation method (git-fixes). - erofs: avoid reading more for fragment maps (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - fbdev: Fix logic error in 'offb' name match (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes). - fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes). - firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes). - firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes). - firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes). - firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes). - firmware: firmware: meson-sm: fix compile-test default (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - firmware: tegra: Fix IVC dependency problems (stable-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes). - fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450 - ftrace: Fix function profiler's filtering functionality (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220). - gfs2: Clean up delete work processing (bsc#1247220). - gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220). - gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220). - gfs2: Minor delete_work_func cleanup (bsc#1247220). - gfs2: Only defer deletes when we have an iopen glock (bsc#1247220). - gfs2: Prevent inode creation race (2) (bsc#1247220). - gfs2: Prevent inode creation race (bsc#1247220). - gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220). - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220). - gfs2: Rename dinode_demise to evict_behavior (bsc#1247220). - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220). - gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220). - gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220). - gfs2: Update to the evict / remote delete documentation (bsc#1247220). - gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220). - gfs2: gfs2_evict_inode clarification (bsc#1247220). - gfs2: minor evict fix (bsc#1247220). - gfs2: skip if we cannot defer delete (bsc#1247220). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - gpiolib: Extend software-node support to support secondary software-nodes (git-fixes). - gve: Fix stuck TX queue for DQ queue format (git-fixes). - gve: prevent ethtool ops after shutdown (git-fixes). - habanalabs: fix UAF in export_dmabuf() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Link queues to NAPIs (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: designware: Add quirk for Intel Xe (stable-fixes). - i2c: designware: Fix clock issue when PM is disabled (git-fixes). - i2c: designware: Use temporary variable for struct device (stable-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes). - i2c: omap: Add support for setting mux (stable-fixes). - i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes). - i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes). - i2c: omap: fix deprecated of_property_read_bool() use (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: add missing include to internal header (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - i3c: master: svc: Use manual response for IBI events (git-fixes). - i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes). - i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes). - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice/ptp: fix crosstimestamp reporting (git-fixes). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762). - ice: check correct pointer in fwlog debugfs (git-fixes). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: do not leave device non-functional if Tx scheduler config fails (git-fixes). - ice: enable_rdma devlink param (bsc#1247712). - ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728). - ice: fix incorrect counter for buffer allocation failures (git-fixes). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - ice: use fixed adapter index for E825C embedded devices (git-fixes). - idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762). - idpf: add cross timestamping (jsc#PED-13728). - idpf: add flow steering support (jsc#PED-13728). - idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762). - idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728). - idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762). - idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762). - idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728). - idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762). - idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762). - idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762). - idpf: improve when to set RE bit logic (jsc#PED-13728). - idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762). - idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762). - idpf: preserve coalescing settings across resets (jsc#PED-13728). - idpf: remove obsolete stashing code (jsc#PED-13728). - idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762). - idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728). - idpf: set mac type when adding and removing MAC filters (jsc#PED-13728). - idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728). - idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728). - idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762). - igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes). - igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes). - igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes). - iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762). - iio/adc/pac1934: fix channel disable configuration (git-fixes). - iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes). - iio: accel: fxls8962af: Fix temperature calculation (git-fixes). - iio: adc: ad7173: fix setting ODR in probe (git-fixes). - iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes). - iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes). - iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes). - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes). - iio: hid-sensor-prox: Restore lost scale assignments (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes). - iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes). - iio: light: as73211: Ensure buffer holes are zeroed (git-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - interconnect: qcom: sc8180x: specify num_nodes (git-fixes). - interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes). - io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting. - io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542). - io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes). - iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes). - iommu/amd: Fix alias device DTE setting (git-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes). - iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - iommu: Handle race with default domain setup (git-fixes). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410). - ixgbe: prevent from unwanted interface name changes (git-fixes). - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes). - kABI fix after Add TDX support for vSphere (jsc#PED-13302). - kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for amd_sfh (git-fixes). - kABI workaround for drm_gem.h (git-fixes). - kABI workaround for struct mtk_base_afe changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes). - kABI: netfilter: supress warnings for nft_set_ops (git-fixes). - kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes). - kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally - kabi/severities: ignore two unused/dropped symbols from MEI - kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kbuild: rust: add rustc-min-version support function (git-fixes) - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel: globalize lookup_or_create_module_kobject() (stable-fixes). - kernel: param: rename locate_module_kobject (stable-fixes). - leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes). - leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - leds: leds-lp55xx: Use correct address for memory programming (git-fixes). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes). - libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762). - livepatch: Add stack_order sysfs attribute (poo#187320). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes). - mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes). - mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes). - mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes). - mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes). - mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - maple_tree: fix status setup on restore to active (git-fixes). - maple_tree: fix testing for 32 bit builds (git-fixes). - mctp: no longer rely on net->dev_index_head (git-fixes). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: Fix reset GPIO timings (stable-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ipu-bridge: Add _HID for OV5670 (stable-fixes). - media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes). - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes). - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: pci: mg4b: fix uninitialized iio scan data (git-fixes). - media: pisp_be: Fix pm_runtime underrun in probe (git-fixes). - media: qcom: camss: cleanup media device allocated resource on error path (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: s5p-mfc: remove an unused/uninitialized variable (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes). - media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes). - media: ti: j721e-csi2rx: fix list_del corruption (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: uvcvideo: Rollback non processed entities on error (git-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: Fix MSM8998 frequency table (git-fixes). - media: venus: Fix OOB read due to missing payload bound check (git-fixes). - media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: verisilicon: Fix AV1 decoder clock frequency (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - mei: vsc: Destroy mutex after freeing the IRQ (git-fixes). - mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes). - mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes). - mei: vsc: Event notifier fixes (git-fixes). - mei: vsc: Fix 'BUG: Invalid wait context' lockdep error (git-fixes). - mei: vsc: Run event callback from a workqueue (git-fixes). - mei: vsc: Unset the event callback on remove and probe errors (git-fixes). - memory: mtk-smi: Add ostd setting for mt8186 (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes). - mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes). - mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - microchip: lan865x: Fix LAN8651 autoloading (git-fixes). - microchip: lan865x: Fix module autoloading (git-fixes). - microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes). - microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes). - misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes). - mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes). - mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes). - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes). - mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes). - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes). - mm/damon/sysfs: fix use-after-free in state_show() (git-fixes). - mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes). - mm: close theoretical race where stale TLB entries could linger (git-fixes). - mm: fault in complete folios instead of individual pages for tmpfs (git-fixes). - mm: fix the inaccurate memory statistics issue for users (bsc#1244723). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes). - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes). - mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes). - mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fix spurious wake-up on under memory pressure (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes). - net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes). - net/mlx5: CT: Use the correct counter offset (git-fixes). - net/mlx5: Check device memory pointer before usage (git-fixes). - net/mlx5: Correctly set gso_segs when LRO is used (git-fixes). - net/mlx5: Correctly set gso_size when LRO is used (git-fixes). - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes). - net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes). - net/mlx5: Fix memory leak in cmd_exec() (git-fixes). - net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes). - net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes). - net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes). - net/mlx5: Nack sync reset when SFs are present (git-fixes). - net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes). - net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes). - net/mlx5e: Add new prio for promiscuous mode (git-fixes). - net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes). - net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes). - net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes). - net/mlx5e: Set local Xoff after FW update (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes). - net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes). - net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes). - net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes). - net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes). - net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: ieee8021q: fix insufficient table-size assertion (stable-fixes). - net: llc: reset skb->transport_header (git-fixes). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726). - net: mana: Add support for net_shaper_ops (bsc#1245726). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes). - net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728). - net: mana: Handle unsupported HWC commands (bsc#1245726). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mctp: handle skb cleanup on sock_queue failures (git-fixes). - net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes). - net: phy: bcm54811: PHY initialization (stable-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netfilter: ctnetlink: fix refcount leak on table dump (git-fixes). - netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes). - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes). - netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes). - netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes). - netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes). - netfilter: nf_tables: adjust lockdep assertions handling (git-fixes). - netfilter: nf_tables: fix set size with rbtree backend (git-fixes). - netfilter: nf_tables: imbalance in flowtable binding (git-fixes). - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes). - netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes). - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes). - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes). - netfilter: nft_tunnel: fix geneve_opt dump (git-fixes). - netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes). - netlink: fix policy dump for int with validation callback (jsc#PED-13331). - netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs/localio: add direct IO enablement with sync and async IO support (git-fixes). - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes). - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes). - nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-auth: update bi_directional flag (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvme-tcp: log TLS handshake failures at error level (git-fixes). - nvme-tcp: send only permitted commands for secure concat (git-fixes). - nvme: fix PI insert on write (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - nvmet: exit debugfs after discovery subsystem exits (git-fixes). - nvmet: initialize discovery subsys after debugfs is initialized (git-fixes). - nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes). - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes). - objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes). - objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes). - of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes). - of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes). - of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes). - of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes). - of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes). - of: unittest: Unlock on error in unittest_data_add() (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - percpu: fix race on alloc failed warning limit (git-fixes). - perf bpf-event: Fix use-after-free in synthesis (git-fixes). - perf bpf-utils: Constify bpil_array_desc (git-fixes). - perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes). - perf dso: Add missed dso__put to dso__load_kcore (git-fixes). - perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes). - perf parse-events: Set default GH modifier properly (git-fixes). - perf record: Cache build-ID of hit DSOs only (git-fixes). - perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes). - perf sched: Fix memory leaks in 'perf sched latency' (git-fixes). - perf sched: Fix memory leaks in 'perf sched map' (git-fixes). - perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes). - perf sched: Free thread->priv using priv_destructor (git-fixes). - perf sched: Make sure it frees the usage string (git-fixes). - perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes). - perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes). - perf test: Fix a build error in x86 topdown test (git-fixes). - perf tests bp_account: Fix leaked file descriptor (git-fixes). - perf tools: Remove libtraceevent in .gitignore (git-fixes). - perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes). - perf trace: Remove --map-dump documentation (git-fixes). - phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: mscc: Fix timestamping for vsc8584 (git-fixes). - phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes). - phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - phy: ti: omap-usb2: fix device leak at unbind (git-fixes). - pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113). - pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes). - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes). - platform/x86: Fix initialization order for firmware_attributes_class (git-fixes). - platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes). - platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes). - platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes). - platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes). - platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - pptp: fix pptp_xmit() error path (git-fixes). - printk: nbcon: Allow reacquire during panic (bsc#1246688). - psample: adjust size if rate_as_probability is set (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - pwm: rockchip: Round period/duty down on apply, up on get (git-fixes). - pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - r8169: add support for RTL8125D (stable-fixes). - r8169: disable RTL8126 ZRX-DC timeout (stable-fixes). - r8169: do not scan PHY addresses > 0 (stable-fixes). - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - reset: eyeq: fix OF node leak (git-fixes). - resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762). - resource: fix false warning in __request_region() (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - ring-buffer: Make reading page consistent with the code logic (git-fixes). - rpm/config.sh: SLFO 1.2 is now synced to OBS as well - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477). - s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes). - s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372). - s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838). - s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066). - s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478). - s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249065). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - samples: mei: Fix building on musl libc (git-fixes). - sched/deadline: Always stop dl-server before changing parameters (bsc#1247936). - sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936). - sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936). - sched/deadline: Fix dl_server_stopped() (bsc#1247936). - sched/deadline: Initialize dl_servers after SMP (git-fixes) - sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes) - scsi: Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519). - scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: mpi3mr: Event processing debug improvement (bsc#1251186). - scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186). - scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186). - scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186). - scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - scsi: smartpqi: Enhance WWID logging logic (bsc#1246631). - scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631). - scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631). - scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes). - scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes). - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes). - scsi: ufs: core: Add missing post notify for power mode change (git-fixes). - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes). - scsi: ufs: core: Always initialize the UIC done completion (git-fixes). - scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes). - scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes). - scsi: ufs: core: Fix error return with query response (git-fixes). - scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes). - scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes). - scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes). - scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes). - scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes). - scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes). - scsi: ufs: core: Remove redundant query_complete trace (git-fixes). - scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes). - scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes). - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes). - scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes). - scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes). - scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes). - scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes). - scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes). - scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes). - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes). - scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes). - scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes). - scsi: ufs: exynos: Remove empty drv_init method (git-fixes). - scsi: ufs: exynos: Remove superfluous function parameter (git-fixes). - scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes). - scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes). - scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes). - scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes). - scsi: ufs: qcom: Fix crypto key eviction (git-fixes). - scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes). - scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes). - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671). - selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320). - selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320). - selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320). - selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: ALSA: fix memory leak in utimer test (git-fixes). - selftests: livepatch: add new ftrace helpers functions (poo#187320). - selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320). - selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320). - selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320). - selftests: livepatch: save and restore kprobe state (poo#187320). - selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320). - selftests: livepatch: test livepatching a kprobed function (poo#187320). - selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443). - selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes). - serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix netns refcount leak after net_passive changes (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes). - soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes). - soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes). - soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes). - soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes). - soundwire: amd: fix for handling slave alerts after link is down (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes). - spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979). - spi: fix return code when spi device has too many chipselects (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes). - spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes). - sprintf.h requires stdarg.h (git-fixes). - sprintf.h: mask additional include (git-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes). - struct cdc_ncm_ctx: move new member to end (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - supported.conf: Mark ZL3073X modules supported - supported.conf: mark hyperv_drm as external - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes). - tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes). - tools/power turbostat: Fix build with musl (stable-fixes). - tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes). - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - trace/fgraph: Fix error handling (git-fixes). - trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes). - tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Fix using ret variable in tracing_set_tracer() (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - tracing: Switch trace.c code over to use guard() (git-fixes). - tracing: Switch trace_events_hist.c code over to use guard() (git-fixes). - tracing: fprobe events: Fix possible UAF on modules (git-fixes). - tracing: tprobe-events: Fix leakage of module refcount (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - tty: serial: fix print format specifiers (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes). - usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes). - vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes). - vhost: Reintroduce kthread API and add mode selection (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - virtchnl2: add flow steering support (jsc#PED-13728). - virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728). - virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762). - virtio_net: Enforce minimum TX ring size for reliability (git-fixes). - virtio_ring: Fix error reporting in virtqueue_resize (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: Validate length in packet header before skb_put() (git-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes). - wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes). - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath12k: fix the fetching of combined rssi (git-fixes). - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath12k: fix wrong logging ID used for CE (git-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: Remove redundant header files (git-fixes). - wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes). - wifi: mac80211: avoid weird state in error path (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: fix linked list corruption (git-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes). - wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes). - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes). - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes). - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes). - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes). - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtw88: Fix macid assigned to TDLS station (git-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes). - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704). - x86/Kconfig: Add arch attack vector support (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/boot: Sanitize boot params before parsing command line (git-fixes). - x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes). - x86/bugs: Add attack vector controls for BHI (git-fixes). - x86/bugs: Add attack vector controls for GDS (git-fixes). - x86/bugs: Add attack vector controls for ITS (git-fixes). - x86/bugs: Add attack vector controls for L1TF (git-fixes). - x86/bugs: Add attack vector controls for MDS (git-fixes). - x86/bugs: Add attack vector controls for MMIO (git-fixes). - x86/bugs: Add attack vector controls for RFDS (git-fixes). - x86/bugs: Add attack vector controls for SRBDS (git-fixes). - x86/bugs: Add attack vector controls for SRSO (git-fixes). - x86/bugs: Add attack vector controls for SSB (git-fixes). - x86/bugs: Add attack vector controls for TAA (git-fixes). - x86/bugs: Add attack vector controls for TSA (git-fixes). - x86/bugs: Add attack vector controls for retbleed (git-fixes). - x86/bugs: Add attack vector controls for spectre_v1 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes). - x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes). - x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes). - x86/bugs: Avoid warning when overriding return thunk (git-fixes). - x86/bugs: Clean up SRSO microcode handling (git-fixes). - x86/bugs: Define attack vectors relevant for each bug (git-fixes). - x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes). - x86/bugs: Introduce cdt_possible() (git-fixes). - x86/bugs: Print enabled attack vectors (git-fixes). - x86/bugs: Remove its=stuff dependency on retbleed (git-fixes). - x86/bugs: Select best SRSO mitigation (git-fixes). - x86/bugs: Simplify the retbleed=stuff checks (git-fixes). - x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes). - x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes). - x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes). - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes). - x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes). - x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes). - x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes). - x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/microcode: Update the Intel processor flag scan check (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/mm/pat: do not collapse pages without PSE set (git-fixes). - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes). - x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes). - x86/pkeys: Simplify PKRU update in signal frame (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/pti: Add attack vector controls for PTI (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: fix UAF in dmabuf_exp_from_pages() (git-fixes). - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes). - xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes). - xfs: do not propagate ENODATA disk errors into xattr code (git-fixes). - xfs: fix scrub trace with null pointer in quotacheck (git-fixes). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_discard_rtrelax (git-fixes). - xfs: remove unused trace event xfs_log_cil_return (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: dbc: decouple endpoint allocation from initialization (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). - zram: permit only one post-processing operation at a time (git-fixes). The following package changes have been done: - libexpat1-2.7.1-160000.3.1 updated - liburing2-2.8-160000.3.1 updated - kernel-default-base-6.12.0-160000.6.1.160000.2.4 updated - wpa_supplicant-2.11-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-eed3216f44346e966f8ec1aa82ecac4b17c6b24f06daeaccd98bfcfc2da3cd21-0 added - container:SL-Micro-base-container-2.3.0-6.1 removed From sle-container-updates at lists.suse.com Thu Nov 27 15:32:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 16:32:41 +0100 (CET) Subject: SUSE-CU-2025:8654-1: Recommended update of bci/openjdk Message-ID: <20251127153241.91FD9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8654-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-16.8 , bci/openjdk:latest Container Release : 16.8 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Thu Nov 27 15:33:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 16:33:32 +0100 (CET) Subject: SUSE-CU-2025:8659-1: Security update of suse/sles/16.0/toolbox Message-ID: <20251127153332.90BF3FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8659-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.4 , suse/sles/16.0/toolbox:latest Container Release : 1.4 Severity : important Type : security References : 1233529 1249191 1249348 1249367 1253757 CVE-2025-10148 CVE-2025-11563 CVE-2025-9086 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 57 Released: Wed Nov 26 15:30:14 2025 Summary: Security update for curl Type: security Severity: important References: 1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086 This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) - CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) Other fixes: - tool_operate: fix return code when --retry is used but not triggered (bsc#1249367) ----------------------------------------------------------------- Advisory ID: 60 Released: Wed Nov 26 15:34:50 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Fixed Python3 error log upon importing pycurl (bsc#1233529) The following package changes have been done: - curl-8.14.1-160000.3.1 updated - libcurl-mini4-8.14.1-160000.3.1 updated - libsasl2-3-2.1.28-160000.3.1 updated From sle-container-updates at lists.suse.com Thu Nov 27 16:44:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Nov 2025 17:44:42 +0100 (CET) Subject: SUSE-CU-2025:8660-1: Security update of bci/python Message-ID: <20251127164442.11AFAFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8660-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.9 , bci/python:3.13.9-80.7 , bci/python:latest Container Release : 80.7 Severity : low Type : security References : 1244680 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4277-1 Released: Thu Nov 27 14:13:36 2025 Summary: Security update for python313 Type: security Severity: low References: 1244680,1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python313 fixes the following issues: Update to 3.13.9: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) Other fixes: - Fix readline history truncation when length is reduced - Fixing reproducible build for python-nogil (bsc#1244680) The following package changes have been done: - libpython3_13-1_0-3.13.9-150700.4.26.1 updated - python313-base-3.13.9-150700.4.26.1 updated - python313-3.13.9-150700.4.26.1 updated - python313-devel-3.13.9-150700.4.26.1 updated From sle-container-updates at lists.suse.com Fri Nov 28 08:05:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Nov 2025 09:05:30 +0100 (CET) Subject: SUSE-IU-2025:3763-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251128080530.2AC91FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3763-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.6 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.6 Severity : moderate Type : recommended References : 1207266 1229997 1241474 1243443 1246806 1248097 1253060 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 73 Released: Thu Nov 27 16:46:11 2025 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1207266,1229997,1241474,1243443,1246806,1248097,1253060 This update for mdadm fixes the following issues: - Version update 4.4+29.gf8bb524b. - Fix race condition between mdcheck_start.service and mdcheck_continue.service (bsc#1243443, bsc#1248097). - mdadm_env.sh ignoring MDADM_RAIDDEVICES if MDADM_SCAN is set (bsc#1229997). - Split off the Software RAID HOWTO into a -doc package. - Upstream bug fixes for mdadm (bsc#1253060). - _service: switch to tar_scm for better interoperabity with SLFO. - Fix systemd unit file handling in spec file (bnc#1207266). - Stop emitting %release into program binaries (bnc#1246806). - Add MAILFROM address to email envelope, avoid smtp auth errors (bsc#1241474). The following package changes have been done: - mdadm-4.4+29.gf8bb524b-160000.1.1 updated From sle-container-updates at lists.suse.com Fri Nov 28 08:05:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Nov 2025 09:05:34 +0100 (CET) Subject: SUSE-IU-2025:3765-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251128080534.F25BAFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3765-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.9 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.9 Severity : important Type : recommended References : 1231055 1252425 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 77 Released: Thu Nov 27 20:50:12 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 The following package changes have been done: - libgpgme11-1.24.3-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-58d857ca6cac708fb38aa2d4bf163968b2ae8b6da5160bbb5267ae593fe97815-0 updated From sle-container-updates at lists.suse.com Fri Nov 28 08:08:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Nov 2025 09:08:37 +0100 (CET) Subject: SUSE-IU-2025:3774-1: Recommended update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251128080837.F3C57FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3774-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.6 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.6 Severity : important Type : recommended References : 1230042 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 71 Released: Thu Nov 27 17:18:20 2025 Summary: Recommended update for qemu Type: recommended Severity: important References: 1230042 This update for qemu fixes the following issues: Changes in qemu: - Update to version 10.0.4 - Support for Intel TDX (jsc#PED-9266) - rpm/spec: qemu-vgabios is required on ppc (bsc#1230042) The following package changes have been done: - qemu-guest-agent-10.0.4-160000.1.1 updated From sle-container-updates at lists.suse.com Fri Nov 28 08:13:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 28 Nov 2025 09:13:41 +0100 (CET) Subject: SUSE-CU-2025:8662-1: Security update of suse/rmt-server Message-ID: <20251128081341.1CC07FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8662-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-77.6 , suse/rmt-server:latest Container Release : 77.6 Severity : important Type : security References : 1225905 1230930 1232440 1235773 1237804 1237805 1237806 1245254 1246430 1246697 1250232 CVE-2024-35221 CVE-2024-47220 CVE-2024-49761 CVE-2025-24294 CVE-2025-27219 CVE-2025-27220 CVE-2025-27221 CVE-2025-6442 CVE-2025-9230 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4264-1 Released: Wed Nov 26 16:52:41 2025 Summary: Security update for ruby2.5 Type: security Severity: important References: 1225905,1230930,1232440,1235773,1237804,1237805,1237806,1245254,1246430,CVE-2024-35221,CVE-2024-47220,CVE-2024-49761,CVE-2025-24294,CVE-2025-27219,CVE-2025-27220,CVE-2025-27221,CVE-2025-6442 This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest (bsc#1225905) - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 (bsc#1232440) - CVE-2025-24294: Fixed denial of service (DoS) caused by an insufficient check on the length of a decompressed domain name within a DNS packet in resolv gem (bsc#1246430) - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) - CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805) - CVE-2025-6442: Fixed ruby WEBrick read_header HTTP request smuggling vulnerability (bsc#1245254) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 added - libruby2_5-2_5-2.5.9-150700.24.3.1 updated - ruby2.5-stdlib-2.5.9-150700.24.3.1 updated - ruby2.5-2.5.9-150700.24.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:03:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:03:11 +0100 (CET) Subject: SUSE-CU-2025:8664-1: Security update of containers/lmcache-lmstack-router Message-ID: <20251129080311.9A5AFFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8664-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.29 Container Release : 2.29 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) The following package changes have been done: - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - python311-base-3.11.14-150600.3.38.1 updated - python311-3.11.14-150600.3.38.1 updated - python311-certifi-2024.7.4-150600.1.59 updated - python311-cffi-1.17.0-150600.1.18 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:04:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:04:56 +0100 (CET) Subject: SUSE-CU-2025:8666-1: Security update of containers/ollama Message-ID: <20251129080456.07930FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8666-1 Container Tags : containers/ollama:0 , containers/ollama:0.11.4 , containers/ollama:0.11.4-10.99 Container Release : 10.99 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:07:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:07:12 +0100 (CET) Subject: SUSE-CU-2025:8667-1: Security update of containers/open-webui Message-ID: <20251129080712.049A7FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8667-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-13.3 Container Release : 13.3 Severity : moderate Type : security References : 1249055 1251305 1252974 CVE-2025-6075 CVE-2025-7039 CVE-2025-8291 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libglog2-0.7.1-150600.1.1 added - libutf8proc3-2.11.0-150600.1.1 added - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - libarrow2000-20.0.0-150600.1.1 added - libarrow_acero2000-20.0.0-150600.1.1 added - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - libparquet2000-20.0.0-150600.1.1 added - libarrow_flight2000-20.0.0-150600.1.1 added - libarrow_dataset2000-20.0.0-150600.1.1 added - python311-base-3.11.14-150600.3.38.1 updated - python311-3.11.14-150600.3.38.1 updated - curl-8.14.1-150600.4.31.1 added - python311-typing_extensions-4.15.0-150600.1.1 updated - python311-pytokens-0.3.0-150600.1.1 added - python311-pypdf-6.1.3-150600.1.1 updated - python311-pypandoc-1.15-150600.1.2 updated - python311-propcache-0.2.0-150600.1.11 updated - python311-platformdirs-4.3.8-150600.1.1 updated - python311-peewee-3.18.2-150600.1.6 updated - python311-langsmith-0.4.43-150600.1.1 updated - python311-langfuse-2.44.0-150600.1.14 updated - python311-itsdangerous-2.2.0-150600.1.1 updated - python311-grpcio-1.69.0-150600.1.12 updated - python311-fake-useragent-2.2.0-150600.1.1 updated - python311-devel-3.11.14-150600.3.38.1 updated - python311-certifi-2024.7.4-150600.1.60 updated - python311-cchardet-2.1.19-150600.1.58 updated - python311-bcrypt-5.0.0-150600.1.1 updated - python311-annotated-doc-0.0.3-150600.1.1 added - python311-aiohappyeyeballs-2.6.1-150600.1.2 updated - python311-Markdown-3.10-150600.1.1 updated - python311-pydantic-core-2.39.0-150600.1.1 updated - python311-cffi-1.17.0-150600.1.18 updated - python311-ldap3-2.9.1-150600.1.1 updated - python311-pyarrow-20.0.0-150600.1.2 updated - python311-Shapely-2.0.6-150600.1.20 updated - python311-yarl-1.18.3-150600.1.11 updated - python311-grpcio-tools-1.68.1-150600.1.14 updated - python311-googleapis-common-protos-1.71.0-150600.1.1 updated - python311-SQLAlchemy-2.0.40-150600.1.6 updated - python311-aiosignal-1.4.0-150600.1.1 updated - python311-peewee-migrate-1.13.0-150600.1.14 updated - python311-uvicorn-0.38.0-150600.1.1 updated - python311-av-11.0.0-150600.1.24 updated - python311-pydantic-2.11.9-150600.1.1 updated - python311-pandas-2.2.3-150600.1.80 updated - python311-rich-14.0.0-150600.1.2 updated - python311-aiohttp-3.12.15-150600.1.2 updated - python311-langchain-core-0.3.79-150600.1.1 updated - python311-scikit-learn-1.5.1-150600.1.71 updated - python311-dataclasses-json-0.6.7-150600.1.21 updated - python311-argon2-cffi-25.1.0-150600.1.1 updated - python311-fastapi-0.120.2-150600.1.1 updated - python311-black-25.9.0-150600.1.1 updated - python311-requests-2.32.5-150600.1.1 updated - python311-qdrant-client-1.15.1-150600.1.3 updated - python311-pinecone-6.0.2-150600.1.3 updated - python311-elastic-transport-9.2.0-150600.1.1 updated - python311-youtube-transcript-api-1.2.2-150600.1.2 updated - python311-botocore-1.40.50-150600.1.1 updated - python311-Authlib-1.6.5-150600.1.1 updated - python311-elasticsearch-9.2.0-150600.1.1 updated - python311-google-genai-1.50.0-150600.1.1 updated - python311-s3transfer-0.14.0-150600.1.1 updated - python311-langchain-community-0.3.29-150600.1.1 updated - python311-azure-identity-1.25.1-150600.1.1 updated - python311-boto3-1.40.50-150600.1.1 updated - python311-pymilvus-2.6.3-150600.1.1 updated - python311-sentence-transformers-5.1.2-150600.1.1 updated - libarrow1700-17.0.0-150600.2.25 removed - libarrow_acero1700-17.0.0-150600.2.25 removed - libarrow_dataset1700-17.0.0-150600.2.25 removed - libarrow_flight1700-17.0.0-150600.2.25 removed - libgflags2_2-2.2.2-150600.1.13 removed - libglog-4-0-0.4.0-150600.1.13 removed - libparquet1700-17.0.0-150600.2.25 removed - libutf8proc2-2.8.0-150600.1.3 removed From sle-container-updates at lists.suse.com Sat Nov 29 08:07:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:07:17 +0100 (CET) Subject: SUSE-CU-2025:8668-1: Security update of containers/open-webui-mcpo Message-ID: <20251129080717.EFBD6FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-mcpo ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8668-1 Container Tags : containers/open-webui-mcpo:0 , containers/open-webui-mcpo:0.0.17 , containers/open-webui-mcpo:0.0.17-1.18 Container Release : 1.18 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container containers/open-webui-mcpo was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) The following package changes have been done: - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - python311-base-3.11.14-150600.3.38.1 updated - python311-certifi-2024.7.4-150600.1.59 updated - python311-uv-0.9.4-150600.1.12 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:07:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:07:40 +0100 (CET) Subject: SUSE-CU-2025:8670-1: Security update of containers/open-webui-pipelines Message-ID: <20251129080740.8B6FBFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8670-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.24 Container Release : 7.24 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) The following package changes have been done: - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - python311-base-3.11.14-150600.3.38.1 updated - python311-3.11.14-150600.3.38.1 updated - python311-certifi-2024.7.4-150600.1.59 updated - python311-cffi-1.17.0-150600.1.18 updated - python-open-webui-pipelines-0.20250819.030501-150600.1.14 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:08:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:08:15 +0100 (CET) Subject: SUSE-CU-2025:8672-1: Security update of containers/pytorch Message-ID: <20251129080815.B5815FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8672-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.25 Container Release : 3.25 Severity : important Type : security References : 1231055 1251305 1252425 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) The following package changes have been done: - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - python311-base-3.11.14-150600.3.38.1 updated - python311-3.11.14-150600.3.38.1 updated - python311-devel-3.11.14-150600.3.38.1 updated - python311-torch-cuda-2.8.0-150600.2.9 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:08:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:08:16 +0100 (CET) Subject: SUSE-CU-2025:8673-1: Security update of containers/pytorch Message-ID: <20251129080816.E2153FBA1@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8673-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.27 Container Release : 3.27 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - nccl-2.28.11-150600.1.10 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - python311-torch-cuda-2.8.0-150600.2.10 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:10:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:10:31 +0100 (CET) Subject: SUSE-IU-2025:3786-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251129081031.107F5FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3786-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.223 , suse/sle-micro/base-5.5:latest Image Release : 5.8.223 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150400.5.72.1 updated - curl-8.14.1-150400.5.72.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:11:56 +0100 (CET) Subject: SUSE-IU-2025:3787-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251129081156.036C1FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3787-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.427 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.427 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150400.5.72.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.223 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:14:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:14:15 +0100 (CET) Subject: SUSE-IU-2025:3788-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251129081415.E563FFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3788-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.543 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.543 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150400.5.72.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.413 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:16:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:16:34 +0100 (CET) Subject: SUSE-IU-2025:3789-1: Security update of suse/sle-micro/5.5 Message-ID: <20251129081634.6F85EFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3789-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.413 , suse/sle-micro/5.5:latest Image Release : 5.5.413 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150400.5.72.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.223 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:29:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:29:06 +0100 (CET) Subject: SUSE-CU-2025:8695-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251129082906.16915FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8695-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.217 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.217 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150400.5.72.1 updated - libcurl4-8.14.1-150400.5.72.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:32:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:32:56 +0100 (CET) Subject: SUSE-CU-2025:8696-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251129083256.9F477FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8696-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.99 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.99 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150400.5.72.1 updated - libcurl4-8.14.1-150400.5.72.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:35:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:35:20 +0100 (CET) Subject: SUSE-CU-2025:8697-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251129083520.0EBA7FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8697-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.217 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.217 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150400.5.72.1 updated - libcurl4-8.14.1-150400.5.72.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:37:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:37:19 +0100 (CET) Subject: SUSE-CU-2025:8698-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20251129083719.AEEB3FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8698-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.123 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.123 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4309-1 Released: Fri Nov 28 16:39:38 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150400.5.72.1 updated - libcurl4-8.14.1-150400.5.72.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:37:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:37:27 +0100 (CET) Subject: SUSE-IU-2025:3790-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251129083727.E8602FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3790-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.10 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.10 Severity : moderate Type : security References : 1251198 1251199 CVE-2025-61984 CVE-2025-61985 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 81 Released: Fri Nov 28 08:46:24 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198). - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199). The following package changes have been done: - openssh-common-10.0p2-160000.3.1 updated - openssh-server-10.0p2-160000.3.1 updated - openssh-clients-10.0p2-160000.3.1 updated - openssh-10.0p2-160000.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:44:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:44:20 +0100 (CET) Subject: SUSE-CU-2025:8699-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251129084420.BAA77FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8699-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.136 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.136 Severity : important Type : recommended References : 1231055 1252425 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 The following package changes have been done: - libgpgme11-1.23.0-150600.3.5.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:44:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:44:21 +0100 (CET) Subject: SUSE-CU-2025:8700-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251129084421.B75EFFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8700-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.137 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.137 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - kmod-29-150600.13.3.1 updated - libkmod2-29-150600.13.3.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:46:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:46:02 +0100 (CET) Subject: SUSE-CU-2025:8701-1: Security update of bci/gcc Message-ID: <20251129084602.576A0FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8701-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-15.9 , bci/gcc:latest Container Release : 15.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:46:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:46:20 +0100 (CET) Subject: SUSE-CU-2025:8702-1: Security update of suse/git Message-ID: <20251129084620.7A571FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8702-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-65.9 , suse/git:latest Container Release : 65.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150700.7.5.1 updated - container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Sat Nov 29 08:46:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 29 Nov 2025 09:46:42 +0100 (CET) Subject: SUSE-CU-2025:8703-1: Security update of bci/golang Message-ID: <20251129084642.AFF28FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8703-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.10 , bci/golang:1.24.10-2.76.10 , bci/golang:oldstable , bci/golang:oldstable-2.76.10 Container Release : 76.10 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:10:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:10:39 +0100 (CET) Subject: SUSE-CU-2025:8703-1: Security update of bci/golang Message-ID: <20251130081039.298A2FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8703-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.10 , bci/golang:1.24.10-2.76.10 , bci/golang:oldstable , bci/golang:oldstable-2.76.10 Container Release : 76.10 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:11:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:11:07 +0100 (CET) Subject: SUSE-CU-2025:8704-1: Security update of bci/golang Message-ID: <20251130081107.2F843FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8704-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-79.9 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-79.9 Container Release : 79.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:11:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:11:32 +0100 (CET) Subject: SUSE-CU-2025:8705-1: Security update of bci/golang Message-ID: <20251130081132.63817FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8705-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.76.9 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.9 Container Release : 76.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:11:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:11:55 +0100 (CET) Subject: SUSE-CU-2025:8706-1: Security update of bci/golang Message-ID: <20251130081155.1B091FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8706-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-79.9 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-79.9 Container Release : 79.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:12:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:12:23 +0100 (CET) Subject: SUSE-CU-2025:8708-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251130081223.EF6B4FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8708-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.14 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.14 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgthread-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:12:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:12:23 +0100 (CET) Subject: SUSE-CU-2025:8707-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251130081223.2CE9AFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8707-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.12 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.12 Severity : moderate Type : security References : 1234225 1244057 1253783 CVE-2025-58436 CVE-2025-61915 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4290-1 Released: Fri Nov 28 10:04:11 2025 Summary: Security update for cups Type: security Severity: moderate References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) The following package changes have been done: - cups-config-2.2.7-150000.3.77.1 updated - libcups2-2.2.7-150000.3.77.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:12:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:12:44 +0100 (CET) Subject: SUSE-CU-2025:8709-1: Security update of bci/nodejs Message-ID: <20251130081244.26FABFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8709-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-14.7 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-14.7 , bci/nodejs:latest Container Release : 14.7 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:13:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:13:30 +0100 (CET) Subject: SUSE-CU-2025:8711-1: Security update of bci/openjdk Message-ID: <20251130081330.6FD81FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8711-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.10 Container Release : 13.10 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:14:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:14:08 +0100 (CET) Subject: SUSE-CU-2025:8713-1: Security update of bci/openjdk Message-ID: <20251130081408.ED516FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8713-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-16.9 , bci/openjdk:latest Container Release : 16.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:14:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:14:25 +0100 (CET) Subject: SUSE-CU-2025:8714-1: Security update of suse/kiosk/pulseaudio Message-ID: <20251130081425.4E54BFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8714-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.10 , suse/kiosk/pulseaudio:latest Container Release : 67.10 Severity : important Type : security References : 1249055 1253741 CVE-2025-7039 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libkmod2-29-150600.13.3.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - kmod-29-150600.13.3.1 updated - container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:14:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:14:43 +0100 (CET) Subject: SUSE-CU-2025:8715-1: Security update of bci/python Message-ID: <20251130081443.466A7FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8715-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.14 , bci/python:3.11.14-78.9 Container Release : 78.9 Severity : moderate Type : security References : 1251305 1252974 1253757 CVE-2025-11563 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - python311-base-3.11.14-150600.3.38.1 updated - python311-3.11.14-150600.3.38.1 updated - python311-devel-3.11.14-150600.3.38.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:15:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:15:04 +0100 (CET) Subject: SUSE-CU-2025:8716-1: Security update of bci/python Message-ID: <20251130081504.A7F71FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8716-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.9 , bci/python:3.13.9-80.9 , bci/python:latest Container Release : 80.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:15:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:15:27 +0100 (CET) Subject: SUSE-CU-2025:8717-1: Security update of bci/python Message-ID: <20251130081527.7DA56FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8717-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-77.8 Container Release : 77.8 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:15:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:15:53 +0100 (CET) Subject: SUSE-CU-2025:8718-1: Security update of bci/ruby Message-ID: <20251130081553.A68E8FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8718-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.10 Container Release : 19.10 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:16:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:16:19 +0100 (CET) Subject: SUSE-CU-2025:8719-1: Security update of bci/ruby Message-ID: <20251130081619.B59F0FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8719-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-18.9 , bci/ruby:latest Container Release : 18.9 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:16:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:16:34 +0100 (CET) Subject: SUSE-CU-2025:8720-1: Security update of suse/samba-server Message-ID: <20251130081634.13BEFFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8720-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-69.8 , suse/samba-server:latest Container Release : 69.8 Severity : moderate Type : security References : 1234225 1244057 1253783 CVE-2025-58436 CVE-2025-61915 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4290-1 Released: Fri Nov 28 10:04:11 2025 Summary: Security update for cups Type: security Severity: moderate References: 1234225,1244057,1253783,CVE-2025-58436,CVE-2025-61915 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) The following package changes have been done: - cups-config-2.2.7-150000.3.77.1 updated - libcups2-2.2.7-150000.3.77.1 updated - container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:17:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:17:00 +0100 (CET) Subject: SUSE-CU-2025:8721-1: Recommended update of bci/spack Message-ID: <20251130081700.5005DFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8721-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-19.8 , bci/spack:latest Container Release : 19.8 Severity : moderate Type : recommended References : 1233529 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated From sle-container-updates at lists.suse.com Sun Nov 30 08:17:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 30 Nov 2025 09:17:21 +0100 (CET) Subject: SUSE-CU-2025:8722-1: Security update of suse/kiosk/xorg Message-ID: <20251130081721.218D6FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8722-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.10 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.10 Severity : important Type : security References : 1249055 1253741 CVE-2025-7039 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libkmod2-29-150600.13.3.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - kmod-29-150600.13.3.1 updated - container:suse-sle15-15.7-c8b019734114d6946091e2e31ffca9473ae5a230900a4f9e5832bddc05b3f445-0 updated