From sle-container-updates at lists.suse.com Wed Oct 1 07:03:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:03:03 +0200 (CEST) Subject: SUSE-CU-2025:7132-1: Security update of containers/suse-ai-observability-extension-runtime Message-ID: <20251001070303.5D3C8FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/suse-ai-observability-extension-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7132-1 Container Tags : containers/suse-ai-observability-extension-runtime:1 , containers/suse-ai-observability-extension-runtime:1.1.0 , containers/suse-ai-observability-extension-runtime:1.1.0-4.66 Container Release : 4.66 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container containers/suse-ai-observability-extension-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - suse-ai-observability-extension-runtime-1.1.0-150600.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:03:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:03:10 +0200 (CEST) Subject: SUSE-CU-2025:7133-1: Security update of containers/suse-ai-observability-extension-setup Message-ID: <20251001070310.EA816FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/suse-ai-observability-extension-setup ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7133-1 Container Tags : containers/suse-ai-observability-extension-setup:1 , containers/suse-ai-observability-extension-setup:1.1.0 , containers/suse-ai-observability-extension-setup:1.1.0-3.68 Container Release : 3.68 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container containers/suse-ai-observability-extension-setup was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - suse-ai-observability-extension-setup-1.1.0-150600.1.1 updated - container:registry.suse.com-bci-bci-base-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:04:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:04:51 +0200 (CEST) Subject: SUSE-IU-2025:2634-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251001070451.37DD0FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2634-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.210 , suse/sle-micro/base-5.5:latest Image Release : 5.8.210 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.43.1 updated - openssl-1_1-1.1.1l-150500.17.43.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:05:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:05:53 +0200 (CEST) Subject: SUSE-IU-2025:2635-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251001070553.29E76FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2635-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.401 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.401 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.43.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.210 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:07:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:07:28 +0200 (CEST) Subject: SUSE-IU-2025:2636-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251001070728.9E4E2FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2636-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.502 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.502 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.43.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.381 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:08:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:08:59 +0200 (CEST) Subject: SUSE-IU-2025:2637-1: Security update of suse/sle-micro/5.5 Message-ID: <20251001070859.76514FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2637-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.381 , suse/sle-micro/5.5:latest Image Release : 5.5.381 Severity : important Type : security References : 1250232 1250373 CVE-2025-41244 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3435-1 Released: Tue Sep 30 16:09:33 2025 Summary: Security update for open-vm-tools Type: security Severity: important References: 1250373,CVE-2025-41244 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.43.1 updated - openssl-1_1-1.1.1l-150500.17.43.1 updated - libvmtools0-13.0.0-150300.64.1 updated - open-vm-tools-13.0.0-150300.64.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.210 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:03 +0200 (CEST) Subject: SUSE-CU-2025:7136-1: Security update of private-registry/harbor-core Message-ID: <20251001071103.45F0CFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7136-1 Container Tags : private-registry/harbor-core:2.13 , private-registry/harbor-core:2.13.2 , private-registry/harbor-core:2.13.2-3.10 , private-registry/harbor-core:latest Container Release : 3.10 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:06 +0200 (CEST) Subject: SUSE-CU-2025:7137-1: Security update of private-registry/harbor-db Message-ID: <20251001071106.6DA50FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7137-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-3.11 , private-registry/harbor-db:latest Container Release : 3.11 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:11 +0200 (CEST) Subject: SUSE-CU-2025:7139-1: Security update of private-registry/harbor-jobservice Message-ID: <20251001071111.0AF23FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7139-1 Container Tags : private-registry/harbor-jobservice:2.13 , private-registry/harbor-jobservice:2.13.2 , private-registry/harbor-jobservice:2.13.2-3.10 , private-registry/harbor-jobservice:latest Container Release : 3.10 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:08 +0200 (CEST) Subject: SUSE-CU-2025:7138-1: Security update of private-registry/harbor-exporter Message-ID: <20251001071108.B57B2FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7138-1 Container Tags : private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2-3.10 , private-registry/harbor-exporter:latest Container Release : 3.10 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:15 +0200 (CEST) Subject: SUSE-CU-2025:7140-1: Security update of private-registry/harbor-nginx Message-ID: <20251001071115.03446FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7140-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.47 , private-registry/harbor-nginx:latest Container Release : 2.47 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:19 +0200 (CEST) Subject: SUSE-CU-2025:7141-1: Security update of private-registry/harbor-portal Message-ID: <20251001071119.41A7DFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7141-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.13 , private-registry/harbor-portal:latest Container Release : 3.13 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:21 +0200 (CEST) Subject: SUSE-CU-2025:7142-1: Security update of private-registry/harbor-registry Message-ID: <20251001071121.87386FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7142-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.51 , private-registry/harbor-registry:latest Container Release : 2.51 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:23 +0200 (CEST) Subject: SUSE-CU-2025:7143-1: Security update of private-registry/harbor-registryctl Message-ID: <20251001071123.C3412FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7143-1 Container Tags : private-registry/harbor-registryctl:2.13 , private-registry/harbor-registryctl:2.13.2 , private-registry/harbor-registryctl:2.13.2-3.10 , private-registry/harbor-registryctl:latest Container Release : 3.10 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:27 +0200 (CEST) Subject: SUSE-CU-2025:7144-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20251001071127.6E875FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7144-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.47 , private-registry/harbor-trivy-adapter:latest Container Release : 2.47 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:11:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:11:29 +0200 (CEST) Subject: SUSE-CU-2025:7145-1: Security update of private-registry/harbor-valkey Message-ID: <20251001071129.90749FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7145-1 Container Tags : private-registry/harbor-valkey:8.0.2 , private-registry/harbor-valkey:8.0.2-2.41 , private-registry/harbor-valkey:latest Container Release : 2.41 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:17:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:17:06 +0200 (CEST) Subject: SUSE-CU-2025:7147-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251001071706.644BBF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7147-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.188 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.188 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - libopenssl1_1-1.1.1l-150400.7.84.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:19:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:19:57 +0200 (CEST) Subject: SUSE-CU-2025:7148-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251001071957.BB099F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7148-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.64 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.64 Severity : important Type : security References : 1250232 1250373 CVE-2025-41244 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3435-1 Released: Tue Sep 30 16:09:33 2025 Summary: Security update for open-vm-tools Type: security Severity: important References: 1250373,CVE-2025-41244 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libvmtools0-13.0.0-150300.64.1 updated - open-vm-tools-13.0.0-150300.64.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:21:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:21:45 +0200 (CEST) Subject: SUSE-CU-2025:7149-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251001072145.20A9FF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7149-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.188 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.188 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - libopenssl1_1-1.1.1l-150400.7.84.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:23:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:23:16 +0200 (CEST) Subject: SUSE-CU-2025:7150-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20251001072316.DDDCDF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7150-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.96 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.96 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.43.1 updated - libopenssl1_1-1.1.1l-150500.17.43.1 updated - openssl-1_1-1.1.1l-150500.17.43.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 07:28:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 09:28:53 +0200 (CEST) Subject: SUSE-CU-2025:7155-1: Security update of bci/bci-base-fips Message-ID: <20251001072853.695E4F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7155-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.33.2 Container Release : 33.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.18.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 08:55:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 10:55:48 +0200 (CEST) Subject: SUSE-CU-2025:7155-1: Security update of bci/bci-base-fips Message-ID: <20251001085548.3AFD1F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7155-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.33.2 Container Release : 33.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.18.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 08:56:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 10:56:07 +0200 (CEST) Subject: SUSE-CU-2025:7156-1: Security update of bci/bci-busybox Message-ID: <20251001085607.1031DF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7156-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.39.1 Container Release : 39.1 Severity : moderate Type : security References : 1203397 1203399 1206798 1215943 1217580 1217584 1217585 1217883 1239176 1240058 1243201 1246965 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3271-1 Released: Thu Sep 18 15:33:49 2025 Summary: Security update for busybox, busybox-links Type: security Severity: moderate References: 1203397,1203399,1206798,1215943,1217580,1217584,1217585,1217883,1239176,1243201,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365 This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 (jsc#PED-13039): - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580) - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584) - CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585) Other fixes: - fix generation of file lists via Dockerfile - add copy of busybox.links from the container to catch changes to busybox config - Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) - Add getfattr applet to attr filelist - busybox-udhcpc conflicts with udhcp. - Add new sub-package for udhcpc - zgrep: don't set the label option as only the real grep supports it (bsc#1215943) - Add conflict for coreutils-systemd, package got splitted - Check in filelists instead of buildrequiring all non-busybox utils - Replace transitional %usrmerged macro with regular version check (bsc#1206798) - Create sub-package 'hexedit' [bsc#1203399] - Create sub-package 'sha3sum' [bsc#1203397] - Drop update-alternatives support - Add provides smtp_daemon to busybox-sendmail - Add conflicts: mawk to busybox-gawk - fix mkdir path to point to /usr/bin instead of /bin - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) - Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883] - Replace transitional %usrmerged macro with regular version check (bsc#1206798) The following package changes have been done: - busybox-adduser-1.37.0-150500.7.7.2 updated - busybox-attr-1.37.0-150500.7.7.2 updated - busybox-bc-1.37.0-150500.7.7.2 updated - busybox-bind-utils-1.37.0-150500.7.7.2 updated - busybox-bzip2-1.37.0-150500.7.7.2 updated - busybox-coreutils-1.37.0-150500.7.7.2 updated - busybox-cpio-1.37.0-150500.7.7.2 updated - busybox-diffutils-1.37.0-150500.7.7.2 updated - busybox-dos2unix-1.37.0-150500.7.7.2 updated - busybox-ed-1.37.0-150500.7.7.2 updated - busybox-findutils-1.37.0-150500.7.7.2 updated - busybox-gawk-1.37.0-150500.7.7.2 updated - busybox-grep-1.37.0-150500.7.7.2 updated - busybox-gzip-1.37.0-150500.7.7.2 updated - busybox-hexedit-1.37.0-150500.7.7.2 added - busybox-hostname-1.37.0-150500.7.7.2 updated - busybox-iproute2-1.37.0-150500.7.7.2 updated - busybox-iputils-1.37.0-150500.7.7.2 updated - busybox-kbd-1.37.0-150500.7.7.2 updated - busybox-less-1.37.0-150500.7.7.2 updated - busybox-links-1.37.0-150500.7.7.2 updated - busybox-man-1.37.0-150500.7.7.2 updated - busybox-misc-1.37.0-150500.7.7.2 updated - busybox-ncurses-utils-1.37.0-150500.7.7.2 updated - busybox-net-tools-1.37.0-150500.7.7.2 updated - busybox-netcat-1.37.0-150500.7.7.2 updated - busybox-patch-1.37.0-150500.7.7.2 updated - busybox-policycoreutils-1.37.0-150500.7.7.2 updated - busybox-procps-1.37.0-150500.7.7.2 updated - busybox-psmisc-1.37.0-150500.7.7.2 updated - busybox-sed-1.37.0-150500.7.7.2 updated - busybox-selinux-tools-1.37.0-150500.7.7.2 updated - busybox-sendmail-1.37.0-150500.7.7.2 updated - busybox-sha3sum-1.37.0-150500.7.7.2 added - busybox-sharutils-1.37.0-150500.7.7.2 updated - busybox-sh-1.37.0-150500.7.7.2 updated - busybox-syslogd-1.37.0-150500.7.7.2 updated - busybox-sysvinit-tools-1.37.0-150500.7.7.2 updated - busybox-tar-1.37.0-150500.7.7.2 updated - busybox-telnet-1.37.0-150500.7.7.2 updated - busybox-tftp-1.37.0-150500.7.7.2 updated - busybox-time-1.37.0-150500.7.7.2 updated - busybox-traceroute-1.37.0-150500.7.7.2 updated - busybox-tunctl-1.37.0-150500.7.7.2 updated - busybox-udhcpc-1.37.0-150500.7.7.2 added - busybox-unzip-1.37.0-150500.7.7.2 updated - busybox-util-linux-1.37.0-150500.7.7.2 updated - busybox-vi-1.37.0-150500.7.7.2 updated - busybox-vlan-1.37.0-150500.7.7.2 updated - busybox-wget-1.37.0-150500.7.7.2 updated - busybox-which-1.37.0-150500.7.7.2 updated - busybox-whois-1.37.0-150500.7.7.2 updated - busybox-xz-1.37.0-150500.7.7.2 updated - busybox-1.37.0-150500.10.11.1 updated - glibc-2.38-150600.14.37.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 08:57:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 10:57:13 +0200 (CEST) Subject: SUSE-CU-2025:7158-1: Security update of bci/bci-micro-fips Message-ID: <20251001085713.CA279F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7158-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.8.2 Container Release : 8.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - container:bci-bci-base-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 08:58:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 10:58:04 +0200 (CEST) Subject: SUSE-CU-2025:7160-1: Security update of bci/bci-minimal Message-ID: <20251001085804.F1735F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7160-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.42.1 Container Release : 42.1 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 08:59:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 10:59:04 +0200 (CEST) Subject: SUSE-CU-2025:7161-1: Security update of bci/nodejs Message-ID: <20251001085904.F20DEF783@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7161-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-56.5 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-56.5 Container Release : 56.5 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - container:registry.suse.com-bci-bci-base-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:00:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:00:18 +0200 (CEST) Subject: SUSE-CU-2025:7162-1: Security update of bci/python Message-ID: <20251001090018.94923FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7162-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-73.5 Container Release : 73.5 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:registry.suse.com-bci-bci-base-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:00:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:00:53 +0200 (CEST) Subject: SUSE-CU-2025:7163-1: Security update of suse/mariadb-client Message-ID: <20251001090053.C5D22FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7163-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.14 , suse/mariadb-client:10.11.14-64.5 Container Release : 64.5 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:01:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:01:38 +0200 (CEST) Subject: SUSE-CU-2025:7164-1: Security update of suse/mariadb Message-ID: <20251001090138.D8E35FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7164-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.14 , suse/mariadb:10.11.14-72.5 Container Release : 72.5 Severity : important Type : security References : 1250232 1250232 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - container:suse-sle15-15.6-5e0c3d434a2b643bae49bc5c102078b9d14d2156adbcc8c0266ab3fde11f1219-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:03:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:03:46 +0200 (CEST) Subject: SUSE-CU-2025:7165-1: Security update of suse/sle15 Message-ID: <20251001090346.5E32EFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7165-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.33 , suse/sle15:15.6 , suse/sle15:15.6.47.23.33 Container Release : 47.23.33 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:04:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:04:59 +0200 (CEST) Subject: SUSE-CU-2025:7166-1: Security update of bci/spack Message-ID: <20251001090459.2D3F1FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7166-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.61 Container Release : 11.61 Severity : important Type : security References : 1250232 1250232 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libopenssl-3-devel-3.1.4-150600.5.39.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:06:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:06:11 +0200 (CEST) Subject: SUSE-CU-2025:7172-1: Recommended update of suse/bind Message-ID: <20251001090611.E265AFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7172-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-66.4 , suse/bind:latest Container Release : 66.4 Severity : important Type : recommended References : 1230649 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3430-1 Released: Tue Sep 30 15:50:46 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) The following package changes have been done: - bind-utils-9.20.11-150700.3.9.1 updated - bind-9.20.11-150700.3.9.1 updated - container:suse-sle15-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:09:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:09:42 +0200 (CEST) Subject: SUSE-CU-2025:7192-1: Security update of bci/bci-minimal Message-ID: <20251001090942.5ADCBFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7192-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-14.1 , bci/bci-minimal:latest Container Release : 14.1 Severity : moderate Type : security References : 1240058 1246965 CVE-2025-8058 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) The following package changes have been done: - glibc-2.38-150600.14.37.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:11:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:11:57 +0200 (CEST) Subject: SUSE-CU-2025:7201-1: Security update of bci/php-fpm Message-ID: <20251001091157.6EBCDFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7201-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-13.1 , bci/php-fpm:latest Container Release : 13.1 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150600.11.6.1 updated - libssh4-0.9.8-150600.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:13:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:13:30 +0200 (CEST) Subject: SUSE-CU-2025:7208-1: Recommended update of suse/rmt-server Message-ID: <20251001091330.3B15DFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7208-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-74.1 , suse/rmt-server:latest Container Release : 74.1 Severity : important Type : recommended References : 1247473 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2989-1 Released: Wed Aug 27 07:45:10 2025 Summary: Recommended update for rubygem-gem2rpm Type: recommended Severity: important References: 1247473 This update for rubygem-gem2rpm fixes the following issues: - Fixed the complaint about the template file not being found * use opensuse template on sles as well - On newer ruby versions Kernel.open is no longer working with URIs. Use URI.open() - Also treat contributing as documentation. - Build and ship ruby3.4-rubygem-gem2rpm. (bsc#1247473) The following package changes have been done: - ruby2.5-rubygem-gem2rpm-0.10.1-150700.22.7.1 updated - container:registry.suse.com-bci-bci-base-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:16:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:16:49 +0200 (CEST) Subject: SUSE-CU-2025:7217-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251001091649.2C0D8F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7217-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.26 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.26 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - container:sles15-ltss-image-15.4.0-2.72 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:18:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:18:00 +0200 (CEST) Subject: SUSE-CU-2025:7218-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251001091800.A8953F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7218-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.28 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.28 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated - container:sles15-ltss-image-15.4.0-2.72 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:19:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:19:05 +0200 (CEST) Subject: SUSE-CU-2025:7219-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20251001091905.6C5B1F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7219-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16 , suse/manager/4.3/proxy-squid:4.3.16.9.66.22 , suse/manager/4.3/proxy-squid:latest Container Release : 9.66.22 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - container:sles15-ltss-image-15.4.0-2.72 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:20:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:20:13 +0200 (CEST) Subject: SUSE-CU-2025:7220-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20251001092013.9D77CF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7220-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.21 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.21 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) The following package changes have been done: - permissions-20201225-150400.5.22.1 updated - container:sles15-ltss-image-15.4.0-2.71 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:20:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:20:14 +0200 (CEST) Subject: SUSE-CU-2025:7221-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20251001092014.85469FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7221-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.22 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.22 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - container:sles15-ltss-image-15.4.0-2.72 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:21:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:21:27 +0200 (CEST) Subject: SUSE-CU-2025:7223-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20251001092127.E21AFF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7223-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.22 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.22 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.84.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated - container:sles15-ltss-image-15.4.0-2.72 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:23:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:23:16 +0200 (CEST) Subject: SUSE-CU-2025:7224-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20251001092316.49111F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7224-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.177 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.177 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3440-1 Released: Tue Sep 30 16:51:45 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.103.1 updated - libopenssl1_1-1.1.1d-150200.11.103.1 updated - openssl-1_1-1.1.1d-150200.11.103.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:34:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:34:22 +0200 (CEST) Subject: SUSE-CU-2025:7226-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251001093422.987F9F783@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7226-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.113 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.113 Severity : important Type : security References : 1244553 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3421-1 Released: Mon Sep 29 08:01:46 2025 Summary: Recommended update for sysstat Type: recommended Severity: important References: 1244553 This update for sysstat fixes the following issues: - removal of broken symlinks during the post-install phase (bsc#1244553). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - sysstat-12.0.2-150000.3.51.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:35:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:35:33 +0200 (CEST) Subject: SUSE-CU-2025:7227-1: Security update of bci/bci-init Message-ID: <20251001093533.4709AF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7227-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.47.5 Container Release : 47.5 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - container:registry.suse.com-bci-bci-base-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:39:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:39:00 +0200 (CEST) Subject: SUSE-CU-2025:7224-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20251001093900.C3D11F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7224-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.177 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.177 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3440-1 Released: Tue Sep 30 16:51:45 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.103.1 updated - libopenssl1_1-1.1.1d-150200.11.103.1 updated - openssl-1_1-1.1.1d-150200.11.103.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 09:45:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 11:45:00 +0200 (CEST) Subject: SUSE-CU-2025:7229-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251001094500.0DDA2F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7229-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.179 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.179 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3440-1 Released: Tue Sep 30 16:51:45 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.103.1 updated - libopenssl1_1-1.1.1d-150200.11.103.1 updated - openssl-1_1-1.1.1d-150200.11.103.1 updated From sle-container-updates at lists.suse.com Wed Oct 1 16:54:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 18:54:03 +0200 (CEST) Subject: SUSE-CU-2025:7230-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251001165403.6CFA6F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7230-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.50.1 Container Release : 50.1 Severity : important Type : security References : 1012628 1213545 1215199 1221858 1222323 1230557 1230708 1232089 1233120 1234156 1240708 1240890 1241353 1242034 1242754 1242960 1244734 1244930 1245663 1245710 1245767 1245780 1245815 1245956 1245973 1245977 1246005 1246012 1246181 1246193 1246974 1247057 1247078 1247112 1247116 1247119 1247155 1247162 1247167 1247229 1247243 1247280 1247313 1247712 1247976 1248088 1248108 1248164 1248166 1248178 1248179 1248180 1248183 1248186 1248194 1248196 1248198 1248205 1248206 1248208 1248209 1248212 1248213 1248214 1248216 1248217 1248223 1248227 1248228 1248229 1248240 1248255 1248297 1248306 1248312 1248333 1248337 1248338 1248340 1248341 1248345 1248349 1248350 1248354 1248355 1248361 1248363 1248368 1248374 1248377 1248386 1248390 1248395 1248399 1248401 1248511 1248573 1248575 1248577 1248609 1248614 1248617 1248621 1248636 1248643 1248648 1248652 1248655 1248666 1248669 1248746 1248748 1249022 1249346 1249375 1250232 1250232 CVE-2023-3867 CVE-2023-4130 CVE-2023-4515 CVE-2024-26661 CVE-2024-46733 CVE-2024-49996 CVE-2024-53125 CVE-2024-58238 CVE-2024-58239 CVE-2025-37885 CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38125 CVE-2025-38146 CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38245 CVE-2025-38251 CVE-2025-38360 CVE-2025-38439 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445 CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38472 CVE-2025-38490 CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38510 CVE-2025-38512 CVE-2025-38513 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38524 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38591 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621 CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38644 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38663 CVE-2025-38665 CVE-2025-38670 CVE-2025-38671 CVE-2025-8114 CVE-2025-8277 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3301-1 Released: Tue Sep 23 11:05:09 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1213545,1215199,1221858,1222323,1230557,1230708,1232089,1233120,1234156,1240708,1240890,1241353,1242034,1242754,1242960,1244734,1244930,1245663,1245710,1245767,1245780,1245815,1245956,1245973,1245977,1246005,1246012,1246181,1246193,1247057,1247078,1247112,1247116,1247119,1247155,1247162,1247167,1247229,1247243,1247280,1247313,1247712,1247976,1248088,1248108,1248164,1248166,1248178,1248179,1248180,1248183,1248186,1248194,1248196,1248198,1248205,1248206,1248208,1248209,1248212,1248213,1248214,1248216,1248217,1248223,1248227,1248228,1248229,1248240,1248255,1248297,1248306,1248312,1248333,1248337,1248338,1248340,1248341,1248345,1248349,1248350,1248354,1248355,1248361,1248363,1248368,1248374,1248377,1248386,1248390,1248395,1248399,1248401,1248511,1248573,1248575,1248577,1248609,1248614,1248617,1248621,1248636,1248643,1248648,1248652,1248655,1248666,1248669,1248746,1248748,1249022,1249346,CVE-2023-3867,CVE-2023-4130,CVE-2023-4515,CVE-2024-26661,CVE-2024-46733,CVE-2024- 49996,CVE-2024-53125,CVE-2024-58238,CVE-2024-58239,CVE-2025-37885,CVE-2025-38006,CVE-2025-38075,CVE-2025-38103,CVE-2025-38125,CVE-2025-38146,CVE-2025-38160,CVE-2025-38184,CVE-2025-38185,CVE-2025-38190,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38245,CVE-2025-38251,CVE-2025-38360,CVE-2025-38439,CVE-2025-38441,CVE-2025-38444,CVE-2025-38445,CVE-2025-38458,CVE-2025-38459,CVE-2025-38464,CVE-2025-38472,CVE-2025-38490,CVE-2025-38491,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38510,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38524,CVE-2025-38528,CVE-2025-38529,CVE-2025-38530,CVE-2025-38531,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38546,CVE-2025-38548,CVE-2025-38550,CVE-2025-38553,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,C VE-2025-38585,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38617,CVE-2025-38618,CVE-2025-38621,CVE-2025-38624,CVE-2025-38630,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38644,CVE-2025-38646,CVE-2025-38650,CVE-2025-38656,CVE-2025-38663,CVE-2025-38665,CVE-2025-38670,CVE-2025-38671 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes) - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708) - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libssh-config-0.9.8-150600.11.6.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - libssh4-0.9.8-150600.11.6.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - kernel-macros-6.4.0-150600.23.70.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - kernel-devel-6.4.0-150600.23.70.1 updated - kernel-default-devel-6.4.0-150600.23.70.1 updated - kernel-syms-6.4.0-150600.23.70.1 updated - container:registry.suse.com-bci-bci-base-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Wed Oct 1 16:47:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 Oct 2025 18:47:24 +0200 (CEST) Subject: SUSE-IU-2025:2638-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251001164724.442D7F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2638-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.13 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.13 Severity : important Type : security References : 1214960 1215377 1232234 1239088 1242132 1243581 1245320 1246608 1247249 1248410 1248687 1249191 1249348 1249367 142461 430864 544339 CVE-2024-10041 CVE-2025-10148 CVE-2025-46836 CVE-2025-6032 CVE-2025-8194 CVE-2025-9086 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 265 Released: Tue Sep 16 08:28:00 2025 Summary: Security update for net-tools Type: security Severity: moderate References: 1243581,1246608,1248410,1248687,142461,430864,544339,CVE-2025-46836 This update for net-tools fixes the following issues: - Fixed stack buffer overflow in parse_hex, proc_gen_fmt, ax25 and netrom (bsc#1248687) - CVE-2025-46836: Fixed stack buffer overflow caused by the absence of bound checks (bsc#1243581) ----------------------------------------------------------------- Advisory ID: 263 Released: Tue Sep 16 08:53:02 2025 Summary: Security update for python311 Type: security Severity: important References: 1247249,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed tar archives with negative offsets leading to infinite loop and deadlock (bsc#1247249) ----------------------------------------------------------------- Advisory ID: 266 Released: Wed Sep 17 13:30:47 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: Fixed hashed password leak (bsc#1232234) ----------------------------------------------------------------- Advisory ID: 273 Released: Mon Sep 22 10:29:39 2025 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issues: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: 272 Released: Mon Sep 22 10:30:22 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1214960 This update for runc fixes the following issues: Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: 286 Released: Fri Sep 26 11:21:50 2025 Summary: Security update for curl Type: security Severity: important References: 1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: - tool_operate: fix return code when --retry is used but not triggered [bsc#1249367] - Security fixes: * CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) * CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) ----------------------------------------------------------------- Advisory ID: 292 Released: Wed Oct 1 15:49:41 2025 Summary: Security update for podman Type: security Severity: important References: 1239088,1242132,1245320,CVE-2025-6032 This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) - Fix conditional Requires (remove deprecated sle_version macro) - Update to version 5.4.2: * Add release notes for v5.4.2 * Fix a potential deadlock during `podman cp` * Improve the file format documentation of podman-import. * Revert 'podman-import only supports gz and tar' * Bump buildah to v1.39.4 * libpod: do not cover idmapped mountpoint * test: Fix runc error message * oci: report empty exec path as ENOENT * test: adapt tests new crun error messages * test: remove duplicate test * cirrus: test only on f41/rawhide * CI: use z1d instance for windows machine testing * New images 2025-03-24 * test/e2e: use go net.Dial() ov nc * test: use ncat over nc * New images 2025-03-12 * RPM: Add riscv64 to ExclusiveArch-es * Fix HealthCheck log destination, count, and size defaults * Win installer test: hardcode latest GH release ID * Packit: Fix action script for fetching upstream commit * Bump to v5.4.2-dev * Bump to v5.4.1 * update gvproxy version to 0.8.4 * Update Buildah to v1.39.2 * Update release notes for v5.4.1 * Fix reporting summed image size for compat endpoint * podman-import only supports gz and tar * quadlet kube: correctly mark unit as failed * pkg/domain/infra/abi/play.go: fix two nilness issues * kube play: don't print start errors twice * libpod: race in WaitForConditionWithInterval() * libpod: race in WaitForExit() with autoremove * Don't try to resolve host path if copying to container from stdin. * Use svg for pkginstaller banner * Create quota before _data dir for volumes * Packit: clarify secondary status in CI * Packit/RPM: Display upstream commit SHA in all rpm builds * podman run: fix --pids-limit -1 wrt runc * vendor: update github.com/go-jose/go-jose/v3 to v3.0.4 * chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security] * wire up --retry-delay for artifact pull * Revert 'silence false positve from golangci-lint' * update golangci-lint to v1.64.4 * update golangci-lint to v1.64.2 * silence false positve from golangci-lint * cmd/podman: refactor Context handling * fix new usetesting lint issue * Packit/Copr: Fix `podman version` in rpm * Remove persist directory when cleaning up Conmon files * Bump to v5.4.1-dev * Bump to v5.4.0 * Update release notes for v5.4.0 final * In SQLite state, use defaults for empty-string checks * Bump FreeBSD version to 13.4 * docs: add v5.4 to API reference * Update rpm/podman.spec * RPM: set buildOrigin in LDFLAG * RPM: cleanup macro defs * Makefile: escape BUILD_ORIGIN properly * rootless: fix hang on s390x * Set Cirrus DEST_BRANCH appropriately to fix CI * Bump to v5.4.0-dev * Bump to v5.4.0-rc3 * Update release notes for v5.4.0-rc3 * Add BuildOrigin field to podman info * artifact: only allow single manifest * test/e2e: improve write/removeConf() * Add --noheading to artifact ls * Add --no-trunc to artifact ls * Add type and annotations to artifact add * pkg/api: honor cdi devices from the hostconfig * util: replace Walk with WalkDir * fix(pkg/rootless): avoid memleak during init() contructor. * Add `machine init --playbook` * RPM: include empty check to silence rpmlint * RPM: adjust qemu dependencies * Force use of iptables on Windows WSL * rpm: add attr as dependency for podman-tests * update gvproxy version * [v5.4] Bump Buildah to v1.39.0 * podman exec: correctly support detaching * libpod: remove unused ExecStartAndAttach() * [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0 * Move detection of libkrun and intel * Prevent two podman machines running on darwin * Remove unnecessary error handling * Remove usused Kind() function * Bump to v5.4.0-dev * Bump to v5.4.0-rc2 * Update release notes for v5.4.0-rc2 * Safer use of `filepath.EvalSymlinks()` on Windows * error with libkrun on intel-based machines * chore(deps): update dependency pytest to v8.3.4 * test/buildah-bud: skip two new problematic tests on remote * Fix podman-restart.service when there are no containers * Avoid upgrading from v5.3.1 on Windows * Clean up after unexpectedly terminated build * system-tests: switch ls with getfattr for selinux tests * vendor latest c/{buildah,common,image,storage} * Makefile: Add validatepr description for 'make help' output * docs: Enhance podman build --secret documentation and add examples * docs: mount.md - idmapped mounts only work for root user * Define, and use, PodmanExitCleanlyWithOptions * Eliminate PodmanSystemdScope * Fix image ID query * Revert 'Use the config digest to compare images loaded/pulled using different methods' * Update c/image after https://github.com/containers/image/pull/2613 * Update expected errors when pulling encrypted images * Eliminate PodmanExtraFiles * Introduce PodmanTestIntegration.PodmanWithOptions * Restructure use of options * Inline PodmanBase into callers * Pass all of PodmanExecOptions to various [mM]akeOptions functions * Turn PodmanAsUserBase into PodmanExecBaseWithOptions * Avoid indirect links through quadlet(5) * do not set the CreateCommand for API users * Add podman manifest rm --ignore * Bump to v5.4.0-dev * Bump to v5.4.0-rc1 * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2 * podman artifact * vendor latest c/{common,image,storage} * fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2 * cirrus: bump macos machine test timeout * pkg/machine/e2e: improve podman.exe match * pkg/machine/e2e: improve 'list machine from all providers' * Remove JSON tag from UseImageHosts in ContainerConfig * Set network ID if available during container inspect * Stop creating a patch for v5.3.1 upgrades on windows * compose docs: fix typo * Document kube-play CDI support * docs: Add quadlet debug method systemd-analyze * Replace instances of PodmanExitCleanly in play_kube_test.go * docs: add 'initialized' state to status filters * fix(deps): update module google.golang.org/protobuf to v1.36.3 * Switch all calls of assert.Nil to assert.NoError * Add --no-hostname option * Fix unescaping octal escape sequence in values of Quadlet unit files * Remove `.exe` suffix if any * Add kube play support for CDI resource allocation * add support to `;` for comments in unit files as per systemd documentation * Use PodmanExitCleanly in attach_test.go * Introduce PodmanTestIntegration.PodmanExitCleanly * chore(deps): update dependency setuptools to ~=75.8.0 * Add newer c/i to support artifacts * fix(deps): update module golang.org/x/tools to v0.29.0 * fix(deps): update module golang.org/x/net to v0.34.0 * specgenutil: Fix parsing of mount option ptmxmode * namespaces: allow configuring keep-id userns size * Update description for completion * Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless * Document .build for Image .container option * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1 * New VM Images * update golangci/golangci-lint to v1.63.4 * fix(deps): update module google.golang.org/protobuf to v1.36.2 * chore(deps): update dependency setuptools to ~=75.7.0 * Fixing ~/.ssh/identity handling * vendor latest c/common from main * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12 * fix(deps): update module github.com/opencontainers/runc to v1.2.4 * specgen: fix comment * Add hint to restart Podman machine to really accept new certificates * fix(deps): update module github.com/onsi/gomega to v1.36.2 * fix(deps): update module github.com/moby/term to v0.5.2 * Pass container hostname to netavark * Fix slirp4netns typo in podman-network.1.md * Add support to ShmSize in Pods with Quadlet * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1 * chore(deps): update module golang.org/x/crypto to v0.31.0 [security] * fix(deps): update module golang.org/x/net to v0.33.0 [security] * Kube volumes can not container _ * fix(deps): update module github.com/docker/docker to v27.4.1+incompatible * test/system: fix 'podman play --build private registry' error * test/system: CopyDirectory() do not chown files * test/system: remove system dial-stdio test * shell completion: respect CONTAINERS_REGISTRIES_CONF * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6 * When generating host volumes for k8s, force to lowercase * test: enable newly added test * vfkit:???Use 0.6.0 binary * gvproxy:???Use 0.8.1 binary * systemd: simplify parser and fix infinite loop * Revert 'win-installer test: revert to v5.3.0' * Avoid rebooting twice when installing WSL * Avoid rebooting on Windows when upgrading and WSL isn't installed * Add win installer patch * Bump WiX toolset version to 5.0.2 * test/e2e: SkipOnOSVersion() add reason field * test/e2e: remove outdated SkipOnOSVersion() calls * Update VM images * fix(deps): update module golang.org/x/crypto to v0.31.0 [security] * fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0 * fix(deps): update module github.com/opencontainers/runc to v1.2.3 * quadlet: fix inter-dependency of containers in `Network=` * Add man pages to Mac installer * fix(deps): update module github.com/onsi/gomega to v1.36.1 * fix(deps): update module github.com/docker/docker to v27.4.0+incompatible * Fix device limitations in podman-remote update on remote systems * Use latest version of VS BuildTools * bin/docker: fix broken escaping and variable substitution * manifest annotate: connect IndexAnnotations * Fix panic in `manifest annotate --index` * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5 * fix(deps): update module golang.org/x/net to v0.32.0 * fix(deps): update module golang.org/x/tools to v0.28.0 * fix(deps): update module golang.org/x/crypto to v0.30.0 * fix(deps): update module golang.org/x/sys to v0.28.0 * Fix overwriting of LinuxResources structure in the database * api: replace inspectID with name * fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563 * Replace ExclusiveArch with ifarch * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1 * Improve platform specific URL handling in `podman compose` for machines * Fix `podman info` with multiple imagestores * Switch to fixed common * refact: use uptime.minutes instead of uptime.seconds * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11 * fix(deps): update golang.org/x/exp digest to 2d47ceb * fix(deps): update github.com/godbus/dbus/v5 digest to c266b19 * Cover Unix socket in inpect test on Windows platform * Add a test for forcing compression and v2s2 format * fix(deps): update module github.com/crc-org/vfkit to v0.6.0 * Package podman-machine on supported architectures only. * Fixes missing binary in systemd. * stats: ignore errors from containers without cgroups * api: Error checking before NULL dereference * [skip-ci] Packit/copr: switch to fedora-all * make remotesystem: fail early if serial tests fail * spec: clamp rlimits without CAP_SYS_RESOURCE * Clarify the reason for skip_if_remote * Sanity-check that the test is really using partial pulls * Fix apparent typos in zstd:chunked tests * Fix compilation issues in QEMU machine files (Windows platform) * Mount volumes before copying into a container * Revert 'libpod: remove shutdown.Unregister()' * docs: improve documentation for internal networks * docs: document bridge mode option * [skip-ci] Packit: remove epel and re-enable c9s * chore(deps): update dependency golangci/golangci-lint to v1.62.2 * vendor: update containers/common * OWNERS: remove edsantiago * fix(deps): update module github.com/onsi/gomega to v1.36.0 * fix(deps): update github.com/containers/common digest to ceceb40 * refact: EventerType and improve consistency * Add --hosts-file flag to container and pod commands * Add nohosts option to /build and /libpod/build * fix(deps): update module github.com/stretchr/testify to v1.10.0 * Quadlet - Use = sign when setting the pull arg for build * win-installer test: revert to v5.3.0 * fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0 * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0 * chore(deps): update dependency setuptools to ~=75.6.0 * Update windows installer tests * Windows: don't install WSL/HyperV on update * Switch to non-installing WSL by default * fix(deps): update github.com/containers/buildah digest to 52437ef * Configure HealthCheck with `podman update` * CI: --image-volume test: robustify * docs: add 5.3 as Reference version * Bump CI VMs * libpod: pass down NoPivotRoot to Buildah * vendor: bump containers/buildah * fix(deps): update module github.com/opencontainers/runc to v1.2.2 * Overlay mounts supersede image volumes & volumes-from * libpod: addHosts() prevent nil deref * only read ssh_config for non machine connections * ssh_config: allow IdentityFile file with tilde * ssh_config: do not overwrite values from config file * connection: ignore errors when parsing ssh_config * Bump bundled krunkit to 0.1.4 * fix(deps): update module google.golang.org/protobuf to v1.35.2 * add support for driver-specific options during container creation * doc: fix words repetitions * Update release notes on main for v5.3.0 * chore(deps): update dependency setuptools to ~=75.5.0 * CI: system tests: parallelize 010 * fix podman machine init --ignition-path * vendor: update containers/common * spec: clamp rlimits in a userns * Add subpath support to volumes in `--mount` option * refactor: simplify LinuxNS type definition and String method * test/e2e: remove FIPS test * vendor containers projects to tagged versions * fix(deps): update module github.com/moby/sys/capability to v0.4.0 * chore(deps): update dependency setuptools to ~=75.4.0 * system tests: safer install_kube_template() * Buildah treadmill tweaks * update golangci-lint to v1.62.0 * fix(deps): update module golang.org/x/net to v0.31.0 * fix(deps): update module golang.org/x/tools to v0.27.0 * Revert 'Reapply 'CI: test nftables driver on fedora'' * Yet another bump, f41 with fixed kernel * test: add zstd:chunked system tests * pkg/machine/e2e: remove dead code * fix(deps): update module golang.org/x/crypto to v0.29.0 * kube SIGINT system test: fix race in timeout handling * New `system connection add` tests * Update codespell to v2.3.0 * Avoid printing PR text to stdout in system test * Exclude symlink from pre-commit end-of-file-fixer * api: Add error check * [CI:ALL] Bump main to v5.4.0-dev * test/buildah-bud: build new inet helper * test/system: add regression test for TZDIR local issue * vendor latest c/{buildah,common,image,storage} * Reapply 'CI: test nftables driver on fedora' * Revert 'cirrus: test only on f40/rawhide' * test f41 VMs * AdditionalSupport for SubPath volume mounts * wsl-e2e: Add a test to ensure port 2222 is free with usermode networking * winmake.ps1: Fix the syntax of the function call Win-SSHProxy * volume ls: fix race that caused it to fail * gvproxy: Disable port-forwarding on WSL * build: update gvisor-tap-vsock to 0.8.0 * podman: update roadmap * Log network creation and removal events in Podman * libpod: journald do not lock thread * Add key to control if a container can get started by its pod * Honor users requests in quadlet files * CI: systests: workaround for parallel podman-stop flake * Fix inconsistent line ending in win-installer project * fix(deps): update module github.com/opencontainers/runc to v1.2.1 * Quadlet - support image file based mount in container file * API: container logs flush status code * rework event code to improve API errors * events: remove memory eventer * libpod: log file use Wait() over event API * Makefile: vendor target should always remove toolchain * cirrus: check consitent vendoring in test/tools * test/tools/go.mod: remove toolchain * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10 * fix(deps): update module github.com/onsi/gomega to v1.35.1 * doc: explain --interactive in more detail * fix(deps): update golang.org/x/exp digest to f66d83c * fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a * fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c * add default polling interval to Container.Wait * Instrument cleanup tracer to log weird volume removal flake * make podman-clean-transient.service work as user * Add default remote socket path if empty * Use current user if no user specified * Add support for ssh_config for connection * libpod: use pasta Setup() over Setup2() * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0 * fix(deps): update module github.com/onsi/gomega to v1.35.0 * logformatter: add cleanup tracer log link * docs: fix broken example * docs: add missing swagger links for the stable branches * readthedocs: build extra formats * pkg/machine/e2e: remove debug * fix(docs): Integrate pasta in rootless tutorial * chore(deps): update dependency setuptools to ~=75.3.0 * libpod: report cgroups deleted during Stat() call * chore: fix some function names in comment * CI: parallelize 450-interactive system tests * CI: parallelize 520-checkpoint tests * CI: make 070-build.bats use safe image names * test/system: add podman network reload test to distro gating * System tests: clean up unit file leaks * healthcheck: do not leak service on failed stop * healthcheck: do not leak statup service * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0 * Add Startup HealthCheck configuration to the podman inspect * buildah version display: use progress() * new showrun() for displaying and running shell commands * Buildah treadmill: redo the .cirrus.yml tweaks * Buildah treadmill: more allow-empty options * Buildah treadmill: improve test-failure instructions * Buildah treadmill: improve wording in test-fail instructions * doc: Remove whitespace before comma * fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0 * ps: fix display of exposed ports * ps: do not loop over port protocol * readme: Add reference to pasta in the readme * test/system: Fix spurious 'duplicate tests' failures in pasta tests * Improve 'podman load - from URL' * Try to repair c/storage after removing an additional image store * Use the config digest to compare images loaded/pulled using different methods * Simplify the additional store test * Fix the store choice in 'podman pull image with additional store' * Bump to v5.3.0-dev * Bump to v5.3.0-rc1 * Set quota on volume root directory, not _data * fix(deps): update module github.com/opencontainers/runc to v1.2.0 * test: set soft ulimit * Vagrantfile: Delete * Enable pod restore with crun * vendor: update c/{buildah,common,image,storage} * Fix 330-corrupt-images.bats in composefs test runs * quadlet: add default network dependencies to all units * quadlet: ensure user units wait for the network * add new podman-user-wait-network-online.service * contrib/systemd: switch user symlink for file symlinks * Makefile: remove some duplication from install.systemd * contrib/systemd: move podman-auto-update units * quadlet: do not reject RemapUsers=keep-id as root * test/e2e: test quadlet with and without --user * CI: e2e: fix checkpoint flake * APIv2 test fix: image history * pasta udp tests: new bytecheck helper * Document packaging process * [skip-ci] RPM: remove dup Provides * Update dependency setuptools to ~=75.2.0 * System tests: safer pause-image creation * Update module github.com/opencontainers/selinux to v1.11.1 * Added escaping to invoked powershell command for hyperv stubber. * use slices.Clone instead of assignment * libpod API: only return exit code without conditions * Housekeeping: remove duplicates from success_task * Thorough overhaul of CONTRIBUTING doc. * api: Replace close function in condition body * test/e2e: fix default signal exit code test * Test new VM build * CI: fix changing-rootFsSize flake * scp: add option types * Unlock mutex before returning from function * Note in the README that we are moving to timed releases * cirrus: let tar extract figure out the compression * Make error messages more descriptive * Mention containers.conf settings for podman machine commands * [skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks' * cmd: use logrus to print error * podman: do not set rlimits to the default value * spec: always specify default rlimits * vendor: update containers/common * Note in the README that we are moving to timed releases * Revert 'CI: test nftables driver on fedora' * cirrus: use zstd over bzip2 for repo archive * cirrus: use shared repo_prep/repo_artifacts scripts * cirrus: speed up postbuild * cirrus: change alt arch task to only compile binaries * cirrus: run make with parallel jobs where useful * Makefile: allow man-page-check to be run in parallel * cirrus: use fastvm for builds * test/e2e: skip some Containerized checkpoint tests * test: update timezone checks * cirrus: update CI images * test/e2e: try debug potential pasta issue * CI: quadlet system tests: use airgapped testimage * Allow removing implicit quadlet systemd dependencies * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4 * libpod API: make wait endpoint better against rm races * podman-remote run: improve how we get the exit code * [skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes * 055-rm test: clean up a test, and document * CI: remove skips for libkrun * Bump bundled krunkit to 0.1.3 * fix(deps): update module google.golang.org/protobuf to v1.35.0 * fix(deps): update module golang.org/x/net to v0.30.0 * server: fix url parsing in info * fix(deps): update module golang.org/x/tools to v0.26.0 * Makefile: fix ginkgo FOCUS option * fix(deps): update module golang.org/x/crypto to v0.28.0 * podman-systemd.unit.5: adjust example options * docs: prefer --network to --net * fix(deps): update module golang.org/x/term to v0.25.0 * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24 * fix(deps): update module golang.org/x/sys to v0.26.0 * OWNERS file audit and update * Exposed ports are only included when not --net=host * libpod: hasCurrentUserMapped checks for gid too * [CI:DOCS] Document TESTFLAGS in test README file * Validate the bind-propagation option to `--mount` * Fix typo in secret inspect examples * Mention `no_hosts` and `base_hosts_file` configs in CLI option docs * Fixes for vendoring Buildah * vendor: update buildah to latest * Makefile - silence skipped tests when focusing on a file * vendor: update to latest c/common * Quadlet - prefer 'param val' over 'param=val' to allow env expansion * System tests: sdnotify: wait for socket file creation * Switch to moby/sys/capability * platformInspectContainerHostConfig: rm dead code * CI: require and test CI_DESIRED_NETWORK on RHEL * Add ExposedPorts to Inspect's ContainerConfig * fix(deps): update golang.org/x/exp digest to 701f63a * quadlet: allow variables in PublishPort * fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9 * fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c * Document that zstd:chunked is downgraded to zstd when encrypting * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3 * chore(deps): update dependency ubuntu to v24 * rpm: do not load iptables modules on f41+ * adding docs for network-cmd-path * Include exposed ports in inspect output when net=host * feat(libpod): support kube play tar content-type (#24015) * podman mount: some better error wrapping * podman mount: ignore ErrLayerUnknown * Quadlet - make sure the order of the UnitsDir is deterministic * packit: disable Centos Stream/fedora ELN teasks * libpod: remove shutdown.Unregister() * libpod: rework shutdown handler flow * libpod: ensure we are not killed during netns creation * Update module github.com/moby/sys/capability to v0.3.0 * Update documentation of `--no-hosts`, `--hostname`, and `--name` CLI options * Update documentation of `--add-host` CLI option * System tests: set a default XDG_RUNTIME_DIR * Modify machine 'Remove machine' test * CORS system test: clean up * Add --health-max-log-count, --health-max-log-size, --health-log-destination flags * troubleshooting: adjust home path in tip 44 * test/system: For pasta port forwarding tests don't bind socat server * Update connection on removal * Simplify `RemoveConnections` * Move `DefaultMachineName` to `pkg/machine/define` * vendor: update containers/image * vendor: update containers/storage * CI: skip the flaking quadlet test * CI: make systemd tests parallel-safe (*) * CI: run and collect cleanup tracer logs * add epbf program to trace podman cleanup errors * CI: parallelize logs test as much as possible * CI: format test: use local registry if available * CI: make 700-play parallel-safe * docs: Fix missing negation * bin/docker support warning message suppression from user config dir * Update module github.com/docker/docker to v27.3.1+incompatible * Quadlet - add full support for Symlinks * libpod: setupNetNS() correctly mount netns * vendor latest c/common * docs: remove usage of deprecated `--storage` * Update module github.com/docker/docker to v27.3.0+incompatible * CI: Quadlet rootfs test: use container image as rootfs * CI: system test registry: use --net=host * CI: rm system test: bump grace period * CI: system tests: minor documentation on parallel * fix typo in error message Fixes: containers/podman#24001 * CI: system tests: always create pause image * CI: quadlet system test: be more forgiving * vendor latest c/common * CI: make 200-pod parallel-safe * allow exposed sctp ports * test/e2e: add netns leak check * test/system: netns leak check for rootless as well * test/system: Improve TODO comments on IPv6 pasta custom DNS forward test * test/system: Clarify 'Local forwarder' pasta tests * test/system: Simplify testing for nameserver connectivity * test/system: Consolidate 'External resolver' pasta tests * test/system: Move test for default forwarder into its own case * CI: make 090-events parallel-safe * Misc minor test fixes * Add network namespace leak check * Add workaround for buildah parallel bug * registry: lock start attempts * Update system test template and README * bats log: differentiate parallel tests from sequential * ci: bump system tests to fastvm * clean_setup: create pause image * CI: make 012-manifest parallel-safe * podman-manifest-remove: update docs and help output * test/system: remove wait workaround * wait: fix handling of multiple conditions with exited * Match output of Compat Top API to Docker * system test parallelization: enable two-pass approach * New VMs: test crun 1.17 * libpod: hides env secrets from container inspect * CI: e2e: workaround for events out-of-sequence flake * update golangci-lint to 1.61.0 * libpod: convert owner IDs only with :idmap * Podman CLI --add-host with multiple host for a single IP * Quadlet - Split getUnitDirs to small functions * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5 * chore(deps): update dependency setuptools to ~=75.1.0 * Fxi typo in cache-ttl.md * Get WSL disk as an OCI artifact * CI: make 260-sdnotify parallel-safe * quadlet: do not log ENOENT errors * pkg/specgen: allow pasta when running inside userns * troubleshooting: add tip about the user containers * chore(deps): update dependency setuptools to v75 * Convert windows paths in volume arg of the build command * Improve error when starting multiple machines * fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2 * Minor typo noticed when reading podman man page * Remove `RemoveFilesAndConnections` * Add `GetAllMachinesAndRootfulness` * rewrite typo osascript * typo * fix(deps): update module github.com/docker/docker to v27.2.1+incompatible * Add radio buttons to select WSL or Hyper-V in windows setup.exe * [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets * [skip-ci] Packit: Enable sidetags for bodhi updates * vendor: update c/common * CI: make 710-kube parallel-safe * CI: mark 320-system-df *NOT* parallel safe * Add kube play support for image volume source * refactor: add sshClient function * fix(deps): update module golang.org/x/tools to v0.25.0 * CI: make 505-pasta parallel safe * CI: make 020-tag parallel-safe * CI: make 410-selinux parallel-safe * Bump VMs. ShellCheck is now built-in * troubleshooting: add tip about auto, keep-id, nomap * libpod: make use of new pasta option from c/common * vendor latest c/common * podman images: sort repository with tags * Remove containers/common/pkg/config from pkg/util * fix(deps): update module golang.org/x/net to v0.29.0 * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23 * fix(deps): update module golang.org/x/crypto to v0.27.0 * Fix CI * Detect and fix typos using codespell * Fix typo: replace buildin with built-in * Add codespell config, pre-commit definition, and move options from Makefile * prune: support clearing build cache using CleanCacheMount * test/e2e: fix network prune flake * Add support for Job to kube generate & play * Add podman-rootless.7 man page * Add DNS, DNSOption and DNSSearch to quadlet pod * podman.1.md: improve policy.json section * e2e: flake fix: SIGPIPE in hook test * libpod: fix rootless cgroup path with --cgroup-parent * vendor: update c/storage * CI: make 055-rm parallel-safe * CI: make 130-kill parallel-safe * CI: make 125-import parallel-safe * CI: make 110-history parallel-safe * CI: system tests: parallelize low-hanging fruit * Add disclaimer to `podman machine info` manpage. * man pages: refactor two more options * update github.com/opencontainers/runc to v1.2.0-rc.3 * update go.etcd.io/bbolt to v1.3.11 * update github.com/onsi/{ginkgo,gomega} * Update module github.com/shirou/gopsutil to v4 * packit: update fedora and epel targets * bump go to 1.22 * cirrus: test only on f40/rawhide * cirrus: remove CI_DESIRED_NETWORK reference * cirrus: prebuild use f40 for extra tests * chore(deps): update dependency setuptools to ~=74.1.0 * libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD * fix(deps): update golang.org/x/exp digest to 9b4947d * Implement publishing API UNIX socket on Windows platforms * Vendor c/common:8483ef6022b4 * quadlet: support container network reusing * docs: update read the docs changes * CI: parallel-safe network system test * Quadlet - Support multiple image tags in .build files * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3 * cirrus: remove _bail_if_test_can_be_skipped * cirrus: move renovate check into validate * cirrus: remove 3rd party connectivity check * cirrus: remove cross jobs for aarch64 and x86_64 * cirrus: do not upload alt arch cross artifacts * cirrus: remove ginkgo-e2e.json artifact * cirrus: fix default timeouts * github: remove fcos-podman-next-build-prepush * Clarify podman machine volume mounting behavior under WSL * machine: Add -all-providers flag to machine list * Create a podman-troubleshooting man page * chore(deps): update dependency setuptools to v74 * fix(deps): update module github.com/docker/docker to v27.2.0+incompatible * Fix an improperly ignored error in SQLite * CI: flake workaround: ignore socat waitpid warnings * fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1 * Stop skipping machine volume test on Hyper-V * cleanup: add new --stopped-only option * fix races in the HTTP attach API * cirrus: skip windows/macos machine task on RHEL branches * Update module github.com/containers/gvisor-tap-vsock to v0.7.5 * run: fix detach passthrough and --rmi * podman run: ignore image rm error * Add support for AddHost in quadlet .pod and .container * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3 * update github.com/vishvananda/netlink to v1.3.0 * build: Update gvisor-tap-vsock to 0.7.5 * Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page: * fix typo in podman-network-create.1.md * Use HTTP path prefix of TCP connections to match Docker context behavior * Makefile: remotesystem: use real podman server, no --url * Update module github.com/openshift/imagebuilder to v1.2.15 * CI: parallel-safe userns test * Update module github.com/onsi/ginkgo/v2 to v2.20.1 * Add support for IP in quadlet .pod files * Specify format to use for referencing fixed bugs. * CI: parallel-safe run system test * Revert 'test/e2e: work around for pasta issue' * CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked * quadlet: support user mapping in pod unit * Update Release Process * Test new VM build * command is not optional to podman exec * CI: parallel-safe namespaces system test * [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2 * quadlet: add key CgroupsMode * Fix `podman stop` and `podman run --rmi` * quadlet: set infra name to %s-infra * chore(deps): update dependency setuptools to v73 * [skip-ci] Packit: update targets for propose-downstream * Do not segfault on hard stop * Fix description of :Z to talk about pods * CI: disable ginkgo flake retries * vendor: update go-criu to latest * golangci-lint: make darwin linting happy * golangci-lint: make windows linting happy * test/e2e: remove kernel version check * golangci-lint: remove most skip dirs * set !remote build tags where needed * update golangci-lint to 1.60.1 * test/e2e: rm systemd start test * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1 * podman wait: allow waiting for removal of containers * libpod: remove UpdateContainerStatus() * podman mount: fix storage/libpod ctr race * CI: quadlet tests: make parallel-safe * CI: system tests: make random_free_port() parallel-safe * remove trailing comma in example * CI: format test: make parallel-safe * Fix podman-docker.sh under -eu shells (fixes #23628) * docs: update podman-wait man page * libpod: remove duplicated HasVolume() check * podman volume rm --force: fix ABBA deadlock * test/system: fix network cleanup restart test * libpod: do not stop pod on init ctr exit * libpod: simplify WaitForExit() * CI: remove build-time quay check * Fix known_hosts file clogging and remote host id * Update docker.io/library/golang Docker tag to v1.23 * Update dependency setuptools to ~=72.2.0 * Update module github.com/docker/docker to v27.1.2+incompatible * healthcheck system check: reduce raciness * CI: healthcheck system test: make parallel-safe * Validate renovate config in every PR * pkg/machine: Read stderr from ssh-keygen correctly * Fix renovate config syntax error * CI: 080-pause.bats: make parallel-safe * CI: 050-stop.bats: make parallel-safe * Additional potential race condition on os.Readdir * pkg/bindings/containers: handle ignore for stop * remote: fix invalid --cidfile + --ignore * Update/simplify renovate config header comment * Migrate renovate config to latest schema * Fix race condition when listing /dev * docs/podman-systemd: Try to clarify `Exec=` more * libpod: reset state error on init * test/system: pasta_test_do add explicit port check * test/e2e: work around new push warning * vendor: update c/common to latest * stopIfOnlyInfraRemains: log all errors * libpod: do not save expected stop errors in ctr state * libpod: fix broken saveContainerError() * Quadlet: fix filters failure when the search paths are symlinks * readme: replace GPG with PGP * Drop APIv2 CNI configuration * De-duplicate docker-py testing * chore(podmansnoop): explain why crun comm is 3 * libpod: cleanupNetwork() return error * fix(deps): update module golang.org/x/sys to v0.24.0 * Reduce python APIv2 test net dependency * Fix not testing registry.conf updates * test/e2e: improve command timeout handling * Update module github.com/onsi/ginkgo/v2 to v2.20.0 * Update module github.com/moby/sys/user to v0.3.0 * Add passwd validate and generate steps * podman container cleanup: ignore common errors * Quadlet - Allow the user to override the default service name * CI: e2e: serialize root containerPort tests * Should not force conversion of manifest type to DockerV2ListMediaType * fix(deps): update module golang.org/x/tools to v0.24.0 * fix(deps): update github.com/containers/common digest to 05b2e1f * CI: mount system test: parallelize * Update module golang.org/x/net to v0.28.0 * Ignore ERROR_SHARING_VIOLATION error on windows * CI: manifest system tests: make parallel-safe * Create volume path before state initialization * vendor: update c/storage * CI: fix broken libkrun test * test/e2e: work around for pasta issue * test/e2e: fix missing exit code checks * Test new CI images * Remove another race condition when mounting containers or images * fix(deps): update github.com/containers/common digest to c0cc6b7 * Change Windows installer MajorUpgrade Schedule * Ignore missing containers when calling GetExternalContainerLists * Remove runc edit to lock to specific version * fix(deps): update module golang.org/x/sys to v0.23.0 * CI: podman-machine: do not use cache registry * CI: completion system test: use safename * Temporarly disable failing Windows Installer CI test * libpod: fix volume copyup with idmap * libpod: avoid hang on errors * Temp. disable PM basic Volume ops test * Add libkrun Mac task * Never skip checkout step in release workflow * System tests: leak_test: readable output * fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431 * vendor: bump c/common * Version: bump to v5.3.0-dev * libpod: inhibit SIGTERM during cleanup() * Tweak versions in register_images.go * fix network cleanup flake in play kube * WIP: Fixes for vendoring Buildah * Add --compat-volumes option to build and farm build * Bump to Buildah v1.37.0 * Quadlet test - Split between success, warning and error cases * libpod: bind ports before network setup * Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false * Use new syntax for selinux options in quadlet * fix(deps): update module github.com/onsi/gomega to v1.34.1 * CI: kube test: fix broken external-storage test * Update dependency setuptools to v72 * Convert additional build context paths on Windows * pkg/api: do not leak config pointers into specgen * Quadlet - Allow the user to set the service name for .pod files * Quadlet tests - allow overriding the expected service name * fix(deps): update module github.com/moby/sys/user to v0.2.0 * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5 * CI: enable root user namespaces * libpod: force rootfs for OCI path with idmap * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1 * Add test steps for automount with multi images * CI: cp tests: use safename * [skip-ci] RPM: podman-iptables.conf only on Fedora * CI: 700-play: fix a leaked non-safename * test: check that kube generate/play restores the userns * test: disable artifacts cache with composefs * test: fix podman pull tests * vendor: bump c/storage * Update module github.com/cyphar/filepath-securejoin to v0.3.1 * Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs * build: Update gvisor-tap-vsock to 0.7.4 * test/system: fix borken pasta interface name checks * test/system: fix bridge host.containers.internal test * api: honor the userns for the infra container * play: handle 'private' as 'auto' * kube: record infra user namespace * infra: user ns annotation higher precedence * specgenutil: record the pod userns in the annotations * kube: invert branches * CI: system log test: use safe names * Update encryption tests to avoid a warning if zstd:chunked is the default * Fix 'podman pull and decrypt'/'from local registry' * Use unique image names for the encrypted test images * CI: system tests: instrument to allow failure analysis * Fix outdated comment for the build step win-gvproxy * Add utility to convert VMFile to URL for UNIX sockets * Run codespell on source * fix(deps): update module github.com/docker/docker to v27.1.0+incompatible * chore(deps): update dependency setuptools to ~=71.1.0 * logformatter: tweaks to pass html tidy * More information for podman --remote build and running out of space. * Fix windows installer deleting machine provider config file * Use uploaded .zip for Windows action * pr-should-include-tests: no more CI:DOCS override - Depend on runc unconditionally, not only on SLE 15 (bsc#1239088) The following package changes have been done: - libaudit1-3.1.1-slfo.1.1_2.1 updated - pam-1.6.1-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.60 updated - libcurl4-8.14.1-slfo.1.1_2.1 updated - libauparse0-3.1.1-slfo.1.1_2.1 updated - runc-1.3.1-slfo.1.1_1.1 updated - python311-base-3.11.13-slfo.1.1_2.1 updated - libpython3_11-1_0-3.11.13-slfo.1.1_2.1 updated - net-tools-2.10-slfo.1.1_2.1 updated - python311-3.11.13-slfo.1.1_2.1 updated - python3-audit-3.1.1-slfo.1.1_2.1 updated - podman-5.4.2-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.37 updated - crun-1.15-slfo.1.1_1.3 removed - libkrun1-1.4.10-slfo.1.1_1.3 removed - libkrunfw3-3.8.1-slfo.1.1_1.4 removed - libyajl2-2.1.0-slfo.1.1_1.3 removed From sle-container-updates at lists.suse.com Thu Oct 2 11:28:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 2 Oct 2025 13:28:52 +0200 (CEST) Subject: SUSE-CU-2025:7237-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251002112852.C1481F780@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7237-1 Container Tags : suse/kiosk/firefox-esr:140.3 , suse/kiosk/firefox-esr:140.3-65.4 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 65.4 Severity : low Type : security References : 1247589 CVE-2025-50422 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3449-1 Released: Thu Oct 2 09:15:17 2025 Summary: Security update for cairo Type: security Severity: low References: 1247589,CVE-2025-50422 This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that does not have the FT_Color type. + Cairo tests now build on Solaris 11.4 with GCC 14. + The DirectWrite backend now builds on MINGW 11. + The DirectWrite backend now supports font variations and proper glyph coverage. - Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. - Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. - Convert to source service: allows for easier upgrades by the GNOME team. - Update to version 1.18.2: + The malloc-stats code has been removed from the tests directory + Cairo now requires a version of pixman equal to, or newer than, 0.40. + There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. + PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. + Both stroke and fill colors are now set when showing glyphs on a PDF surface. + All the font options are copied when creating a fallback font object. + When drawing text on macOS, Cairo now tries harder to select the appropriate font name. + Cairo now prefers the COLRv1 table inside a font, if one is available. + Cairo requires a C11 toolchain when building. The following package changes have been done: - libcairo2-1.18.4-150600.3.3.1 updated - libcairo-gobject2-1.18.4-150600.3.3.1 updated - container:suse-sle15-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 2 11:29:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 2 Oct 2025 13:29:04 +0200 (CEST) Subject: SUSE-CU-2025:7238-1: Security update of suse/kiosk/pulseaudio Message-ID: <20251002112904.90D5BF780@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7238-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-64.4 , suse/kiosk/pulseaudio:latest Container Release : 64.4 Severity : low Type : security References : 1247589 CVE-2025-50422 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3449-1 Released: Thu Oct 2 09:15:17 2025 Summary: Security update for cairo Type: security Severity: low References: 1247589,CVE-2025-50422 This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that does not have the FT_Color type. + Cairo tests now build on Solaris 11.4 with GCC 14. + The DirectWrite backend now builds on MINGW 11. + The DirectWrite backend now supports font variations and proper glyph coverage. - Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. - Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. - Convert to source service: allows for easier upgrades by the GNOME team. - Update to version 1.18.2: + The malloc-stats code has been removed from the tests directory + Cairo now requires a version of pixman equal to, or newer than, 0.40. + There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. + PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. + Both stroke and fill colors are now set when showing glyphs on a PDF surface. + All the font options are copied when creating a fallback font object. + When drawing text on macOS, Cairo now tries harder to select the appropriate font name. + Cairo now prefers the COLRv1 table inside a font, if one is available. + Cairo requires a C11 toolchain when building. The following package changes have been done: - libcairo2-1.18.4-150600.3.3.1 updated - container:suse-sle15-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 2 11:29:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 2 Oct 2025 13:29:20 +0200 (CEST) Subject: SUSE-CU-2025:7239-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251002112920.7515BF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7239-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-47.1 , bci/bci-sle15-kernel-module-devel:latest Container Release : 47.1 Severity : important Type : security References : 1012628 1170284 1213545 1215199 1221858 1222323 1230557 1230708 1232089 1233120 1240708 1240890 1241353 1242034 1242754 1242960 1244734 1244930 1245410 1245663 1245710 1245767 1245780 1245815 1245956 1245973 1245977 1246005 1246012 1246181 1246193 1246974 1247057 1247078 1247112 1247116 1247119 1247155 1247162 1247167 1247229 1247243 1247280 1247290 1247313 1247712 1247976 1248088 1248108 1248164 1248166 1248175 1248178 1248179 1248180 1248183 1248186 1248194 1248196 1248198 1248205 1248206 1248208 1248209 1248212 1248213 1248214 1248216 1248217 1248223 1248227 1248228 1248229 1248232 1248240 1248255 1248297 1248306 1248312 1248333 1248334 1248337 1248338 1248340 1248341 1248345 1248349 1248350 1248354 1248355 1248361 1248363 1248368 1248370 1248374 1248377 1248386 1248390 1248395 1248399 1248401 1248511 1248573 1248575 1248577 1248609 1248614 1248617 1248621 1248636 1248643 1248647 1248648 1248652 1248655 1248666 1248669 1248746 1248748 1249022 1249346 1249375 CVE-2023-3867 CVE-2023-4130 CVE-2023-4515 CVE-2024-26661 CVE-2024-46733 CVE-2024-49996 CVE-2024-58238 CVE-2024-58239 CVE-2025-37885 CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38125 CVE-2025-38146 CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38245 CVE-2025-38251 CVE-2025-38360 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445 CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38472 CVE-2025-38490 CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38510 CVE-2025-38511 CVE-2025-38512 CVE-2025-38513 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38521 CVE-2025-38524 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38591 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621 CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38644 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38663 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3290-1 Released: Mon Sep 22 14:34:03 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1170284,1213545,1215199,1221858,1222323,1230557,1230708,1232089,1233120,1240708,1240890,1241353,1242034,1242754,1242960,1244734,1244930,1245410,1245663,1245710,1245767,1245780,1245815,1245956,1245973,1245977,1246005,1246012,1246181,1246193,1247057,1247078,1247112,1247116,1247119,1247155,1247162,1247167,1247229,1247243,1247280,1247290,1247313,1247712,1247976,1248088,1248108,1248164,1248166,1248175,1248178,1248179,1248180,1248183,1248186,1248194,1248196,1248198,1248205,1248206,1248208,1248209,1248212,1248213,1248214,1248216,1248217,1248223,1248227,1248228,1248229,1248232,1248240,1248255,1248297,1248306,1248312,1248333,1248334,1248337,1248338,1248340,1248341,1248345,1248349,1248350,1248354,1248355,1248361,1248363,1248368,1248370,1248374,1248377,1248386,1248390,1248395,1248399,1248401,1248511,1248573,1248575,1248577,1248609,1248614,1248617,1248621,1248636,1248643,1248647,1248648,1248652,1248655,1248666,1248669,1248746,1248748,1249022,1249346,CVE-2023-3867,CVE-2023-41 30,CVE-2023-4515,CVE-2024-26661,CVE-2024-46733,CVE-2024-49996,CVE-2024-58238,CVE-2024-58239,CVE-2025-37885,CVE-2025-38006,CVE-2025-38075,CVE-2025-38103,CVE-2025-38125,CVE-2025-38146,CVE-2025-38160,CVE-2025-38184,CVE-2025-38185,CVE-2025-38190,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38245,CVE-2025-38251,CVE-2025-38360,CVE-2025-38439,CVE-2025-38440,CVE-2025-38441,CVE-2025-38444,CVE-2025-38445,CVE-2025-38458,CVE-2025-38459,CVE-2025-38464,CVE-2025-38472,CVE-2025-38490,CVE-2025-38491,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38510,CVE-2025-38511,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38521,CVE-2025-38524,CVE-2025-38528,CVE-2025-38529,CVE-2025-38530,CVE-2025-38531,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38546,CVE-2025-38548,CVE-2025-38550,CVE-2025-38553,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2 025-38571,CVE-2025-38572,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,CVE-2025-38585,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38605,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38617,CVE-2025-38618,CVE-2025-38621,CVE-2025-38624,CVE-2025-38630,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38644,CVE-2025-38646,CVE-2025-38650,CVE-2025-38656,CVE-2025-38663,CVE-2025-38665,CVE-2025-38668,CVE-2025-38670,CVE-2025-38671 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: qcom: use drvdata instead of component to keep id (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes). - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Fix 'drm/amdgpu: read back register after written for VCN v4.0.5' (bsc#1248370). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes). - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes). - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes). - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes). - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes). - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes). - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes). - RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes). - RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes). - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes). - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes). - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes). - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes). - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes). - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes). - arm64: Restrict pagetable teardown to avoid false warning (git-fixes). - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes). - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes). - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes). - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes). - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes). - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes). - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708). - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120). - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - devlink: add value check to devlink_info_version_put() (bsc#1245410 jsc#PED-12320). - devlink: let driver opt out of automatic phys_port_name generation (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Allow DCN301 to clear update flags (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not print errors for nonexistent connectors (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Initialize mode_select to 0 (stable-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes). - drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes). - drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes). - drm/amd/pm: fix null pointer access (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/swm14: Update power limit logic (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes). - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: fix vram reservation issue (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/bridge: fix OF node leak (git-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes). - drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes). - drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes). - drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes). - drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes). - drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes). - drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes). - drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes). - drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes). - drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Add error handling for krealloc in metadata setup (stable-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: update the high bitfield of certain DSI registers (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/tests: Fix endian warning (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes). - drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes). - drm/xe/xe_sync: avoid race during ufence signaling (git-fixes). - drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes). - drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes). - drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - ixgbe: add .info_get extension specific for E610 devices (bsc#1245410 jsc#PED-12320). - ixgbe: add E610 functions for acquiring flash data (bsc#1245410 jsc#PED-12320). - ixgbe: add E610 functions getting PBA and FW ver info (bsc#1245410 jsc#PED-12320). - ixgbe: add E610 implementation of FW recovery mode (bsc#1245410 jsc#PED-12320). - ixgbe: add FW API version check (bsc#1245410 jsc#PED-12320). - ixgbe: add device flash update via devlink (bsc#1245410 jsc#PED-12320). - ixgbe: add handler for devlink .info_get() (bsc#1245410 jsc#PED-12320). - ixgbe: add initial devlink support (bsc#1245410 jsc#PED-12320). - ixgbe: add support for FW rollback mode (bsc#1245410 jsc#PED-12320). - ixgbe: add support for devlink reload (bsc#1245410 jsc#PED-12320). - ixgbe: extend .info_get() with stored versions (bsc#1245410 jsc#PED-12320). - ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410). - ixgbe: prevent from unwanted interface name changes (git-fixes). - ixgbe: read the OROM version information (bsc#1245410 jsc#PED-12320). - ixgbe: read the netlist version information (bsc#1245410 jsc#PED-12320). - ixgbe: wrap netdev_priv() usage (bsc#1245410 jsc#PED-12320). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - kselftest/runner.sh: add netns support. - kselftests: Sort the collections list to avoid duplicate tests. - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - livepatch: Add 'replace' sysfs attribute (poo#187320). - livepatch: Add stack_order sysfs attribute (poo#187320). - livepatch: Replace snprintf() with sysfs_emit() (poo#187320). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE. - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/livepatch: Add selftests for 'replace' sysfs attribute. - selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320). - selftests/livepatch: Replace hardcoded module name. - selftests/livepatch: define max test-syscall processes. - selftests/livepatch: fix and refactor new dmesg message code. - selftests/livepatch: wait for atomic replace to occur. - selftests/run_kselftest.sh: Fix help string for --per-test-log. - selftests/run_kselftest.sh: Use readlink if realpath is not available. - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: allow runners to override the timeout. - selftests: livepatch: Avoid running the tests for certain kernel-devel situations. - selftests: livepatch: Test atomic replace against multiple modules. - selftests: livepatch: Test livepatching a heavily called syscall. - selftests: livepatch: add new ftrace helpers functions. - selftests: livepatch: add test cases of stack_order sysfs interface. - selftests: livepatch: handle PRINTK_CALLER in check_result(). - selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR. - selftests: livepatch: save and restore kprobe state. - selftests: livepatch: test if ftrace can trace a livepatched function. - selftests: livepatch: test livepatching a kprobed function. - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: core: fix OF node leak (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: avoid weird state in error path (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150600.11.6.1 updated - libssh4-0.9.8-150600.11.6.1 updated - kernel-macros-6.4.0-150700.53.16.1 updated - kernel-devel-6.4.0-150700.53.16.1 updated - kernel-default-devel-6.4.0-150700.53.16.1 updated - kernel-syms-6.4.0-150700.53.16.1 updated - container:registry.suse.com-bci-bci-base-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated From sle-container-updates at lists.suse.com Tue Oct 7 13:47:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 Oct 2025 15:47:07 +0200 (CEST) Subject: SUSE-CU-2025:7241-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251007134707.8EEDDF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7241-1 Container Tags : suse/kiosk/firefox-esr:140.3 , suse/kiosk/firefox-esr:140.3-65.5 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 65.5 Severity : important Type : security References : 1250452 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3462-1 Released: Tue Oct 7 09:46:23 2025 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1250452 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.3.1 ESR (bsc#1250452). - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on some sites. The following package changes have been done: - MozillaFirefox-140.3.1-150200.152.204.1 updated From sle-container-updates at lists.suse.com Wed Oct 8 07:05:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 8 Oct 2025 09:05:35 +0200 (CEST) Subject: SUSE-CU-2025:7250-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20251008070535.BD8A4F780@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7250-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.141 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.141 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3464-1 Released: Tue Oct 7 09:49:24 2025 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_0_0 fixes the following issues: - CVE-2025-9230 incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.98.1 updated - openssl-1_0_0-1.0.2p-3.98.1 updated From sle-container-updates at lists.suse.com Thu Oct 9 07:03:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 Oct 2025 09:03:51 +0200 (CEST) Subject: SUSE-CU-2025:7260-1: Security update of private-registry/harbor-valkey Message-ID: <20251009070351.70D6FF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7260-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.44 , private-registry/harbor-valkey:latest Container Release : 2.44 Severity : critical Type : security References : 1250995 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3499-1 Released: Wed Oct 8 20:35:17 2025 Summary: Security update for valkey Type: security Severity: critical References: 1250995,CVE-2025-46817,CVE-2025-46818,CVE-2025-46819,CVE-2025-49844 This update for valkey to version 8.0.6 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. [bsc#1250995] - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. [bsc#1250995] - CVE-2025-46818: Malicious Lua scripts can be executed in the context of another user. [bsc#1250995] - CVE-2025-46819: Malicious Lua scripts can trigger out-of-bound reads to facilitate denial-of-service attacks. [bsc#1250995] The following package changes have been done: - valkey-8.0.6-150600.13.17.1 updated - container:suse-sle15-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Thu Oct 9 07:08:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 Oct 2025 09:08:49 +0200 (CEST) Subject: SUSE-CU-2025:7261-1: Recommended update of suse/sle15 Message-ID: <20251009070849.89378F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7261-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.34 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.34 , suse/sle15:latest Container Release : 5.8.34 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3489-1 Released: Wed Oct 8 08:23:53 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libsolv, libzypp, zypper fixes the following issues: - fixed rare crash in the handling of allowuninstall in combination with forcebest updates - new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libsolv-tools-base-0.7.35-150700.11.3.1 updated - libzypp-17.37.18-150700.6.3.1 updated - zypper-1.14.94-150700.13.3.1 updated From sle-container-updates at lists.suse.com Thu Oct 9 14:38:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 Oct 2025 16:38:25 +0200 (CEST) Subject: SUSE-CU-2025:7263-1: Security update of suse/valkey Message-ID: <20251009143825.5D1EEF778@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7263-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-64.6 , suse/valkey:latest Container Release : 64.6 Severity : critical Type : security References : 1250995 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3502-1 Released: Thu Oct 9 00:04:11 2025 Summary: Security update for valkey Type: security Severity: critical References: 1250995,CVE-2025-46817,CVE-2025-46818,CVE-2025-46819,CVE-2025-49844 This update for valkey to version 8.0.6 fixes the following security issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. [bsc#1250995] - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. [bsc#1250995] - CVE-2025-46818: Malicious Lua scripts can be executed in the context of another user. [bsc#1250995] - CVE-2025-46819: Malicious Lua scripts can trigger out-of-bound reads to facilitate denial-of-service attacks. [bsc#1250995] The following package changes have been done: - valkey-8.0.6-150700.3.11.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Sat Oct 11 07:04:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 Oct 2025 09:04:22 +0200 (CEST) Subject: SUSE-CU-2025:7275-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20251011070422.DAFCAF780@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7275-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.142 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.142 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3536-1 Released: Fri Oct 10 17:20:25 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-21.46.1 updated From sle-container-updates at lists.suse.com Sat Oct 11 13:55:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 Oct 2025 15:55:27 +0200 (CEST) Subject: SUSE-CU-2025:7278-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20251011135527.7D24EF780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7278-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.182 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.182 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3537-1 Released: Fri Oct 10 17:21:41 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150000.3.39.1 updated From sle-container-updates at lists.suse.com Sat Oct 11 13:57:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 Oct 2025 15:57:45 +0200 (CEST) Subject: SUSE-CU-2025:7279-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251011135745.7C44FF780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7279-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.184 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.184 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3537-1 Released: Fri Oct 10 17:21:41 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150000.3.39.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:04:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:04:28 +0200 (CEST) Subject: SUSE-IU-2025:2684-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251014070428.DE927F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2684-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.211 , suse/sle-micro/base-5.5:latest Image Release : 5.8.211 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3593-1 Released: Mon Oct 13 15:34:44 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150500.6.64.1 updated - zypper-1.14.94-150500.6.42.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:12:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:12:39 +0200 (CEST) Subject: SUSE-CU-2025:7287-1: Security update of private-registry/harbor-portal Message-ID: <20251014071239.025A8F783@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7287-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.17 , private-registry/harbor-portal:latest Container Release : 3.17 Severity : moderate Type : security References : 1236851 1248070 CVE-2025-23419 CVE-2025-53859 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3444-1 Released: Wed Oct 1 14:42:58 2025 Summary: Security update for nginx Type: security Severity: moderate References: 1236851,1248070,CVE-2025-23419,CVE-2025-53859 This update for nginx fixes the following issues: - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). The following package changes have been done: - system-user-harbor-2.13.2-150600.2.2 updated - nginx-1.21.5-150600.10.12.1 updated - harbor213-portal-2.13.2-150600.2.2 updated - container:suse-sle15-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:19:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:19:20 +0200 (CEST) Subject: SUSE-CU-2025:7292-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20251014071920.64FE5F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7292-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.193 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.193 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150400.3.148.1 updated - zypper-1.14.94-150400.3.101.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:12:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:12:33 +0200 (CEST) Subject: SUSE-CU-2025:7286-1: Security update of private-registry/harbor-nginx Message-ID: <20251014071233.A86AAF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7286-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.51 , private-registry/harbor-nginx:latest Container Release : 2.51 Severity : moderate Type : security References : 1236851 1248070 CVE-2025-23419 CVE-2025-53859 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3444-1 Released: Wed Oct 1 14:42:58 2025 Summary: Security update for nginx Type: security Severity: moderate References: 1236851,1248070,CVE-2025-23419,CVE-2025-53859 This update for nginx fixes the following issues: - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). The following package changes have been done: - system-user-harbor-2.13.2-150600.2.2 updated - nginx-1.21.5-150600.10.12.1 updated - container:suse-sle15-15.6-6429c740360927063bab19b5f63298ae2d71284ae35513c7a3f6d6d1593efc7b-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:22:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:22:25 +0200 (CEST) Subject: SUSE-CU-2025:7293-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251014072226.000DFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7293-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.69 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.69 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150400.3.148.1 updated - zypper-1.14.94-150400.3.101.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:24:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:24:26 +0200 (CEST) Subject: SUSE-CU-2025:7294-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20251014072426.3578FF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7294-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.193 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.193 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150400.3.148.1 updated - zypper-1.14.94-150400.3.101.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:26:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:26:08 +0200 (CEST) Subject: SUSE-CU-2025:7295-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251014072608.8A5FFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7295-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.101 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.101 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3593-1 Released: Mon Oct 13 15:34:44 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150500.6.64.1 updated - zypper-1.14.94-150500.6.42.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:35:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:35:09 +0200 (CEST) Subject: SUSE-CU-2025:7302-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251014073509.9968CF778@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7302-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.114 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.114 Severity : important Type : recommended References : 1249088 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3487-1 Released: Wed Oct 8 08:17:19 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1249088 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) The following package changes have been done: - grub2-i386-pc-2.12-150600.8.37.1 updated - grub2-x86_64-efi-2.12-150600.8.37.1 updated - grub2-2.12-150600.8.37.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:35:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:35:12 +0200 (CEST) Subject: SUSE-CU-2025:7303-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251014073512.94F58F778@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7303-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.115 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.115 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150600.3.82.1 updated - zypper-1.14.94-150600.10.52.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:42:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:42:40 +0200 (CEST) Subject: SUSE-CU-2025:7308-1: Recommended update of suse/sle15 Message-ID: <20251014074240.4C3AEF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7308-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.23.34 , suse/sle15:15.6 , suse/sle15:15.6.47.23.34 Container Release : 47.23.34 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150600.3.82.1 updated - zypper-1.14.94-150600.10.52.1 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:44:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:44:10 +0200 (CEST) Subject: SUSE-CU-2025:7310-1: Security update of suse/389-ds Message-ID: <20251014074410.A6929F778@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7310-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-63.5 , suse/389-ds:latest Container Release : 63.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:44:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:44:11 +0200 (CEST) Subject: SUSE-CU-2025:7311-1: Security update of suse/389-ds Message-ID: <20251014074411.7A287F778@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7311-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-63.7 , suse/389-ds:latest Container Release : 63.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:44:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:44:57 +0200 (CEST) Subject: SUSE-CU-2025:7314-1: Security update of bci/bci-base-fips Message-ID: <20251014074457.470D0F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7314-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-8.6 , bci/bci-base-fips:latest Container Release : 8.6 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:45:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:45:10 +0200 (CEST) Subject: SUSE-CU-2025:7315-1: Security update of suse/bind Message-ID: <20251014074510.03EB0F778@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7315-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-66.7 , suse/bind:latest Container Release : 66.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:46:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:46:20 +0200 (CEST) Subject: SUSE-CU-2025:7320-1: Security update of bci/gcc Message-ID: <20251014074620.C3659F778@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7320-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-12.7 , bci/gcc:latest Container Release : 12.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:46:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:46:30 +0200 (CEST) Subject: SUSE-CU-2025:7321-1: Security update of suse/git Message-ID: <20251014074630.632AAF778@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7321-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-62.7 , suse/git:latest Container Release : 62.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:46:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:46:46 +0200 (CEST) Subject: SUSE-CU-2025:7322-1: Security update of bci/golang Message-ID: <20251014074646.419C2F778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7322-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.7 , bci/golang:1.24.7-2.73.8 , bci/golang:oldstable , bci/golang:oldstable-2.73.8 Container Release : 73.8 Severity : important Type : security References : 1236217 1247816 1248082 1249584 1249985 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3513-1 Released: Thu Oct 9 12:36:48 2025 Summary: Recommended update for go1.24 Type: recommended Severity: moderate References: 1236217,1247816,1248082,1249985 This update for go1.24 fixes the following issues: Update to version 1.24.7 (released 2025-09-03): - os/exec: TestLookPath fails on plan9 after CL 685755 - cmd/go: 'get toolchain at latest' should ignore release candidates - net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - go1.24-doc-1.24.7-150000.1.37.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - go1.24-1.24.7-150000.1.37.1 updated - go1.24-race-1.24.7-150000.1.37.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:47:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:47:02 +0200 (CEST) Subject: SUSE-CU-2025:7323-1: Security update of bci/golang Message-ID: <20251014074702.A92D0F778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7323-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.6-openssl , bci/golang:1.24.6-openssl-76.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-76.7 Container Release : 76.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl-3-devel-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:47:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:47:19 +0200 (CEST) Subject: SUSE-CU-2025:7324-1: Security update of bci/golang Message-ID: <20251014074719.4D9E6F778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7324-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.2 , bci/golang:1.25.2-1.73.8 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.73.8 Container Release : 73.8 Severity : important Type : security References : 1244485 1249584 1249985 1250232 1251253 1251254 1251255 1251256 1251257 1251258 1251259 1251260 1251261 1251262 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189 CVE-2025-59375 CVE-2025-61723 CVE-2025-61724 CVE-2025-61725 CVE-2025-9230 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3512-1 Released: Thu Oct 9 12:35:38 2025 Summary: Recommended update for go1.25 Type: recommended Severity: moderate References: 1249985 This update for go1.25 fixes the following issues: - Package svgpan.js to fix issues with 'go tool pprof'. bsc#1249985 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3547-1 Released: Sat Oct 11 03:22:16 2025 Summary: Security update for go1.25 Type: security Severity: important References: 1244485,1251253,1251254,1251255,1251256,1251257,1251258,1251259,1251260,1251261,1251262,CVE-2025-47912,CVE-2025-58183,CVE-2025-58185,CVE-2025-58186,CVE-2025-58187,CVE-2025-58188,CVE-2025-58189,CVE-2025-61723,CVE-2025-61724,CVE-2025-61725 This update for go1.25 fixes the following issues: go1.25.2 (released 2025-10-07) includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the runtime, and the context, debug/pe, net/http, os, and sync/atomic packages. (bsc#1244485) CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724: * bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information * bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress * bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys * bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion * bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion * bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs * bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map * bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames * bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints * bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse * go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when calling ReadAt * go#75116 os: Root.MkdirAll can return 'file exists' when called concurrently on the same path * go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original root * go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * go#75255 cmd/compile: export to DWARF types only referenced through interfaces * go#75347 testing/synctest: test timeout with no runnable goroutines * go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail * go#75537 context: Err can return non-nil before Done channel is closed * go#75539 net/http: internal error: connCount underflow * go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return value * go#75669 runtime: debug.decoratemappings don't work as expected The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - go1.25-doc-1.25.2-150000.1.14.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - go1.25-1.25.2-150000.1.14.1 updated - go1.25-race-1.25.2-150000.1.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 14 07:47:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:47:35 +0200 (CEST) Subject: SUSE-CU-2025:7325-1: Security update of bci/golang Message-ID: <20251014074735.62615F778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7325-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-76.8 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-76.8 Container Release : 76.8 Severity : important Type : security References : 1244485 1249141 1249584 1250232 CVE-2025-47910 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3525-1 Released: Fri Oct 10 12:33:18 2025 Summary: Security update for go1.25-openssl Type: security Severity: moderate References: 1244485,1249141,CVE-2025-47910 This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 (bsc#1244485). Security issues fixed: - CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches (bsc#1249141). Other issues fixed: - go#74822 cmd/go: 'get toolchain at latest' should ignore release candidates - go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets - go#75008 os/exec: TestLookPath fails on plan9 after CL 685755 - go#75021 testing/synctest: bubble not terminating - go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - go1.25-openssl-doc-1.25.1-150600.13.6.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl-3-devel-3.2.3-150700.5.21.1 updated - go1.25-openssl-1.25.1-150600.13.6.1 updated - go1.25-openssl-race-1.25.1-150600.13.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated - libopenssl-devel-3.2.3-150700.1.1 removed - openssl-3.2.3-150700.1.1 removed - openssl-3-3.2.3-150700.5.18.1 removed From sle-container-updates at lists.suse.com Tue Oct 14 07:47:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 Oct 2025 09:47:43 +0200 (CEST) Subject: SUSE-CU-2025:7326-1: Security update of suse/helm Message-ID: <20251014074743.D499EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7326-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-64.6 , suse/helm:latest Container Release : 64.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:03:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:03:01 +0200 (CEST) Subject: SUSE-CU-2025:7327-1: Security update of containers/open-webui-pipelines Message-ID: <20251015070301.5A359F778@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7327-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.2 Container Release : 7.2 Severity : important Type : security References : 1212476 1216545 1218588 1218664 1228260 1236589 1240058 1243197 1243397 1243706 1243933 1245938 1245939 1245942 1245943 1245946 1246197 1246197 1246965 1246974 1247144 1247148 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1250232 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-27613 CVE-2025-27614 CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-4947 CVE-2025-5025 CVE-2025-5399 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3012-1 Released: Fri Aug 29 02:07:38 2025 Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML Type: security Severity: important References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - perl-Git-2.51.0-150600.3.12.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libcurl4-8.14.1-150600.4.28.1 updated - python311-setuptools-78.1.1-150600.1.1 updated - git-core-2.51.0-150600.3.12.1 updated - curl-8.14.1-150600.4.28.1 updated - python311-wrapt-1.16.0-150600.1.14 updated - python311-charset-normalizer-3.3.2-150600.1.14 updated - python311-certifi-2024.7.4-150600.1.53 updated - python311-protobuf-5.29.3-150600.3.3 updated - python311-importlib-metadata-8.6.1-150600.1.1 updated - python311-bcrypt-4.3.0-150600.1.5 updated - python311-requests-2.32.4-150600.1.2 updated - git-2.51.0-150600.3.12.1 updated - python311-cffi-1.17.0-150600.1.16 updated - python311-googleapis-common-protos-1.63.2-150600.1.19 updated - python311-cryptography-43.0.1-150600.1.26 updated - python311-pyOpenSSL-24.2.1-150600.1.12 updated - python-open-webui-pipelines-0.20250819.030501-150600.1.1 updated - container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:07:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:07:12 +0200 (CEST) Subject: SUSE-IU-2025:2712-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251015070712.6E62EF778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2712-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.14 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.14 Severity : moderate Type : recommended References : 1220763 1228879 1229238 1229685 1229822 1230078 1231373 1231727 1235695 1236151 1237137 1239092 1240031 1241897 1243923 1244263 CVE-2024-43374 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2024-47814 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 217 Released: Thu Aug 14 16:16:22 2025 Summary: Recommended update for libpulp Type: recommended Severity: moderate References: 1220763,1228879,1229238,1229685,1229822,1230078,1231373,1231727,1235695,1236151,1237137,1239092,1240031,1241897,1243923,1244263,CVE-2024-43374,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2024-47814,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for libpulp fixes the following issues: Update package with libpulp-0.3.15: - Fix race condition on ppc64le livepatching (bsc#1244263) - Fix SIGABRT when non-valid JSON is given at input (bsc#1243923) - Fix linking against libpthread on older versions of glibc for ppc64le. Update package with libpulp-0.3.14: - Remove any linking to GLIBC_PRIVATE symbols. Update package with libpulp-0.3.13: - Improve detection of -msplit-patch-nops flag (bsc#1240031). - Allow `trigger` to disable seccomp in target process while livepaching. - Make sure libpulp don't crash when calling libc.so.6 (bsc#1241897) Update package with libpulp-0.3.12: - Remove TEXTRELs in ppc64le port (bsc#1239092). - Check for -msplit-patch-nops flag. Update package with libpulp-0.3.11: - Detect whenever the process was loaded in a custom starting address. - ulp_stack now allocates multiples of page size. - Fix livepatching of `malloc` in ppc64le (jsc#PED-11850). Update package with libpulp-0.3.10: - Fix livepatching on Debian systems. - Improve error message when ptrace_scope is active. - Avoid saving unecessary registers in ppc64le. - Fix failing tests when libpulp is loaded system-wide. - Correct TOC loading in ppc64le (jsc#PED-11850). Update package with libpulp-0.3.9: - Fix limitation in ppc64le not being able to livepatch functions with more than 8 parameters (jsc#PED-11850). - Re-enable support for userspace livepatching in ppc64le (jsc#PED-11850). - Disable build on ppc64le until gcc-13 pfe patch reaches SP7. - Update package with libpulp-0.3.8: - Fix livepatching failure in glibc 2.40. - Force compilation with gcc-13 for SP7 and Tumbleweed (jsc#PED-10952). - Add ppc64le as supported architecture (jsc#PED-10952). - Cleanup /var/livepatches on boot time. - Add timestamps on each message. - Update rpm-helper script for SLE Micro (bsc#1228879). - Update macros.userspace-livepatch for SLE Micro (bsc#1228879). - Guard macros behind sle_version >= 1600. - Add SELinux policy for /var/livepatches (bsc#1228879). - Update rpm-helper script for SLE Micro. Update package with libpulp-0.3.7 - Fix fails due to realpath returning NULL in SLE-Micro. - Return insn_queue because of permission errors on /proc/self/mem. - Fix livepatch of malloc (bsc#1231727). The following package changes have been done: - vim-data-common-9.1.1629-slfo.1.1_1.1 updated - vim-small-9.1.1629-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.38 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:15:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:15:08 +0200 (CEST) Subject: SUSE-CU-2025:7326-1: Security update of suse/helm Message-ID: <20251015071508.91645F778@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7326-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-64.6 , suse/helm:latest Container Release : 64.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:15:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:15:21 +0200 (CEST) Subject: SUSE-CU-2025:7334-1: Security update of bci/bci-init Message-ID: <20251015071521.DB8BCF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7334-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-44.5 , bci/bci-init:latest Container Release : 44.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:15:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:15:22 +0200 (CEST) Subject: SUSE-CU-2025:7335-1: Security update of bci/bci-init Message-ID: <20251015071522.9073BF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7335-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-44.7 , bci/bci-init:latest Container Release : 44.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:15:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:15:31 +0200 (CEST) Subject: SUSE-CU-2025:7336-1: Security update of suse/kea Message-ID: <20251015071531.2C79DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7336-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-63.5 , suse/kea:latest Container Release : 63.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:15:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:15:31 +0200 (CEST) Subject: SUSE-CU-2025:7337-1: Security update of suse/kea Message-ID: <20251015071531.DF326F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7337-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-63.7 , suse/kea:latest Container Release : 63.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:15:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:15:48 +0200 (CEST) Subject: SUSE-CU-2025:7338-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251015071548.91FA2F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7338-1 Container Tags : suse/kiosk/firefox-esr:140.3 , suse/kiosk/firefox-esr:140.3-65.8 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 65.8 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:16:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:16:14 +0200 (CEST) Subject: SUSE-CU-2025:7340-1: Security update of bci/kiwi Message-ID: <20251015071615.011EFF783@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7340-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.8 , bci/kiwi:latest Container Release : 20.8 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:16:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:16:14 +0200 (CEST) Subject: SUSE-CU-2025:7339-1: Security update of bci/kiwi Message-ID: <20251015071614.0FCABF778@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7339-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.6 , bci/kiwi:latest Container Release : 20.6 Severity : important Type : security References : 1230267 1246912 1249584 1250343 CVE-2025-59375 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3489-1 Released: Wed Oct 8 08:23:53 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libsolv, libzypp, zypper fixes the following issues: - fixed rare crash in the handling of allowuninstall in combination with forcebest updates - new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libsolv-tools-base-0.7.35-150700.11.3.1 updated - libzypp-17.37.18-150700.6.3.1 updated - zypper-1.14.94-150700.13.3.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:16:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:16:22 +0200 (CEST) Subject: SUSE-CU-2025:7341-1: Security update of bci/bci-micro-fips Message-ID: <20251015071622.1E1A2F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7341-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-10.4 , bci/bci-micro-fips:latest Container Release : 10.4 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:16:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:16:38 +0200 (CEST) Subject: SUSE-CU-2025:7343-1: Security update of suse/nginx Message-ID: <20251015071638.BAF63F783@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7343-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-63.8 , suse/nginx:latest Container Release : 63.8 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:16:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:16:37 +0200 (CEST) Subject: SUSE-CU-2025:7342-1: Security update of suse/nginx Message-ID: <20251015071637.CE0C9F778@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7342-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-63.6 , suse/nginx:latest Container Release : 63.6 Severity : important Type : security References : 1236851 1248070 1249584 CVE-2025-23419 CVE-2025-53859 CVE-2025-59375 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3444-1 Released: Wed Oct 1 14:42:58 2025 Summary: Security update for nginx Type: security Severity: moderate References: 1236851,1248070,CVE-2025-23419,CVE-2025-53859 This update for nginx fixes the following issues: - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - nginx-1.21.5-150600.10.12.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:16:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:16:53 +0200 (CEST) Subject: SUSE-CU-2025:7344-1: Security update of bci/nodejs Message-ID: <20251015071653.01F8CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7344-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-11.7 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-11.7 , bci/nodejs:latest Container Release : 11.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:17:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:17:08 +0200 (CEST) Subject: SUSE-CU-2025:7345-1: Security update of bci/openjdk-devel Message-ID: <20251015071708.26E2CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7345-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-11.7 Container Release : 11.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:bci-openjdk-17-15.7.17-9.7 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:17:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:17:21 +0200 (CEST) Subject: SUSE-CU-2025:7346-1: Security update of bci/openjdk Message-ID: <20251015071721.69D30F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7346-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-9.7 Container Release : 9.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:17:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:17:37 +0200 (CEST) Subject: SUSE-CU-2025:7347-1: Security update of bci/openjdk-devel Message-ID: <20251015071737.B6F76F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7347-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-14.7 , bci/openjdk-devel:latest Container Release : 14.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:bci-openjdk-21-15.7.21-12.7 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:17:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:17:52 +0200 (CEST) Subject: SUSE-CU-2025:7348-1: Security update of bci/openjdk Message-ID: <20251015071752.BA588F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7348-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-12.7 , bci/openjdk:latest Container Release : 12.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:18:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:18:10 +0200 (CEST) Subject: SUSE-CU-2025:7349-1: Security update of suse/pcp Message-ID: <20251015071810.C0776F778@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7349-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-65.5 , suse/pcp:latest Container Release : 65.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:bci-bci-init-15.7-9f669139b862f2683e05a0f39245e67e2e8de41d417d70d5e71216b050e3400b-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:18:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:18:11 +0200 (CEST) Subject: SUSE-CU-2025:7350-1: Security update of suse/pcp Message-ID: <20251015071811.7DF32F778@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7350-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-65.7 , suse/pcp:latest Container Release : 65.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:bci-bci-init-15.7-6c9c11d236e73ddbb247de36762271640e0d12cac868cd59100cb7d21a3fe5a2-0 updated From sle-container-updates at lists.suse.com Wed Oct 15 07:18:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 Oct 2025 09:18:24 +0200 (CEST) Subject: SUSE-CU-2025:7351-1: Security update of bci/php-apache Message-ID: <20251015071824.7271DF778@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7351-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-13.5 , bci/php-apache:latest Container Release : 13.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:09:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:09:15 +0200 (CEST) Subject: SUSE-IU-2025:2766-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251016070915.95EBEF778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2766-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.15 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.15 Severity : moderate Type : recommended References : 1228879 1237284 1237287 1249832 CVE-2024-57256 CVE-2024-57258 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 302 Released: Wed Oct 15 10:12:36 2025 Summary: Recommended update for selinux-policy Type: recommended Severity: moderate References: 1228879,1237284,1237287,1249832,CVE-2024-57256,CVE-2024-57258 This update for selinux-policy fixes the following issues: Update to version 20241031+git10.f4f74e9f2: * Label /var/livepatches as lib_t for ULP on micro (bsc#1228879, bsc#1249832) The following package changes have been done: - selinux-policy-20241031+git10.f4f74e9f2-slfo.1.1_1.1 updated - selinux-policy-targeted-20241031+git10.f4f74e9f2-slfo.1.1_1.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:18:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:18:46 +0200 (CEST) Subject: SUSE-CU-2025:7351-1: Security update of bci/php-apache Message-ID: <20251016071846.C0ADBF778@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7351-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-13.5 , bci/php-apache:latest Container Release : 13.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:18:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:18:47 +0200 (CEST) Subject: SUSE-CU-2025:7363-1: Security update of bci/php-apache Message-ID: <20251016071847.8FE7CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7363-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-13.7 , bci/php-apache:latest Container Release : 13.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:19:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:19:00 +0200 (CEST) Subject: SUSE-CU-2025:7365-1: Security update of bci/php-fpm Message-ID: <20251016071900.C799DF778@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7365-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-13.6 , bci/php-fpm:latest Container Release : 13.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:19:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:19:13 +0200 (CEST) Subject: SUSE-CU-2025:7367-1: Security update of bci/php Message-ID: <20251016071913.13099F778@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7367-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-13.6 , bci/php:latest Container Release : 13.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:19:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:19:22 +0200 (CEST) Subject: SUSE-CU-2025:7368-1: Security update of suse/postgres Message-ID: <20251016071922.5D636F778@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7368-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-75.6 Container Release : 75.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:19:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:19:31 +0200 (CEST) Subject: SUSE-CU-2025:7369-1: Security update of suse/postgres Message-ID: <20251016071931.59EF3F778@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7369-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-65.6 , suse/postgres:latest Container Release : 65.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:19:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:19:45 +0200 (CEST) Subject: SUSE-CU-2025:7370-1: Security update of suse/kiosk/pulseaudio Message-ID: <20251016071945.09D0AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7370-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-64.7 , suse/kiosk/pulseaudio:latest Container Release : 64.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:00 +0200 (CEST) Subject: SUSE-CU-2025:7371-1: Security update of bci/python Message-ID: <20251016072000.45040F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7371-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-75.5 Container Release : 75.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:01 +0200 (CEST) Subject: SUSE-CU-2025:7372-1: Security update of bci/python Message-ID: <20251016072001.09909F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7372-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-75.7 Container Release : 75.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:18 +0200 (CEST) Subject: SUSE-CU-2025:7373-1: Security update of bci/python Message-ID: <20251016072018.75586F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7373-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-77.5 , bci/python:latest Container Release : 77.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:19 +0200 (CEST) Subject: SUSE-CU-2025:7374-1: Security update of bci/python Message-ID: <20251016072019.56378F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7374-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.5 , bci/python:3.13.5-77.7 , bci/python:latest Container Release : 77.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:35 +0200 (CEST) Subject: SUSE-CU-2025:7375-1: Security update of bci/python Message-ID: <20251016072035.7F179F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7375-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-74.5 Container Release : 74.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:36 +0200 (CEST) Subject: SUSE-CU-2025:7376-1: Security update of bci/python Message-ID: <20251016072036.4BE5CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7376-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-74.7 Container Release : 74.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:42 +0200 (CEST) Subject: SUSE-CU-2025:7377-1: Security update of suse/mariadb-client Message-ID: <20251016072042.BB973F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7377-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.2 , suse/mariadb-client:11.8.2-62.6 , suse/mariadb-client:latest Container Release : 62.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:20:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:20:50 +0200 (CEST) Subject: SUSE-CU-2025:7378-1: Security update of suse/mariadb Message-ID: <20251016072050.A7168F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7378-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.2 , suse/mariadb:11.8.2-63.7 , suse/mariadb:latest Container Release : 63.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:21:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:21:02 +0200 (CEST) Subject: SUSE-CU-2025:7380-1: Security update of suse/rmt-server Message-ID: <20251016072102.53325F778@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7380-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-74.6 , suse/rmt-server:latest Container Release : 74.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:21:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:21:18 +0200 (CEST) Subject: SUSE-CU-2025:7381-1: Security update of bci/ruby Message-ID: <20251016072118.AF5AEF778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7381-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.5 Container Release : 15.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:37:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:37:05 +0200 (CEST) Subject: SUSE-IU-2025:2815-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251016133705.3E0D1F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2815-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.212 , suse/sle-micro/base-5.5:latest Image Release : 5.8.212 Severity : important Type : security References : 1065729 1164051 1193629 1194869 1202700 1203063 1203332 1204228 1205128 1205205 1206451 1206456 1206468 1206843 1206883 1206884 1207158 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207645 1207651 1208607 1209287 1209291 1209980 1210584 1211960 1212603 1213015 1213016 1213040 1213041 1213061 1213099 1213104 1213533 1213666 1213747 1214073 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1220185 1220186 1223959 1234639 1236104 1237449 1238160 1241353 1242846 1243539 1244337 1244732 1245666 1246879 1246968 1247028 1247172 1247239 1248108 1248111 1248255 1248399 1248628 1248639 1248847 1249126 1249158 1249159 1249186 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249374 1249516 1249538 1249548 1249604 1249638 1249639 1249641 1249642 1249648 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249673 1249677 1249681 1249683 1249685 1249687 1249695 1249696 1249699 1249700 1249701 1249704 1249705 1249706 1249707 1249708 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249756 1249757 1249758 1249762 1249767 1249777 1249780 1249781 1249782 1249784 1249791 1249799 1249800 1249802 1249808 1249810 1249816 1249820 1249824 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249861 1249864 1249865 1249866 1249867 1249868 1249869 1249872 1249874 1249877 1249880 1249882 1249883 1249884 1249885 1249890 1249892 1249894 1249908 1249910 1249911 1249913 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249940 1249944 1249947 1249949 1249950 1249951 1249954 1249958 1249979 1249981 1249991 1249994 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250017 1250023 1250024 1250026 1250037 1250039 1250040 1250041 1250042 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250068 1250070 1250071 1250072 1250075 1250077 1250080 1250081 1250083 1250089 1250103 1250104 1250105 1250106 1250107 1250108 1250112 1250114 1250117 1250118 1250121 1250127 1250128 1250130 1250131 1250132 1250134 1250137 1250138 1250140 1250144 1250145 1250151 1250153 1250156 1250157 1250159 1250161 1250165 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250189 1250191 1250197 1250198 1250200 1250201 1250208 1250209 1250211 1250215 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250278 1250285 1250287 1250293 1250301 1250303 1250306 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250327 1250328 1250331 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250397 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250765 1250767 1250768 1250771 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250793 1250797 1250799 1250807 1250810 1250811 1250814 1250818 1250819 1250822 1250823 1250824 1250825 1250829 1250830 1250831 1250832 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250849 1250850 1250851 1250853 1250856 1250861 1250862 1250863 1250864 1250866 1250867 1250868 1250872 1250873 1250874 1250875 1250877 1250879 1250881 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250913 1250915 1250917 1250923 1250927 1250928 1250931 1250932 1250948 1250949 1250953 1250963 1250964 1250965 CVE-2022-2602 CVE-2022-2978 CVE-2022-36280 CVE-2022-43945 CVE-2022-49138 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50242 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50287 CVE-2022-50288 CVE-2022-50289 CVE-2022-50292 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50303 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50323 CVE-2022-50324 CVE-2022-50325 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50339 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50354 CVE-2022-50355 CVE-2022-50356 CVE-2022-50357 CVE-2022-50358 CVE-2022-50359 CVE-2022-50360 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50378 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50390 CVE-2022-50391 CVE-2022-50392 CVE-2022-50393 CVE-2022-50394 CVE-2022-50395 CVE-2022-50396 CVE-2022-50398 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50406 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50412 CVE-2022-50414 CVE-2022-50417 CVE-2022-50418 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50433 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50441 CVE-2022-50443 CVE-2022-50444 CVE-2022-50447 CVE-2022-50449 CVE-2022-50452 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50464 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53168 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53181 CVE-2023-53182 CVE-2023-53185 CVE-2023-53189 CVE-2023-53193 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53210 CVE-2023-53213 CVE-2023-53215 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53232 CVE-2023-53234 CVE-2023-53237 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53259 CVE-2023-53263 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53284 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53320 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53332 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53340 CVE-2023-53344 CVE-2023-53347 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53357 CVE-2023-53359 CVE-2023-53368 CVE-2023-53370 CVE-2023-53371 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53378 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53383 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53391 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53398 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53442 CVE-2023-53443 CVE-2023-53444 CVE-2023-53446 CVE-2023-53448 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53466 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53480 CVE-2023-53482 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53489 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53511 CVE-2023-53512 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2023-53531 CVE-2023-53532 CVE-2024-26583 CVE-2024-26584 CVE-2024-58240 CVE-2025-37738 CVE-2025-37958 CVE-2025-38014 CVE-2025-38111 CVE-2025-38380 CVE-2025-38488 CVE-2025-38553 CVE-2025-38572 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38683 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3615-1 Released: Thu Oct 16 07:49:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1205205,1206451,1206456,1206468,1206843,1206883,1206884,1207158,1207361,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1209980,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213533,1213666,1213747,1214073,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1223959,1234639,1236104,1237449,1238160,1241353,1242846,1243539,1244337,1244732,1245666,1246879,1246968,1247028,1247172,1247239,1248108,1248111,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249159,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249638,1249639,1249641,1249642,1249648,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249673,1249677,1249681,1249683,1249685,1249687,1249695,1249696,1249699,1249700,1249701,1249704,1249705,1249706,1249707,1249708,1249709,1249712,1249713,1 249715,1249716,1249718,1249722,1249727,1249730,1249733,1249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249756,1249757,1249758,1249762,1249767,1249777,1249780,1249781,1249782,1249784,1249791,1249799,1249800,1249802,1249808,1249810,1249816,1249820,1249824,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249861,1249864,1249865,1249866,1249867,1249868,1249869,1249872,1249874,1249877,1249880,1249882,1249883,1249884,1249885,1249890,1249892,1249894,1249908,1249910,1249911,1249913,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249940,1249944,1249947,1249949,1249950,1249951,1249954,1249958,1249979,1249981,1249991,1249994,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250017,1250023,1250024,1250026,1250037,1250039,1250040,1250041,1250042,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,125006 6,1250068,1250070,1250071,1250072,1250075,1250077,1250080,1250081,1250083,1250089,1250103,1250104,1250105,1250106,1250107,1250108,1250112,1250114,1250117,1250118,1250121,1250127,1250128,1250130,1250131,1250132,1250134,1250137,1250138,1250140,1250144,1250145,1250151,1250153,1250156,1250157,1250159,1250161,1250165,1250168,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250189,1250191,1250197,1250198,1250200,1250201,1250208,1250209,1250211,1250215,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250278,1250285,1250287,1250293,1250301,1250303,1250306,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250327,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250397,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250765,1250767,1250768,1250771,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250793,1250797,1250799,1250807,125 0810,1250811,1250814,1250818,1250819,1250822,1250823,1250824,1250825,1250829,1250830,1250831,1250832,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250849,1250850,1250851,1250853,1250856,1250861,1250862,1250863,1250864,1250866,1250867,1250868,1250872,1250873,1250874,1250875,1250877,1250879,1250881,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250913,1250915,1250917,1250923,1250927,1250928,1250931,1250932,1250948,1250949,1250953,1250963,1250964,1250965,CVE-2022-2602,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50242,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-502 79,CVE-2022-50282,CVE-2022-50286,CVE-2022-50287,CVE-2022-50288,CVE-2022-50289,CVE-2022-50292,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50303,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50323,CVE-2022-50324,CVE-2022-50325,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50339,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50354,CVE-2022-50355,CVE-2022-50356,CVE-2022-50357,CVE-2022-50358,CVE-2022-50359,CVE-2022-50360,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50378,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50390,CVE-2022-50391,CVE-2022-50392,CVE-2022-50393,CVE- 2022-50394,CVE-2022-50395,CVE-2022-50396,CVE-2022-50398,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50406,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50412,CVE-2022-50414,CVE-2022-50417,CVE-2022-50418,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50433,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50441,CVE-2022-50443,CVE-2022-50444,CVE-2022-50447,CVE-2022-50449,CVE-2022-50452,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50464,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53153,CVE-2023-53165,CVE-2023-5316 7,CVE-2023-53168,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53181,CVE-2023-53182,CVE-2023-53185,CVE-2023-53189,CVE-2023-53193,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53210,CVE-2023-53213,CVE-2023-53215,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53232,CVE-2023-53234,CVE-2023-53237,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53259,CVE-2023-53263,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53284,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2 023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-2023-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53320,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53332,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53340,CVE-2023-53344,CVE-2023-53347,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53357,CVE-2023-53359,CVE-2023-53368,CVE-2023-53370,CVE-2023-53371,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53378,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53383,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53391,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53398,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53442,CVE-2023-534 43,CVE-2023-53444,CVE-2023-53446,CVE-2023-53448,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53466,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-53474,CVE-2023-53475,CVE-2023-53476,CVE-2023-53480,CVE-2023-53482,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53489,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53511,CVE-2023-53512,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2023-53531,CVE-2023-53532,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-37738,CVE-2025-37958,CVE-2025-38014,CVE-2025-38111,CVE-2025-38380,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38683,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE- 2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - build_bug.h: Add KABI assert (bsc#1249186). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - supported.conf: mark hyperv_drm as external - use uniform permission checks for all mount propagation changes (git-fixes). - xfs: rework datasync tracking and execution (bsc#1237449). The following package changes have been done: - kernel-default-5.14.21-150500.55.124.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:38:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:38:14 +0200 (CEST) Subject: SUSE-IU-2025:2816-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251016133814.17FD2F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2816-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.405 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.405 Severity : important Type : security References : 1065729 1164051 1193629 1194869 1202700 1203063 1203332 1204228 1205128 1205205 1206451 1206456 1206468 1206843 1206883 1206884 1207158 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207645 1207651 1208607 1209287 1209291 1209980 1210584 1211960 1212603 1213015 1213016 1213040 1213041 1213061 1213099 1213104 1213533 1213666 1213747 1214073 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1220185 1220186 1223959 1234639 1236104 1237449 1238160 1241353 1242846 1243539 1244337 1244732 1245666 1246879 1246968 1247028 1247172 1247239 1248108 1248111 1248255 1248399 1248628 1248639 1248847 1249126 1249158 1249159 1249186 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249374 1249516 1249538 1249548 1249604 1249638 1249639 1249641 1249642 1249648 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249673 1249677 1249681 1249683 1249685 1249687 1249695 1249696 1249699 1249700 1249701 1249704 1249705 1249706 1249707 1249708 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249756 1249757 1249758 1249762 1249767 1249777 1249780 1249781 1249782 1249784 1249791 1249799 1249800 1249802 1249808 1249810 1249816 1249820 1249824 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249861 1249864 1249865 1249866 1249867 1249868 1249869 1249872 1249874 1249877 1249880 1249882 1249883 1249884 1249885 1249890 1249892 1249894 1249908 1249910 1249911 1249913 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249940 1249944 1249947 1249949 1249950 1249951 1249954 1249958 1249979 1249981 1249991 1249994 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250017 1250023 1250024 1250026 1250037 1250039 1250040 1250041 1250042 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250068 1250070 1250071 1250072 1250075 1250077 1250080 1250081 1250083 1250089 1250103 1250104 1250105 1250106 1250107 1250108 1250112 1250114 1250117 1250118 1250121 1250127 1250128 1250130 1250131 1250132 1250134 1250137 1250138 1250140 1250144 1250145 1250151 1250153 1250156 1250157 1250159 1250161 1250165 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250189 1250191 1250197 1250198 1250200 1250201 1250208 1250209 1250211 1250215 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250278 1250285 1250287 1250293 1250301 1250303 1250306 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250327 1250328 1250331 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250397 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250765 1250767 1250768 1250771 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250793 1250797 1250799 1250807 1250810 1250811 1250814 1250818 1250819 1250822 1250823 1250824 1250825 1250829 1250830 1250831 1250832 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250849 1250850 1250851 1250853 1250856 1250861 1250862 1250863 1250864 1250866 1250867 1250868 1250872 1250873 1250874 1250875 1250877 1250879 1250881 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250913 1250915 1250917 1250923 1250927 1250928 1250931 1250932 1250948 1250949 1250953 1250963 1250964 1250965 CVE-2022-2602 CVE-2022-2978 CVE-2022-36280 CVE-2022-43945 CVE-2022-49138 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50242 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50287 CVE-2022-50288 CVE-2022-50289 CVE-2022-50292 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50303 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50323 CVE-2022-50324 CVE-2022-50325 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50339 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50354 CVE-2022-50355 CVE-2022-50356 CVE-2022-50357 CVE-2022-50358 CVE-2022-50359 CVE-2022-50360 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50378 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50390 CVE-2022-50391 CVE-2022-50392 CVE-2022-50393 CVE-2022-50394 CVE-2022-50395 CVE-2022-50396 CVE-2022-50398 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50406 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50412 CVE-2022-50414 CVE-2022-50417 CVE-2022-50418 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50433 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50441 CVE-2022-50443 CVE-2022-50444 CVE-2022-50447 CVE-2022-50449 CVE-2022-50452 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50464 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53168 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53181 CVE-2023-53182 CVE-2023-53185 CVE-2023-53189 CVE-2023-53193 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53210 CVE-2023-53213 CVE-2023-53215 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53232 CVE-2023-53234 CVE-2023-53237 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53259 CVE-2023-53263 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53284 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53320 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53332 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53340 CVE-2023-53344 CVE-2023-53347 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53357 CVE-2023-53359 CVE-2023-53368 CVE-2023-53370 CVE-2023-53371 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53378 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53383 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53391 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53398 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53442 CVE-2023-53443 CVE-2023-53444 CVE-2023-53446 CVE-2023-53448 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53466 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53480 CVE-2023-53482 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53489 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53511 CVE-2023-53512 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2023-53531 CVE-2023-53532 CVE-2024-26583 CVE-2024-26584 CVE-2024-58240 CVE-2025-37738 CVE-2025-37958 CVE-2025-38014 CVE-2025-38111 CVE-2025-38380 CVE-2025-38488 CVE-2025-38553 CVE-2025-38572 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38683 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3615-1 Released: Thu Oct 16 07:49:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1205205,1206451,1206456,1206468,1206843,1206883,1206884,1207158,1207361,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1209980,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213533,1213666,1213747,1214073,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1223959,1234639,1236104,1237449,1238160,1241353,1242846,1243539,1244337,1244732,1245666,1246879,1246968,1247028,1247172,1247239,1248108,1248111,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249159,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249638,1249639,1249641,1249642,1249648,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249673,1249677,1249681,1249683,1249685,1249687,1249695,1249696,1249699,1249700,1249701,1249704,1249705,1249706,1249707,1249708,1249709,1249712,1249713,1 249715,1249716,1249718,1249722,1249727,1249730,1249733,1249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249756,1249757,1249758,1249762,1249767,1249777,1249780,1249781,1249782,1249784,1249791,1249799,1249800,1249802,1249808,1249810,1249816,1249820,1249824,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249861,1249864,1249865,1249866,1249867,1249868,1249869,1249872,1249874,1249877,1249880,1249882,1249883,1249884,1249885,1249890,1249892,1249894,1249908,1249910,1249911,1249913,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249940,1249944,1249947,1249949,1249950,1249951,1249954,1249958,1249979,1249981,1249991,1249994,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250017,1250023,1250024,1250026,1250037,1250039,1250040,1250041,1250042,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,125006 6,1250068,1250070,1250071,1250072,1250075,1250077,1250080,1250081,1250083,1250089,1250103,1250104,1250105,1250106,1250107,1250108,1250112,1250114,1250117,1250118,1250121,1250127,1250128,1250130,1250131,1250132,1250134,1250137,1250138,1250140,1250144,1250145,1250151,1250153,1250156,1250157,1250159,1250161,1250165,1250168,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250189,1250191,1250197,1250198,1250200,1250201,1250208,1250209,1250211,1250215,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250278,1250285,1250287,1250293,1250301,1250303,1250306,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250327,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250397,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250765,1250767,1250768,1250771,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250793,1250797,1250799,1250807,125 0810,1250811,1250814,1250818,1250819,1250822,1250823,1250824,1250825,1250829,1250830,1250831,1250832,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250849,1250850,1250851,1250853,1250856,1250861,1250862,1250863,1250864,1250866,1250867,1250868,1250872,1250873,1250874,1250875,1250877,1250879,1250881,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250913,1250915,1250917,1250923,1250927,1250928,1250931,1250932,1250948,1250949,1250953,1250963,1250964,1250965,CVE-2022-2602,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50242,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-502 79,CVE-2022-50282,CVE-2022-50286,CVE-2022-50287,CVE-2022-50288,CVE-2022-50289,CVE-2022-50292,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50303,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50323,CVE-2022-50324,CVE-2022-50325,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50339,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50354,CVE-2022-50355,CVE-2022-50356,CVE-2022-50357,CVE-2022-50358,CVE-2022-50359,CVE-2022-50360,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50378,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50390,CVE-2022-50391,CVE-2022-50392,CVE-2022-50393,CVE- 2022-50394,CVE-2022-50395,CVE-2022-50396,CVE-2022-50398,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50406,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50412,CVE-2022-50414,CVE-2022-50417,CVE-2022-50418,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50433,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50441,CVE-2022-50443,CVE-2022-50444,CVE-2022-50447,CVE-2022-50449,CVE-2022-50452,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50464,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53153,CVE-2023-53165,CVE-2023-5316 7,CVE-2023-53168,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53181,CVE-2023-53182,CVE-2023-53185,CVE-2023-53189,CVE-2023-53193,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53210,CVE-2023-53213,CVE-2023-53215,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53232,CVE-2023-53234,CVE-2023-53237,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53259,CVE-2023-53263,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53284,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2 023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-2023-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53320,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53332,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53340,CVE-2023-53344,CVE-2023-53347,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53357,CVE-2023-53359,CVE-2023-53368,CVE-2023-53370,CVE-2023-53371,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53378,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53383,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53391,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53398,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53442,CVE-2023-534 43,CVE-2023-53444,CVE-2023-53446,CVE-2023-53448,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53466,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-53474,CVE-2023-53475,CVE-2023-53476,CVE-2023-53480,CVE-2023-53482,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53489,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53511,CVE-2023-53512,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2023-53531,CVE-2023-53532,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-37738,CVE-2025-37958,CVE-2025-38014,CVE-2025-38111,CVE-2025-38380,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38683,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE- 2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - build_bug.h: Add KABI assert (bsc#1249186). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - supported.conf: mark hyperv_drm as external - use uniform permission checks for all mount propagation changes (git-fixes). - xfs: rework datasync tracking and execution (bsc#1237449). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.124.1.150500.6.59.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.212 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:50:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:50:40 +0200 (CEST) Subject: SUSE-CU-2025:7381-1: Security update of bci/ruby Message-ID: <20251016135040.233B9F778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7381-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.5 Container Release : 15.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:50:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:50:40 +0200 (CEST) Subject: SUSE-CU-2025:7385-1: Security update of bci/ruby Message-ID: <20251016135040.F3430F778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7385-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.7 Container Release : 15.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:50:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:50:58 +0200 (CEST) Subject: SUSE-CU-2025:7386-1: Security update of bci/ruby Message-ID: <20251016135058.0AD4EF778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7386-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-14.5 , bci/ruby:latest Container Release : 14.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:50:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:50:58 +0200 (CEST) Subject: SUSE-CU-2025:7387-1: Security update of bci/ruby Message-ID: <20251016135058.DB773F778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7387-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-14.7 , bci/ruby:latest Container Release : 14.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:51:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:51:13 +0200 (CEST) Subject: SUSE-CU-2025:7389-1: Security update of bci/rust Message-ID: <20251016135113.C8329F778@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7389-1 Container Tags : bci/rust:1.89 , bci/rust:1.89.0 , bci/rust:1.89.0-1.3.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.5 Container Release : 3.5 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:51:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:51:24 +0200 (CEST) Subject: SUSE-CU-2025:7390-1: Security update of suse/samba-client Message-ID: <20251016135124.7940AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7390-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-65.7 , suse/samba-client:latest Container Release : 65.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:51:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:51:33 +0200 (CEST) Subject: SUSE-CU-2025:7391-1: Security update of suse/samba-server Message-ID: <20251016135133.8A765F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7391-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-65.7 , suse/samba-server:latest Container Release : 65.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:51:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:51:43 +0200 (CEST) Subject: SUSE-CU-2025:7392-1: Security update of suse/samba-toolbox Message-ID: <20251016135143.2FF20F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7392-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-65.7 , suse/samba-toolbox:latest Container Release : 65.7 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:51:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:51:58 +0200 (CEST) Subject: SUSE-CU-2025:7393-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251016135158.A0834F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7393-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-48.5 , bci/bci-sle15-kernel-module-devel:latest Container Release : 48.5 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:51:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:51:59 +0200 (CEST) Subject: SUSE-CU-2025:7394-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251016135159.6E81FF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7394-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-48.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 48.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:52:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:52:12 +0200 (CEST) Subject: SUSE-CU-2025:7395-1: Security update of suse/sle15 Message-ID: <20251016135212.39919F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7395-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.35 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.35 , suse/sle15:latest Container Release : 5.8.35 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:52:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:52:33 +0200 (CEST) Subject: SUSE-CU-2025:7396-1: Security update of bci/spack Message-ID: <20251016135233.A0FA1F778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7396-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-16.5 , bci/spack:latest Container Release : 16.5 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl-3-devel-3.2.3-150700.5.21.1 updated - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:52:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:52:40 +0200 (CEST) Subject: SUSE-CU-2025:7397-1: Security update of suse/stunnel Message-ID: <20251016135240.DB198F778@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7397-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-64.6 , suse/stunnel:latest Container Release : 64.6 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:52:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:52:49 +0200 (CEST) Subject: SUSE-CU-2025:7398-1: Security update of suse/valkey Message-ID: <20251016135249.806ACF778@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7398-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-64.7 , suse/valkey:latest Container Release : 64.7 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:52:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:52:57 +0200 (CEST) Subject: SUSE-CU-2025:7399-1: Security update of suse/kiosk/xorg-client Message-ID: <20251016135257.D437AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7399-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-65.6 , suse/kiosk/xorg-client:latest Container Release : 65.6 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:53:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:53:10 +0200 (CEST) Subject: SUSE-CU-2025:7400-1: Security update of suse/kiosk/xorg Message-ID: <20251016135310.F06C4F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7400-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-67.6 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 67.6 Severity : important Type : security References : 1249584 1250232 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3508-1 Released: Thu Oct 9 10:32:56 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). The following package changes have been done: - libexpat1-2.7.1-150700.3.6.1 updated - expat-2.7.1-150700.3.6.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - container:suse-sle15-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated - container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:54:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:54:57 +0200 (CEST) Subject: SUSE-CU-2025:7404-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20251016135457.81425F778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7404-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.28 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.28 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150400.3.148.1 updated - zypper-1.14.94-150400.3.101.1 updated - container:sles15-ltss-image-15.4.0-2.73 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:56:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:56:04 +0200 (CEST) Subject: SUSE-CU-2025:7405-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251016135604.F39EFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7405-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.30 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.30 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150400.3.148.1 updated - zypper-1.14.94-150400.3.101.1 updated - container:sles15-ltss-image-15.4.0-2.73 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:05:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:05:40 +0200 (CEST) Subject: SUSE-IU-2025:2763-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20251016070540.BC405F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2763-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.57 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.57 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241292 1241353 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249413 1249479 1249481 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250006 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-159 Released: Wed Oct 15 18:17:22 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241353,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1 249279,1249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249346,1249374,1249413,1249479,1249481,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,124998 8,1249990,1249993,1249994,1249997,1250002,1250004,1250006,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,125 0830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-5325 7,CVE-2023-53258,CVE-2023-53260,CVE-2023-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2 023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-384 66,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE- 2025-39681,CVE-2025-39682,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39 844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - Drop PCI patches that broke kdump capture boot (bsc#1246509) - Drop arm64 patches that may lead to module load failure (bsc#1250057) - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - Fix BPF selftests compilation error in bpf_iter.c (git-fixes) - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186) - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: Use Step repository for building Leap kernel bs-upload-kernel does not understand the Leap repository layout - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: drop kvm_x86_ops from kabi relevant symbols. - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source.spec: Depend on python3-base for build Both kernel-binary and kernel-docs already have this dependency. - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). The following package changes have been done: - kernel-default-6.4.0-35.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:06:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:06:29 +0200 (CEST) Subject: SUSE-IU-2025:2764-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251016070629.B1E48F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2764-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.80 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.80 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241292 1241353 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249413 1249479 1249481 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250006 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-159 Released: Wed Oct 15 18:17:22 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241353,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1 249279,1249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249346,1249374,1249413,1249479,1249481,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,124998 8,1249990,1249993,1249994,1249997,1250002,1250004,1250006,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,125 0830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-5325 7,CVE-2023-53258,CVE-2023-53260,CVE-2023-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2 023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-384 66,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE- 2025-39681,CVE-2025-39682,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39 844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - Drop PCI patches that broke kdump capture boot (bsc#1246509) - Drop arm64 patches that may lead to module load failure (bsc#1250057) - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - Fix BPF selftests compilation error in bpf_iter.c (git-fixes) - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186) - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: Use Step repository for building Leap kernel bs-upload-kernel does not understand the Leap repository layout - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: drop kvm_x86_ops from kabi relevant symbols. - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source.spec: Depend on python3-base for build Both kernel-binary and kernel-docs already have this dependency. - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-35.1.21.12 updated - container:SL-Micro-base-container-2.1.3-7.57 updated From sle-container-updates at lists.suse.com Thu Oct 16 07:09:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 09:09:55 +0200 (CEST) Subject: SUSE-IU-2025:2768-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251016070955.0CFD9F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2768-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.41 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.41 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241292 1241353 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249413 1249479 1249481 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250006 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-159 Released: Wed Oct 15 18:17:22 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241353,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1 249279,1249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249346,1249374,1249413,1249479,1249481,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,124998 8,1249990,1249993,1249994,1249997,1250002,1250004,1250006,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,125 0830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-5325 7,CVE-2023-53258,CVE-2023-53260,CVE-2023-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2 023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-384 66,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE- 2025-39681,CVE-2025-39682,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39 844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - Drop PCI patches that broke kdump capture boot (bsc#1246509) - Drop arm64 patches that may lead to module load failure (bsc#1250057) - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - Fix BPF selftests compilation error in bpf_iter.c (git-fixes) - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186) - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: Use Step repository for building Leap kernel bs-upload-kernel does not understand the Leap repository layout - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: drop kvm_x86_ops from kabi relevant symbols. - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source.spec: Depend on python3-base for build Both kernel-binary and kernel-docs already have this dependency. - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-35.1.21.12 updated - container:SL-Micro-base-container-2.2.1-5.39 updated From sle-container-updates at lists.suse.com Thu Oct 16 13:48:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 15:48:59 +0200 (CEST) Subject: SUSE-CU-2025:7384-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251016134859.D712AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7384-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.116 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.116 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241292 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249374 1249413 1249479 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3600-1 Released: Wed Oct 15 14:54:51 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1 249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249374,1249413,1249479,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,124999 4,1249997,1250002,1250004,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,125 0863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023 -53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428, CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-202 5-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39684 ,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-20 25-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs: Limit patch filenames to 100 characters (bsc#1249604). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). The following package changes have been done: - kernel-default-6.4.0-150600.23.73.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 14:21:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 16:21:16 +0200 (CEST) Subject: SUSE-CU-2025:7405-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251016142116.67EE8F778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7405-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.30 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.30 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150400.3.148.1 updated - zypper-1.14.94-150400.3.101.1 updated - container:sles15-ltss-image-15.4.0-2.73 updated From sle-container-updates at lists.suse.com Thu Oct 16 14:27:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 16:27:29 +0200 (CEST) Subject: SUSE-CU-2025:7409-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20251016142729.BC72FF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7409-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.184 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.184 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3592-1 Released: Mon Oct 13 15:34:03 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150200.174.1 updated - zypper-1.14.94-150200.126.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 14:33:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 16:33:48 +0200 (CEST) Subject: SUSE-CU-2025:7412-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20251016143348.E5CC5F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7412-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.186 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.186 Severity : important Type : recommended References : 1230267 1246912 1250343 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3592-1 Released: Mon Oct 13 15:34:03 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) The following package changes have been done: - libzypp-17.37.18-150200.174.1 updated - zypper-1.14.94-150200.126.1 updated From sle-container-updates at lists.suse.com Thu Oct 16 16:21:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 Oct 2025 18:21:31 +0200 (CEST) Subject: SUSE-CU-2025:7414-1: Recommended update of bci/kiwi Message-ID: <20251016162131.65932F778@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7414-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.1 , bci/kiwi:latest Container Release : 21.1 Severity : moderate Type : recommended References : 1251264 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) The following package changes have been done: - curl-8.14.1-150700.7.2.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:04:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:04:40 +0200 (CEST) Subject: SUSE-IU-2025:2864-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251017070440.DD36EF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2864-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.213 , suse/sle-micro/base-5.5:latest Image Release : 5.8.213 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:05:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:05:45 +0200 (CEST) Subject: SUSE-IU-2025:2865-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251017070545.44C55F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2865-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.407 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.407 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.213 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:07:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:07:21 +0200 (CEST) Subject: SUSE-IU-2025:2866-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251017070721.8B029F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2866-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.507 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.507 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.385 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:08:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:08:53 +0200 (CEST) Subject: SUSE-IU-2025:2867-1: Security update of suse/sle-micro/5.5 Message-ID: <20251017070853.1FE06F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2867-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.385 , suse/sle-micro/5.5:latest Image Release : 5.5.385 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.213 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:10:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:10:10 +0200 (CEST) Subject: SUSE-CU-2025:7420-1: Security update of private-registry/harbor-nginx Message-ID: <20251017071010.16B52F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7420-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.53 , private-registry/harbor-nginx:latest Container Release : 2.53 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:suse-sle15-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:10:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:10:14 +0200 (CEST) Subject: SUSE-CU-2025:7421-1: Security update of private-registry/harbor-portal Message-ID: <20251017071014.85275F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7421-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.19 , private-registry/harbor-portal:latest Container Release : 3.19 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:suse-sle15-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:10:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:10:18 +0200 (CEST) Subject: SUSE-CU-2025:7422-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20251017071018.AEFA1F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7422-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.52 , private-registry/harbor-trivy-adapter:latest Container Release : 2.52 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:suse-sle15-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:16:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:16:29 +0200 (CEST) Subject: SUSE-CU-2025:7424-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251017071629.C7687F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7424-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.195 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.195 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:19:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:19:27 +0200 (CEST) Subject: SUSE-CU-2025:7425-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251017071927.AE3B7F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7425-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.71 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.71 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:21:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:21:16 +0200 (CEST) Subject: SUSE-CU-2025:7426-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251017072116.865B5F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7426-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.195 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.195 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:22:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:22:58 +0200 (CEST) Subject: SUSE-CU-2025:7427-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20251017072258.17BC8F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7427-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.103 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.103 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:28:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:28:04 +0200 (CEST) Subject: SUSE-CU-2025:7428-1: Security update of bci/bci-init Message-ID: <20251017072804.75646F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7428-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.47.8 Container Release : 47.8 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:30:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:30:42 +0200 (CEST) Subject: SUSE-CU-2025:7430-1: Security update of bci/spack Message-ID: <20251017073042.736B0F783@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7430-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.66 Container Release : 11.66 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:30:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:30:41 +0200 (CEST) Subject: SUSE-CU-2025:7429-1: Recommended update of bci/spack Message-ID: <20251017073041.A61AFF778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7429-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.65 Container Release : 11.65 Severity : important Type : recommended References : 1240954 1245743 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3623-1 Released: Thu Oct 16 16:36:00 2025 Summary: Recommended update for sudo Type: recommended Severity: important References: 1240954,1245743 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. The following package changes have been done: - sudo-1.9.15p5-150600.3.12.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:32:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:32:32 +0200 (CEST) Subject: SUSE-CU-2025:7431-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251017073232.AF8FCF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7431-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.29 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.29 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:33:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:33:38 +0200 (CEST) Subject: SUSE-CU-2025:7432-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251017073338.474D6F778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7432-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.31 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.31 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:35:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:35:40 +0200 (CEST) Subject: SUSE-CU-2025:7434-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20251017073540.EEAFFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7434-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.24 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.24 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Fri Oct 17 07:36:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 Oct 2025 09:36:45 +0200 (CEST) Subject: SUSE-CU-2025:7435-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20251017073645.CD944F778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7435-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16 , suse/manager/4.3/proxy-tftpd:4.3.16.9.57.24 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.57.24 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:10:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:10:40 +0200 (CEST) Subject: SUSE-CU-2025:7438-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251018071040.1E573F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7438-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.72 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.72 Severity : important Type : security References : 1065729 1164051 1193629 1194869 1202700 1203063 1203332 1204228 1205128 1206456 1206468 1206883 1206884 1207158 1207621 1207624 1207625 1207628 1207629 1207631 1207645 1207651 1208607 1209287 1209291 1210584 1211960 1212603 1213015 1213016 1213040 1213041 1213061 1213099 1213104 1213666 1213747 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1220185 1220186 1236104 1238160 1241353 1242573 1242846 1242960 1243539 1244337 1244732 1245110 1245498 1245499 1245666 1245956 1246879 1246968 1247028 1247172 1247239 1247288 1247317 1248108 1248255 1248399 1248628 1248639 1248847 1249126 1249158 1249186 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249374 1249516 1249538 1249548 1249604 1249608 1249638 1249639 1249641 1249642 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249677 1249681 1249683 1249685 1249687 1249691 1249695 1249699 1249700 1249701 1249705 1249706 1249707 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249758 1249762 1249767 1249777 1249781 1249784 1249791 1249799 1249808 1249810 1249820 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249864 1249865 1249866 1249867 1249868 1249872 1249877 1249880 1249882 1249885 1249890 1249892 1249908 1249910 1249911 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249944 1249947 1249949 1249950 1249954 1249958 1249979 1249981 1249991 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250023 1250024 1250026 1250039 1250041 1250043 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250070 1250071 1250072 1250077 1250080 1250081 1250083 1250105 1250106 1250107 1250108 1250114 1250118 1250121 1250127 1250128 1250131 1250132 1250137 1250138 1250140 1250145 1250151 1250153 1250156 1250159 1250161 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250191 1250197 1250198 1250200 1250209 1250211 1250237 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250287 1250293 1250301 1250303 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250328 1250331 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250767 1250768 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250797 1250799 1250807 1250810 1250811 1250818 1250819 1250822 1250823 1250824 1250825 1250830 1250831 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250850 1250851 1250853 1250856 1250863 1250864 1250866 1250867 1250868 1250872 1250874 1250875 1250877 1250879 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250915 1250917 1250923 1250927 1250928 1250948 1250949 1250953 1250955 1250963 1250964 1250965 CVE-2022-2602 CVE-2022-2978 CVE-2022-36280 CVE-2022-43945 CVE-2022-49138 CVE-2022-49980 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50289 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50324 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50355 CVE-2022-50358 CVE-2022-50359 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50391 CVE-2022-50392 CVE-2022-50394 CVE-2022-50395 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50414 CVE-2022-50417 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50443 CVE-2022-50444 CVE-2022-50449 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53182 CVE-2023-53185 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53213 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53234 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53255 CVE-2023-53259 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53286 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53307 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53344 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53359 CVE-2023-53368 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53443 CVE-2023-53446 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53512 CVE-2023-53513 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2024-26583 CVE-2024-26584 CVE-2024-58240 CVE-2025-23155 CVE-2025-37738 CVE-2025-37885 CVE-2025-37958 CVE-2025-38014 CVE-2025-38084 CVE-2025-38085 CVE-2025-38111 CVE-2025-38184 CVE-2025-38380 CVE-2025-38470 CVE-2025-38476 CVE-2025-38488 CVE-2025-38553 CVE-2025-38572 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39797 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3628-1 Released: Fri Oct 17 13:34:30 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1206456,1206468,1206883,1206884,1207158,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213666,1213747,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1236104,1238160,1241353,1242573,1242846,1242960,1243539,1244337,1244732,1245110,1245498,1245499,1245666,1245956,1246879,1246968,1247028,1247172,1247239,1247288,1247317,1248108,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249608,1249638,1249639,1249641,1249642,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249699,1249700,1249701,1249705,1249706,1249707,1249709,1249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1 249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249758,1249762,1249767,1249777,1249781,1249784,1249791,1249799,1249808,1249810,1249820,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249864,1249865,1249866,1249867,1249868,1249872,1249877,1249880,1249882,1249885,1249890,1249892,1249908,1249910,1249911,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249944,1249947,1249949,1249950,1249954,1249958,1249979,1249981,1249991,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250023,1250024,1250026,1250039,1250041,1250043,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,1250066,1250070,1250071,1250072,1250077,1250080,1250081,1250083,1250105,1250106,1250107,1250108,1250114,1250118,1250121,1250127,1250128,1250131,1250132,1250137,1250138,1250140,1250145,1250151,1250153,1250156,1250159,1250161,125016 8,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250191,1250197,1250198,1250200,1250209,1250211,1250237,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250287,1250293,1250301,1250303,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250767,1250768,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250797,1250799,1250807,1250810,1250811,1250818,1250819,1250822,1250823,1250824,1250825,1250830,1250831,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250850,1250851,1250853,1250856,1250863,1250864,1250866,1250867,1250868,1250872,1250874,1250875,1250877,1250879,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250915,1250917,1250923,1250927,1250928,1250948,1250949,1250953,1250955,1250963,1250964,1250965,CVE-2022-26 02,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-49980,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50289,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50324,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50355,CVE-2022-50358,CVE-2 022-50359,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50391,CVE-2022-50392,CVE-2022-50394,CVE-2022-50395,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50414,CVE-2022-50417,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50443,CVE-2022-50444,CVE-2022-50449,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197 ,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53153,CVE-2023-53165,CVE-2023-53167,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53182,CVE-2023-53185,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53213,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53234,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53255,CVE-2023-53259,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53286,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2023-53305,CVE-2023-53307,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-20 23-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53344,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53359,CVE-2023-53368,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53443,CVE-2023-53446,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-5347 4,CVE-2023-53475,CVE-2023-53476,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53512,CVE-2023-53513,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-23155,CVE-2025-37738,CVE-2025-37885,CVE-2025-37958,CVE-2025-38014,CVE-2025-38084,CVE-2025-38085,CVE-2025-38111,CVE-2025-38184,CVE-2025-38380,CVE-2025-38470,CVE-2025-38476,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39797,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer. - Revert backported patches for bsc#1238160 because the CVSS less than 7.0 - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158). - build_bug.h: Add KABI assert (bsc#1249186). - kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers. - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - use uniform permission checks for all mount propagation changes (git-fixes). The following package changes have been done: - kernel-default-5.14.21-150400.24.179.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:14:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:14:20 +0200 (CEST) Subject: SUSE-IU-2025:2910-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251018071420.773C9F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2910-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.18 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.18 Severity : important Type : security References : 1240764 1250373 1250692 CVE-2025-41244 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 307 Released: Fri Oct 17 14:04:35 2025 Summary: Security update for open-vm-tools Type: security Severity: important References: 1240764,1250373,1250692,CVE-2025-41244 This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. (bsc#1250692): Please refer to the Release Notes at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue. This release resolves and includes the patch for CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use 'systemctl reboot', if available. For a more complete list of issues addressed in this release, see the What's New and Resolved Issues section of the Release Notes. The following package changes have been done: - libvmtools0-13.0.5-slfo.1.1_1.1 updated - open-vm-tools-13.0.5-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.40 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:26:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:26:09 +0200 (CEST) Subject: SUSE-CU-2025:7448-1: Security update of bci/kiwi Message-ID: <20251018072609.5257DF778@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7448-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.2 , bci/kiwi:latest Container Release : 21.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:26:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:26:20 +0200 (CEST) Subject: SUSE-CU-2025:7449-1: Security update of suse/samba-client Message-ID: <20251018072620.4AFD1F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7449-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-66.2 , suse/samba-client:latest Container Release : 66.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:26:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:26:30 +0200 (CEST) Subject: SUSE-CU-2025:7450-1: Security update of suse/samba-server Message-ID: <20251018072630.E6E19F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7450-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-66.2 , suse/samba-server:latest Container Release : 66.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:26:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:26:41 +0200 (CEST) Subject: SUSE-CU-2025:7451-1: Security update of suse/samba-toolbox Message-ID: <20251018072641.2795AF778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7451-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-66.2 , suse/samba-toolbox:latest Container Release : 66.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:28:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:28:22 +0200 (CEST) Subject: SUSE-CU-2025:7452-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251018072822.075CFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7452-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16 , suse/manager/4.3/proxy-httpd:4.3.16.9.67.30 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.67.30 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:sles15-ltss-image-15.4.0-4.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:29:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:29:27 +0200 (CEST) Subject: SUSE-CU-2025:7453-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251018072927.42B3DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7453-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.32 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.57.32 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:sles15-ltss-image-15.4.0-4.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:30:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:30:27 +0200 (CEST) Subject: SUSE-CU-2025:7455-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20251018073027.27A9CF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7455-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16 , suse/manager/4.3/proxy-squid:4.3.16.9.66.26 , suse/manager/4.3/proxy-squid:latest Container Release : 9.66.26 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:sles15-ltss-image-15.4.0-4.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:31:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:31:29 +0200 (CEST) Subject: SUSE-CU-2025:7456-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20251018073129.EA607F778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7456-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16 , suse/manager/4.3/proxy-ssh:4.3.16.9.57.25 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.57.25 Severity : moderate Type : security References : 1232234 1246221 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.86.1 updated - container:sles15-ltss-image-15.4.0-4.1 updated From sle-container-updates at lists.suse.com Mon Oct 20 14:02:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 20 Oct 2025 16:02:17 +0200 (CEST) Subject: SUSE-CU-2025:7461-1: Recommended update of suse/git Message-ID: <20251020140217.0E94FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7461-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-63.1 , suse/git:latest Container Release : 63.1 Severity : moderate Type : recommended References : 1251264 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) The following package changes have been done: - libcurl4-8.14.1-150700.7.2.1 updated - container:suse-sle15-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated From sle-container-updates at lists.suse.com Tue Oct 21 07:11:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 09:11:33 +0200 (CEST) Subject: SUSE-IU-2025:3093-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251021071133.48CB4F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3093-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.19 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.19 Severity : important Type : security References : 1219276 1223903 1239749 1241205 1242011 1246974 1247286 1247495 1248158 1249375 CVE-2022-48622 CVE-2024-40635 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 310 Released: Mon Oct 20 18:26:21 2025 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1219276,1223903,1241205,1242011,1247286,1247495,1248158,CVE-2022-48622 This update for aaa_base fixes the following issues: Update to version 84.87+git20250903.33e5ba4: * Correct fix for bsc#1247495 (bsc#1248158) Update to version 84.87+git20250805.3069494: * Remove initviocons for tcsh as well and * Update csh.login * Add missing quoting and remove unneeded uses of eval Update to version 84.87+git20250801.f305627: * Remove sysconfig.language [bsc#1247286] Update to version 84.87+git20250801.b2fa3fe: * Allow /etc/locale.conf to have no newline Update to version 84.87+git20250429.1cad3bc: * Remove alias 'you' (bsc#1242011) Update to version 84.87+git20250425.1664836: * alias.bash: future-proof egrep/fgrep color aliases Update to version 84.87+git20250410.71df276: * Modern s390x uses TERM=linux for ttysclp Update to version 84.87+git20250313.4dd1cfd: * DIR_COLORS: add backup and temporary file extensions * DIR_COLORS: sort audio formats * DIR_COLORS: use cyan for audio formats instead of green * DIR_COLORS: add 'avif' to image formats * DIR_COLORS: add updated and sorted list of archive formats * DIR_COLORS: don't colour DOS/Windows executables * DIR_COLORS: update existing colours and add missing ones * DIR_COLORS: add COLORTERM and 'st' terminal * DIR_COLORS: update file description * DIR_COLORS: sort TERM entries * DIR_COLORS: remove COLOR, OPTIONS and EIGHTBIT Update to version 84.87+git20250313.e71c2f4: * Respect PROFILEREAD/CSHRCREAD at shell switch * Modernize specfile * Add safety quotes and proper escaping * Avoid bashisms in build recipe * Add setup-systemd-proxy-env * profile.{sh,csh}: Drop useless proxy variables cleanup Update to version 84.87+git20250102.c08e614: * Load distrobox_profile.sh ----------------------------------------------------------------- Advisory ID: 309 Released: Mon Oct 20 18:31:36 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1239749,1246974,1249375,CVE-2024-40635,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange (KEX) process (bsc#1246974) - CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange (bsc#1249375) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.61 updated - aaa_base-84.87+git20250903.33e5ba4-slfo.1.1_1.1 updated - libssh-config-0.10.6-slfo.1.1_3.1 updated - libssh4-0.10.6-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.1-5.41 updated From sle-container-updates at lists.suse.com Tue Oct 21 07:12:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 09:12:14 +0200 (CEST) Subject: SUSE-IU-2025:3094-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251021071214.4E60EF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3094-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.41 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.41 Severity : important Type : security References : 1219276 1223903 1239749 1241205 1242011 1246974 1247286 1247495 1248158 1249375 CVE-2022-48622 CVE-2024-40635 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 310 Released: Mon Oct 20 18:26:21 2025 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1219276,1223903,1241205,1242011,1247286,1247495,1248158,CVE-2022-48622 This update for aaa_base fixes the following issues: Update to version 84.87+git20250903.33e5ba4: * Correct fix for bsc#1247495 (bsc#1248158) Update to version 84.87+git20250805.3069494: * Remove initviocons for tcsh as well and * Update csh.login * Add missing quoting and remove unneeded uses of eval Update to version 84.87+git20250801.f305627: * Remove sysconfig.language [bsc#1247286] Update to version 84.87+git20250801.b2fa3fe: * Allow /etc/locale.conf to have no newline Update to version 84.87+git20250429.1cad3bc: * Remove alias 'you' (bsc#1242011) Update to version 84.87+git20250425.1664836: * alias.bash: future-proof egrep/fgrep color aliases Update to version 84.87+git20250410.71df276: * Modern s390x uses TERM=linux for ttysclp Update to version 84.87+git20250313.4dd1cfd: * DIR_COLORS: add backup and temporary file extensions * DIR_COLORS: sort audio formats * DIR_COLORS: use cyan for audio formats instead of green * DIR_COLORS: add 'avif' to image formats * DIR_COLORS: add updated and sorted list of archive formats * DIR_COLORS: don't colour DOS/Windows executables * DIR_COLORS: update existing colours and add missing ones * DIR_COLORS: add COLORTERM and 'st' terminal * DIR_COLORS: update file description * DIR_COLORS: sort TERM entries * DIR_COLORS: remove COLOR, OPTIONS and EIGHTBIT Update to version 84.87+git20250313.e71c2f4: * Respect PROFILEREAD/CSHRCREAD at shell switch * Modernize specfile * Add safety quotes and proper escaping * Avoid bashisms in build recipe * Add setup-systemd-proxy-env * profile.{sh,csh}: Drop useless proxy variables cleanup Update to version 84.87+git20250102.c08e614: * Load distrobox_profile.sh ----------------------------------------------------------------- Advisory ID: 309 Released: Mon Oct 20 18:31:36 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1239749,1246974,1249375,CVE-2024-40635,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange (KEX) process (bsc#1246974) - CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange (bsc#1249375) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.61 updated - aaa_base-84.87+git20250903.33e5ba4-slfo.1.1_1.1 updated - libssh-config-0.10.6-slfo.1.1_3.1 updated - libssh4-0.10.6-slfo.1.1_3.1 updated - container:suse-toolbox-image-1.0.0-4.78 updated From sle-container-updates at lists.suse.com Tue Oct 21 07:13:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 09:13:02 +0200 (CEST) Subject: SUSE-IU-2025:3095-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251021071302.ADB26F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3095-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.44 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.44 Severity : important Type : security References : 1219276 1223903 1239749 1241205 1242011 1246974 1247286 1247495 1248158 1249375 CVE-2022-48622 CVE-2024-40635 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 310 Released: Mon Oct 20 18:26:21 2025 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1219276,1223903,1241205,1242011,1247286,1247495,1248158,CVE-2022-48622 This update for aaa_base fixes the following issues: Update to version 84.87+git20250903.33e5ba4: * Correct fix for bsc#1247495 (bsc#1248158) Update to version 84.87+git20250805.3069494: * Remove initviocons for tcsh as well and * Update csh.login * Add missing quoting and remove unneeded uses of eval Update to version 84.87+git20250801.f305627: * Remove sysconfig.language [bsc#1247286] Update to version 84.87+git20250801.b2fa3fe: * Allow /etc/locale.conf to have no newline Update to version 84.87+git20250429.1cad3bc: * Remove alias 'you' (bsc#1242011) Update to version 84.87+git20250425.1664836: * alias.bash: future-proof egrep/fgrep color aliases Update to version 84.87+git20250410.71df276: * Modern s390x uses TERM=linux for ttysclp Update to version 84.87+git20250313.4dd1cfd: * DIR_COLORS: add backup and temporary file extensions * DIR_COLORS: sort audio formats * DIR_COLORS: use cyan for audio formats instead of green * DIR_COLORS: add 'avif' to image formats * DIR_COLORS: add updated and sorted list of archive formats * DIR_COLORS: don't colour DOS/Windows executables * DIR_COLORS: update existing colours and add missing ones * DIR_COLORS: add COLORTERM and 'st' terminal * DIR_COLORS: update file description * DIR_COLORS: sort TERM entries * DIR_COLORS: remove COLOR, OPTIONS and EIGHTBIT Update to version 84.87+git20250313.e71c2f4: * Respect PROFILEREAD/CSHRCREAD at shell switch * Modernize specfile * Add safety quotes and proper escaping * Avoid bashisms in build recipe * Add setup-systemd-proxy-env * profile.{sh,csh}: Drop useless proxy variables cleanup Update to version 84.87+git20250102.c08e614: * Load distrobox_profile.sh ----------------------------------------------------------------- Advisory ID: 309 Released: Mon Oct 20 18:31:36 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1239749,1246974,1249375,CVE-2024-40635,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange (KEX) process (bsc#1246974) - CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange (bsc#1249375) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.61 updated - aaa_base-84.87+git20250903.33e5ba4-slfo.1.1_1.1 updated - libssh-config-0.10.6-slfo.1.1_3.1 updated - libssh4-0.10.6-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.1-5.41 updated From sle-container-updates at lists.suse.com Tue Oct 21 07:13:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 09:13:48 +0200 (CEST) Subject: SUSE-IU-2025:3096-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251021071348.D1270F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3096-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.32 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.32 Severity : important Type : security References : 1219276 1223903 1239749 1241205 1242011 1246974 1247286 1247495 1248158 1249375 CVE-2022-48622 CVE-2024-40635 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 310 Released: Mon Oct 20 18:26:21 2025 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1219276,1223903,1241205,1242011,1247286,1247495,1248158,CVE-2022-48622 This update for aaa_base fixes the following issues: Update to version 84.87+git20250903.33e5ba4: * Correct fix for bsc#1247495 (bsc#1248158) Update to version 84.87+git20250805.3069494: * Remove initviocons for tcsh as well and * Update csh.login * Add missing quoting and remove unneeded uses of eval Update to version 84.87+git20250801.f305627: * Remove sysconfig.language [bsc#1247286] Update to version 84.87+git20250801.b2fa3fe: * Allow /etc/locale.conf to have no newline Update to version 84.87+git20250429.1cad3bc: * Remove alias 'you' (bsc#1242011) Update to version 84.87+git20250425.1664836: * alias.bash: future-proof egrep/fgrep color aliases Update to version 84.87+git20250410.71df276: * Modern s390x uses TERM=linux for ttysclp Update to version 84.87+git20250313.4dd1cfd: * DIR_COLORS: add backup and temporary file extensions * DIR_COLORS: sort audio formats * DIR_COLORS: use cyan for audio formats instead of green * DIR_COLORS: add 'avif' to image formats * DIR_COLORS: add updated and sorted list of archive formats * DIR_COLORS: don't colour DOS/Windows executables * DIR_COLORS: update existing colours and add missing ones * DIR_COLORS: add COLORTERM and 'st' terminal * DIR_COLORS: update file description * DIR_COLORS: sort TERM entries * DIR_COLORS: remove COLOR, OPTIONS and EIGHTBIT Update to version 84.87+git20250313.e71c2f4: * Respect PROFILEREAD/CSHRCREAD at shell switch * Modernize specfile * Add safety quotes and proper escaping * Avoid bashisms in build recipe * Add setup-systemd-proxy-env * profile.{sh,csh}: Drop useless proxy variables cleanup Update to version 84.87+git20250102.c08e614: * Load distrobox_profile.sh ----------------------------------------------------------------- Advisory ID: 309 Released: Mon Oct 20 18:31:36 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1239749,1246974,1249375,CVE-2024-40635,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange (KEX) process (bsc#1246974) - CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange (bsc#1249375) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.61 updated - aaa_base-84.87+git20250903.33e5ba4-slfo.1.1_1.1 updated - libssh-config-0.10.6-slfo.1.1_3.1 updated - libssh4-0.10.6-slfo.1.1_3.1 updated - container:SL-Micro-container-2.2.1-7.19 updated From sle-container-updates at lists.suse.com Tue Oct 21 10:47:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 12:47:05 +0200 (CEST) Subject: SUSE-CU-2025:7492-1: Security update of bci/rust Message-ID: <20251021104705.60677F780@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7492-1 Container Tags : bci/rust:1.89 , bci/rust:1.89.0 , bci/rust:1.89.0-2.2.1 , bci/rust:oldstable , bci/rust:oldstable-2.2.1 Container Release : 2.1 Severity : important Type : security References : 1250232 1250232 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3047-1 Released: Tue Sep 2 15:50:24 2025 Summary: Recommended update for rust, rust1.89 Type: recommended Severity: moderate References: This update for rust, rust1.89 fixes the following issues: This update ships rust1.89: Version 1.89.0 (2025-08-07) ========================== ## Language - Stabilize explicitly inferred const arguments (`feature(generic_arg_infer)`) - Add a warn-by-default `mismatched_lifetime_syntaxes` lint. This lint detects when the same lifetime is referred to by different syntax categories between function arguments and return values, which can be confusing to read, especially in unsafe code. This lint supersedes the warn-by-default `elided_named_lifetimes` lint. - Expand `unpredictable_function_pointer_comparisons` to also lint on function pointer comparisons in external macros - Make the `dangerous_implicit_autorefs` lint deny-by-default - Stabilize the avx512 target features - Stabilize `kl` and `widekl` target features for x86 - Stabilize `sha512`, `sm3` and `sm4` target features for x86 - Stabilize LoongArch target features `f`, `d`, `frecipe`, `lasx`, `lbt`, `lsx`, and `lvz` - Remove `i128` and `u128` from `improper_ctypes_definitions` - Stabilize `repr128` (`#[repr(u128)]`, `#[repr(i128)]`) - Allow `#![doc(test(attr(..)))]` everywhere - Extend temporary lifetime extension to also go through tuple struct and tuple variant constructors - `extern 'C'` functions on the `wasm32-unknown-unknown` target now have a standards compliant ABI https://blog.rust-lang.org/2025/04/04/c-abi-changes-for-wasm32-unknown-unknown/ ## Compiler - Default to non-leaf frame pointers on aarch64-linux - Enable non-leaf frame pointers for Arm64EC Windows - Set Apple frame pointers by architecture ## Platform Support - Add new Tier-3 targets `loongarch32-unknown-none` and `loongarch32-unknown-none-softfloat` - `x86_64-apple-darwin` is in the process of being demoted to Tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. [platform-support-doc]: https://doc.rust-lang.org/rustc/platform-support.html ## Libraries - Specify the base path for `file!` - Allow storing `format_args!()` in a variable - Add `#[must_use]` to `[T; N]::map` - Implement `DerefMut` for `Lazy{Cell,Lock}` - Implement `Default` for `array::IntoIter` - Implement `Clone` for `slice::ChunkBy` - Implement `io::Seek` for `io::Take` ## Stabilized APIs - `NonZero` https://doc.rust-lang.org/stable/std/num/struct.NonZero.html - Many intrinsics for x86, not enumerated here - [AVX512 intrinsics - [`SHA512`, `SM3` and `SM4` intrinsics - `File::lock` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.lock - `File::lock_shared` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.lock_shared - `File::try_lock` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.try_lock - `File::try_lock_shared` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.try_lock_shared - `File::unlock` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.unlock - `NonNull::from_ref` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.from_ref - `NonNull::from_mut` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.from_mut - `NonNull::without_provenance` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.without_provenance - `NonNull::with_exposed_provenance` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.with_exposed_provenance - `NonNull::expose_provenance` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.expose_provenance - `OsString::leak` https://doc.rust-lang.org/stable/std/ffi/struct.OsString.html#method.leak - `PathBuf::leak` https://doc.rust-lang.org/stable/std/path/struct.PathBuf.html#method.leak - `Result::flatten` https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.flatten - `std::os::linux::net::TcpStreamExt::quickack` https://doc.rust-lang.org/stable/std/os/linux/net/trait.TcpStreamExt.html#tymethod.quickack - `std::os::linux::net::TcpStreamExt::set_quickack` https://doc.rust-lang.org/stable/std/os/linux/net/trait.TcpStreamExt.html#tymethod.set_quickack These previously stable APIs are now stable in const contexts: - `<[T; N]>::as_mut_slice` https://doc.rust-lang.org/stable/std/primitive.array.html#method.as_mut_slice - `<[u8]>::eq_ignore_ascii_case` https://doc.rust-lang.org/stable/std/primitive.slice.html#impl-%5Bu8%5D/method.eq_ignore_ascii_case - `str::eq_ignore_ascii_case` https://doc.rust-lang.org/stable/std/primitive.str.html#impl-str/method.eq_ignore_ascii_case ## Cargo - `cargo fix` and `cargo clippy --fix` now default to the same Cargo target selection as other build commands. Previously it would apply to all targets (like binaries, examples, tests, etc.). The `--edition` flag still applies to all targets. - Stabilize doctest-xcompile. Doctests are now tested when cross-compiling. Just like other tests, it will use the [`runner` setting https://doc.rust-lang.org/cargo/reference/config.html#targettriplerunner to run the tests. If you need to disable tests for a target, you can use the ignore doctest attribute https://doc.rust-lang.org/rustdoc/write-documentation/documentation-tests.html#ignoring-targets to specify the targets to ignore. ## Rustdoc - On mobile, make the sidebar full width and linewrap. This makes long section and item names much easier to deal with on mobile. ## Compatibility Notes - Make `missing_fragment_specifier` an unconditional error - Enabling the `neon` target feature on `aarch64-unknown-none-softfloat` causes a warning because mixing code with and without that target feature is not properly supported by LLVM - Sized Hierarchy: Part I - Introduces a small breaking change affecting `?Sized` bounds on impls on recursive types which contain associated type projections. It is not expected to affect any existing published crates. Can be fixed by refactoring the involved types or opting into the `sized_hierarchy` unstable feature. See the FCP report for a code example. - The warn-by-default `elided_named_lifetimes` lint is [superseded by the warn-by-default `mismatched_lifetime_syntaxes` lint. - Error on recursive opaque types earlier in the type checker - Type inference side effects from requiring element types of array repeat expressions are `Copy` are now only available at the end of type checking - The deprecated accidentally-stable `std::intrinsics::{copy,copy_nonoverlapping,write_bytes}` are now proper intrinsics. There are no debug assertions guarding against UB, and they cannot be coerced to function pointers. - Remove long-deprecated `std::intrinsics::drop_in_place` - Make well-formedness predicates no longer coinductive - Remove hack when checking impl method compatibility - Remove unnecessary type inference due to built-in trait object impls - Lint against 'stdcall', 'fastcall', and 'cdecl' on non-x86-32 targets - Future incompatibility warnings relating to the never type (`!`) are now reported in dependencies - Ensure `std::ptr::copy_*` intrinsics also perform the static self-init checks - `extern 'C'` functions on the `wasm32-unknown-unknown` target now have a standards compliant ABI https://blog.rust-lang.org/2025/04/04/c-abi-changes-for-wasm32-unknown-unknown/ ## Internal Changes These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Correctly un-remap compiler sources paths with the `rustc-dev` component ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl3-3.2.3-150700.5.21.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - rust1.89-1.89.0-150300.7.3.1 added - cargo1.89-1.89.0-150300.7.3.1 added - container:registry.suse.com-bci-bci-base-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated - cargo1.88-1.88.0-150300.7.3.2 removed - rust1.88-1.88.0-150300.7.3.2 removed From sle-container-updates at lists.suse.com Tue Oct 21 10:47:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 12:47:36 +0200 (CEST) Subject: SUSE-CU-2025:7493-1: Security update of bci/rust Message-ID: <20251021104736.422C4F780@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7493-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : important Type : security References : 1242170 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3678-1 Released: Mon Oct 20 10:47:02 2025 Summary: Recommended update for rust, rust1.90 Type: recommended Severity: moderate References: 1242170 This update for rust, rust1.90 fixes the following issues: Version 1.90.0 (2025-09-18) =========================== # Language - Split up the `unknown_or_malformed_diagnostic_attributes` lint. This lint has been split up into four finer-grained lints, with `unknown_or_malformed_diagnostic_attributes` now being the lint group that contains these lints: 1. `unknown_diagnostic_attributes`: unknown to the current compiler 2. `misplaced_diagnostic_attributes`: placed on the wrong item 3. `malformed_diagnostic_attributes`: malformed attribute syntax or options 4. `malformed_diagnostic_format_literals`: malformed format string literal - Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns - Allow volatile access to non-Rust memory, including address 0 # Compiler - Use `lld` by default on `x86_64-unknown-linux-gnu` - Tier 3 `musl` targets now link dynamically by default. Affected targets: - `mips64-unknown-linux-muslabi64` - `powerpc64-unknown-linux-musl` - `powerpc-unknown-linux-musl` - `powerpc-unknown-linux-muslspe` - `riscv32gc-unknown-linux-musl` - `s390x-unknown-linux-musl` - `thumbv7neon-unknown-linux-musleabihf` # Platform Support - Demote `x86_64-apple-darwin` to Tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. # Libraries - Stabilize `u*::{checked,overflowing,saturating,wrapping}_sub_signed` - Allow comparisons between `CStr`, `CString`, and `Cow` - Remove some unsized tuple impls since unsized tuples can't be constructed - Set `MSG_NOSIGNAL` for `UnixStream` - `proc_macro::Ident::new` now supports `$crate`. - Guarantee the pointer returned from `Thread::into_raw` has at least 8 bytes of alignment # Stabilized APIs - `u{n}::checked_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.checked_sub_signed - `u{n}::overflowing_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.overflowing_sub_signed - `u{n}::saturating_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.saturating_sub_signed - `u{n}::wrapping_sub_signed` https://doc.rust-lang.org/stable/std/primitive.usize.html#method.wrapping_sub_signed) - `impl Copy for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Copy-for-IntErrorKind - `impl Hash for IntErrorKind` https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Hash-for-IntErrorKind - `impl PartialEq<&CStr> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3C%26CStr%3E-for-CStr - `impl PartialEq for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCString%3E-for-CStr - `impl PartialEq> for CStr` https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CStr - `impl PartialEq<&CStr> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3C%26CStr%3E-for-CString - `impl PartialEq for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCStr%3E-for-CString - `impl PartialEq> for CString` https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CString - `impl PartialEq<&CStr> for Cow` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3C%26CStr%3E-for-Cow%3C'_,+CStr%3E - `impl PartialEq for Cow` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCStr%3E-for-Cow%3C'_,+CStr%3E - `impl PartialEq for Cow` https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCString%3E-for-Cow%3C'_,+CStr%3E These previously stable APIs are now stable in const contexts: - `<[T]>::reverse` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.reverse - `f32::floor` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.floor - `f32::ceil` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.ceil - `f32::trunc` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.trunc - `f32::fract` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.fract - `f32::round` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round - `f32::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even - `f64::floor` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.floor - `f64::ceil` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.ceil - `f64::trunc` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.trunc - `f64::fract` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.fract - `f64::round` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round - `f64::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even # Cargo - Add `http.proxy-cainfo` config for proxy certs - Use `gix` for `cargo package` - feat(publish): Stabilize multi-package publishing # Rustdoc - Add ways to collapse all impl blocks. Previously the 'Summary' button and '-' keyboard shortcut would never collapse `impl` blocks, now they do when shift is held - Display unsafe attributes with `unsafe()` wrappers # Compatibility Notes - Use `lld` by default on `x86_64-unknown-linux-gnu` See also . - Make `core::iter::Fuse`'s `Default` impl construct `I::default()` internally as promised in the docs instead of always being empty - Set `MSG_NOSIGNAL` for `UnixStream` This may change program behavior but results in the same behavior as other primitives (e.g., stdout, network sockets). Programs relying on signals to terminate them should update handling of sockets to handle errors on write by exiting. - On Unix `std::env::home_dir` will use the fallback if the `HOME` environment variable is empty - We now reject unsupported `extern '{abi}'`s consistently in all positions. This primarily affects the use of implementing traits on an `extern '{abi}'` function pointer, like `extern 'stdcall' fn()`, on a platform that doesn't support that, like aarch64-unknown-linux-gnu. Direct usage of these unsupported ABI strings by declaring or defining functions was already rejected, so this is only a change for consistency. - const-eval: error when initializing a static writes to that static - Check that the `proc_macro_derive` macro has correct arguments when applied to the crate root The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - cpp14-14.3.0+git11799-150000.1.11.1 added - gcc14-14.3.0+git11799-150000.1.11.1 added - rust1.90-1.90.0-150300.7.5.1 added - cargo1.90-1.90.0-150300.7.5.1 added - cargo1.89-1.89.0-150300.7.3.1 removed - cpp13-13.3.1+git9426-150000.1.18.1 removed - gcc13-13.3.1+git9426-150000.1.18.1 removed - rust1.89-1.89.0-150300.7.3.1 removed From sle-container-updates at lists.suse.com Wed Oct 22 07:07:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 22 Oct 2025 09:07:43 +0200 (CEST) Subject: SUSE-CU-2025:7495-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20251022070743.C8391F780@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7495-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.146 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.146 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3698-1 Released: Tue Oct 21 12:07:20 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.16.3-46.21.1 updated From sle-container-updates at lists.suse.com Sat Oct 18 07:15:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 Oct 2025 09:15:00 +0200 (CEST) Subject: SUSE-IU-2025:2911-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251018071500.28FFFF778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:2911-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.40 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.40 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229163 1229164 1229165 1230062 1230840 1231591 1232411 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1234958 1234959 1236316 1236317 1236897 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237449 1237776 1240324 1241166 1241292 1241353 1241866 1242971 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247242 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249140 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249413 1249479 1249481 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250006 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-49504 CVE-2024-56737 CVE-2024-56738 CVE-2024-58090 CVE-2024-58240 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 CVE-2025-4382 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-159 Released: Wed Oct 15 18:17:22 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241353,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1 249279,1249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249346,1249374,1249413,1249479,1249481,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,124998 8,1249990,1249993,1249994,1249997,1250002,1250004,1250006,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,125 0830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-5325 7,CVE-2023-53258,CVE-2023-53260,CVE-2023-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2 023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-384 66,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE- 2025-39681,CVE-2025-39682,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39 844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - Drop PCI patches that broke kdump capture boot (bsc#1246509) - Drop arm64 patches that may lead to module load failure (bsc#1250057) - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - Fix BPF selftests compilation error in bpf_iter.c (git-fixes) - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186) - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: Use Step repository for building Leap kernel bs-upload-kernel does not understand the Leap repository layout - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: drop kvm_x86_ops from kabi relevant symbols. - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source.spec: Depend on python3-base for build Both kernel-binary and kernel-docs already have this dependency. - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). ----------------------------------------------------------------- Advisory ID: 308 Released: Fri Oct 17 14:05:21 2025 Summary: Security update for grub2 Type: security Severity: important References: 1229163,1229164,1230840,1231591,1232411,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1234959,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,1242971,1247242,1249140,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2024-56738,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125,CVE-2025-4382 This update for grub2 fixes the following issues: - Fix error: /boot/grub2/x86_64-efi/bli.mod not found (bsc#1231591) - Fix OOM error in loading loopback file (bsc#1230840) (bsc#1249140) - Update the patch to fix 'SRK not matched' errors when unsealing the key (bsc#1232411) (bsc#1247242) Security fixes for 2024: - Bump upstream SBAT generation to 5 - CVE-2024-45774: Fixed heap overflows in JPEG parser (bsc#1233609) - CVE-2024-45775: Fixed missing NULL check in extcmd parser (bsc#1233610) - CVE-2024-45776: Fixed overflow in .MO file (gettext) handling (bsc#1233612) - CVE-2024-45777: Fixed integer overflow in gettext (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem not fuzzing stable (bsc#1233606) - CVE-2024-45779: Fixed bfs heap overflow (bsc#1233608) - CVE-2024-45780: Fixed overflow in tar/cpio (bsc#1233614) - CVE-2024-45781: Fixed ufs strcpy overflow(bsc#1233617) - CVE-2024-45782: Fixed hfs strcpy overflow (bsc#1233615) - CVE-2024-45783: Fixed hfsplus refcount overflow (bsc#1233616) - CVE-2024-49504: Fixed bypassing TPM-bound disk encryption on SL(E)M encrypted Images (bsc#1229163) (bsc#1229164) - CVE-2024-56737: Fixed heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem (bsc#1234958) - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) - CVE-2025-0622: Fixed command/gpg use-after-free due to hooks not being removed on module unload (bsc#1236317) - CVE-2025-0624: Fixed net Out-of-bounds write in grub_net_search_config_file() (bsc#1236316) - CVE-2025-0677: Fixed UFS integer overflow may lead to heap based out-of-bounds write when handling symlinks (bsc#1237002) - CVE-2025-0678: Fixed squash4 Integer overflow may lead to heap based out-of-bounds write when reading data (bsc#1237006) - CVE-2025-0684: Fixed reiserfs Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237008) - CVE-2025-0685: Fixed jfs Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237009) - CVE-2025-0686: Fixed romfs Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237010) - CVE-2025-0689: Fixed udf heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution (bsc#1237011) - CVE-2025-0690: Fixed 'read' integer overflow may lead to out-of-bounds write (bsc#1237012) - CVE-2025-1118: Fixed commands/dump The dump command is not in lockdown when secure boot is enabled (bsc#1237013) - CVE-2025-1125: Fixed fs/hfs interger overflow may lead to heap based out-of-bounds write (bsc#1237014) - CVE-2025-4382: Fixed TPM auto-decryption data exposure (bsc#1242971) - Restrict CLI access if the encrypted root device is automatically unlocked by the TPM. LUKS password authentication is required for access to be granted The following package changes have been done: - grub2-2.12-slfo.1.1_2.1 updated - grub2-i386-pc-2.12-slfo.1.1_2.1 updated - grub2-x86_64-efi-2.12-slfo.1.1_2.1 updated - kernel-default-6.4.0-35.1 updated From sle-container-updates at lists.suse.com Tue Oct 21 07:03:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 09:03:06 +0200 (CEST) Subject: SUSE-IU-2025:3086-1: Security update of suse-sles-15-sp6-chost-byos-v20251016-x86_64-gen2 Message-ID: <20251021070306.CB748F780@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20251016-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3086-1 Image Tags : suse-sles-15-sp6-chost-byos-v20251016-x86_64-gen2:20251016 Image Release : Severity : critical Type : security References : 1012628 1012628 1194869 1212476 1213061 1213545 1213666 1214073 1214928 1214953 1215150 1215199 1215696 1216436 1216976 1217885 1218644 1220186 1220419 1221858 1222323 1229165 1230062 1230267 1230557 1230649 1230708 1232089 1233120 1233421 1234156 1236897 1237449 1237595 1237776 1240324 1240708 1240890 1240954 1241166 1241292 1241353 1241866 1242034 1242754 1242960 1243005 1243100 1243112 1244154 1244734 1244930 1245193 1245260 1245663 1245700 1245710 1245743 1245767 1245780 1245815 1245956 1245973 1245977 1246005 1246012 1246057 1246125 1246181 1246190 1246193 1246248 1246298 1246509 1246602 1246604 1246782 1246912 1246974 1247057 1247078 1247099 1247112 1247116 1247118 1247119 1247126 1247136 1247137 1247155 1247162 1247167 1247223 1247229 1247239 1247243 1247262 1247280 1247313 1247442 1247483 1247500 1247712 1247819 1247938 1247939 1247963 1247976 1248088 1248108 1248111 1248121 1248164 1248166 1248178 1248179 1248180 1248183 1248186 1248192 1248194 1248196 1248198 1248199 1248200 1248202 1248205 1248206 1248208 1248209 1248212 1248213 1248214 1248216 1248217 1248223 1248225 1248227 1248228 1248229 1248240 1248255 1248296 1248297 1248306 1248312 1248333 1248334 1248337 1248338 1248340 1248341 1248343 1248345 1248349 1248350 1248354 1248355 1248357 1248360 1248361 1248363 1248365 1248368 1248374 1248377 1248378 1248380 1248386 1248390 1248392 1248395 1248399 1248401 1248511 1248512 1248573 1248575 1248577 1248609 1248610 1248614 1248617 1248619 1248621 1248622 1248626 1248628 1248634 1248636 1248639 1248643 1248647 1248648 1248652 1248655 1248660 1248666 1248669 1248674 1248681 1248733 1248734 1248735 1248746 1248748 1248775 1248847 1249022 1249088 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249375 1249413 1249479 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249584 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250232 1250232 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250343 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 1251279 1251280 CVE-2023-31248 CVE-2023-3772 CVE-2023-3867 CVE-2023-39197 CVE-2023-4130 CVE-2023-42753 CVE-2023-4515 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-26661 CVE-2024-46733 CVE-2024-49996 CVE-2024-52615 CVE-2024-53125 CVE-2024-58090 CVE-2024-58238 CVE-2024-58239 CVE-2024-58240 CVE-2025-10230 CVE-2025-22022 CVE-2025-37885 CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38119 CVE-2025-38125 CVE-2025-38146 CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38234 CVE-2025-38245 CVE-2025-38251 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38360 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38439 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445 CVE-2025-38456 CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38472 CVE-2025-38488 CVE-2025-38490 CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38510 CVE-2025-38512 CVE-2025-38513 CVE-2025-38514 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38544 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38556 CVE-2025-38560 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38574 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38584 CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38590 CVE-2025-38591 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38614 CVE-2025-38616 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38644 CVE-2025-38645 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38659 CVE-2025-38660 CVE-2025-38663 CVE-2025-38664 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-59375 CVE-2025-8114 CVE-2025-8277 CVE-2025-9230 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20251016-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3301-1 Released: Tue Sep 23 11:05:09 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1213545,1215199,1221858,1222323,1230557,1230708,1232089,1233120,1234156,1240708,1240890,1241353,1242034,1242754,1242960,1244734,1244930,1245663,1245710,1245767,1245780,1245815,1245956,1245973,1245977,1246005,1246012,1246181,1246193,1247057,1247078,1247112,1247116,1247119,1247155,1247162,1247167,1247229,1247243,1247280,1247313,1247712,1247976,1248088,1248108,1248164,1248166,1248178,1248179,1248180,1248183,1248186,1248194,1248196,1248198,1248205,1248206,1248208,1248209,1248212,1248213,1248214,1248216,1248217,1248223,1248227,1248228,1248229,1248240,1248255,1248297,1248306,1248312,1248333,1248337,1248338,1248340,1248341,1248345,1248349,1248350,1248354,1248355,1248361,1248363,1248368,1248374,1248377,1248386,1248390,1248395,1248399,1248401,1248511,1248573,1248575,1248577,1248609,1248614,1248617,1248621,1248636,1248643,1248648,1248652,1248655,1248666,1248669,1248746,1248748,1249022,1249346,CVE-2023-3867,CVE-2023-4130,CVE-2023-4515,CVE-2024-26661,CVE-2024-46733,CVE-2024- 49996,CVE-2024-53125,CVE-2024-58238,CVE-2024-58239,CVE-2025-37885,CVE-2025-38006,CVE-2025-38075,CVE-2025-38103,CVE-2025-38125,CVE-2025-38146,CVE-2025-38160,CVE-2025-38184,CVE-2025-38185,CVE-2025-38190,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38245,CVE-2025-38251,CVE-2025-38360,CVE-2025-38439,CVE-2025-38441,CVE-2025-38444,CVE-2025-38445,CVE-2025-38458,CVE-2025-38459,CVE-2025-38464,CVE-2025-38472,CVE-2025-38490,CVE-2025-38491,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38510,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38524,CVE-2025-38528,CVE-2025-38529,CVE-2025-38530,CVE-2025-38531,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38546,CVE-2025-38548,CVE-2025-38550,CVE-2025-38553,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,C VE-2025-38585,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38617,CVE-2025-38618,CVE-2025-38621,CVE-2025-38624,CVE-2025-38630,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38644,CVE-2025-38646,CVE-2025-38650,CVE-2025-38656,CVE-2025-38663,CVE-2025-38665,CVE-2025-38670,CVE-2025-38671 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes) - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708) - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3304-1 Released: Tue Sep 23 11:10:15 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (nfs): set correct ownership of rpc.statd state directories (bsc#1217885) - perf (nfs): remove references to old rpcbind state dir - fix (nfs): libnfsidmap plugins not added in some distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3333-1 Released: Wed Sep 24 08:55:10 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3334-1 Released: Wed Sep 24 08:56:48 2025 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1212476,1244154 This update for hyper-v fixes the following issues: - fcopy bugfix - Fix irregularities with size of ring buffer - Fix incorrect file path conversion - Enable debug logs for hv_kvp_daemon (bsc#1244154). - Update route parsing in kvp daemon - Remove obsolete obsolete code for SLE11SP2 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476). - Use %patch -P N instead of deprecated %patchN. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3372-1 Released: Fri Sep 26 13:42:10 2025 Summary: Recommended update for iproute2 Type: recommended Severity: important References: 1243005,1248660 This update for iproute2 fixes the following issues: - add post-6.4 follow-up fixes (bsc#1243005) - sync UAPI header copies with SLE15-SP6 kernel - devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3431-1 Released: Tue Sep 30 15:51:12 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3487-1 Released: Wed Oct 8 08:17:19 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1249088 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3600-1 Released: Wed Oct 15 14:54:51 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1 249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249374,1249413,1249479,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,124999 4,1249997,1250002,1250004,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,125 0863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023 -53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428, CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-202 5-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39684 ,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-20 25-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs: Limit patch filenames to 100 characters (bsc#1249604). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3612-1 Released: Thu Oct 16 06:04:17 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3623-1 Released: Thu Oct 16 16:36:00 2025 Summary: Recommended update for sudo Type: recommended Severity: important References: 1240954,1245743 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - bind-utils-9.18.33-150600.3.9.1 updated - dracut-059+suse.562.geca59f6b-150600.3.23.1 updated - grub2-i386-pc-2.12-150600.8.37.1 updated - grub2-x86_64-efi-2.12-150600.8.37.1 updated - grub2-2.12-150600.8.37.1 updated - hyper-v-9-150200.14.12.2 updated - iproute2-6.4-150600.7.9.1 updated - kernel-default-6.4.0-150600.23.73.1 updated - libavahi-client3-0.8-150600.15.9.1 updated - libavahi-common3-0.8-150600.15.9.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libwayland-client0-1.22.0-150600.1.6 added - libzypp-17.37.18-150600.3.82.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - samba-client-libs-4.19.8+git.435.78ced6cf30d-150600.3.21.1 updated - sudo-1.9.15p5-150600.3.12.1 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - vim-9.1.1629-150500.20.33.1 updated - zypper-1.14.94-150600.10.52.1 updated From sle-container-updates at lists.suse.com Tue Oct 21 07:03:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 Oct 2025 09:03:29 +0200 (CEST) Subject: SUSE-IU-2025:3087-1: Security update of sles-15-sp6-chost-byos-v20251016-arm64 Message-ID: <20251021070329.607FBF780@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20251016-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3087-1 Image Tags : sles-15-sp6-chost-byos-v20251016-arm64:20251016 Image Release : Severity : critical Type : security References : 1012628 1012628 1194869 1213061 1213545 1213666 1214073 1214928 1214953 1215150 1215199 1215696 1216436 1216976 1217885 1218644 1220186 1220419 1221858 1222323 1229165 1230062 1230267 1230557 1230649 1230708 1232089 1233120 1233421 1234156 1236897 1237449 1237595 1237776 1240324 1240708 1240890 1240954 1241166 1241292 1241353 1241866 1242034 1242754 1242960 1243005 1243100 1243112 1244734 1244930 1245193 1245260 1245663 1245700 1245710 1245743 1245767 1245780 1245815 1245956 1245973 1245977 1246005 1246012 1246057 1246125 1246181 1246190 1246193 1246248 1246298 1246509 1246602 1246604 1246782 1246912 1246974 1247057 1247078 1247099 1247112 1247116 1247118 1247119 1247126 1247136 1247137 1247155 1247162 1247167 1247223 1247229 1247239 1247243 1247262 1247280 1247313 1247442 1247483 1247500 1247712 1247819 1247938 1247939 1247963 1247976 1248088 1248108 1248111 1248121 1248164 1248166 1248178 1248179 1248180 1248183 1248186 1248192 1248194 1248196 1248198 1248199 1248200 1248202 1248205 1248206 1248208 1248209 1248212 1248213 1248214 1248216 1248217 1248223 1248225 1248227 1248228 1248229 1248240 1248255 1248296 1248297 1248306 1248312 1248333 1248334 1248337 1248338 1248340 1248341 1248343 1248345 1248349 1248350 1248354 1248355 1248357 1248360 1248361 1248363 1248365 1248368 1248374 1248377 1248378 1248380 1248386 1248390 1248392 1248395 1248399 1248401 1248511 1248512 1248573 1248575 1248577 1248609 1248610 1248614 1248617 1248619 1248621 1248622 1248626 1248628 1248634 1248636 1248639 1248643 1248647 1248648 1248652 1248655 1248660 1248666 1248669 1248674 1248681 1248733 1248734 1248735 1248746 1248748 1248775 1248847 1249022 1249088 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249375 1249413 1249479 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249584 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250232 1250232 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250343 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 1251279 1251280 CVE-2023-31248 CVE-2023-3772 CVE-2023-3867 CVE-2023-39197 CVE-2023-4130 CVE-2023-42753 CVE-2023-4515 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-26661 CVE-2024-46733 CVE-2024-49996 CVE-2024-52615 CVE-2024-53125 CVE-2024-58090 CVE-2024-58238 CVE-2024-58239 CVE-2024-58240 CVE-2025-10230 CVE-2025-22022 CVE-2025-37885 CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38119 CVE-2025-38125 CVE-2025-38146 CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38234 CVE-2025-38245 CVE-2025-38251 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38360 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38439 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445 CVE-2025-38456 CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38472 CVE-2025-38488 CVE-2025-38490 CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38510 CVE-2025-38512 CVE-2025-38513 CVE-2025-38514 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38544 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38556 CVE-2025-38560 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38574 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38584 CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38590 CVE-2025-38591 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38614 CVE-2025-38616 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38644 CVE-2025-38645 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38659 CVE-2025-38660 CVE-2025-38663 CVE-2025-38664 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-59375 CVE-2025-8114 CVE-2025-8277 CVE-2025-9230 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20251016-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3301-1 Released: Tue Sep 23 11:05:09 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1213545,1215199,1221858,1222323,1230557,1230708,1232089,1233120,1234156,1240708,1240890,1241353,1242034,1242754,1242960,1244734,1244930,1245663,1245710,1245767,1245780,1245815,1245956,1245973,1245977,1246005,1246012,1246181,1246193,1247057,1247078,1247112,1247116,1247119,1247155,1247162,1247167,1247229,1247243,1247280,1247313,1247712,1247976,1248088,1248108,1248164,1248166,1248178,1248179,1248180,1248183,1248186,1248194,1248196,1248198,1248205,1248206,1248208,1248209,1248212,1248213,1248214,1248216,1248217,1248223,1248227,1248228,1248229,1248240,1248255,1248297,1248306,1248312,1248333,1248337,1248338,1248340,1248341,1248345,1248349,1248350,1248354,1248355,1248361,1248363,1248368,1248374,1248377,1248386,1248390,1248395,1248399,1248401,1248511,1248573,1248575,1248577,1248609,1248614,1248617,1248621,1248636,1248643,1248648,1248652,1248655,1248666,1248669,1248746,1248748,1249022,1249346,CVE-2023-3867,CVE-2023-4130,CVE-2023-4515,CVE-2024-26661,CVE-2024-46733,CVE-2024- 49996,CVE-2024-53125,CVE-2024-58238,CVE-2024-58239,CVE-2025-37885,CVE-2025-38006,CVE-2025-38075,CVE-2025-38103,CVE-2025-38125,CVE-2025-38146,CVE-2025-38160,CVE-2025-38184,CVE-2025-38185,CVE-2025-38190,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38245,CVE-2025-38251,CVE-2025-38360,CVE-2025-38439,CVE-2025-38441,CVE-2025-38444,CVE-2025-38445,CVE-2025-38458,CVE-2025-38459,CVE-2025-38464,CVE-2025-38472,CVE-2025-38490,CVE-2025-38491,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38510,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38524,CVE-2025-38528,CVE-2025-38529,CVE-2025-38530,CVE-2025-38531,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38546,CVE-2025-38548,CVE-2025-38550,CVE-2025-38553,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,C VE-2025-38585,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38617,CVE-2025-38618,CVE-2025-38621,CVE-2025-38624,CVE-2025-38630,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38644,CVE-2025-38646,CVE-2025-38650,CVE-2025-38656,CVE-2025-38663,CVE-2025-38665,CVE-2025-38670,CVE-2025-38671 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes) - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708) - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3304-1 Released: Tue Sep 23 11:10:15 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (nfs): set correct ownership of rpc.statd state directories (bsc#1217885) - perf (nfs): remove references to old rpcbind state dir - fix (nfs): libnfsidmap plugins not added in some distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3333-1 Released: Wed Sep 24 08:55:10 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3372-1 Released: Fri Sep 26 13:42:10 2025 Summary: Recommended update for iproute2 Type: recommended Severity: important References: 1243005,1248660 This update for iproute2 fixes the following issues: - add post-6.4 follow-up fixes (bsc#1243005) - sync UAPI header copies with SLE15-SP6 kernel - devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3431-1 Released: Tue Sep 30 15:51:12 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3487-1 Released: Wed Oct 8 08:17:19 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1249088 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3600-1 Released: Wed Oct 15 14:54:51 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1 249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249374,1249413,1249479,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,124999 4,1249997,1250002,1250004,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,125 0863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023 -53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428, CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-202 5-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39684 ,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-20 25-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs: Limit patch filenames to 100 characters (bsc#1249604). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3612-1 Released: Thu Oct 16 06:04:17 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3623-1 Released: Thu Oct 16 16:36:00 2025 Summary: Recommended update for sudo Type: recommended Severity: important References: 1240954,1245743 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - bind-utils-9.18.33-150600.3.9.1 updated - dracut-059+suse.562.geca59f6b-150600.3.23.1 updated - grub2-i386-pc-2.12-150600.8.37.1 updated - grub2-x86_64-efi-2.12-150600.8.37.1 updated - grub2-2.12-150600.8.37.1 updated - iproute2-6.4-150600.7.9.1 updated - kernel-default-6.4.0-150600.23.73.1 updated - libavahi-client3-0.8-150600.15.9.1 updated - libavahi-common3-0.8-150600.15.9.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libwayland-client0-1.22.0-150600.1.6 added - libzypp-17.37.18-150600.3.82.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - samba-client-libs-4.19.8+git.435.78ced6cf30d-150600.3.21.1 updated - sudo-1.9.15p5-150600.3.12.1 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - vim-9.1.1629-150500.20.33.1 updated - zypper-1.14.94-150600.10.52.1 updated From sle-container-updates at lists.suse.com Wed Oct 22 07:02:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 22 Oct 2025 09:02:59 +0200 (CEST) Subject: SUSE-IU-2025:3147-1: Security update of suse-sles-15-sp6-chost-byos-v20251016-hvm-ssd-x86_64 Message-ID: <20251022070259.A94ABF780@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20251016-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3147-1 Image Tags : suse-sles-15-sp6-chost-byos-v20251016-hvm-ssd-x86_64:20251016 Image Release : Severity : critical Type : security References : 1012628 1012628 1194869 1213061 1213545 1213666 1214073 1214928 1214953 1215150 1215199 1215696 1216436 1216976 1217885 1218644 1220186 1220419 1221858 1222323 1229165 1230062 1230267 1230557 1230649 1230708 1232089 1233120 1233421 1234156 1236897 1237449 1237595 1237776 1240324 1240708 1240890 1240954 1241166 1241292 1241353 1241866 1242034 1242754 1242960 1243005 1243100 1243112 1244734 1244930 1245193 1245260 1245663 1245700 1245710 1245743 1245767 1245780 1245815 1245956 1245973 1245977 1246005 1246012 1246057 1246125 1246181 1246190 1246193 1246248 1246298 1246509 1246602 1246604 1246782 1246912 1246974 1247057 1247078 1247099 1247112 1247116 1247118 1247119 1247126 1247136 1247137 1247155 1247162 1247167 1247223 1247229 1247239 1247243 1247262 1247280 1247313 1247442 1247483 1247500 1247712 1247819 1247938 1247939 1247963 1247976 1248088 1248108 1248111 1248121 1248164 1248166 1248178 1248179 1248180 1248183 1248186 1248192 1248194 1248196 1248198 1248199 1248200 1248202 1248205 1248206 1248208 1248209 1248212 1248213 1248214 1248216 1248217 1248223 1248225 1248227 1248228 1248229 1248240 1248255 1248296 1248297 1248306 1248312 1248333 1248334 1248337 1248338 1248340 1248341 1248343 1248345 1248349 1248350 1248354 1248355 1248357 1248360 1248361 1248363 1248365 1248368 1248374 1248377 1248378 1248380 1248386 1248390 1248392 1248395 1248399 1248401 1248511 1248512 1248573 1248575 1248577 1248609 1248610 1248614 1248617 1248619 1248621 1248622 1248626 1248628 1248634 1248636 1248639 1248643 1248647 1248648 1248652 1248655 1248660 1248666 1248669 1248674 1248681 1248733 1248734 1248735 1248746 1248748 1248775 1248847 1249022 1249088 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249375 1249413 1249479 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249584 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250232 1250232 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250343 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 1251279 1251280 CVE-2023-31248 CVE-2023-3772 CVE-2023-3867 CVE-2023-39197 CVE-2023-4130 CVE-2023-42753 CVE-2023-4515 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-26661 CVE-2024-46733 CVE-2024-49996 CVE-2024-52615 CVE-2024-53125 CVE-2024-58090 CVE-2024-58238 CVE-2024-58239 CVE-2024-58240 CVE-2025-10230 CVE-2025-22022 CVE-2025-37885 CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38119 CVE-2025-38125 CVE-2025-38146 CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38234 CVE-2025-38245 CVE-2025-38251 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38360 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38439 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445 CVE-2025-38456 CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38472 CVE-2025-38488 CVE-2025-38490 CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38510 CVE-2025-38512 CVE-2025-38513 CVE-2025-38514 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38544 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38556 CVE-2025-38560 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38574 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38584 CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38590 CVE-2025-38591 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38614 CVE-2025-38616 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38644 CVE-2025-38645 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38659 CVE-2025-38660 CVE-2025-38663 CVE-2025-38664 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-59375 CVE-2025-8114 CVE-2025-8277 CVE-2025-9230 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20251016-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3301-1 Released: Tue Sep 23 11:05:09 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1213545,1215199,1221858,1222323,1230557,1230708,1232089,1233120,1234156,1240708,1240890,1241353,1242034,1242754,1242960,1244734,1244930,1245663,1245710,1245767,1245780,1245815,1245956,1245973,1245977,1246005,1246012,1246181,1246193,1247057,1247078,1247112,1247116,1247119,1247155,1247162,1247167,1247229,1247243,1247280,1247313,1247712,1247976,1248088,1248108,1248164,1248166,1248178,1248179,1248180,1248183,1248186,1248194,1248196,1248198,1248205,1248206,1248208,1248209,1248212,1248213,1248214,1248216,1248217,1248223,1248227,1248228,1248229,1248240,1248255,1248297,1248306,1248312,1248333,1248337,1248338,1248340,1248341,1248345,1248349,1248350,1248354,1248355,1248361,1248363,1248368,1248374,1248377,1248386,1248390,1248395,1248399,1248401,1248511,1248573,1248575,1248577,1248609,1248614,1248617,1248621,1248636,1248643,1248648,1248652,1248655,1248666,1248669,1248746,1248748,1249022,1249346,CVE-2023-3867,CVE-2023-4130,CVE-2023-4515,CVE-2024-26661,CVE-2024-46733,CVE-2024- 49996,CVE-2024-53125,CVE-2024-58238,CVE-2024-58239,CVE-2025-37885,CVE-2025-38006,CVE-2025-38075,CVE-2025-38103,CVE-2025-38125,CVE-2025-38146,CVE-2025-38160,CVE-2025-38184,CVE-2025-38185,CVE-2025-38190,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38245,CVE-2025-38251,CVE-2025-38360,CVE-2025-38439,CVE-2025-38441,CVE-2025-38444,CVE-2025-38445,CVE-2025-38458,CVE-2025-38459,CVE-2025-38464,CVE-2025-38472,CVE-2025-38490,CVE-2025-38491,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38510,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38524,CVE-2025-38528,CVE-2025-38529,CVE-2025-38530,CVE-2025-38531,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38546,CVE-2025-38548,CVE-2025-38550,CVE-2025-38553,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,C VE-2025-38585,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38617,CVE-2025-38618,CVE-2025-38621,CVE-2025-38624,CVE-2025-38630,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38644,CVE-2025-38646,CVE-2025-38650,CVE-2025-38656,CVE-2025-38663,CVE-2025-38665,CVE-2025-38670,CVE-2025-38671 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes) - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708) - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3304-1 Released: Tue Sep 23 11:10:15 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project - fix (nfs): set correct ownership of rpc.statd state directories (bsc#1217885) - perf (nfs): remove references to old rpcbind state dir - fix (nfs): libnfsidmap plugins not added in some distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3333-1 Released: Wed Sep 24 08:55:10 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3372-1 Released: Fri Sep 26 13:42:10 2025 Summary: Recommended update for iproute2 Type: recommended Severity: important References: 1243005,1248660 This update for iproute2 fixes the following issues: - add post-6.4 follow-up fixes (bsc#1243005) - sync UAPI header copies with SLE15-SP6 kernel - devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3431-1 Released: Tue Sep 30 15:51:12 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3487-1 Released: Wed Oct 8 08:17:19 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1249088 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3600-1 Released: Wed Oct 15 14:54:51 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1 249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249374,1249413,1249479,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,124999 4,1249997,1250002,1250004,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,125 0863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023 -53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428, CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-202 5-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39684 ,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-20 25-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs: Limit patch filenames to 100 characters (bsc#1249604). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3612-1 Released: Thu Oct 16 06:04:17 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3623-1 Released: Thu Oct 16 16:36:00 2025 Summary: Recommended update for sudo Type: recommended Severity: important References: 1240954,1245743 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - bind-utils-9.18.33-150600.3.9.1 updated - dracut-059+suse.562.geca59f6b-150600.3.23.1 updated - grub2-i386-pc-2.12-150600.8.37.1 updated - grub2-x86_64-efi-2.12-150600.8.37.1 updated - grub2-x86_64-xen-2.12-150600.8.37.1 updated - grub2-2.12-150600.8.37.1 updated - iproute2-6.4-150600.7.9.1 updated - kernel-default-6.4.0-150600.23.73.1 updated - libavahi-client3-0.8-150600.15.9.1 updated - libavahi-common3-0.8-150600.15.9.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libwayland-client0-1.22.0-150600.1.6 added - libzypp-17.37.18-150600.3.82.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - samba-client-libs-4.19.8+git.435.78ced6cf30d-150600.3.21.1 updated - sudo-1.9.15p5-150600.3.12.1 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - vim-9.1.1629-150500.20.33.1 updated - zypper-1.14.94-150600.10.52.1 updated From sle-container-updates at lists.suse.com Thu Oct 23 07:10:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 Oct 2025 09:10:58 +0200 (CEST) Subject: SUSE-CU-2025:7502-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251023071058.3D018F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7502-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.74 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.74 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3729-1 Released: Wed Oct 22 15:19:26 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.19.2-150400.3.18.1 updated From sle-container-updates at lists.suse.com Thu Oct 23 07:16:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 Oct 2025 09:16:57 +0200 (CEST) Subject: SUSE-IU-2025:3161-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251023071657.631E2F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3161-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.20 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.20 Severity : important Type : security References : 1236217 1240764 1242715 1249584 1250232 CVE-2017-14992 CVE-2017-9232 CVE-2019-11243 CVE-2019-15119 CVE-2023-32198 CVE-2024-22031 CVE-2025-1386 CVE-2025-22871 CVE-2025-22872 CVE-2025-22873 CVE-2025-23390 CVE-2025-2424 CVE-2025-24358 CVE-2025-2475 CVE-2025-24839 CVE-2025-24866 CVE-2025-2564 CVE-2025-27538 CVE-2025-27571 CVE-2025-27936 CVE-2025-30204 CVE-2025-30206 CVE-2025-30215 CVE-2025-31363 CVE-2025-31483 CVE-2025-31489 CVE-2025-32024 CVE-2025-32025 CVE-2025-32093 CVE-2025-32386 CVE-2025-32387 CVE-2025-32431 CVE-2025-32445 CVE-2025-32777 CVE-2025-32793 CVE-2025-32963 CVE-2025-35965 CVE-2025-3801 CVE-2025-3879 CVE-2025-41395 CVE-2025-41423 CVE-2025-4166 CVE-2025-4210 CVE-2025-43970 CVE-2025-43971 CVE-2025-43972 CVE-2025-43973 CVE-2025-46327 CVE-2025-46342 CVE-2025-46569 CVE-2025-46599 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 316 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1236217,1240764,1242715,1250232,CVE-2025-22873,CVE-2025-9230 This update for openssl-3 fixes the following issues: Security issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - Disable LTO for userspace livepatching [jsc#PED-13245] ----------------------------------------------------------------- Advisory ID: 315 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2017-14992,CVE-2017-9232,CVE-2019-11243,CVE-2019-15119,CVE-2023-32198,CVE-2024-22031,CVE-2025-1386,CVE-2025-22871,CVE-2025-22872,CVE-2025-23390,CVE-2025-2424,CVE-2025-24358,CVE-2025-2475,CVE-2025-24839,CVE-2025-24866,CVE-2025-2564,CVE-2025-27538,CVE-2025-27571,CVE-2025-27936,CVE-2025-30204,CVE-2025-30206,CVE-2025-30215,CVE-2025-31363,CVE-2025-31483,CVE-2025-31489,CVE-2025-32024,CVE-2025-32025,CVE-2025-32093,CVE-2025-32386,CVE-2025-32387,CVE-2025-32431,CVE-2025-32445,CVE-2025-32777,CVE-2025-32793,CVE-2025-32963,CVE-2025-35965,CVE-2025-3801,CVE-2025-3879,CVE-2025-41395,CVE-2025-41423,CVE-2025-4166,CVE-2025-4210,CVE-2025-43970,CVE-2025-43971,CVE-2025-43972,CVE-2025-43973,CVE-2025-46327,CVE-2025-46342,CVE-2025-46569,CVE-2025-46599,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_7.1 updated - SL-Micro-release-6.1-slfo.1.11.62 updated - container:SL-Micro-base-container-2.2.1-5.43 updated From sle-container-updates at lists.suse.com Thu Oct 23 07:17:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 Oct 2025 09:17:42 +0200 (CEST) Subject: SUSE-IU-2025:3162-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251023071742.95C9CF778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3162-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.43 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.43 Severity : important Type : security References : 1236217 1240764 1242715 1249584 1250232 CVE-2017-14992 CVE-2017-9232 CVE-2019-11243 CVE-2019-15119 CVE-2023-32198 CVE-2024-22031 CVE-2025-1386 CVE-2025-22871 CVE-2025-22872 CVE-2025-22873 CVE-2025-23390 CVE-2025-2424 CVE-2025-24358 CVE-2025-2475 CVE-2025-24839 CVE-2025-24866 CVE-2025-2564 CVE-2025-27538 CVE-2025-27571 CVE-2025-27936 CVE-2025-30204 CVE-2025-30206 CVE-2025-30215 CVE-2025-31363 CVE-2025-31483 CVE-2025-31489 CVE-2025-32024 CVE-2025-32025 CVE-2025-32093 CVE-2025-32386 CVE-2025-32387 CVE-2025-32431 CVE-2025-32445 CVE-2025-32777 CVE-2025-32793 CVE-2025-32963 CVE-2025-35965 CVE-2025-3801 CVE-2025-3879 CVE-2025-41395 CVE-2025-41423 CVE-2025-4166 CVE-2025-4210 CVE-2025-43970 CVE-2025-43971 CVE-2025-43972 CVE-2025-43973 CVE-2025-46327 CVE-2025-46342 CVE-2025-46569 CVE-2025-46599 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 316 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1236217,1240764,1242715,1250232,CVE-2025-22873,CVE-2025-9230 This update for openssl-3 fixes the following issues: Security issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - Disable LTO for userspace livepatching [jsc#PED-13245] ----------------------------------------------------------------- Advisory ID: 315 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2017-14992,CVE-2017-9232,CVE-2019-11243,CVE-2019-15119,CVE-2023-32198,CVE-2024-22031,CVE-2025-1386,CVE-2025-22871,CVE-2025-22872,CVE-2025-23390,CVE-2025-2424,CVE-2025-24358,CVE-2025-2475,CVE-2025-24839,CVE-2025-24866,CVE-2025-2564,CVE-2025-27538,CVE-2025-27571,CVE-2025-27936,CVE-2025-30204,CVE-2025-30206,CVE-2025-30215,CVE-2025-31363,CVE-2025-31483,CVE-2025-31489,CVE-2025-32024,CVE-2025-32025,CVE-2025-32093,CVE-2025-32386,CVE-2025-32387,CVE-2025-32431,CVE-2025-32445,CVE-2025-32777,CVE-2025-32793,CVE-2025-32963,CVE-2025-35965,CVE-2025-3801,CVE-2025-3879,CVE-2025-41395,CVE-2025-41423,CVE-2025-4166,CVE-2025-4210,CVE-2025-43970,CVE-2025-43971,CVE-2025-43972,CVE-2025-43973,CVE-2025-46327,CVE-2025-46342,CVE-2025-46569,CVE-2025-46599,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_7.1 updated - SL-Micro-release-6.1-slfo.1.11.62 updated - openssl-3-3.1.4-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-4.80 updated From sle-container-updates at lists.suse.com Thu Oct 23 07:18:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 Oct 2025 09:18:28 +0200 (CEST) Subject: SUSE-IU-2025:3163-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251023071828.2E845F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3163-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.45 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.45 Severity : important Type : security References : 1236217 1240764 1242715 1249584 1250232 CVE-2017-14992 CVE-2017-9232 CVE-2019-11243 CVE-2019-15119 CVE-2023-32198 CVE-2024-22031 CVE-2025-1386 CVE-2025-22871 CVE-2025-22872 CVE-2025-22873 CVE-2025-23390 CVE-2025-2424 CVE-2025-24358 CVE-2025-2475 CVE-2025-24839 CVE-2025-24866 CVE-2025-2564 CVE-2025-27538 CVE-2025-27571 CVE-2025-27936 CVE-2025-30204 CVE-2025-30206 CVE-2025-30215 CVE-2025-31363 CVE-2025-31483 CVE-2025-31489 CVE-2025-32024 CVE-2025-32025 CVE-2025-32093 CVE-2025-32386 CVE-2025-32387 CVE-2025-32431 CVE-2025-32445 CVE-2025-32777 CVE-2025-32793 CVE-2025-32963 CVE-2025-35965 CVE-2025-3801 CVE-2025-3879 CVE-2025-41395 CVE-2025-41423 CVE-2025-4166 CVE-2025-4210 CVE-2025-43970 CVE-2025-43971 CVE-2025-43972 CVE-2025-43973 CVE-2025-46327 CVE-2025-46342 CVE-2025-46569 CVE-2025-46599 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 315 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2017-14992,CVE-2017-9232,CVE-2019-11243,CVE-2019-15119,CVE-2023-32198,CVE-2024-22031,CVE-2025-1386,CVE-2025-22871,CVE-2025-22872,CVE-2025-23390,CVE-2025-2424,CVE-2025-24358,CVE-2025-2475,CVE-2025-24839,CVE-2025-24866,CVE-2025-2564,CVE-2025-27538,CVE-2025-27571,CVE-2025-27936,CVE-2025-30204,CVE-2025-30206,CVE-2025-30215,CVE-2025-31363,CVE-2025-31483,CVE-2025-31489,CVE-2025-32024,CVE-2025-32025,CVE-2025-32093,CVE-2025-32386,CVE-2025-32387,CVE-2025-32431,CVE-2025-32445,CVE-2025-32777,CVE-2025-32793,CVE-2025-32963,CVE-2025-35965,CVE-2025-3801,CVE-2025-3879,CVE-2025-41395,CVE-2025-41423,CVE-2025-4166,CVE-2025-4210,CVE-2025-43970,CVE-2025-43971,CVE-2025-43972,CVE-2025-43973,CVE-2025-46327,CVE-2025-46342,CVE-2025-46569,CVE-2025-46599,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: 316 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1236217,1240764,1242715,1250232,CVE-2025-22873,CVE-2025-9230 This update for openssl-3 fixes the following issues: Security issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - Disable LTO for userspace livepatching [jsc#PED-13245] The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_7.1 updated - SL-Micro-release-6.1-slfo.1.11.62 updated - container:SL-Micro-base-container-2.2.1-5.43 updated From sle-container-updates at lists.suse.com Thu Oct 23 07:19:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 Oct 2025 09:19:12 +0200 (CEST) Subject: SUSE-IU-2025:3164-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251023071912.F2819F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3164-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.33 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.33 Severity : important Type : security References : 1236217 1240764 1242715 1249584 1250232 CVE-2017-14992 CVE-2017-9232 CVE-2019-11243 CVE-2019-15119 CVE-2023-32198 CVE-2024-22031 CVE-2025-1386 CVE-2025-22871 CVE-2025-22872 CVE-2025-22873 CVE-2025-23390 CVE-2025-2424 CVE-2025-24358 CVE-2025-2475 CVE-2025-24839 CVE-2025-24866 CVE-2025-2564 CVE-2025-27538 CVE-2025-27571 CVE-2025-27936 CVE-2025-30204 CVE-2025-30206 CVE-2025-30215 CVE-2025-31363 CVE-2025-31483 CVE-2025-31489 CVE-2025-32024 CVE-2025-32025 CVE-2025-32093 CVE-2025-32386 CVE-2025-32387 CVE-2025-32431 CVE-2025-32445 CVE-2025-32777 CVE-2025-32793 CVE-2025-32963 CVE-2025-35965 CVE-2025-3801 CVE-2025-3879 CVE-2025-41395 CVE-2025-41423 CVE-2025-4166 CVE-2025-4210 CVE-2025-43970 CVE-2025-43971 CVE-2025-43972 CVE-2025-43973 CVE-2025-46327 CVE-2025-46342 CVE-2025-46569 CVE-2025-46599 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 316 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1236217,1240764,1242715,1250232,CVE-2025-22873,CVE-2025-9230 This update for openssl-3 fixes the following issues: Security issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - Disable LTO for userspace livepatching [jsc#PED-13245] ----------------------------------------------------------------- Advisory ID: 315 Released: Wed Oct 22 14:12:39 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2017-14992,CVE-2017-9232,CVE-2019-11243,CVE-2019-15119,CVE-2023-32198,CVE-2024-22031,CVE-2025-1386,CVE-2025-22871,CVE-2025-22872,CVE-2025-23390,CVE-2025-2424,CVE-2025-24358,CVE-2025-2475,CVE-2025-24839,CVE-2025-24866,CVE-2025-2564,CVE-2025-27538,CVE-2025-27571,CVE-2025-27936,CVE-2025-30204,CVE-2025-30206,CVE-2025-30215,CVE-2025-31363,CVE-2025-31483,CVE-2025-31489,CVE-2025-32024,CVE-2025-32025,CVE-2025-32093,CVE-2025-32386,CVE-2025-32387,CVE-2025-32431,CVE-2025-32445,CVE-2025-32777,CVE-2025-32793,CVE-2025-32963,CVE-2025-35965,CVE-2025-3801,CVE-2025-3879,CVE-2025-41395,CVE-2025-41423,CVE-2025-4166,CVE-2025-4210,CVE-2025-43970,CVE-2025-43971,CVE-2025-43972,CVE-2025-43973,CVE-2025-46327,CVE-2025-46342,CVE-2025-46569,CVE-2025-46599,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_3.1 updated - libopenssl3-3.1.4-slfo.1.1_7.1 updated - SL-Micro-release-6.1-slfo.1.11.62 updated - container:SL-Micro-container-2.2.1-7.20 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:04:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:04:42 +0200 (CEST) Subject: SUSE-CU-2025:7516-1: Security update of containers/milvus Message-ID: <20251024070442.59A3FF783@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7516-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.197 Container Release : 7.197 Severity : important Type : security References : 1228260 1232234 1236589 1240058 1241219 1243397 1243706 1243933 1246197 1246197 1246221 1246965 1246974 1247144 1247148 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1250232 CVE-2024-10041 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-3576 CVE-2025-4947 CVE-2025-5025 CVE-2025-5399 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libtbb12-2022.2.0-150600.1.1 updated - libbrotlienc1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libcurl4-8.14.1-150600.4.28.1 updated - pam-1.3.0-150000.6.86.1 updated - librdkafka1-2.3.0-150600.1.11 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.14 updated - aws-sdk-cpp-libs-1.11.412-150600.1.14 updated - milvus-cppcpu-2.4.6-150600.2.3 updated - milvus-2.4.6-150600.2.13 updated - container:registry.suse.com-bci-bci-base-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:06:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:06:00 +0200 (CEST) Subject: SUSE-CU-2025:7517-1: Security update of containers/ollama Message-ID: <20251024070600.B8857F780@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7517-1 Container Tags : containers/ollama:0 , containers/ollama:0.11.4 , containers/ollama:0.11.4-10.79 Container Release : 10.79 Severity : important Type : security References : 1232234 1240058 1241219 1246221 1246965 1247144 1247148 1250232 CVE-2024-10041 CVE-2025-3576 CVE-2025-8058 CVE-2025-9230 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - cuda-cccl-12-8-12.8.90-150600.5.1 updated - cuda-crt-12-8-12.8.93-150600.5.1 updated - cuda-nvvm-12-8-12.8.93-150600.5.1 updated - cuda-toolkit-12-8-config-common-12.8.90-150600.5.1 updated - cuda-toolkit-12-config-common-12.8.90-150600.5.1 updated - cuda-toolkit-config-common-12.8.90-150600.5.1 updated - cuda-cudart-12-8-12.8.90-150600.5.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - pam-1.3.0-150000.6.86.1 updated - ollama-nvidia-0.11.4-150600.1.4 updated - container:registry.suse.com-bci-bci-base-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:06:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:06:10 +0200 (CEST) Subject: SUSE-CU-2025:7518-1: Security update of containers/open-webui-pipelines Message-ID: <20251024070610.CD8A4F780@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7518-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.7 Container Release : 7.7 Severity : important Type : security References : 1241219 1249584 CVE-2025-3576 CVE-2025-59375 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - krb5-1.20.1-150600.11.14.1 updated - python311-certifi-2024.7.4-150600.1.55 updated - python311-bcrypt-4.3.0-150600.1.6 updated - python311-cryptography-43.0.1-150600.1.27 updated - python-open-webui-pipelines-0.20250819.030501-150600.1.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:08:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:08:44 +0200 (CEST) Subject: SUSE-IU-2025:3244-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251024070844.F0FB3F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3244-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.508 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.508 Severity : important Type : security References : 1065729 1164051 1193629 1194869 1202700 1203063 1203332 1204228 1205128 1205205 1206451 1206456 1206468 1206843 1206883 1206884 1207158 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207645 1207651 1208607 1209287 1209291 1209980 1210584 1211960 1212603 1213015 1213016 1213040 1213041 1213061 1213099 1213104 1213533 1213666 1213747 1214073 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1220185 1220186 1223959 1234639 1236104 1237449 1238160 1241353 1242846 1243539 1244337 1244732 1245666 1246879 1246968 1247028 1247172 1247239 1248108 1248111 1248255 1248399 1248628 1248639 1248847 1249126 1249158 1249159 1249186 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249353 1249374 1249516 1249538 1249548 1249604 1249638 1249639 1249641 1249642 1249648 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249673 1249677 1249681 1249683 1249685 1249687 1249691 1249695 1249696 1249699 1249700 1249701 1249704 1249705 1249706 1249707 1249708 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249756 1249757 1249758 1249762 1249767 1249777 1249780 1249781 1249782 1249784 1249791 1249799 1249800 1249802 1249808 1249810 1249816 1249820 1249824 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249861 1249864 1249865 1249866 1249867 1249868 1249869 1249872 1249874 1249877 1249880 1249882 1249883 1249884 1249885 1249890 1249892 1249894 1249908 1249910 1249911 1249913 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249940 1249944 1249947 1249949 1249950 1249951 1249954 1249958 1249979 1249981 1249991 1249994 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250017 1250023 1250024 1250026 1250037 1250039 1250040 1250041 1250042 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250068 1250070 1250071 1250072 1250075 1250077 1250080 1250081 1250083 1250089 1250103 1250104 1250105 1250106 1250107 1250108 1250112 1250114 1250117 1250118 1250121 1250127 1250128 1250130 1250131 1250132 1250134 1250137 1250138 1250140 1250144 1250145 1250151 1250153 1250156 1250157 1250159 1250161 1250165 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250189 1250191 1250197 1250198 1250200 1250201 1250208 1250209 1250211 1250215 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250278 1250285 1250287 1250293 1250301 1250303 1250306 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250327 1250328 1250331 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250397 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250765 1250767 1250768 1250771 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250793 1250797 1250799 1250807 1250810 1250811 1250814 1250818 1250819 1250822 1250823 1250824 1250825 1250829 1250830 1250831 1250832 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250849 1250850 1250851 1250853 1250856 1250861 1250862 1250863 1250864 1250866 1250867 1250868 1250872 1250873 1250874 1250875 1250877 1250879 1250881 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250913 1250915 1250917 1250923 1250927 1250928 1250931 1250932 1250948 1250949 1250953 1250963 1250964 1250965 CVE-2022-2602 CVE-2022-2978 CVE-2022-36280 CVE-2022-43945 CVE-2022-49138 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50242 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50287 CVE-2022-50288 CVE-2022-50289 CVE-2022-50292 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50303 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50323 CVE-2022-50324 CVE-2022-50325 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50339 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50354 CVE-2022-50355 CVE-2022-50356 CVE-2022-50357 CVE-2022-50358 CVE-2022-50359 CVE-2022-50360 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50378 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50390 CVE-2022-50391 CVE-2022-50392 CVE-2022-50393 CVE-2022-50394 CVE-2022-50395 CVE-2022-50396 CVE-2022-50398 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50406 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50412 CVE-2022-50414 CVE-2022-50417 CVE-2022-50418 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50433 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50441 CVE-2022-50443 CVE-2022-50444 CVE-2022-50447 CVE-2022-50449 CVE-2022-50452 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50464 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53168 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53181 CVE-2023-53182 CVE-2023-53185 CVE-2023-53189 CVE-2023-53193 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53210 CVE-2023-53213 CVE-2023-53215 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53232 CVE-2023-53234 CVE-2023-53237 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53259 CVE-2023-53263 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53284 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53320 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53332 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53340 CVE-2023-53344 CVE-2023-53347 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53357 CVE-2023-53359 CVE-2023-53368 CVE-2023-53370 CVE-2023-53371 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53378 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53383 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53391 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53398 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53442 CVE-2023-53443 CVE-2023-53444 CVE-2023-53446 CVE-2023-53448 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53466 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53480 CVE-2023-53482 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53489 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53511 CVE-2023-53512 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2023-53531 CVE-2023-53532 CVE-2024-26583 CVE-2024-26584 CVE-2024-58240 CVE-2025-37738 CVE-2025-37958 CVE-2025-38014 CVE-2025-38111 CVE-2025-38380 CVE-2025-38488 CVE-2025-38553 CVE-2025-38572 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38683 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3761-1 Released: Thu Oct 23 17:04:35 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1205205,1206451,1206456,1206468,1206843,1206883,1206884,1207158,1207361,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1209980,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213533,1213666,1213747,1214073,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1223959,1234639,1236104,1237449,1238160,1241353,1242846,1243539,1244337,1244732,1245666,1246879,1246968,1247028,1247172,1247239,1248108,1248111,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249159,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249353,1249374,1249516,1249538,1249548,1249604,1249638,1249639,1249641,1249642,1249648,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249673,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249696,1249699,1249700,1249701,1249704,1249705,1249706,1249707,1249708,1249709,1 249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249756,1249757,1249758,1249762,1249767,1249777,1249780,1249781,1249782,1249784,1249791,1249799,1249800,1249802,1249808,1249810,1249816,1249820,1249824,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249861,1249864,1249865,1249866,1249867,1249868,1249869,1249872,1249874,1249877,1249880,1249882,1249883,1249884,1249885,1249890,1249892,1249894,1249908,1249910,1249911,1249913,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249940,1249944,1249947,1249949,1249950,1249951,1249954,1249958,1249979,1249981,1249991,1249994,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250017,1250023,1250024,1250026,1250037,1250039,1250040,1250041,1250042,1250044,1250047,1250049,1250052,1250055,1250058,1250060,125006 2,1250065,1250066,1250068,1250070,1250071,1250072,1250075,1250077,1250080,1250081,1250083,1250089,1250103,1250104,1250105,1250106,1250107,1250108,1250112,1250114,1250117,1250118,1250121,1250127,1250128,1250130,1250131,1250132,1250134,1250137,1250138,1250140,1250144,1250145,1250151,1250153,1250156,1250157,1250159,1250161,1250165,1250168,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250189,1250191,1250197,1250198,1250200,1250201,1250208,1250209,1250211,1250215,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250278,1250285,1250287,1250293,1250301,1250303,1250306,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250327,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250397,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250765,1250767,1250768,1250771,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250793,1250797,125 0799,1250807,1250810,1250811,1250814,1250818,1250819,1250822,1250823,1250824,1250825,1250829,1250830,1250831,1250832,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250849,1250850,1250851,1250853,1250856,1250861,1250862,1250863,1250864,1250866,1250867,1250868,1250872,1250873,1250874,1250875,1250877,1250879,1250881,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250913,1250915,1250917,1250923,1250927,1250928,1250931,1250932,1250948,1250949,1250953,1250963,1250964,1250965,CVE-2022-2602,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50242,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50 278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50287,CVE-2022-50288,CVE-2022-50289,CVE-2022-50292,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50303,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50323,CVE-2022-50324,CVE-2022-50325,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50339,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50354,CVE-2022-50355,CVE-2022-50356,CVE-2022-50357,CVE-2022-50358,CVE-2022-50359,CVE-2022-50360,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50378,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50390,CVE-2022-50391,CVE-2022-50392,CVE -2022-50393,CVE-2022-50394,CVE-2022-50395,CVE-2022-50396,CVE-2022-50398,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50406,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50412,CVE-2022-50414,CVE-2022-50417,CVE-2022-50418,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50433,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50441,CVE-2022-50443,CVE-2022-50444,CVE-2022-50447,CVE-2022-50449,CVE-2022-50452,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50464,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53153,CVE-2023-531 65,CVE-2023-53167,CVE-2023-53168,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53181,CVE-2023-53182,CVE-2023-53185,CVE-2023-53189,CVE-2023-53193,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53210,CVE-2023-53213,CVE-2023-53215,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53232,CVE-2023-53234,CVE-2023-53237,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53259,CVE-2023-53263,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53284,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE- 2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-2023-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53320,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53332,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53340,CVE-2023-53344,CVE-2023-53347,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53357,CVE-2023-53359,CVE-2023-53368,CVE-2023-53370,CVE-2023-53371,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53378,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53383,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53391,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53398,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53 442,CVE-2023-53443,CVE-2023-53444,CVE-2023-53446,CVE-2023-53448,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53466,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-53474,CVE-2023-53475,CVE-2023-53476,CVE-2023-53480,CVE-2023-53482,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53489,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53511,CVE-2023-53512,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2023-53531,CVE-2023-53532,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-37738,CVE-2025-37958,CVE-2025-38014,CVE-2025-38111,CVE-2025-38380,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38683,CVE-2025-38685,CVE-2025-38706,CVE -2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - Revert selinux patches that caused regressions (bsc#1249353). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158). - build_bug.h: Add KABI assert (bsc#1249186). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers. - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - supported.conf: mark hyperv_drm as external - use uniform permission checks for all mount propagation changes (git-fixes). - xfs: rework datasync tracking and execution (bsc#1237449). The following package changes have been done: - kernel-rt-5.14.21-150500.13.109.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:04 +0200 (CEST) Subject: SUSE-CU-2025:7521-1: Security update of private-registry/harbor-core Message-ID: <20251024070904.6C0FEF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7521-1 Container Tags : private-registry/harbor-core:2.13 , private-registry/harbor-core:2.13.2 , private-registry/harbor-core:2.13.2-3.19 , private-registry/harbor-core:latest Container Release : 3.19 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - harbor213-core-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:08 +0200 (CEST) Subject: SUSE-CU-2025:7522-1: Security update of private-registry/harbor-db Message-ID: <20251024070908.7B7C3FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7522-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-3.20 , private-registry/harbor-db:latest Container Release : 3.20 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - harbor213-db-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:11 +0200 (CEST) Subject: SUSE-CU-2025:7523-1: Security update of private-registry/harbor-exporter Message-ID: <20251024070911.ADD65FBA1@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7523-1 Container Tags : private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2-3.19 , private-registry/harbor-exporter:latest Container Release : 3.19 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - harbor213-exporter-2.13.2-150600.2.4 updated - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:14 +0200 (CEST) Subject: SUSE-CU-2025:7524-1: Security update of private-registry/harbor-jobservice Message-ID: <20251024070914.E6A23F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7524-1 Container Tags : private-registry/harbor-jobservice:2.13 , private-registry/harbor-jobservice:2.13.2 , private-registry/harbor-jobservice:2.13.2-3.19 , private-registry/harbor-jobservice:latest Container Release : 3.19 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - harbor213-jobservice-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:20 +0200 (CEST) Subject: SUSE-CU-2025:7525-1: Security update of private-registry/harbor-nginx Message-ID: <20251024070920.41D29FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7525-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.58 , private-registry/harbor-nginx:latest Container Release : 2.58 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:25 +0200 (CEST) Subject: SUSE-CU-2025:7526-1: Security update of private-registry/harbor-portal Message-ID: <20251024070925.7B472F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7526-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.24 , private-registry/harbor-portal:latest Container Release : 3.24 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - harbor213-portal-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:28 +0200 (CEST) Subject: SUSE-CU-2025:7527-1: Security update of private-registry/harbor-registry Message-ID: <20251024070928.B6A13FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7527-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.60 , private-registry/harbor-registry:latest Container Release : 2.60 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - harbor-distribution-registry-2.8.3-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:32 +0200 (CEST) Subject: SUSE-CU-2025:7528-1: Security update of private-registry/harbor-registryctl Message-ID: <20251024070932.13128FBA1@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7528-1 Container Tags : private-registry/harbor-registryctl:2.13 , private-registry/harbor-registryctl:2.13.2 , private-registry/harbor-registryctl:2.13.2-3.19 , private-registry/harbor-registryctl:latest Container Release : 3.19 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - system-user-harbor-2.13.2-150600.2.4 updated - harbor-distribution-registry-2.8.3-150600.2.4 updated - harbor213-registryctl-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:37 +0200 (CEST) Subject: SUSE-CU-2025:7529-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20251024070937.09FEEF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7529-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.57 , private-registry/harbor-trivy-adapter:latest Container Release : 2.57 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - harbor-scanner-trivy-0.33.2-150600.1.4 updated - system-user-harbor-2.13.2-150600.2.4 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:09:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:09:39 +0200 (CEST) Subject: SUSE-CU-2025:7530-1: Security update of private-registry/harbor-valkey Message-ID: <20251024070939.C6FC0FB9B@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7530-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.48 , private-registry/harbor-valkey:latest Container Release : 2.48 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:11:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:11:30 +0200 (CEST) Subject: SUSE-CU-2025:7531-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251024071130.C6010F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7531-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.197 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.197 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3729-1 Released: Wed Oct 22 15:19:26 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.19.2-150400.3.18.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:13:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:13:09 +0200 (CEST) Subject: SUSE-CU-2025:7532-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251024071309.0E514F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7532-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.197 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.197 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3729-1 Released: Wed Oct 22 15:19:26 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.19.2-150400.3.18.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:14:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:14:55 +0200 (CEST) Subject: SUSE-IU-2025:3246-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251024071455.58564F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3246-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.22 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.22 Severity : moderate Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 318 Released: Thu Oct 23 14:42:35 2025 Summary: Security update for libxslt Type: security Severity: moderate References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979) - CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.63 updated - libxslt1-1.1.38-slfo.1.1_5.1 updated - container:SL-Micro-base-container-2.2.1-5.44 updated From sle-container-updates at lists.suse.com Fri Oct 24 07:03:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:03:01 +0200 (CEST) Subject: SUSE-IU-2025:3240-1: Security update of suse-sles-15-sp5-chost-byos-v20251022-x86_64-gen2 Message-ID: <20251024070301.61DBDF780@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20251022-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3240-1 Image Tags : suse-sles-15-sp5-chost-byos-v20251022-x86_64-gen2:20251022 Image Release : Severity : critical Type : security References : 1054914 1065729 1065729 1095485 1112822 1118783 1122013 1123008 1135257 1135263 1135592 1144282 1156395 1157117 1157190 1159460 1162705 1162707 1164051 1165294 1178486 1179031 1179032 1184350 1187939 1193629 1193629 1193629 1194869 1194869 1198410 1199356 1199487 1199853 1201160 1201956 1202094 1202095 1202564 1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361 1204228 1204549 1204562 1204569 1204619 1204705 1205128 1205205 1205220 1205282 1205514 1205701 1206051 1206051 1206073 1206451 1206451 1206456 1206468 1206649 1206664 1206843 1206843 1206843 1206878 1206880 1206883 1206884 1206886 1206887 1207158 1207361 1207361 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208105 1208542 1208607 1209287 1209291 1209292 1209556 1209684 1209780 1209980 1209980 1210337 1210409 1210584 1210763 1210767 1211226 1211465 1211960 1212051 1212476 1212603 1213012 1213013 1213015 1213016 1213040 1213041 1213061 1213090 1213094 1213096 1213099 1213104 1213233 1213533 1213666 1213747 1213946 1214073 1214715 1214953 1214967 1214991 1215150 1215696 1215911 1216976 1217790 1218069 1218184 1218234 1218459 1218470 1218470 1219007 1219454 1220185 1220186 1220718 1221107 1221202 1221757 1221829 1222044 1222296 1222629 1222634 1223096 1223675 1223959 1224095 1224400 1224597 1225468 1225820 1225903 1225903 1226514 1226552 1228634 1228659 1228776 1229334 1229361 1229621 1230092 1230262 1230267 1230267 1230649 1230764 1230827 1231103 1231293 1231910 1232234 1232504 1232526 1232533 1232649 1233012 1233012 1233012 1233012 1233012 1233012 1233421 1233551 1233640 1233880 1234128 1234156 1234282 1234381 1234395 1234454 1234480 1234639 1234863 1234887 1234896 1234959 1235100 1235464 1235598 1235637 1235870 1235873 1235958 1235971 1236104 1236104 1236333 1236333 1236777 1236821 1236822 1237143 1237159 1237164 1237172 1237230 1237312 1237313 1237442 1237449 1237587 1237595 1237949 1237981 1238032 1238043 1238160 1238160 1238303 1238315 1238471 1238491 1238512 1238526 1238570 1238747 1238865 1238876 1238896 1239012 1239061 1239543 1239566 1239602 1239644 1239651 1239684 1239809 1239938 1239968 1239986 1240132 1240209 1240211 1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306 1240314 1240315 1240321 1240385 1240529 1240648 1240747 1240785 1240788 1240799 1240802 1240835 1240869 1240897 1240950 1241012 1241038 1241045 1241219 1241249 1241280 1241353 1241371 1241421 1241433 1241463 1241525 1241541 1241549 1241625 1241640 1241648 1241900 1242006 1242146 1242147 1242150 1242151 1242154 1242157 1242158 1242160 1242164 1242165 1242169 1242215 1242217 1242218 1242219 1242221 1242222 1242224 1242226 1242227 1242228 1242229 1242230 1242231 1242232 1242237 1242239 1242240 1242241 1242244 1242245 1242248 1242249 1242261 1242264 1242265 1242270 1242276 1242278 1242279 1242280 1242281 1242282 1242284 1242285 1242286 1242289 1242294 1242295 1242298 1242300 1242302 1242305 1242311 1242312 1242320 1242338 1242349 1242351 1242352 1242353 1242355 1242357 1242358 1242359 1242360 1242361 1242365 1242366 1242369 1242370 1242371 1242372 1242377 1242378 1242380 1242381 1242382 1242385 1242387 1242389 1242391 1242392 1242393 1242394 1242398 1242399 1242400 1242402 1242403 1242405 1242406 1242409 1242410 1242411 1242414 1242414 1242415 1242416 1242417 1242421 1242422 1242425 1242426 1242428 1242440 1242443 1242448 1242449 1242452 1242453 1242454 1242455 1242456 1242458 1242464 1242465 1242467 1242469 1242473 1242474 1242478 1242481 1242484 1242489 1242493 1242497 1242504 1242527 1242542 1242544 1242545 1242547 1242548 1242549 1242550 1242551 1242558 1242570 1242580 1242586 1242589 1242596 1242596 1242597 1242685 1242686 1242688 1242689 1242695 1242716 1242733 1242734 1242735 1242736 1242739 1242740 1242743 1242744 1242745 1242746 1242747 1242748 1242749 1242751 1242752 1242753 1242756 1242759 1242762 1242765 1242767 1242778 1242778 1242778 1242779 1242780 1242782 1242790 1242791 1242842 1242844 1242846 1242924 1243047 1243117 1243133 1243226 1243226 1243273 1243279 1243313 1243317 1243330 1243450 1243457 1243486 1243488 1243539 1243543 1243581 1243627 1243649 1243660 1243737 1243767 1243772 1243832 1243887 1243901 1243919 1243935 1243991 1244032 1244039 1244042 1244050 1244056 1244059 1244060 1244061 1244079 1244105 1244114 1244116 1244154 1244179 1244180 1244234 1244241 1244277 1244309 1244309 1244337 1244337 1244401 1244509 1244523 1244553 1244554 1244555 1244557 1244590 1244644 1244700 1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771 1244772 1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783 1244784 1244786 1244787 1244788 1244790 1244791 1244793 1244794 1244796 1244797 1244798 1244800 1244802 1244804 1244805 1244806 1244807 1244808 1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824 1244824 1244825 1244826 1244827 1244830 1244831 1244832 1244834 1244836 1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848 1244849 1244851 1244853 1244854 1244856 1244858 1244860 1244861 1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887 1244888 1244890 1244892 1244893 1244895 1244898 1244899 1244900 1244901 1244902 1244903 1244904 1244905 1244908 1244911 1244912 1244914 1244915 1244925 1244928 1244933 1244936 1244940 1244941 1244942 1244943 1244944 1244945 1244948 1244949 1244950 1244953 1244955 1244956 1244957 1244958 1244959 1244960 1244961 1244965 1244966 1244967 1244968 1244969 1244970 1244973 1244974 1244976 1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244987 1244991 1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245015 1245018 1245019 1245023 1245024 1245028 1245031 1245032 1245033 1245038 1245039 1245040 1245041 1245047 1245048 1245051 1245052 1245057 1245058 1245060 1245062 1245063 1245064 1245069 1245070 1245072 1245073 1245088 1245089 1245092 1245093 1245094 1245098 1245103 1245110 1245116 1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245155 1245180 1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265 1245274 1245309 1245310 1245311 1245314 1245340 1245348 1245431 1245431 1245452 1245455 1245496 1245506 1245573 1245666 1245672 1245711 1245936 1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038 1246045 1246073 1246081 1246112 1246149 1246186 1246197 1246197 1246211 1246221 1246231 1246232 1246233 1246267 1246287 1246296 1246299 1246431 1246466 1246473 1246555 1246570 1246597 1246602 1246604 1246608 1246776 1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239 1247249 1247314 1247347 1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108 1248111 1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248410 1248511 1248614 1248621 1248628 1248639 1248687 1248748 1248847 1249126 1249158 1249159 1249186 1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249348 1249348 1249353 1249367 1249367 1249374 1249516 1249538 1249548 1249584 1249604 1249638 1249639 1249641 1249642 1249648 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249673 1249677 1249681 1249683 1249685 1249687 1249695 1249696 1249699 1249700 1249701 1249704 1249705 1249706 1249707 1249708 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249756 1249757 1249758 1249762 1249767 1249777 1249780 1249781 1249782 1249784 1249791 1249799 1249800 1249802 1249808 1249810 1249816 1249820 1249824 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249861 1249864 1249865 1249866 1249867 1249868 1249869 1249872 1249874 1249877 1249880 1249882 1249883 1249884 1249885 1249890 1249892 1249894 1249908 1249910 1249911 1249913 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249940 1249944 1249947 1249949 1249950 1249951 1249954 1249958 1249979 1249981 1249991 1249994 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250017 1250023 1250024 1250026 1250037 1250039 1250040 1250041 1250042 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250068 1250070 1250071 1250072 1250075 1250077 1250080 1250081 1250083 1250089 1250103 1250104 1250105 1250106 1250107 1250108 1250112 1250114 1250117 1250118 1250121 1250127 1250128 1250130 1250131 1250132 1250134 1250137 1250138 1250140 1250144 1250145 1250151 1250153 1250156 1250157 1250159 1250161 1250165 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250189 1250191 1250197 1250198 1250200 1250201 1250208 1250209 1250211 1250215 1250232 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250278 1250285 1250287 1250293 1250301 1250303 1250306 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250327 1250328 1250331 1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250397 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250765 1250767 1250768 1250771 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250793 1250797 1250799 1250807 1250810 1250811 1250814 1250818 1250819 1250822 1250823 1250824 1250825 1250829 1250830 1250831 1250832 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250849 1250850 1250851 1250853 1250856 1250861 1250862 1250863 1250864 1250866 1250867 1250868 1250872 1250873 1250874 1250875 1250877 1250879 1250881 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250913 1250915 1250917 1250923 1250927 1250928 1250931 1250932 1250948 1250949 1250953 1250963 1250964 1250965 1251279 1251280 142461 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595 CVE-2021-47671 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-3564 CVE-2022-3619 CVE-2022-36280 CVE-2022-3640 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-48933 CVE-2022-49110 CVE-2022-49138 CVE-2022-49138 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49762 CVE-2022-49763 CVE-2022-49767 CVE-2022-49769 CVE-2022-49770 CVE-2022-49770 CVE-2022-49771 CVE-2022-49772 CVE-2022-49773 CVE-2022-49775 CVE-2022-49776 CVE-2022-49777 CVE-2022-49779 CVE-2022-49781 CVE-2022-49783 CVE-2022-49784 CVE-2022-49786 CVE-2022-49787 CVE-2022-49788 CVE-2022-49789 CVE-2022-49790 CVE-2022-49792 CVE-2022-49793 CVE-2022-49794 CVE-2022-49795 CVE-2022-49796 CVE-2022-49797 CVE-2022-49799 CVE-2022-49800 CVE-2022-49801 CVE-2022-49802 CVE-2022-49807 CVE-2022-49809 CVE-2022-49810 CVE-2022-49812 CVE-2022-49813 CVE-2022-49818 CVE-2022-49821 CVE-2022-49822 CVE-2022-49823 CVE-2022-49824 CVE-2022-49825 CVE-2022-49826 CVE-2022-49827 CVE-2022-49830 CVE-2022-49832 CVE-2022-49834 CVE-2022-49835 CVE-2022-49836 CVE-2022-49837 CVE-2022-49839 CVE-2022-49841 CVE-2022-49842 CVE-2022-49845 CVE-2022-49846 CVE-2022-49850 CVE-2022-49853 CVE-2022-49858 CVE-2022-49860 CVE-2022-49861 CVE-2022-49863 CVE-2022-49864 CVE-2022-49865 CVE-2022-49868 CVE-2022-49869 CVE-2022-49870 CVE-2022-49871 CVE-2022-49874 CVE-2022-49879 CVE-2022-49880 CVE-2022-49881 CVE-2022-49885 CVE-2022-49886 CVE-2022-49887 CVE-2022-49888 CVE-2022-49889 CVE-2022-49890 CVE-2022-49891 CVE-2022-49892 CVE-2022-49900 CVE-2022-49901 CVE-2022-49902 CVE-2022-49905 CVE-2022-49906 CVE-2022-49908 CVE-2022-49909 CVE-2022-49910 CVE-2022-49915 CVE-2022-49916 CVE-2022-49917 CVE-2022-49918 CVE-2022-49921 CVE-2022-49922 CVE-2022-49923 CVE-2022-49924 CVE-2022-49925 CVE-2022-49927 CVE-2022-49928 CVE-2022-49929 CVE-2022-49931 CVE-2022-49934 CVE-2022-49935 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942 CVE-2022-49943 CVE-2022-49944 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49949 CVE-2022-49950 CVE-2022-49951 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960 CVE-2022-49962 CVE-2022-49963 CVE-2022-49964 CVE-2022-49965 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49971 CVE-2022-49972 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50002 CVE-2022-50003 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012 CVE-2022-50015 CVE-2022-50016 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034 CVE-2022-50035 CVE-2022-50036 CVE-2022-50037 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50041 CVE-2022-50044 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50049 CVE-2022-50050 CVE-2022-50051 CVE-2022-50052 CVE-2022-50053 CVE-2022-50054 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50086 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112 CVE-2022-50115 CVE-2022-50116 CVE-2022-50116 CVE-2022-50117 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50133 CVE-2022-50134 CVE-2022-50135 CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50144 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50166 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50183 CVE-2022-50184 CVE-2022-50185 CVE-2022-50186 CVE-2022-50187 CVE-2022-50188 CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50221 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50242 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50287 CVE-2022-50288 CVE-2022-50289 CVE-2022-50292 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50303 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50323 CVE-2022-50324 CVE-2022-50325 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50339 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50354 CVE-2022-50355 CVE-2022-50356 CVE-2022-50357 CVE-2022-50358 CVE-2022-50359 CVE-2022-50360 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50378 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50390 CVE-2022-50391 CVE-2022-50392 CVE-2022-50393 CVE-2022-50394 CVE-2022-50395 CVE-2022-50396 CVE-2022-50398 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50406 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50412 CVE-2022-50414 CVE-2022-50417 CVE-2022-50418 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50433 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50441 CVE-2022-50443 CVE-2022-50444 CVE-2022-50447 CVE-2022-50449 CVE-2022-50452 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50464 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-1990 CVE-2023-28328 CVE-2023-28866 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53035 CVE-2023-53036 CVE-2023-53038 CVE-2023-53039 CVE-2023-53040 CVE-2023-53041 CVE-2023-53042 CVE-2023-53044 CVE-2023-53045 CVE-2023-53046 CVE-2023-53048 CVE-2023-53049 CVE-2023-53051 CVE-2023-53052 CVE-2023-53054 CVE-2023-53056 CVE-2023-53057 CVE-2023-53058 CVE-2023-53059 CVE-2023-53060 CVE-2023-53062 CVE-2023-53064 CVE-2023-53065 CVE-2023-53066 CVE-2023-53068 CVE-2023-53070 CVE-2023-53071 CVE-2023-53073 CVE-2023-53074 CVE-2023-53075 CVE-2023-53076 CVE-2023-53077 CVE-2023-53078 CVE-2023-53079 CVE-2023-53081 CVE-2023-53082 CVE-2023-53084 CVE-2023-53087 CVE-2023-53089 CVE-2023-53090 CVE-2023-53091 CVE-2023-53092 CVE-2023-53093 CVE-2023-53095 CVE-2023-53096 CVE-2023-53097 CVE-2023-53098 CVE-2023-53099 CVE-2023-53100 CVE-2023-53101 CVE-2023-53102 CVE-2023-53105 CVE-2023-53106 CVE-2023-53108 CVE-2023-53109 CVE-2023-53111 CVE-2023-53112 CVE-2023-53114 CVE-2023-53116 CVE-2023-53117 CVE-2023-53118 CVE-2023-53119 CVE-2023-53123 CVE-2023-53124 CVE-2023-53125 CVE-2023-53128 CVE-2023-53131 CVE-2023-53134 CVE-2023-53137 CVE-2023-53139 CVE-2023-53140 CVE-2023-53142 CVE-2023-53143 CVE-2023-53145 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53168 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53181 CVE-2023-53182 CVE-2023-53185 CVE-2023-53189 CVE-2023-53193 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53210 CVE-2023-53213 CVE-2023-53215 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53232 CVE-2023-53234 CVE-2023-53237 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53259 CVE-2023-53263 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53284 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53320 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53332 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53340 CVE-2023-53344 CVE-2023-53347 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53357 CVE-2023-53359 CVE-2023-53368 CVE-2023-53370 CVE-2023-53371 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53378 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53383 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53391 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53398 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53442 CVE-2023-53443 CVE-2023-53444 CVE-2023-53446 CVE-2023-53448 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53466 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53480 CVE-2023-53482 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53489 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53511 CVE-2023-53512 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2023-53531 CVE-2023-53532 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-23337 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643 CVE-2024-26804 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-28956 CVE-2024-28956 CVE-2024-35840 CVE-2024-36350 CVE-2024-36357 CVE-2024-36978 CVE-2024-41965 CVE-2024-42265 CVE-2024-42307 CVE-2024-45310 CVE-2024-46763 CVE-2024-46800 CVE-2024-46865 CVE-2024-47081 CVE-2024-50038 CVE-2024-52615 CVE-2024-53057 CVE-2024-53093 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53168 CVE-2024-53177 CVE-2024-53197 CVE-2024-53241 CVE-2024-56558 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-1713 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21703 CVE-2025-21726 CVE-2025-21756 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-21971 CVE-2025-21999 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22056 CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-23141 CVE-2025-23145 CVE-2025-23145 CVE-2025-27465 CVE-2025-29768 CVE-2025-32462 CVE-2025-32728 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3360 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752 CVE-2025-37785 CVE-2025-37789 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37890 CVE-2025-37932 CVE-2025-37948 CVE-2025-37953 CVE-2025-37958 CVE-2025-37963 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38060 CVE-2025-38079 CVE-2025-38083 CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38683 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39735 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-40909 CVE-2025-4138 CVE-2025-4330 CVE-2025-4373 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-46836 CVE-2025-47268 CVE-2025-47273 CVE-2025-4802 CVE-2025-48060 CVE-2025-4877 CVE-2025-4878 CVE-2025-48964 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-50181 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-59375 CVE-2025-6018 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20251022-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1335-1 Released: Tue Jul 17 10:13:39 2018 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1095485 This update for cloud-netconfig fixes the following issues: - Make interface names in Azure persistent. (bsc#1095485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:529-1 Released: Fri Mar 1 13:46:51 2019 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1112822,1118783,1122013,1123008 This update for cloud-netconfig provides the following fixes: - Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013) - Do not treat eth0 special with regard to routing policies. (bsc#1123008) - Reduce the timeout on metadata read. (bsc#1112822) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1560-1 Released: Wed Jun 19 08:57:17 2019 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1135257,1135263 This update for cloud-netconfig fixes the following issues: - cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:31-1 Released: Mon Feb 24 10:36:36 2020 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1135592,1144282,1157117,1157190 This update for cloud-netconfig contains the following fixes: - Removed obsolete Group tag from spec file. - Update to version 1.3: + Fix IPv4 address handling on secondary NICs in Azure. - Update to version 1.2: + support AWS IMDSv2 token. - Update to version 1.1: + fix use of GATEWAY variable. (bsc#1157117, bsc#1157190) + remove secondary IPv4 address only when added by cloud-netconfig. (bsc#1144282) + simplify routing setup for single NIC systems (partly fixes bsc#1135592) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:637-1 Released: Wed Mar 11 11:29:56 2020 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1162705,1162707 This update for cloud-netconfig fixes the following issues: - Copy routes from the default routing table. (bsc#1162705, bsc#1162707) On multi-NIC systems, cloud-netconfig creates separate routing tables with different default routes, so packets get routed via the network interfaces associated with the source IP address. Systems may have additional routing in place and in that case cloud-netconfig's NIC specific routing may bypass those routes. - Make the key CLOUD_NETCONFIG_MANAGE enable by default. Any network interface that has been configured automatically via cloud-netconfig has a configuration file associated. If the value is set to 'NO' (or the pair is removed altogether), cloud-netconfig will not handle secondary IPv4 addresses and routing policies for the associated network interface. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3619-1 Released: Tue Dec 15 13:41:16 2020 Summary: Recommended update for cloud-netconfig, google-guest-agent Type: recommended Severity: moderate References: 1159460,1178486,1179031,1179032 This update for cloud-netconfig, google-guest-agent fixes the following issues: cloud-netconfig: - Update to version 1.5: + Add support for GCE (bsc#1159460, bsc#1178486, jsc#ECO-2800) + Improve default gateway determination google-guest-agent: - Update to version 20201026.00 * remove old unused workflow files * fallback to IP for metadata * getPasswd: Check full prefix of line for username - dont_overwrite_ifcfg.patch: Do not overwrite existing ifcfg files to allow manual configuration and compatibility with cloud-netconfig. (bsc#1159460, bsc#1178486) - Update to version 20200929.00 * correct varname * don't call dhclient -x on network setup * add instance id dir override * update agent systemd service file * typo, change to noadjfile * add gaohannk to OWNERS * remove illfelder from OWNERS * Add all license files to packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:167-1 Released: Mon Jan 24 18:16:24 2022 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1187939 This update for cloud-netconfig fixes the following issues: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:658-1 Released: Wed Mar 8 10:51:10 2023 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1199853,1204549 This update for cloud-netconfig fixes the following issues: - Update to version 1.7: + Overhaul policy routing setup + Support alias IPv4 ranges + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3637-1 Released: Mon Sep 18 13:02:23 2023 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1214715 This update for cloud-netconfig fixes the following issues: - Update to version 1.8: - Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:630-1 Released: Tue Feb 27 09:14:49 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1218069,1219007 This update for cloud-netconfig fixes the following issues: - Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007) - Drop package dependency on sysconfig-netconfig - Improve log level handling - Support IPv6 IMDS endpoint in EC2 (bsc#1218069) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:781-1 Released: Wed Mar 6 15:05:13 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1219454,1220718 This update for cloud-netconfig fixes the following issues: - Add Provides/Obsoletes for dropped cloud-netconfig-nm - Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions - Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory - Update to version 1.11: + Revert address metadata lookup in GCE to local lookup (bsc#1219454) + Fix hang on warning log messages + Check whether getting IPv4 addresses from metadata failed and abort if true + Only delete policy rules if they exist + Skip adding/removing IPv4 ranges if metdata lookup failed + Improve error handling and logging in Azure + Set SCRIPTDIR when installing netconfig wrapper ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:869-1 Released: Wed Mar 13 10:48:51 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1221202 This update for cloud-netconfig fixes the following issues: - Update to version 1.12 (bsc#1221202) * If token access succeeds using IPv4 do not use the IPv6 endpoint only use the IPv6 IMDS endpoint if IPv4 access fails. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1085-1 Released: Tue Apr 2 11:24:09 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1221757 This update for cloud-netconfig fixes the following issues: - Update to version 1.14 + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1576-1 Released: Mon May 19 06:48:35 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1228634,1232533,1241012,1241045,CVE-2025-32728 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1580-1 Released: Mon May 19 15:11:59 2025 Summary: Recommended update for librdkafka Type: recommended Severity: important References: 1242842 This update for librdkafka fixes the following issues: - Avoid endless loops under certain conditions (bsc#1242842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1620-1 Released: Wed May 21 11:58:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625). The following non-security bugs were fixed: - cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777). - cpufreq: Allow drivers to advertise boost enabled (bsc#1236777). - cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777). - cpufreq: Support per-policy performance boost (bsc#1236777). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1626-1 Released: Wed May 21 12:00:29 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1235958,1235971,1239651 This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged. Also the following issue was fixed: - Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1643-1 Released: Wed May 21 16:32:37 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1689-1 Released: Fri May 23 12:46:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1240648 This update for hwinfo fixes the following issues: - Version update v21.88 - Fix network card detection on aarch64 (bsc#1240648). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1764-1 Released: Fri May 30 08:45:46 2025 Summary: Recommended update for kexec-tools Type: recommended Severity: important References: 1241249 This update for kexec-tools fixes the following issues: - add support for lockless ringbuffer (bsc#1241249) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1776-1 Released: Fri May 30 15:02:52 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,CVE-2025-47268 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1810-1 Released: Wed Jun 4 11:28:57 2025 Summary: Security update for python3-setuptools Type: security Severity: important References: 1243313,CVE-2025-47273 This update for python3-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1836-1 Released: Mon Jun 9 16:11:28 2025 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1240869 This update for cloud-netconfig fixes the following issues: - Add support for creating IPv6 default route in GCE (bsc#1240869) - Minor fix when looking up IPv6 default route ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1860-1 Released: Tue Jun 10 10:11:56 2025 Summary: Security update for xen Type: security Severity: moderate References: 1234282,1238043,1243117,CVE-2024-28956,CVE-2024-53241,CVE-2025-1713 This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282) - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1998-1 Released: Wed Jun 18 10:42:20 2025 Summary: Security update for python-requests Type: security Severity: moderate References: 1244039,CVE-2024-47081 This update for python-requests fixes the following issues: - CVE-2024-47081: fixed netrc credential leak (bsc#1244039). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2008-1 Released: Wed Jun 18 16:03:56 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the 'metalink' attribute and reflect that the 'url' elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2082-1 Released: Tue Jun 24 12:28:23 2025 Summary: Security update for pam-config Type: security Severity: important References: 1243226,CVE-2025-6018 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2103-1 Released: Wed Jun 25 10:26:23 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1243488 This update for cifs-utils fixes the following issues: - Add patches: * Fix cifs.mount with krb5 auth (bsc#1243488) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2173-1 Released: Mon Jun 30 15:01:26 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184350,1193629,1204562,1204569,1204619,1204705,1205282,1206051,1206073,1206649,1206843,1206886,1206887,1207361,1208105,1208542,1209292,1209556,1209684,1209780,1209980,1210337,1210763,1210767,1211465,1213012,1213013,1213094,1213096,1213233,1213946,1214991,1218470,1222629,1223096,1225903,1228659,1231293,1232649,1234395,1234454,1234887,1235100,1235870,1238303,1238570,1239986,1240785,1240802,1241038,1241525,1241640,1242006,1242146,1242147,1242150,1242151,1242154,1242157,1242158,1242160,1242164,1242165,1242169,1242215,1242217,1242218,1242219,1242222,1242224,1242226,1242227,1242228,1242229,1242230,1242231,1242232,1242237,1242239,1242240,1242241,1242244,1242245,1242248,1242249,1242261,1242264,1242265,1242270,1242276,1242278,1242279,1242280,1242281,1242282,1242285,1242286,1242289,1242294,1242295,1242298,1242302,1242305,1242311,1242312,1242320,1242338,1242349,1242351,1242352,1242353,1242355,1242357,1242358,1242359,1242360,1242361,1242365,1242366,1242369,1242370,1242371,1242372,1 242377,1242378,1242380,1242381,1242382,1242385,1242387,1242389,1242391,1242392,1242393,1242394,1242398,1242399,1242400,1242402,1242403,1242405,1242406,1242409,1242410,1242411,1242415,1242416,1242421,1242422,1242425,1242426,1242428,1242440,1242443,1242448,1242449,1242452,1242453,1242454,1242455,1242456,1242458,1242464,1242465,1242467,1242469,1242473,1242474,1242478,1242481,1242484,1242489,1242497,1242527,1242542,1242544,1242545,1242547,1242548,1242549,1242550,1242551,1242558,1242570,1242580,1242586,1242589,1242596,1242597,1242685,1242686,1242688,1242689,1242695,1242716,1242733,1242734,1242735,1242736,1242739,1242740,1242743,1242744,1242745,1242746,1242747,1242748,1242749,1242751,1242752,1242753,1242756,1242759,1242762,1242765,1242767,1242778,1242779,1242790,1242791,1243047,1243133,1243737,1243919,CVE-2022-3564,CVE-2022-3619,CVE-2022-3640,CVE-2022-49762,CVE-2022-49763,CVE-2022-49769,CVE-2022-49770,CVE-2022-49771,CVE-2022-49772,CVE-2022-49773,CVE-2022-49775,CVE-2022-49776,CVE-2022-4977 7,CVE-2022-49779,CVE-2022-49781,CVE-2022-49783,CVE-2022-49784,CVE-2022-49786,CVE-2022-49787,CVE-2022-49788,CVE-2022-49789,CVE-2022-49790,CVE-2022-49792,CVE-2022-49793,CVE-2022-49794,CVE-2022-49795,CVE-2022-49796,CVE-2022-49797,CVE-2022-49799,CVE-2022-49800,CVE-2022-49801,CVE-2022-49802,CVE-2022-49807,CVE-2022-49809,CVE-2022-49810,CVE-2022-49812,CVE-2022-49813,CVE-2022-49818,CVE-2022-49821,CVE-2022-49822,CVE-2022-49823,CVE-2022-49824,CVE-2022-49825,CVE-2022-49826,CVE-2022-49827,CVE-2022-49830,CVE-2022-49832,CVE-2022-49834,CVE-2022-49835,CVE-2022-49836,CVE-2022-49837,CVE-2022-49839,CVE-2022-49841,CVE-2022-49842,CVE-2022-49845,CVE-2022-49846,CVE-2022-49850,CVE-2022-49853,CVE-2022-49858,CVE-2022-49860,CVE-2022-49861,CVE-2022-49863,CVE-2022-49864,CVE-2022-49865,CVE-2022-49868,CVE-2022-49869,CVE-2022-49870,CVE-2022-49871,CVE-2022-49874,CVE-2022-49879,CVE-2022-49880,CVE-2022-49881,CVE-2022-49885,CVE-2022-49886,CVE-2022-49887,CVE-2022-49888,CVE-2022-49889,CVE-2022-49890,CVE-2022-49891,CVE-2 022-49892,CVE-2022-49900,CVE-2022-49901,CVE-2022-49902,CVE-2022-49905,CVE-2022-49906,CVE-2022-49908,CVE-2022-49909,CVE-2022-49910,CVE-2022-49915,CVE-2022-49916,CVE-2022-49917,CVE-2022-49918,CVE-2022-49921,CVE-2022-49922,CVE-2022-49923,CVE-2022-49924,CVE-2022-49925,CVE-2022-49927,CVE-2022-49928,CVE-2022-49929,CVE-2022-49931,CVE-2023-1990,CVE-2023-28866,CVE-2023-53035,CVE-2023-53036,CVE-2023-53038,CVE-2023-53039,CVE-2023-53040,CVE-2023-53041,CVE-2023-53042,CVE-2023-53044,CVE-2023-53045,CVE-2023-53049,CVE-2023-53052,CVE-2023-53054,CVE-2023-53056,CVE-2023-53057,CVE-2023-53058,CVE-2023-53059,CVE-2023-53060,CVE-2023-53062,CVE-2023-53064,CVE-2023-53065,CVE-2023-53066,CVE-2023-53068,CVE-2023-53070,CVE-2023-53071,CVE-2023-53073,CVE-2023-53074,CVE-2023-53075,CVE-2023-53077,CVE-2023-53078,CVE-2023-53079,CVE-2023-53081,CVE-2023-53082,CVE-2023-53084,CVE-2023-53087,CVE-2023-53089,CVE-2023-53090,CVE-2023-53091,CVE-2023-53092,CVE-2023-53093,CVE-2023-53095,CVE-2023-53096,CVE-2023-53098,CVE-2023-5309 9,CVE-2023-53100,CVE-2023-53101,CVE-2023-53102,CVE-2023-53105,CVE-2023-53106,CVE-2023-53108,CVE-2023-53109,CVE-2023-53111,CVE-2023-53112,CVE-2023-53114,CVE-2023-53116,CVE-2023-53118,CVE-2023-53119,CVE-2023-53123,CVE-2023-53124,CVE-2023-53125,CVE-2023-53128,CVE-2023-53131,CVE-2023-53134,CVE-2023-53137,CVE-2023-53139,CVE-2023-53140,CVE-2023-53142,CVE-2023-53143,CVE-2023-53145,CVE-2024-26804,CVE-2024-28956,CVE-2024-53168,CVE-2024-56558,CVE-2025-21999,CVE-2025-22056,CVE-2025-23145,CVE-2025-37785,CVE-2025-37789 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). The following non-security bugs were fixed: - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737). - Move upstreamed sched/membarrier patch into sorted section - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.4 anymore. - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.5 anymore. - Use gcc-13 for build on SLE16 (jsc#PED-10028). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737). - hv_netvsc: Remove rmsg_pgcnt (bsc#1243737). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737). - mtd: phram: Add the kernel lock down check (bsc#1232649). - net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395). - net: mana: Add gdma stats to ethtool output for mana (bsc#1234395). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2179-1 Released: Mon Jun 30 19:54:01 2025 Summary: Security update for sudo Type: security Severity: important References: 1245274,CVE-2025-32462 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2198-1 Released: Wed Jul 2 11:22:33 2025 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2226-1 Released: Fri Jul 4 15:31:04 2025 Summary: Security update for vim Type: security Severity: moderate References: 1228776,1239602,CVE-2024-41965,CVE-2025-29768 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2235-1 Released: Mon Jul 7 14:08:03 2025 Summary: Recommended update for haveged Type: recommended Severity: moderate References: 1165294,1222296 This update for haveged fixes the following issues: - Add patch files introducing the '--once' flag (bsc#1222296, bsc#1165294) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2264-1 Released: Thu Jul 10 10:25:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1205701,1206451,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1230827,1232504,1234156,1234381,1235464,1235637,1236821,1236822,1237159,1237312,1237313,1238526,1238876,1241900,1242221,1242414,1242504,1242596,1242778,1242782,1242924,1243330,1243543,1243627,1243649,1243660,1243832,1244114,1244179,1244180,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244772,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244791,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244805,1244806,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244826,1244827,1244830,1244831,1244832,1 244834,1244836,1244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244858,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244888,1244890,1244892,1244893,1244895,1244898,1244899,1244900,1244901,1244902,1244903,1244904,1244905,1244908,1244911,1244912,1244914,1244915,1244928,1244936,1244940,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244953,1244955,1244956,1244957,1244958,1244959,1244960,1244961,1244965,1244966,1244967,1244968,1244969,1244970,1244973,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244987,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245015,1245018,1245019,1245023,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245040,1245041,1245047,1245048,1245051,1245052,1245057,1245058,1245060,1245062,1245063,1245064,1245069,1245070,1245072,124507 3,1245088,1245089,1245092,1245093,1245094,1245098,1245103,1245116,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,1245154,1245155,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245340,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49935,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49943,CVE-2022-49944,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49949,CVE-2022-49950,CVE-2022-49951,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49962,CVE-2022-49963,CVE-2022-49964,CVE-2022-49965,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49971,CVE-2022-49972,CVE-2022-49977,CVE-2022-49978,CVE-2022-49980,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983 ,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50002,CVE-2022-50003,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50015,CVE-2022-50016,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-2022-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50035,CVE-2022-50036,CVE-2022-50037,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50041,CVE-2022-50044,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50049,CVE-2022-50050,CVE-2022-50051,CVE-2022-50052,CVE-2022-50053,CVE-2022-50054,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-20 22-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50086,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50115,CVE-2022-50116,CVE-2022-50117,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50133,CVE-2022-50134,CVE-2022-50135,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142,CVE-2022-50143,CVE-2022-50144,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50166,CVE-2022-50169,CVE-2022-50171,CVE-2022-5017 2,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50183,CVE-2022-50184,CVE-2022-50185,CVE-2022-50186,CVE-2022-50187,CVE-2022-50188,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50221,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53046,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-2024-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53125,CVE-2024-53141,CVE-2024-53197,CVE-2024-56770,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-20 25-37752,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37948,CVE-2025-37953,CVE-2025-37963,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38060,CVE-2025-38083 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468). - CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552). - CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821). - CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504) - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - ovl: fix use inode directly in rcu-walk mode (bsc#1241900). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2278-1 Released: Thu Jul 10 18:02:28 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2288-1 Released: Fri Jul 11 11:27:10 2025 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1240385,1244933 This update for python-azure-agent fixes the following issues: - Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf (bsc#1244933) - Fix %suse_version conditional in spec file so package is built using python2 in SLE 12 (bsc#1240385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2325-1 Released: Wed Jul 16 08:37:39 2025 Summary: Security update for xen Type: security Severity: important References: 1238896,1244644,1246112,CVE-2024-36350,CVE-2024-36357,CVE-2025-27465 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2345-1 Released: Thu Jul 17 13:10:49 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1233880,1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2375-1 Released: Fri Jul 18 15:16:14 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1242844,CVE-2025-4373 This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory corruption (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2384-1 Released: Fri Jul 18 18:45:53 2025 Summary: Security update for jq Type: security Severity: moderate References: 1243450,CVE-2024-23337 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2430-1 Released: Mon Jul 21 13:23:17 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2562-1 Released: Wed Jul 30 22:26:54 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM (bsc#1243457). - zypper does not distinguish between install and upgrade in %postinstall (bsc#1243279). - Most recent version released for nvidia-open-driver-G06-signed-kmp-default differs from nvidia-driver-G06-kmp-default (bsc#1244042). - Set proxy settings for zypper (bsc#1244710). - KVM guest installation show Unexpected Application Error (bsc#1245452). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - Implement color filtering when adding update targets. - Support orderwithrequires dependencies in susedata.xml. - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2588-1 Released: Fri Aug 1 14:35:14 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1233551,1234480,1234863,1236104,1236333,1238160,1239644,1242417,1244523,1245217,1245431,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-37797,CVE-2025-38079,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2589-1 Released: Fri Aug 1 15:05:54 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2706-1 Released: Tue Aug 5 12:08:28 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2713-1 Released: Wed Aug 6 11:21:54 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2805-1 Released: Fri Aug 15 08:00:49 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1246231 This update for grub2 fixes the following issues: - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2951-1 Released: Thu Aug 21 14:55:35 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3065-1 Released: Thu Sep 4 08:36:30 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - modified default SLE presets ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3083-1 Released: Fri Sep 5 11:02:28 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1224400,1240950 This update for suse-module-tools fixes the following issues: - Version update 15.5.7: - Add blacklist entry for reiserfs (jsc#PED-6167). - Add more modules to file system blacklist (jsc#PED-6167). - Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632). - udevrules: activate CPUs on hotplug for s390 (bsc#1224400). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3216-1 Released: Mon Sep 15 08:37:40 2025 Summary: Recommended update for Type: recommended Severity: important References: 1246081 This update for fixes the following issues: - Add lmdb binary into Basesystem 15-SP6 and 15-SP7 (bsc#1246081) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3260-1 Released: Thu Sep 18 02:09:31 2025 Summary: Security update for net-tools Type: security Severity: moderate References: 1243581,1246608,1248410,1248687,142461,CVE-2025-46836 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3267-1 Released: Thu Sep 18 13:05:51 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3270-1 Released: Thu Sep 18 13:18:05 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3303-1 Released: Tue Sep 23 11:10:02 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix( rngd): adjust license to match the license of the whole project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3331-1 Released: Wed Sep 24 08:54:17 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3334-1 Released: Wed Sep 24 08:56:48 2025 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1212476,1244154 This update for hyper-v fixes the following issues: - fcopy bugfix - Fix irregularities with size of ring buffer - Fix incorrect file path conversion - Enable debug logs for hv_kvp_daemon (bsc#1244154). - Update route parsing in kvp daemon - Remove obsolete obsolete code for SLE11SP2 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476). - Use %patch -P N instead of deprecated %patchN. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3344-1 Released: Wed Sep 24 15:34:13 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1229334,1233640,1234896,1236333,1237164,1240799,1242414,1242780,1244309,1244824,1245110,1245506,1245711,1245956,1245970,1245986,1246211,1246473,1246781,1246911,1247143,1247314,1247347,1247348,1247349,1247374,1247437,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,1249353,CVE-2022-49980,CVE-2022-50116,CVE-2023-53117,CVE-2024-42265,CVE-2024-53093,CVE-2024-53177,CVE-2024-57947,CVE-2024-58239,CVE-2025-21701,CVE-2025-21971,CVE-2025-37798,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38180,CVE-2025-38184,CVE-2025-38323,CVE-2025-38350,CVE-2025-38352,CVE-2025-38460,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - Disable N_GSM (jsc#PED-8240). - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211). - kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3432-1 Released: Tue Sep 30 15:51:49 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3593-1 Released: Mon Oct 13 15:34:44 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3603-1 Released: Wed Oct 15 15:37:24 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3615-1 Released: Thu Oct 16 07:49:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1205205,1206451,1206456,1206468,1206843,1206883,1206884,1207158,1207361,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1209980,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213533,1213666,1213747,1214073,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1223959,1234639,1236104,1237449,1238160,1241353,1242846,1243539,1244337,1244732,1245666,1246879,1246968,1247028,1247172,1247239,1248108,1248111,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249159,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249638,1249639,1249641,1249642,1249648,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249673,1249677,1249681,1249683,1249685,1249687,1249695,1249696,1249699,1249700,1249701,1249704,1249705,1249706,1249707,1249708,1249709,1249712,1249713,1 249715,1249716,1249718,1249722,1249727,1249730,1249733,1249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249756,1249757,1249758,1249762,1249767,1249777,1249780,1249781,1249782,1249784,1249791,1249799,1249800,1249802,1249808,1249810,1249816,1249820,1249824,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249861,1249864,1249865,1249866,1249867,1249868,1249869,1249872,1249874,1249877,1249880,1249882,1249883,1249884,1249885,1249890,1249892,1249894,1249908,1249910,1249911,1249913,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249940,1249944,1249947,1249949,1249950,1249951,1249954,1249958,1249979,1249981,1249991,1249994,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250017,1250023,1250024,1250026,1250037,1250039,1250040,1250041,1250042,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,125006 6,1250068,1250070,1250071,1250072,1250075,1250077,1250080,1250081,1250083,1250089,1250103,1250104,1250105,1250106,1250107,1250108,1250112,1250114,1250117,1250118,1250121,1250127,1250128,1250130,1250131,1250132,1250134,1250137,1250138,1250140,1250144,1250145,1250151,1250153,1250156,1250157,1250159,1250161,1250165,1250168,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250189,1250191,1250197,1250198,1250200,1250201,1250208,1250209,1250211,1250215,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250278,1250285,1250287,1250293,1250301,1250303,1250306,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250327,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250397,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250765,1250767,1250768,1250771,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250793,1250797,1250799,1250807,125 0810,1250811,1250814,1250818,1250819,1250822,1250823,1250824,1250825,1250829,1250830,1250831,1250832,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250849,1250850,1250851,1250853,1250856,1250861,1250862,1250863,1250864,1250866,1250867,1250868,1250872,1250873,1250874,1250875,1250877,1250879,1250881,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250913,1250915,1250917,1250923,1250927,1250928,1250931,1250932,1250948,1250949,1250953,1250963,1250964,1250965,CVE-2022-2602,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50242,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-502 79,CVE-2022-50282,CVE-2022-50286,CVE-2022-50287,CVE-2022-50288,CVE-2022-50289,CVE-2022-50292,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50303,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50323,CVE-2022-50324,CVE-2022-50325,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50339,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50354,CVE-2022-50355,CVE-2022-50356,CVE-2022-50357,CVE-2022-50358,CVE-2022-50359,CVE-2022-50360,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50378,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50390,CVE-2022-50391,CVE-2022-50392,CVE-2022-50393,CVE- 2022-50394,CVE-2022-50395,CVE-2022-50396,CVE-2022-50398,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50406,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50412,CVE-2022-50414,CVE-2022-50417,CVE-2022-50418,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50433,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50441,CVE-2022-50443,CVE-2022-50444,CVE-2022-50447,CVE-2022-50449,CVE-2022-50452,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50464,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53153,CVE-2023-53165,CVE-2023-5316 7,CVE-2023-53168,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53181,CVE-2023-53182,CVE-2023-53185,CVE-2023-53189,CVE-2023-53193,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53210,CVE-2023-53213,CVE-2023-53215,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53232,CVE-2023-53234,CVE-2023-53237,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53259,CVE-2023-53263,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53284,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2 023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-2023-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53320,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53332,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53340,CVE-2023-53344,CVE-2023-53347,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53357,CVE-2023-53359,CVE-2023-53368,CVE-2023-53370,CVE-2023-53371,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53378,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53383,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53391,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53398,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53442,CVE-2023-534 43,CVE-2023-53444,CVE-2023-53446,CVE-2023-53448,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53466,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-53474,CVE-2023-53475,CVE-2023-53476,CVE-2023-53480,CVE-2023-53482,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53489,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53511,CVE-2023-53512,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2023-53531,CVE-2023-53532,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-37738,CVE-2025-37958,CVE-2025-38014,CVE-2025-38111,CVE-2025-38380,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38683,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE- 2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - build_bug.h: Add KABI assert (bsc#1249186). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - supported.conf: mark hyperv_drm as external - use uniform permission checks for all mount propagation changes (git-fixes). - xfs: rework datasync tracking and execution (bsc#1237449). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - bind-utils-9.16.50-150500.8.27.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - cifs-utils-6.15-150400.3.15.1 updated - cloud-netconfig-azure-1.15-150000.25.26.1 added - coreutils-8.32-150400.9.9.1 updated - curl-8.14.1-150400.5.69.1 updated - dracut-055+suse.398.g8f75016e-150500.3.32.1 updated - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated - grub2-i386-pc-2.06-150500.29.56.1 updated - grub2-x86_64-efi-2.06-150500.29.56.1 updated - grub2-2.06-150500.29.56.1 updated - haveged-1.9.14-150400.3.8.1 updated - hwdata-0.394-150000.3.77.2 updated - hwinfo-21.89-150500.3.12.1 updated - hyper-v-9-150200.14.12.2 updated - iputils-20221126-150500.3.14.1 updated - jq-1.6-150000.3.9.1 updated - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - kernel-default-5.14.21-150500.55.124.1 updated - kexec-tools-2.0.20-150500.20.3.1 updated - krb5-1.20.1-150500.3.17.1 updated - libavahi-client3-0.8-150400.7.23.1 updated - libavahi-common3-0.8-150400.7.23.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libcurl4-8.14.1-150400.5.69.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.9.4-150500.12.3.3 updated - libglib-2_0-0-2.70.5-150400.3.23.1 updated - libgnutls30-3.7.3-150400.4.50.1 updated - libhavege2-1.9.14-150400.3.8.1 updated - libjq1-1.6-150000.3.9.1 updated - liblmdb-0_9_30-0.9.30-150500.3.2.1 updated - libncurses6-6.1-150000.5.30.1 updated - libopenssl1_1-1.1.1l-150500.17.43.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - librdkafka1-0.11.6-150000.1.11.1 updated - libsolv-tools-base-0.7.34-150500.6.12.3 updated - libsolv-tools-0.7.34-150500.6.12.3 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libssh-config-0.9.8-150400.3.9.1 updated - libssh4-0.9.8-150400.3.9.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libwayland-client0-1.21.0-150500.1.1 added - libxml2-2-2.10.3-150500.5.32.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libzypp-17.37.18-150500.6.64.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - net-tools-2.0+git20170221.479bb4a-150000.5.13.1 updated - openssh-clients-8.4p1-150300.3.49.1 updated - openssh-common-8.4p1-150300.3.49.1 updated - openssh-server-8.4p1-150300.3.49.1 updated - openssh-8.4p1-150300.3.49.1 updated - openssl-1_1-1.1.1l-150500.17.43.1 updated - pam-config-1.1-150200.3.14.1 updated - pam-1.3.0-150000.6.86.1 updated - perl-base-5.26.1-150300.17.20.1 updated - perl-5.26.1-150300.17.20.1 updated - permissions-20201225-150400.5.22.1 updated - python-azure-agent-config-server-2.12.0.4-150100.3.50.1 updated - python-azure-agent-2.12.0.4-150100.3.50.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-attrs-19.3.0-150200.3.9.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-bind-9.16.50-150500.8.27.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-ply-3.10-150000.3.8.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - python3-zipp-0.6.0-150100.3.8.1 updated - python3-3.6.15-150300.10.97.2 updated - runc-1.2.6-150000.73.2 updated - samba-client-libs-4.17.12+git.510.0efaadf376b-150500.3.34.1 updated - sudo-1.9.12p1-150500.7.13.1 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.5.7-150500.3.15.3 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - systemd-presets-branding-SLE-15.1-150100.20.17.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - terminfo-base-6.1-150000.5.30.1 updated - terminfo-6.1-150000.5.30.1 updated - udev-249.17-150400.8.49.2 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - vim-9.1.1629-150500.20.33.1 updated - xen-libs-4.17.5_10-150500.3.50.1 updated - zypper-1.14.94-150500.6.42.1 updated - catatonit-0.2.0-150500.3.3.1 removed - docker-27.5.1_ce-150000.218.1 removed From sle-container-updates at lists.suse.com Fri Oct 24 07:03:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:03:17 +0200 (CEST) Subject: SUSE-IU-2025:3241-1: Security update of suse-sles-15-sp5-chost-byos-v20251022-hvm-ssd-x86_64 Message-ID: <20251024070317.9F2BEF780@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20251022-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3241-1 Image Tags : suse-sles-15-sp5-chost-byos-v20251022-hvm-ssd-x86_64:20251022 Image Release : Severity : critical Type : security References : 1054914 1065729 1065729 1095485 1112822 1118783 1122013 1123008 1135257 1135263 1135592 1144282 1156395 1157117 1157190 1159460 1162705 1162707 1164051 1165294 1178486 1179031 1179032 1184350 1187939 1193629 1193629 1193629 1194869 1194869 1198410 1199356 1199487 1199853 1201160 1201956 1202094 1202095 1202564 1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361 1204228 1204549 1204562 1204569 1204619 1204705 1205128 1205205 1205220 1205282 1205514 1205701 1206051 1206051 1206073 1206451 1206451 1206456 1206468 1206649 1206664 1206843 1206843 1206843 1206878 1206880 1206883 1206884 1206886 1206887 1207158 1207361 1207361 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208105 1208542 1208607 1209287 1209291 1209292 1209556 1209684 1209780 1209980 1209980 1210337 1210409 1210584 1210763 1210767 1211226 1211465 1211960 1212051 1212603 1213012 1213013 1213015 1213016 1213040 1213041 1213061 1213090 1213094 1213096 1213099 1213104 1213233 1213533 1213666 1213747 1213946 1214073 1214715 1214953 1214967 1214991 1215150 1215696 1215911 1216976 1217790 1218069 1218184 1218234 1218459 1218470 1218470 1219007 1219454 1220185 1220186 1220718 1221107 1221202 1221757 1221829 1222044 1222296 1222629 1222634 1223096 1223675 1223959 1224095 1224400 1224597 1225468 1225820 1225903 1225903 1226514 1226552 1228634 1228659 1228776 1229334 1229361 1229621 1230092 1230262 1230267 1230267 1230649 1230764 1230827 1231103 1231293 1231910 1232234 1232504 1232526 1232533 1232649 1233012 1233012 1233012 1233012 1233012 1233012 1233421 1233551 1233640 1233880 1234128 1234156 1234282 1234381 1234395 1234454 1234480 1234639 1234863 1234887 1234896 1234959 1235100 1235464 1235598 1235637 1235870 1235873 1235958 1235971 1236104 1236104 1236333 1236333 1236777 1236821 1236822 1237143 1237159 1237164 1237172 1237230 1237312 1237313 1237442 1237449 1237587 1237595 1237949 1237981 1238032 1238043 1238160 1238160 1238303 1238315 1238471 1238491 1238512 1238526 1238570 1238747 1238865 1238876 1238896 1239012 1239061 1239543 1239566 1239602 1239644 1239651 1239684 1239809 1239938 1239968 1239986 1240132 1240209 1240211 1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306 1240314 1240315 1240321 1240529 1240648 1240747 1240785 1240788 1240799 1240802 1240835 1240869 1240897 1240950 1241012 1241038 1241045 1241219 1241249 1241280 1241353 1241371 1241421 1241433 1241463 1241525 1241541 1241549 1241625 1241640 1241648 1241900 1242006 1242146 1242147 1242150 1242151 1242154 1242157 1242158 1242160 1242164 1242165 1242169 1242215 1242217 1242218 1242219 1242221 1242222 1242224 1242226 1242227 1242228 1242229 1242230 1242231 1242232 1242237 1242239 1242240 1242241 1242244 1242245 1242248 1242249 1242261 1242264 1242265 1242270 1242276 1242278 1242279 1242280 1242281 1242282 1242284 1242285 1242286 1242289 1242294 1242295 1242298 1242300 1242302 1242305 1242311 1242312 1242320 1242338 1242349 1242351 1242352 1242353 1242355 1242357 1242358 1242359 1242360 1242361 1242365 1242366 1242369 1242370 1242371 1242372 1242377 1242378 1242380 1242381 1242382 1242385 1242387 1242389 1242391 1242392 1242393 1242394 1242398 1242399 1242400 1242402 1242403 1242405 1242406 1242409 1242410 1242411 1242414 1242414 1242415 1242416 1242417 1242421 1242422 1242425 1242426 1242428 1242440 1242443 1242448 1242449 1242452 1242453 1242454 1242455 1242456 1242458 1242464 1242465 1242467 1242469 1242473 1242474 1242478 1242481 1242484 1242489 1242493 1242497 1242504 1242527 1242542 1242544 1242545 1242547 1242548 1242549 1242550 1242551 1242558 1242570 1242580 1242586 1242589 1242596 1242596 1242597 1242685 1242686 1242688 1242689 1242695 1242716 1242733 1242734 1242735 1242736 1242739 1242740 1242743 1242744 1242745 1242746 1242747 1242748 1242749 1242751 1242752 1242753 1242756 1242759 1242762 1242765 1242767 1242778 1242778 1242778 1242779 1242780 1242782 1242790 1242791 1242842 1242844 1242846 1242924 1243047 1243117 1243133 1243226 1243226 1243273 1243279 1243313 1243317 1243330 1243450 1243457 1243486 1243488 1243539 1243543 1243581 1243627 1243649 1243660 1243737 1243767 1243772 1243832 1243887 1243901 1243919 1243935 1243991 1244032 1244039 1244042 1244050 1244056 1244059 1244060 1244061 1244079 1244105 1244114 1244116 1244179 1244180 1244234 1244241 1244277 1244309 1244309 1244337 1244337 1244401 1244509 1244523 1244553 1244554 1244555 1244557 1244590 1244644 1244700 1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771 1244772 1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783 1244784 1244786 1244787 1244788 1244790 1244791 1244793 1244794 1244796 1244797 1244798 1244800 1244802 1244804 1244805 1244806 1244807 1244808 1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824 1244824 1244825 1244826 1244827 1244830 1244831 1244832 1244834 1244836 1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848 1244849 1244851 1244853 1244854 1244856 1244858 1244860 1244861 1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887 1244888 1244890 1244892 1244893 1244895 1244898 1244899 1244900 1244901 1244902 1244903 1244904 1244905 1244908 1244911 1244912 1244914 1244915 1244925 1244928 1244936 1244940 1244941 1244942 1244943 1244944 1244945 1244948 1244949 1244950 1244953 1244955 1244956 1244957 1244958 1244959 1244960 1244961 1244965 1244966 1244967 1244968 1244969 1244970 1244973 1244974 1244976 1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244987 1244991 1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245015 1245018 1245019 1245023 1245024 1245028 1245031 1245032 1245033 1245038 1245039 1245040 1245041 1245047 1245048 1245051 1245052 1245057 1245058 1245060 1245062 1245063 1245064 1245069 1245070 1245072 1245073 1245088 1245089 1245092 1245093 1245094 1245098 1245103 1245110 1245116 1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245155 1245180 1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265 1245274 1245309 1245310 1245311 1245314 1245340 1245348 1245431 1245431 1245452 1245455 1245496 1245506 1245573 1245666 1245672 1245711 1245936 1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038 1246045 1246073 1246081 1246112 1246149 1246186 1246197 1246197 1246211 1246221 1246231 1246232 1246233 1246267 1246287 1246296 1246299 1246431 1246466 1246473 1246555 1246570 1246597 1246602 1246604 1246608 1246776 1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239 1247249 1247314 1247347 1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108 1248111 1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248410 1248511 1248614 1248621 1248628 1248639 1248687 1248748 1248847 1249126 1249158 1249159 1249186 1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249348 1249348 1249353 1249367 1249367 1249374 1249516 1249538 1249548 1249584 1249604 1249638 1249639 1249641 1249642 1249648 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249673 1249677 1249681 1249683 1249685 1249687 1249695 1249696 1249699 1249700 1249701 1249704 1249705 1249706 1249707 1249708 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249756 1249757 1249758 1249762 1249767 1249777 1249780 1249781 1249782 1249784 1249791 1249799 1249800 1249802 1249808 1249810 1249816 1249820 1249824 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249861 1249864 1249865 1249866 1249867 1249868 1249869 1249872 1249874 1249877 1249880 1249882 1249883 1249884 1249885 1249890 1249892 1249894 1249908 1249910 1249911 1249913 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249940 1249944 1249947 1249949 1249950 1249951 1249954 1249958 1249979 1249981 1249991 1249994 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250017 1250023 1250024 1250026 1250037 1250039 1250040 1250041 1250042 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250068 1250070 1250071 1250072 1250075 1250077 1250080 1250081 1250083 1250089 1250103 1250104 1250105 1250106 1250107 1250108 1250112 1250114 1250117 1250118 1250121 1250127 1250128 1250130 1250131 1250132 1250134 1250137 1250138 1250140 1250144 1250145 1250151 1250153 1250156 1250157 1250159 1250161 1250165 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250189 1250191 1250197 1250198 1250200 1250201 1250208 1250209 1250211 1250215 1250232 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250278 1250285 1250287 1250293 1250301 1250303 1250306 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250327 1250328 1250331 1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250397 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250765 1250767 1250768 1250771 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250793 1250797 1250799 1250807 1250810 1250811 1250814 1250818 1250819 1250822 1250823 1250824 1250825 1250829 1250830 1250831 1250832 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250849 1250850 1250851 1250853 1250856 1250861 1250862 1250863 1250864 1250866 1250867 1250868 1250872 1250873 1250874 1250875 1250877 1250879 1250881 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250913 1250915 1250917 1250923 1250927 1250928 1250931 1250932 1250948 1250949 1250953 1250963 1250964 1250965 1251279 1251280 142461 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595 CVE-2021-47671 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-3564 CVE-2022-3619 CVE-2022-36280 CVE-2022-3640 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-48933 CVE-2022-49110 CVE-2022-49138 CVE-2022-49138 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49762 CVE-2022-49763 CVE-2022-49767 CVE-2022-49769 CVE-2022-49770 CVE-2022-49770 CVE-2022-49771 CVE-2022-49772 CVE-2022-49773 CVE-2022-49775 CVE-2022-49776 CVE-2022-49777 CVE-2022-49779 CVE-2022-49781 CVE-2022-49783 CVE-2022-49784 CVE-2022-49786 CVE-2022-49787 CVE-2022-49788 CVE-2022-49789 CVE-2022-49790 CVE-2022-49792 CVE-2022-49793 CVE-2022-49794 CVE-2022-49795 CVE-2022-49796 CVE-2022-49797 CVE-2022-49799 CVE-2022-49800 CVE-2022-49801 CVE-2022-49802 CVE-2022-49807 CVE-2022-49809 CVE-2022-49810 CVE-2022-49812 CVE-2022-49813 CVE-2022-49818 CVE-2022-49821 CVE-2022-49822 CVE-2022-49823 CVE-2022-49824 CVE-2022-49825 CVE-2022-49826 CVE-2022-49827 CVE-2022-49830 CVE-2022-49832 CVE-2022-49834 CVE-2022-49835 CVE-2022-49836 CVE-2022-49837 CVE-2022-49839 CVE-2022-49841 CVE-2022-49842 CVE-2022-49845 CVE-2022-49846 CVE-2022-49850 CVE-2022-49853 CVE-2022-49858 CVE-2022-49860 CVE-2022-49861 CVE-2022-49863 CVE-2022-49864 CVE-2022-49865 CVE-2022-49868 CVE-2022-49869 CVE-2022-49870 CVE-2022-49871 CVE-2022-49874 CVE-2022-49879 CVE-2022-49880 CVE-2022-49881 CVE-2022-49885 CVE-2022-49886 CVE-2022-49887 CVE-2022-49888 CVE-2022-49889 CVE-2022-49890 CVE-2022-49891 CVE-2022-49892 CVE-2022-49900 CVE-2022-49901 CVE-2022-49902 CVE-2022-49905 CVE-2022-49906 CVE-2022-49908 CVE-2022-49909 CVE-2022-49910 CVE-2022-49915 CVE-2022-49916 CVE-2022-49917 CVE-2022-49918 CVE-2022-49921 CVE-2022-49922 CVE-2022-49923 CVE-2022-49924 CVE-2022-49925 CVE-2022-49927 CVE-2022-49928 CVE-2022-49929 CVE-2022-49931 CVE-2022-49934 CVE-2022-49935 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942 CVE-2022-49943 CVE-2022-49944 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49949 CVE-2022-49950 CVE-2022-49951 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960 CVE-2022-49962 CVE-2022-49963 CVE-2022-49964 CVE-2022-49965 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49971 CVE-2022-49972 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50002 CVE-2022-50003 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012 CVE-2022-50015 CVE-2022-50016 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034 CVE-2022-50035 CVE-2022-50036 CVE-2022-50037 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50041 CVE-2022-50044 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50049 CVE-2022-50050 CVE-2022-50051 CVE-2022-50052 CVE-2022-50053 CVE-2022-50054 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50086 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112 CVE-2022-50115 CVE-2022-50116 CVE-2022-50116 CVE-2022-50117 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50133 CVE-2022-50134 CVE-2022-50135 CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50144 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50166 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50183 CVE-2022-50184 CVE-2022-50185 CVE-2022-50186 CVE-2022-50187 CVE-2022-50188 CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50221 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50242 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50287 CVE-2022-50288 CVE-2022-50289 CVE-2022-50292 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50303 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50323 CVE-2022-50324 CVE-2022-50325 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50339 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50354 CVE-2022-50355 CVE-2022-50356 CVE-2022-50357 CVE-2022-50358 CVE-2022-50359 CVE-2022-50360 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50378 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50390 CVE-2022-50391 CVE-2022-50392 CVE-2022-50393 CVE-2022-50394 CVE-2022-50395 CVE-2022-50396 CVE-2022-50398 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50406 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50412 CVE-2022-50414 CVE-2022-50417 CVE-2022-50418 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50433 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50441 CVE-2022-50443 CVE-2022-50444 CVE-2022-50447 CVE-2022-50449 CVE-2022-50452 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50464 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-1990 CVE-2023-28328 CVE-2023-28866 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53035 CVE-2023-53036 CVE-2023-53038 CVE-2023-53039 CVE-2023-53040 CVE-2023-53041 CVE-2023-53042 CVE-2023-53044 CVE-2023-53045 CVE-2023-53046 CVE-2023-53048 CVE-2023-53049 CVE-2023-53051 CVE-2023-53052 CVE-2023-53054 CVE-2023-53056 CVE-2023-53057 CVE-2023-53058 CVE-2023-53059 CVE-2023-53060 CVE-2023-53062 CVE-2023-53064 CVE-2023-53065 CVE-2023-53066 CVE-2023-53068 CVE-2023-53070 CVE-2023-53071 CVE-2023-53073 CVE-2023-53074 CVE-2023-53075 CVE-2023-53076 CVE-2023-53077 CVE-2023-53078 CVE-2023-53079 CVE-2023-53081 CVE-2023-53082 CVE-2023-53084 CVE-2023-53087 CVE-2023-53089 CVE-2023-53090 CVE-2023-53091 CVE-2023-53092 CVE-2023-53093 CVE-2023-53095 CVE-2023-53096 CVE-2023-53097 CVE-2023-53098 CVE-2023-53099 CVE-2023-53100 CVE-2023-53101 CVE-2023-53102 CVE-2023-53105 CVE-2023-53106 CVE-2023-53108 CVE-2023-53109 CVE-2023-53111 CVE-2023-53112 CVE-2023-53114 CVE-2023-53116 CVE-2023-53117 CVE-2023-53118 CVE-2023-53119 CVE-2023-53123 CVE-2023-53124 CVE-2023-53125 CVE-2023-53128 CVE-2023-53131 CVE-2023-53134 CVE-2023-53137 CVE-2023-53139 CVE-2023-53140 CVE-2023-53142 CVE-2023-53143 CVE-2023-53145 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53168 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53181 CVE-2023-53182 CVE-2023-53185 CVE-2023-53189 CVE-2023-53193 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53210 CVE-2023-53213 CVE-2023-53215 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53232 CVE-2023-53234 CVE-2023-53237 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53259 CVE-2023-53263 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53284 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53320 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53332 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53340 CVE-2023-53344 CVE-2023-53347 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53357 CVE-2023-53359 CVE-2023-53368 CVE-2023-53370 CVE-2023-53371 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53378 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53383 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53391 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53398 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53442 CVE-2023-53443 CVE-2023-53444 CVE-2023-53446 CVE-2023-53448 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53466 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53480 CVE-2023-53482 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53489 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53511 CVE-2023-53512 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2023-53531 CVE-2023-53532 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-23337 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643 CVE-2024-26804 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-28956 CVE-2024-28956 CVE-2024-35840 CVE-2024-36350 CVE-2024-36357 CVE-2024-36978 CVE-2024-41965 CVE-2024-42265 CVE-2024-42307 CVE-2024-45310 CVE-2024-46763 CVE-2024-46800 CVE-2024-46865 CVE-2024-47081 CVE-2024-50038 CVE-2024-52615 CVE-2024-53057 CVE-2024-53093 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53168 CVE-2024-53177 CVE-2024-53197 CVE-2024-53241 CVE-2024-56558 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-1713 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21703 CVE-2025-21726 CVE-2025-21756 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-21971 CVE-2025-21999 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22056 CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-23141 CVE-2025-23145 CVE-2025-23145 CVE-2025-27465 CVE-2025-29768 CVE-2025-32462 CVE-2025-32728 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3360 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752 CVE-2025-37785 CVE-2025-37789 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37890 CVE-2025-37932 CVE-2025-37948 CVE-2025-37953 CVE-2025-37958 CVE-2025-37963 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38060 CVE-2025-38079 CVE-2025-38083 CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38683 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39735 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-40909 CVE-2025-4138 CVE-2025-4330 CVE-2025-4373 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-46836 CVE-2025-47268 CVE-2025-47273 CVE-2025-4802 CVE-2025-48060 CVE-2025-4877 CVE-2025-4878 CVE-2025-48964 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-50181 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-59375 CVE-2025-6018 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20251022-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1335-1 Released: Tue Jul 17 10:13:39 2018 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1095485 This update for cloud-netconfig fixes the following issues: - Make interface names in Azure persistent. (bsc#1095485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:529-1 Released: Fri Mar 1 13:46:51 2019 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1112822,1118783,1122013,1123008 This update for cloud-netconfig provides the following fixes: - Run cloud-netconfig periodically. (bsc#1118783, bsc#1122013) - Do not treat eth0 special with regard to routing policies. (bsc#1123008) - Reduce the timeout on metadata read. (bsc#1112822) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1560-1 Released: Wed Jun 19 08:57:17 2019 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1135257,1135263 This update for cloud-netconfig fixes the following issues: - cloud-netconfig will now pause and retry if API call throttling is detected in Azure (bsc#1135257, bsc#1135263) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:31-1 Released: Mon Feb 24 10:36:36 2020 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1135592,1144282,1157117,1157190 This update for cloud-netconfig contains the following fixes: - Removed obsolete Group tag from spec file. - Update to version 1.3: + Fix IPv4 address handling on secondary NICs in Azure. - Update to version 1.2: + support AWS IMDSv2 token. - Update to version 1.1: + fix use of GATEWAY variable. (bsc#1157117, bsc#1157190) + remove secondary IPv4 address only when added by cloud-netconfig. (bsc#1144282) + simplify routing setup for single NIC systems (partly fixes bsc#1135592) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:637-1 Released: Wed Mar 11 11:29:56 2020 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1162705,1162707 This update for cloud-netconfig fixes the following issues: - Copy routes from the default routing table. (bsc#1162705, bsc#1162707) On multi-NIC systems, cloud-netconfig creates separate routing tables with different default routes, so packets get routed via the network interfaces associated with the source IP address. Systems may have additional routing in place and in that case cloud-netconfig's NIC specific routing may bypass those routes. - Make the key CLOUD_NETCONFIG_MANAGE enable by default. Any network interface that has been configured automatically via cloud-netconfig has a configuration file associated. If the value is set to 'NO' (or the pair is removed altogether), cloud-netconfig will not handle secondary IPv4 addresses and routing policies for the associated network interface. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3619-1 Released: Tue Dec 15 13:41:16 2020 Summary: Recommended update for cloud-netconfig, google-guest-agent Type: recommended Severity: moderate References: 1159460,1178486,1179031,1179032 This update for cloud-netconfig, google-guest-agent fixes the following issues: cloud-netconfig: - Update to version 1.5: + Add support for GCE (bsc#1159460, bsc#1178486, jsc#ECO-2800) + Improve default gateway determination google-guest-agent: - Update to version 20201026.00 * remove old unused workflow files * fallback to IP for metadata * getPasswd: Check full prefix of line for username - dont_overwrite_ifcfg.patch: Do not overwrite existing ifcfg files to allow manual configuration and compatibility with cloud-netconfig. (bsc#1159460, bsc#1178486) - Update to version 20200929.00 * correct varname * don't call dhclient -x on network setup * add instance id dir override * update agent systemd service file * typo, change to noadjfile * add gaohannk to OWNERS * remove illfelder from OWNERS * Add all license files to packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:167-1 Released: Mon Jan 24 18:16:24 2022 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1187939 This update for cloud-netconfig fixes the following issues: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:658-1 Released: Wed Mar 8 10:51:10 2023 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1199853,1204549 This update for cloud-netconfig fixes the following issues: - Update to version 1.7: + Overhaul policy routing setup + Support alias IPv4 ranges + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3637-1 Released: Mon Sep 18 13:02:23 2023 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1214715 This update for cloud-netconfig fixes the following issues: - Update to version 1.8: - Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:630-1 Released: Tue Feb 27 09:14:49 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1218069,1219007 This update for cloud-netconfig fixes the following issues: - Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007) - Drop package dependency on sysconfig-netconfig - Improve log level handling - Support IPv6 IMDS endpoint in EC2 (bsc#1218069) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:781-1 Released: Wed Mar 6 15:05:13 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1219454,1220718 This update for cloud-netconfig fixes the following issues: - Add Provides/Obsoletes for dropped cloud-netconfig-nm - Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions - Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory - Update to version 1.11: + Revert address metadata lookup in GCE to local lookup (bsc#1219454) + Fix hang on warning log messages + Check whether getting IPv4 addresses from metadata failed and abort if true + Only delete policy rules if they exist + Skip adding/removing IPv4 ranges if metdata lookup failed + Improve error handling and logging in Azure + Set SCRIPTDIR when installing netconfig wrapper ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:869-1 Released: Wed Mar 13 10:48:51 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1221202 This update for cloud-netconfig fixes the following issues: - Update to version 1.12 (bsc#1221202) * If token access succeeds using IPv4 do not use the IPv6 endpoint only use the IPv6 IMDS endpoint if IPv4 access fails. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1085-1 Released: Tue Apr 2 11:24:09 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1221757 This update for cloud-netconfig fixes the following issues: - Update to version 1.14 + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1576-1 Released: Mon May 19 06:48:35 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1228634,1232533,1241012,1241045,CVE-2025-32728 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1580-1 Released: Mon May 19 15:11:59 2025 Summary: Recommended update for librdkafka Type: recommended Severity: important References: 1242842 This update for librdkafka fixes the following issues: - Avoid endless loops under certain conditions (bsc#1242842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1620-1 Released: Wed May 21 11:58:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625). The following non-security bugs were fixed: - cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777). - cpufreq: Allow drivers to advertise boost enabled (bsc#1236777). - cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777). - cpufreq: Support per-policy performance boost (bsc#1236777). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1626-1 Released: Wed May 21 12:00:29 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1235958,1235971,1239651 This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged. Also the following issue was fixed: - Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1643-1 Released: Wed May 21 16:32:37 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1689-1 Released: Fri May 23 12:46:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1240648 This update for hwinfo fixes the following issues: - Version update v21.88 - Fix network card detection on aarch64 (bsc#1240648). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1764-1 Released: Fri May 30 08:45:46 2025 Summary: Recommended update for kexec-tools Type: recommended Severity: important References: 1241249 This update for kexec-tools fixes the following issues: - add support for lockless ringbuffer (bsc#1241249) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1776-1 Released: Fri May 30 15:02:52 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,CVE-2025-47268 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1810-1 Released: Wed Jun 4 11:28:57 2025 Summary: Security update for python3-setuptools Type: security Severity: important References: 1243313,CVE-2025-47273 This update for python3-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1836-1 Released: Mon Jun 9 16:11:28 2025 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1240869 This update for cloud-netconfig fixes the following issues: - Add support for creating IPv6 default route in GCE (bsc#1240869) - Minor fix when looking up IPv6 default route ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1860-1 Released: Tue Jun 10 10:11:56 2025 Summary: Security update for xen Type: security Severity: moderate References: 1234282,1238043,1243117,CVE-2024-28956,CVE-2024-53241,CVE-2025-1713 This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282) - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1998-1 Released: Wed Jun 18 10:42:20 2025 Summary: Security update for python-requests Type: security Severity: moderate References: 1244039,CVE-2024-47081 This update for python-requests fixes the following issues: - CVE-2024-47081: fixed netrc credential leak (bsc#1244039). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2008-1 Released: Wed Jun 18 16:03:56 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the 'metalink' attribute and reflect that the 'url' elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2082-1 Released: Tue Jun 24 12:28:23 2025 Summary: Security update for pam-config Type: security Severity: important References: 1243226,CVE-2025-6018 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2103-1 Released: Wed Jun 25 10:26:23 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1243488 This update for cifs-utils fixes the following issues: - Add patches: * Fix cifs.mount with krb5 auth (bsc#1243488) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2173-1 Released: Mon Jun 30 15:01:26 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184350,1193629,1204562,1204569,1204619,1204705,1205282,1206051,1206073,1206649,1206843,1206886,1206887,1207361,1208105,1208542,1209292,1209556,1209684,1209780,1209980,1210337,1210763,1210767,1211465,1213012,1213013,1213094,1213096,1213233,1213946,1214991,1218470,1222629,1223096,1225903,1228659,1231293,1232649,1234395,1234454,1234887,1235100,1235870,1238303,1238570,1239986,1240785,1240802,1241038,1241525,1241640,1242006,1242146,1242147,1242150,1242151,1242154,1242157,1242158,1242160,1242164,1242165,1242169,1242215,1242217,1242218,1242219,1242222,1242224,1242226,1242227,1242228,1242229,1242230,1242231,1242232,1242237,1242239,1242240,1242241,1242244,1242245,1242248,1242249,1242261,1242264,1242265,1242270,1242276,1242278,1242279,1242280,1242281,1242282,1242285,1242286,1242289,1242294,1242295,1242298,1242302,1242305,1242311,1242312,1242320,1242338,1242349,1242351,1242352,1242353,1242355,1242357,1242358,1242359,1242360,1242361,1242365,1242366,1242369,1242370,1242371,1242372,1 242377,1242378,1242380,1242381,1242382,1242385,1242387,1242389,1242391,1242392,1242393,1242394,1242398,1242399,1242400,1242402,1242403,1242405,1242406,1242409,1242410,1242411,1242415,1242416,1242421,1242422,1242425,1242426,1242428,1242440,1242443,1242448,1242449,1242452,1242453,1242454,1242455,1242456,1242458,1242464,1242465,1242467,1242469,1242473,1242474,1242478,1242481,1242484,1242489,1242497,1242527,1242542,1242544,1242545,1242547,1242548,1242549,1242550,1242551,1242558,1242570,1242580,1242586,1242589,1242596,1242597,1242685,1242686,1242688,1242689,1242695,1242716,1242733,1242734,1242735,1242736,1242739,1242740,1242743,1242744,1242745,1242746,1242747,1242748,1242749,1242751,1242752,1242753,1242756,1242759,1242762,1242765,1242767,1242778,1242779,1242790,1242791,1243047,1243133,1243737,1243919,CVE-2022-3564,CVE-2022-3619,CVE-2022-3640,CVE-2022-49762,CVE-2022-49763,CVE-2022-49769,CVE-2022-49770,CVE-2022-49771,CVE-2022-49772,CVE-2022-49773,CVE-2022-49775,CVE-2022-49776,CVE-2022-4977 7,CVE-2022-49779,CVE-2022-49781,CVE-2022-49783,CVE-2022-49784,CVE-2022-49786,CVE-2022-49787,CVE-2022-49788,CVE-2022-49789,CVE-2022-49790,CVE-2022-49792,CVE-2022-49793,CVE-2022-49794,CVE-2022-49795,CVE-2022-49796,CVE-2022-49797,CVE-2022-49799,CVE-2022-49800,CVE-2022-49801,CVE-2022-49802,CVE-2022-49807,CVE-2022-49809,CVE-2022-49810,CVE-2022-49812,CVE-2022-49813,CVE-2022-49818,CVE-2022-49821,CVE-2022-49822,CVE-2022-49823,CVE-2022-49824,CVE-2022-49825,CVE-2022-49826,CVE-2022-49827,CVE-2022-49830,CVE-2022-49832,CVE-2022-49834,CVE-2022-49835,CVE-2022-49836,CVE-2022-49837,CVE-2022-49839,CVE-2022-49841,CVE-2022-49842,CVE-2022-49845,CVE-2022-49846,CVE-2022-49850,CVE-2022-49853,CVE-2022-49858,CVE-2022-49860,CVE-2022-49861,CVE-2022-49863,CVE-2022-49864,CVE-2022-49865,CVE-2022-49868,CVE-2022-49869,CVE-2022-49870,CVE-2022-49871,CVE-2022-49874,CVE-2022-49879,CVE-2022-49880,CVE-2022-49881,CVE-2022-49885,CVE-2022-49886,CVE-2022-49887,CVE-2022-49888,CVE-2022-49889,CVE-2022-49890,CVE-2022-49891,CVE-2 022-49892,CVE-2022-49900,CVE-2022-49901,CVE-2022-49902,CVE-2022-49905,CVE-2022-49906,CVE-2022-49908,CVE-2022-49909,CVE-2022-49910,CVE-2022-49915,CVE-2022-49916,CVE-2022-49917,CVE-2022-49918,CVE-2022-49921,CVE-2022-49922,CVE-2022-49923,CVE-2022-49924,CVE-2022-49925,CVE-2022-49927,CVE-2022-49928,CVE-2022-49929,CVE-2022-49931,CVE-2023-1990,CVE-2023-28866,CVE-2023-53035,CVE-2023-53036,CVE-2023-53038,CVE-2023-53039,CVE-2023-53040,CVE-2023-53041,CVE-2023-53042,CVE-2023-53044,CVE-2023-53045,CVE-2023-53049,CVE-2023-53052,CVE-2023-53054,CVE-2023-53056,CVE-2023-53057,CVE-2023-53058,CVE-2023-53059,CVE-2023-53060,CVE-2023-53062,CVE-2023-53064,CVE-2023-53065,CVE-2023-53066,CVE-2023-53068,CVE-2023-53070,CVE-2023-53071,CVE-2023-53073,CVE-2023-53074,CVE-2023-53075,CVE-2023-53077,CVE-2023-53078,CVE-2023-53079,CVE-2023-53081,CVE-2023-53082,CVE-2023-53084,CVE-2023-53087,CVE-2023-53089,CVE-2023-53090,CVE-2023-53091,CVE-2023-53092,CVE-2023-53093,CVE-2023-53095,CVE-2023-53096,CVE-2023-53098,CVE-2023-5309 9,CVE-2023-53100,CVE-2023-53101,CVE-2023-53102,CVE-2023-53105,CVE-2023-53106,CVE-2023-53108,CVE-2023-53109,CVE-2023-53111,CVE-2023-53112,CVE-2023-53114,CVE-2023-53116,CVE-2023-53118,CVE-2023-53119,CVE-2023-53123,CVE-2023-53124,CVE-2023-53125,CVE-2023-53128,CVE-2023-53131,CVE-2023-53134,CVE-2023-53137,CVE-2023-53139,CVE-2023-53140,CVE-2023-53142,CVE-2023-53143,CVE-2023-53145,CVE-2024-26804,CVE-2024-28956,CVE-2024-53168,CVE-2024-56558,CVE-2025-21999,CVE-2025-22056,CVE-2025-23145,CVE-2025-37785,CVE-2025-37789 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). The following non-security bugs were fixed: - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737). - Move upstreamed sched/membarrier patch into sorted section - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.4 anymore. - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.5 anymore. - Use gcc-13 for build on SLE16 (jsc#PED-10028). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737). - hv_netvsc: Remove rmsg_pgcnt (bsc#1243737). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737). - mtd: phram: Add the kernel lock down check (bsc#1232649). - net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395). - net: mana: Add gdma stats to ethtool output for mana (bsc#1234395). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2179-1 Released: Mon Jun 30 19:54:01 2025 Summary: Security update for sudo Type: security Severity: important References: 1245274,CVE-2025-32462 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2198-1 Released: Wed Jul 2 11:22:33 2025 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2226-1 Released: Fri Jul 4 15:31:04 2025 Summary: Security update for vim Type: security Severity: moderate References: 1228776,1239602,CVE-2024-41965,CVE-2025-29768 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2235-1 Released: Mon Jul 7 14:08:03 2025 Summary: Recommended update for haveged Type: recommended Severity: moderate References: 1165294,1222296 This update for haveged fixes the following issues: - Add patch files introducing the '--once' flag (bsc#1222296, bsc#1165294) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2264-1 Released: Thu Jul 10 10:25:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1205701,1206451,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1230827,1232504,1234156,1234381,1235464,1235637,1236821,1236822,1237159,1237312,1237313,1238526,1238876,1241900,1242221,1242414,1242504,1242596,1242778,1242782,1242924,1243330,1243543,1243627,1243649,1243660,1243832,1244114,1244179,1244180,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244772,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244791,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244805,1244806,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244826,1244827,1244830,1244831,1244832,1 244834,1244836,1244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244858,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244888,1244890,1244892,1244893,1244895,1244898,1244899,1244900,1244901,1244902,1244903,1244904,1244905,1244908,1244911,1244912,1244914,1244915,1244928,1244936,1244940,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244953,1244955,1244956,1244957,1244958,1244959,1244960,1244961,1244965,1244966,1244967,1244968,1244969,1244970,1244973,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244987,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245015,1245018,1245019,1245023,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245040,1245041,1245047,1245048,1245051,1245052,1245057,1245058,1245060,1245062,1245063,1245064,1245069,1245070,1245072,124507 3,1245088,1245089,1245092,1245093,1245094,1245098,1245103,1245116,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,1245154,1245155,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245340,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49935,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49943,CVE-2022-49944,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49949,CVE-2022-49950,CVE-2022-49951,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49962,CVE-2022-49963,CVE-2022-49964,CVE-2022-49965,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49971,CVE-2022-49972,CVE-2022-49977,CVE-2022-49978,CVE-2022-49980,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983 ,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50002,CVE-2022-50003,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50015,CVE-2022-50016,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-2022-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50035,CVE-2022-50036,CVE-2022-50037,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50041,CVE-2022-50044,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50049,CVE-2022-50050,CVE-2022-50051,CVE-2022-50052,CVE-2022-50053,CVE-2022-50054,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-20 22-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50086,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50115,CVE-2022-50116,CVE-2022-50117,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50133,CVE-2022-50134,CVE-2022-50135,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142,CVE-2022-50143,CVE-2022-50144,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50166,CVE-2022-50169,CVE-2022-50171,CVE-2022-5017 2,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50183,CVE-2022-50184,CVE-2022-50185,CVE-2022-50186,CVE-2022-50187,CVE-2022-50188,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50221,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53046,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-2024-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53125,CVE-2024-53141,CVE-2024-53197,CVE-2024-56770,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-20 25-37752,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37948,CVE-2025-37953,CVE-2025-37963,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38060,CVE-2025-38083 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468). - CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552). - CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821). - CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504) - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - ovl: fix use inode directly in rcu-walk mode (bsc#1241900). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2278-1 Released: Thu Jul 10 18:02:28 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2325-1 Released: Wed Jul 16 08:37:39 2025 Summary: Security update for xen Type: security Severity: important References: 1238896,1244644,1246112,CVE-2024-36350,CVE-2024-36357,CVE-2025-27465 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2345-1 Released: Thu Jul 17 13:10:49 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1233880,1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2375-1 Released: Fri Jul 18 15:16:14 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1242844,CVE-2025-4373 This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory corruption (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2384-1 Released: Fri Jul 18 18:45:53 2025 Summary: Security update for jq Type: security Severity: moderate References: 1243450,CVE-2024-23337 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2430-1 Released: Mon Jul 21 13:23:17 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2562-1 Released: Wed Jul 30 22:26:54 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM (bsc#1243457). - zypper does not distinguish between install and upgrade in %postinstall (bsc#1243279). - Most recent version released for nvidia-open-driver-G06-signed-kmp-default differs from nvidia-driver-G06-kmp-default (bsc#1244042). - Set proxy settings for zypper (bsc#1244710). - KVM guest installation show Unexpected Application Error (bsc#1245452). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - Implement color filtering when adding update targets. - Support orderwithrequires dependencies in susedata.xml. - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2588-1 Released: Fri Aug 1 14:35:14 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1233551,1234480,1234863,1236104,1236333,1238160,1239644,1242417,1244523,1245217,1245431,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-37797,CVE-2025-38079,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2589-1 Released: Fri Aug 1 15:05:54 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2706-1 Released: Tue Aug 5 12:08:28 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2713-1 Released: Wed Aug 6 11:21:54 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2805-1 Released: Fri Aug 15 08:00:49 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1246231 This update for grub2 fixes the following issues: - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2951-1 Released: Thu Aug 21 14:55:35 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3065-1 Released: Thu Sep 4 08:36:30 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - modified default SLE presets ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3083-1 Released: Fri Sep 5 11:02:28 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1224400,1240950 This update for suse-module-tools fixes the following issues: - Version update 15.5.7: - Add blacklist entry for reiserfs (jsc#PED-6167). - Add more modules to file system blacklist (jsc#PED-6167). - Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632). - udevrules: activate CPUs on hotplug for s390 (bsc#1224400). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3216-1 Released: Mon Sep 15 08:37:40 2025 Summary: Recommended update for Type: recommended Severity: important References: 1246081 This update for fixes the following issues: - Add lmdb binary into Basesystem 15-SP6 and 15-SP7 (bsc#1246081) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3260-1 Released: Thu Sep 18 02:09:31 2025 Summary: Security update for net-tools Type: security Severity: moderate References: 1243581,1246608,1248410,1248687,142461,CVE-2025-46836 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3267-1 Released: Thu Sep 18 13:05:51 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3270-1 Released: Thu Sep 18 13:18:05 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3303-1 Released: Tue Sep 23 11:10:02 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix( rngd): adjust license to match the license of the whole project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3331-1 Released: Wed Sep 24 08:54:17 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3344-1 Released: Wed Sep 24 15:34:13 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1229334,1233640,1234896,1236333,1237164,1240799,1242414,1242780,1244309,1244824,1245110,1245506,1245711,1245956,1245970,1245986,1246211,1246473,1246781,1246911,1247143,1247314,1247347,1247348,1247349,1247374,1247437,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,1249353,CVE-2022-49980,CVE-2022-50116,CVE-2023-53117,CVE-2024-42265,CVE-2024-53093,CVE-2024-53177,CVE-2024-57947,CVE-2024-58239,CVE-2025-21701,CVE-2025-21971,CVE-2025-37798,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38180,CVE-2025-38184,CVE-2025-38323,CVE-2025-38350,CVE-2025-38352,CVE-2025-38460,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - Disable N_GSM (jsc#PED-8240). - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211). - kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3432-1 Released: Tue Sep 30 15:51:49 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3593-1 Released: Mon Oct 13 15:34:44 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3603-1 Released: Wed Oct 15 15:37:24 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3615-1 Released: Thu Oct 16 07:49:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1205205,1206451,1206456,1206468,1206843,1206883,1206884,1207158,1207361,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1209980,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213533,1213666,1213747,1214073,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1223959,1234639,1236104,1237449,1238160,1241353,1242846,1243539,1244337,1244732,1245666,1246879,1246968,1247028,1247172,1247239,1248108,1248111,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249159,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249638,1249639,1249641,1249642,1249648,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249673,1249677,1249681,1249683,1249685,1249687,1249695,1249696,1249699,1249700,1249701,1249704,1249705,1249706,1249707,1249708,1249709,1249712,1249713,1 249715,1249716,1249718,1249722,1249727,1249730,1249733,1249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249756,1249757,1249758,1249762,1249767,1249777,1249780,1249781,1249782,1249784,1249791,1249799,1249800,1249802,1249808,1249810,1249816,1249820,1249824,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249861,1249864,1249865,1249866,1249867,1249868,1249869,1249872,1249874,1249877,1249880,1249882,1249883,1249884,1249885,1249890,1249892,1249894,1249908,1249910,1249911,1249913,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249940,1249944,1249947,1249949,1249950,1249951,1249954,1249958,1249979,1249981,1249991,1249994,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250017,1250023,1250024,1250026,1250037,1250039,1250040,1250041,1250042,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,125006 6,1250068,1250070,1250071,1250072,1250075,1250077,1250080,1250081,1250083,1250089,1250103,1250104,1250105,1250106,1250107,1250108,1250112,1250114,1250117,1250118,1250121,1250127,1250128,1250130,1250131,1250132,1250134,1250137,1250138,1250140,1250144,1250145,1250151,1250153,1250156,1250157,1250159,1250161,1250165,1250168,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250189,1250191,1250197,1250198,1250200,1250201,1250208,1250209,1250211,1250215,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250278,1250285,1250287,1250293,1250301,1250303,1250306,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250327,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250397,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250765,1250767,1250768,1250771,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250793,1250797,1250799,1250807,125 0810,1250811,1250814,1250818,1250819,1250822,1250823,1250824,1250825,1250829,1250830,1250831,1250832,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250849,1250850,1250851,1250853,1250856,1250861,1250862,1250863,1250864,1250866,1250867,1250868,1250872,1250873,1250874,1250875,1250877,1250879,1250881,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250913,1250915,1250917,1250923,1250927,1250928,1250931,1250932,1250948,1250949,1250953,1250963,1250964,1250965,CVE-2022-2602,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50242,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-502 79,CVE-2022-50282,CVE-2022-50286,CVE-2022-50287,CVE-2022-50288,CVE-2022-50289,CVE-2022-50292,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50303,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50323,CVE-2022-50324,CVE-2022-50325,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50339,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50354,CVE-2022-50355,CVE-2022-50356,CVE-2022-50357,CVE-2022-50358,CVE-2022-50359,CVE-2022-50360,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50378,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50390,CVE-2022-50391,CVE-2022-50392,CVE-2022-50393,CVE- 2022-50394,CVE-2022-50395,CVE-2022-50396,CVE-2022-50398,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50406,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50412,CVE-2022-50414,CVE-2022-50417,CVE-2022-50418,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50433,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50441,CVE-2022-50443,CVE-2022-50444,CVE-2022-50447,CVE-2022-50449,CVE-2022-50452,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50464,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53153,CVE-2023-53165,CVE-2023-5316 7,CVE-2023-53168,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53181,CVE-2023-53182,CVE-2023-53185,CVE-2023-53189,CVE-2023-53193,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53210,CVE-2023-53213,CVE-2023-53215,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53232,CVE-2023-53234,CVE-2023-53237,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53259,CVE-2023-53263,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53284,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2 023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-2023-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53320,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53332,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53340,CVE-2023-53344,CVE-2023-53347,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53357,CVE-2023-53359,CVE-2023-53368,CVE-2023-53370,CVE-2023-53371,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53378,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53383,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53391,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53398,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53442,CVE-2023-534 43,CVE-2023-53444,CVE-2023-53446,CVE-2023-53448,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53466,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-53474,CVE-2023-53475,CVE-2023-53476,CVE-2023-53480,CVE-2023-53482,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53489,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53511,CVE-2023-53512,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2023-53531,CVE-2023-53532,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-37738,CVE-2025-37958,CVE-2025-38014,CVE-2025-38111,CVE-2025-38380,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38683,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE- 2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - build_bug.h: Add KABI assert (bsc#1249186). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - supported.conf: mark hyperv_drm as external - use uniform permission checks for all mount propagation changes (git-fixes). - xfs: rework datasync tracking and execution (bsc#1237449). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - bind-utils-9.16.50-150500.8.27.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - cifs-utils-6.15-150400.3.15.1 updated - cloud-netconfig-ec2-1.15-150000.25.26.1 added - coreutils-8.32-150400.9.9.1 updated - curl-8.14.1-150400.5.69.1 updated - dracut-055+suse.398.g8f75016e-150500.3.32.1 updated - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated - grub2-i386-pc-2.06-150500.29.56.1 updated - grub2-x86_64-efi-2.06-150500.29.56.1 updated - grub2-x86_64-xen-2.06-150500.29.56.1 updated - grub2-2.06-150500.29.56.1 updated - haveged-1.9.14-150400.3.8.1 updated - hwdata-0.394-150000.3.77.2 updated - hwinfo-21.89-150500.3.12.1 updated - iputils-20221126-150500.3.14.1 updated - jq-1.6-150000.3.9.1 updated - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - kernel-default-5.14.21-150500.55.124.1 updated - kexec-tools-2.0.20-150500.20.3.1 updated - krb5-1.20.1-150500.3.17.1 updated - libavahi-client3-0.8-150400.7.23.1 updated - libavahi-common3-0.8-150400.7.23.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libcurl4-8.14.1-150400.5.69.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.9.4-150500.12.3.3 updated - libglib-2_0-0-2.70.5-150400.3.23.1 updated - libgnutls30-3.7.3-150400.4.50.1 updated - libhavege2-1.9.14-150400.3.8.1 updated - libjq1-1.6-150000.3.9.1 updated - liblmdb-0_9_30-0.9.30-150500.3.2.1 updated - libncurses6-6.1-150000.5.30.1 updated - libopenssl1_1-1.1.1l-150500.17.43.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - librdkafka1-0.11.6-150000.1.11.1 updated - libsolv-tools-base-0.7.34-150500.6.12.3 updated - libsolv-tools-0.7.34-150500.6.12.3 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libssh-config-0.9.8-150400.3.9.1 updated - libssh4-0.9.8-150400.3.9.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libwayland-client0-1.21.0-150500.1.1 added - libxml2-2-2.10.3-150500.5.32.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libzypp-17.37.18-150500.6.64.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - net-tools-2.0+git20170221.479bb4a-150000.5.13.1 updated - openssh-clients-8.4p1-150300.3.49.1 updated - openssh-common-8.4p1-150300.3.49.1 updated - openssh-server-8.4p1-150300.3.49.1 updated - openssh-8.4p1-150300.3.49.1 updated - openssl-1_1-1.1.1l-150500.17.43.1 updated - pam-config-1.1-150200.3.14.1 updated - pam-1.3.0-150000.6.86.1 updated - perl-base-5.26.1-150300.17.20.1 updated - perl-5.26.1-150300.17.20.1 updated - permissions-20201225-150400.5.22.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-attrs-19.3.0-150200.3.9.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-bind-9.16.50-150500.8.27.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-ply-3.10-150000.3.8.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - python3-zipp-0.6.0-150100.3.8.1 updated - python3-3.6.15-150300.10.97.2 updated - runc-1.2.6-150000.73.2 updated - samba-client-libs-4.17.12+git.510.0efaadf376b-150500.3.34.1 updated - sudo-1.9.12p1-150500.7.13.1 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.5.7-150500.3.15.3 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - systemd-presets-branding-SLE-15.1-150100.20.17.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - terminfo-base-6.1-150000.5.30.1 updated - terminfo-6.1-150000.5.30.1 updated - udev-249.17-150400.8.49.2 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - vim-9.1.1629-150500.20.33.1 updated - xen-libs-4.17.5_10-150500.3.50.1 updated - xen-tools-domU-4.17.5_10-150500.3.50.1 updated - zypper-1.14.94-150500.6.42.1 updated - catatonit-0.2.0-150500.3.3.1 removed - docker-27.5.1_ce-150000.218.1 removed - iptables-1.8.7-1.1 removed - libip6tc2-1.8.7-1.1 removed - libnftnl11-1.2.0-150400.1.6 removed - xtables-plugins-1.8.7-1.1 removed From sle-container-updates at lists.suse.com Fri Oct 24 07:03:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:03:46 +0200 (CEST) Subject: SUSE-IU-2025:3242-1: Security update of sles-15-sp5-chost-byos-v20251022-arm64 Message-ID: <20251024070346.4C86DF780@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20251022-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3242-1 Image Tags : sles-15-sp5-chost-byos-v20251022-arm64:20251022 Image Release : Severity : critical Type : security References : 1054914 1065729 1065729 1156395 1164051 1165294 1184350 1187939 1193629 1193629 1193629 1194869 1194869 1198410 1199356 1199487 1199853 1201160 1201956 1202094 1202095 1202564 1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361 1204228 1204549 1204562 1204569 1204619 1204705 1205128 1205205 1205220 1205282 1205514 1205701 1206051 1206051 1206073 1206451 1206451 1206456 1206468 1206649 1206664 1206843 1206843 1206843 1206878 1206880 1206883 1206884 1206886 1206887 1207158 1207361 1207361 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208105 1208542 1208607 1209287 1209291 1209292 1209556 1209684 1209780 1209980 1209980 1210337 1210409 1210584 1210763 1210767 1211226 1211465 1211960 1212051 1212603 1213012 1213013 1213015 1213016 1213040 1213041 1213061 1213090 1213094 1213096 1213099 1213104 1213233 1213533 1213666 1213747 1213946 1214073 1214715 1214953 1214967 1214991 1215150 1215696 1215911 1216976 1217790 1218069 1218184 1218234 1218459 1218470 1218470 1219007 1219454 1220185 1220186 1220718 1221107 1221202 1221757 1221829 1222044 1222296 1222629 1222634 1223096 1223675 1223959 1224095 1224400 1224597 1225468 1225820 1225903 1225903 1226514 1226552 1228634 1228659 1228776 1229334 1229361 1229621 1230092 1230262 1230267 1230267 1230649 1230764 1230827 1231103 1231293 1231910 1232234 1232504 1232526 1232533 1232649 1233012 1233012 1233012 1233012 1233012 1233421 1233551 1233640 1233880 1234128 1234156 1234282 1234381 1234395 1234454 1234480 1234639 1234863 1234887 1234896 1234959 1235100 1235464 1235598 1235637 1235870 1235873 1235958 1235971 1236104 1236104 1236333 1236333 1236777 1236821 1236822 1237143 1237159 1237164 1237172 1237230 1237312 1237313 1237442 1237449 1237587 1237595 1237949 1237981 1238032 1238043 1238160 1238160 1238303 1238315 1238471 1238491 1238512 1238526 1238570 1238747 1238865 1238876 1238896 1239012 1239061 1239543 1239566 1239602 1239644 1239651 1239684 1239809 1239938 1239948 1239968 1239986 1240132 1240209 1240211 1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306 1240314 1240315 1240321 1240529 1240648 1240747 1240785 1240788 1240799 1240802 1240835 1240869 1240897 1240950 1241012 1241038 1241045 1241112 1241219 1241249 1241280 1241353 1241371 1241421 1241433 1241463 1241525 1241541 1241549 1241625 1241640 1241648 1241900 1242006 1242146 1242147 1242150 1242151 1242154 1242157 1242158 1242160 1242164 1242165 1242169 1242215 1242217 1242218 1242219 1242221 1242222 1242224 1242226 1242227 1242228 1242229 1242230 1242231 1242232 1242237 1242239 1242240 1242241 1242244 1242245 1242248 1242249 1242261 1242264 1242265 1242270 1242276 1242278 1242279 1242280 1242281 1242282 1242284 1242285 1242286 1242289 1242294 1242295 1242298 1242300 1242302 1242305 1242311 1242312 1242320 1242338 1242349 1242351 1242352 1242353 1242355 1242357 1242358 1242359 1242360 1242361 1242365 1242366 1242369 1242370 1242371 1242372 1242377 1242378 1242380 1242381 1242382 1242385 1242387 1242389 1242391 1242392 1242393 1242394 1242398 1242399 1242400 1242402 1242403 1242405 1242406 1242409 1242410 1242411 1242414 1242414 1242415 1242416 1242417 1242421 1242422 1242425 1242426 1242428 1242440 1242443 1242448 1242449 1242452 1242453 1242454 1242455 1242456 1242458 1242464 1242465 1242467 1242469 1242473 1242474 1242478 1242481 1242484 1242489 1242493 1242497 1242504 1242527 1242542 1242544 1242545 1242547 1242548 1242549 1242550 1242551 1242558 1242570 1242580 1242586 1242589 1242596 1242596 1242597 1242685 1242686 1242688 1242689 1242695 1242716 1242733 1242734 1242735 1242736 1242739 1242740 1242743 1242744 1242745 1242746 1242747 1242748 1242749 1242751 1242752 1242753 1242756 1242759 1242762 1242765 1242767 1242778 1242778 1242778 1242779 1242780 1242782 1242790 1242791 1242842 1242844 1242846 1242924 1243047 1243117 1243133 1243226 1243226 1243254 1243273 1243279 1243313 1243317 1243330 1243450 1243457 1243486 1243488 1243505 1243539 1243543 1243627 1243649 1243660 1243737 1243767 1243772 1243832 1243887 1243901 1243919 1243935 1243991 1243992 1243997 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244079 1244105 1244114 1244116 1244179 1244180 1244234 1244241 1244277 1244304 1244309 1244309 1244337 1244337 1244401 1244503 1244509 1244523 1244553 1244554 1244555 1244557 1244590 1244644 1244700 1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771 1244772 1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783 1244784 1244786 1244787 1244788 1244790 1244791 1244793 1244794 1244796 1244797 1244798 1244800 1244802 1244804 1244805 1244806 1244807 1244808 1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824 1244824 1244825 1244826 1244827 1244830 1244831 1244832 1244834 1244836 1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848 1244849 1244851 1244853 1244854 1244856 1244858 1244860 1244861 1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887 1244888 1244890 1244892 1244893 1244895 1244898 1244899 1244900 1244901 1244902 1244903 1244904 1244905 1244908 1244911 1244912 1244914 1244915 1244928 1244936 1244940 1244941 1244942 1244943 1244944 1244945 1244948 1244949 1244950 1244953 1244955 1244956 1244957 1244958 1244959 1244960 1244961 1244965 1244966 1244967 1244968 1244969 1244970 1244973 1244974 1244976 1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244987 1244991 1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245015 1245018 1245019 1245023 1245024 1245028 1245031 1245032 1245033 1245038 1245039 1245040 1245041 1245047 1245048 1245051 1245052 1245057 1245058 1245060 1245062 1245063 1245064 1245069 1245070 1245072 1245073 1245088 1245089 1245092 1245093 1245094 1245098 1245103 1245110 1245116 1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245155 1245180 1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265 1245274 1245309 1245310 1245311 1245314 1245340 1245348 1245352 1245431 1245431 1245452 1245455 1245496 1245506 1245573 1245666 1245672 1245711 1245936 1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038 1246045 1246073 1246081 1246112 1246149 1246186 1246197 1246197 1246211 1246221 1246231 1246232 1246233 1246267 1246287 1246296 1246299 1246431 1246466 1246473 1246555 1246597 1246602 1246604 1246776 1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239 1247249 1247314 1247347 1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108 1248111 1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248511 1248614 1248621 1248628 1248639 1248748 1248847 1249126 1249158 1249159 1249186 1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249348 1249348 1249353 1249367 1249367 1249374 1249516 1249538 1249548 1249584 1249604 1249638 1249639 1249641 1249642 1249648 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249673 1249677 1249681 1249683 1249685 1249687 1249695 1249696 1249699 1249700 1249701 1249704 1249705 1249706 1249707 1249708 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249756 1249757 1249758 1249762 1249767 1249777 1249780 1249781 1249782 1249784 1249791 1249799 1249800 1249802 1249808 1249810 1249816 1249820 1249824 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249861 1249864 1249865 1249866 1249867 1249868 1249869 1249872 1249874 1249877 1249880 1249882 1249883 1249884 1249885 1249890 1249892 1249894 1249908 1249910 1249911 1249913 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249940 1249944 1249947 1249949 1249950 1249951 1249954 1249958 1249979 1249981 1249991 1249994 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250017 1250023 1250024 1250026 1250037 1250039 1250040 1250041 1250042 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250068 1250070 1250071 1250072 1250075 1250077 1250080 1250081 1250083 1250089 1250103 1250104 1250105 1250106 1250107 1250108 1250112 1250114 1250117 1250118 1250121 1250127 1250128 1250130 1250131 1250132 1250134 1250137 1250138 1250140 1250144 1250145 1250151 1250153 1250156 1250157 1250159 1250161 1250165 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250189 1250191 1250197 1250198 1250200 1250201 1250208 1250209 1250211 1250215 1250232 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250278 1250285 1250287 1250293 1250301 1250303 1250306 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250327 1250328 1250331 1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250397 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250765 1250767 1250768 1250771 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250793 1250797 1250799 1250807 1250810 1250811 1250814 1250818 1250819 1250822 1250823 1250824 1250825 1250829 1250830 1250831 1250832 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250849 1250850 1250851 1250853 1250856 1250861 1250862 1250863 1250864 1250866 1250867 1250868 1250872 1250873 1250874 1250875 1250877 1250879 1250881 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250913 1250915 1250917 1250923 1250927 1250928 1250931 1250932 1250948 1250949 1250953 1250963 1250964 1250965 1251279 1251280 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595 CVE-2021-47671 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-3564 CVE-2022-3619 CVE-2022-36280 CVE-2022-3640 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-48933 CVE-2022-49110 CVE-2022-49138 CVE-2022-49138 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49762 CVE-2022-49763 CVE-2022-49767 CVE-2022-49769 CVE-2022-49770 CVE-2022-49770 CVE-2022-49771 CVE-2022-49772 CVE-2022-49773 CVE-2022-49775 CVE-2022-49776 CVE-2022-49777 CVE-2022-49779 CVE-2022-49781 CVE-2022-49783 CVE-2022-49784 CVE-2022-49786 CVE-2022-49787 CVE-2022-49788 CVE-2022-49789 CVE-2022-49790 CVE-2022-49792 CVE-2022-49793 CVE-2022-49794 CVE-2022-49795 CVE-2022-49796 CVE-2022-49797 CVE-2022-49799 CVE-2022-49800 CVE-2022-49801 CVE-2022-49802 CVE-2022-49807 CVE-2022-49809 CVE-2022-49810 CVE-2022-49812 CVE-2022-49813 CVE-2022-49818 CVE-2022-49821 CVE-2022-49822 CVE-2022-49823 CVE-2022-49824 CVE-2022-49825 CVE-2022-49826 CVE-2022-49827 CVE-2022-49830 CVE-2022-49832 CVE-2022-49834 CVE-2022-49835 CVE-2022-49836 CVE-2022-49837 CVE-2022-49839 CVE-2022-49841 CVE-2022-49842 CVE-2022-49845 CVE-2022-49846 CVE-2022-49850 CVE-2022-49853 CVE-2022-49858 CVE-2022-49860 CVE-2022-49861 CVE-2022-49863 CVE-2022-49864 CVE-2022-49865 CVE-2022-49868 CVE-2022-49869 CVE-2022-49870 CVE-2022-49871 CVE-2022-49874 CVE-2022-49879 CVE-2022-49880 CVE-2022-49881 CVE-2022-49885 CVE-2022-49886 CVE-2022-49887 CVE-2022-49888 CVE-2022-49889 CVE-2022-49890 CVE-2022-49891 CVE-2022-49892 CVE-2022-49900 CVE-2022-49901 CVE-2022-49902 CVE-2022-49905 CVE-2022-49906 CVE-2022-49908 CVE-2022-49909 CVE-2022-49910 CVE-2022-49915 CVE-2022-49916 CVE-2022-49917 CVE-2022-49918 CVE-2022-49921 CVE-2022-49922 CVE-2022-49923 CVE-2022-49924 CVE-2022-49925 CVE-2022-49927 CVE-2022-49928 CVE-2022-49929 CVE-2022-49931 CVE-2022-49934 CVE-2022-49935 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942 CVE-2022-49943 CVE-2022-49944 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49949 CVE-2022-49950 CVE-2022-49951 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960 CVE-2022-49962 CVE-2022-49963 CVE-2022-49964 CVE-2022-49965 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49971 CVE-2022-49972 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50002 CVE-2022-50003 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012 CVE-2022-50015 CVE-2022-50016 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034 CVE-2022-50035 CVE-2022-50036 CVE-2022-50037 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50041 CVE-2022-50044 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50049 CVE-2022-50050 CVE-2022-50051 CVE-2022-50052 CVE-2022-50053 CVE-2022-50054 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50086 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112 CVE-2022-50115 CVE-2022-50116 CVE-2022-50116 CVE-2022-50117 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50133 CVE-2022-50134 CVE-2022-50135 CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50144 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50166 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50183 CVE-2022-50184 CVE-2022-50185 CVE-2022-50186 CVE-2022-50187 CVE-2022-50188 CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50221 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50242 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50287 CVE-2022-50288 CVE-2022-50289 CVE-2022-50292 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50303 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50323 CVE-2022-50324 CVE-2022-50325 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50339 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50354 CVE-2022-50355 CVE-2022-50356 CVE-2022-50357 CVE-2022-50358 CVE-2022-50359 CVE-2022-50360 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50378 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50390 CVE-2022-50391 CVE-2022-50392 CVE-2022-50393 CVE-2022-50394 CVE-2022-50395 CVE-2022-50396 CVE-2022-50398 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50406 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50412 CVE-2022-50414 CVE-2022-50417 CVE-2022-50418 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50433 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50441 CVE-2022-50443 CVE-2022-50444 CVE-2022-50447 CVE-2022-50449 CVE-2022-50452 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50464 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-1990 CVE-2023-28328 CVE-2023-28866 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53035 CVE-2023-53036 CVE-2023-53038 CVE-2023-53039 CVE-2023-53040 CVE-2023-53041 CVE-2023-53042 CVE-2023-53044 CVE-2023-53045 CVE-2023-53046 CVE-2023-53048 CVE-2023-53049 CVE-2023-53051 CVE-2023-53052 CVE-2023-53054 CVE-2023-53056 CVE-2023-53057 CVE-2023-53058 CVE-2023-53059 CVE-2023-53060 CVE-2023-53062 CVE-2023-53064 CVE-2023-53065 CVE-2023-53066 CVE-2023-53068 CVE-2023-53070 CVE-2023-53071 CVE-2023-53073 CVE-2023-53074 CVE-2023-53075 CVE-2023-53076 CVE-2023-53077 CVE-2023-53078 CVE-2023-53079 CVE-2023-53081 CVE-2023-53082 CVE-2023-53084 CVE-2023-53087 CVE-2023-53089 CVE-2023-53090 CVE-2023-53091 CVE-2023-53092 CVE-2023-53093 CVE-2023-53095 CVE-2023-53096 CVE-2023-53097 CVE-2023-53098 CVE-2023-53099 CVE-2023-53100 CVE-2023-53101 CVE-2023-53102 CVE-2023-53105 CVE-2023-53106 CVE-2023-53108 CVE-2023-53109 CVE-2023-53111 CVE-2023-53112 CVE-2023-53114 CVE-2023-53116 CVE-2023-53117 CVE-2023-53118 CVE-2023-53119 CVE-2023-53123 CVE-2023-53124 CVE-2023-53125 CVE-2023-53128 CVE-2023-53131 CVE-2023-53134 CVE-2023-53137 CVE-2023-53139 CVE-2023-53140 CVE-2023-53142 CVE-2023-53143 CVE-2023-53145 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53168 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53181 CVE-2023-53182 CVE-2023-53185 CVE-2023-53189 CVE-2023-53193 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53210 CVE-2023-53213 CVE-2023-53215 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53232 CVE-2023-53234 CVE-2023-53237 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53259 CVE-2023-53263 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53284 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53320 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53332 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53340 CVE-2023-53344 CVE-2023-53347 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53357 CVE-2023-53359 CVE-2023-53368 CVE-2023-53370 CVE-2023-53371 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53378 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53383 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53391 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53398 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53442 CVE-2023-53443 CVE-2023-53444 CVE-2023-53446 CVE-2023-53448 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53466 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53480 CVE-2023-53482 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53489 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53511 CVE-2023-53512 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2023-53531 CVE-2023-53532 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-23337 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643 CVE-2024-26804 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-28956 CVE-2024-28956 CVE-2024-35840 CVE-2024-36350 CVE-2024-36357 CVE-2024-36978 CVE-2024-41965 CVE-2024-42265 CVE-2024-42307 CVE-2024-45310 CVE-2024-45339 CVE-2024-46763 CVE-2024-46800 CVE-2024-46865 CVE-2024-50038 CVE-2024-52615 CVE-2024-53057 CVE-2024-53093 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53168 CVE-2024-53177 CVE-2024-53197 CVE-2024-53241 CVE-2024-56558 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-1713 CVE-2025-21700 CVE-2025-21701 CVE-2025-21702 CVE-2025-21703 CVE-2025-21726 CVE-2025-21756 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-21971 CVE-2025-21999 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22056 CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-23141 CVE-2025-23145 CVE-2025-23145 CVE-2025-27465 CVE-2025-29768 CVE-2025-32462 CVE-2025-32728 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3360 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752 CVE-2025-37785 CVE-2025-37789 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37890 CVE-2025-37932 CVE-2025-37948 CVE-2025-37953 CVE-2025-37958 CVE-2025-37963 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38060 CVE-2025-38079 CVE-2025-38083 CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38683 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39735 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-40909 CVE-2025-4138 CVE-2025-4330 CVE-2025-4373 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-47268 CVE-2025-47273 CVE-2025-4802 CVE-2025-48060 CVE-2025-4877 CVE-2025-4878 CVE-2025-48964 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-59375 CVE-2025-6018 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20251022-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:167-1 Released: Mon Jan 24 18:16:24 2022 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1187939 This update for cloud-netconfig fixes the following issues: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:658-1 Released: Wed Mar 8 10:51:10 2023 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1199853,1204549 This update for cloud-netconfig fixes the following issues: - Update to version 1.7: + Overhaul policy routing setup + Support alias IPv4 ranges + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3637-1 Released: Mon Sep 18 13:02:23 2023 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1214715 This update for cloud-netconfig fixes the following issues: - Update to version 1.8: - Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:630-1 Released: Tue Feb 27 09:14:49 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1218069,1219007 This update for cloud-netconfig fixes the following issues: - Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007) - Drop package dependency on sysconfig-netconfig - Improve log level handling - Support IPv6 IMDS endpoint in EC2 (bsc#1218069) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:781-1 Released: Wed Mar 6 15:05:13 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1219454,1220718 This update for cloud-netconfig fixes the following issues: - Add Provides/Obsoletes for dropped cloud-netconfig-nm - Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions - Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory - Update to version 1.11: + Revert address metadata lookup in GCE to local lookup (bsc#1219454) + Fix hang on warning log messages + Check whether getting IPv4 addresses from metadata failed and abort if true + Only delete policy rules if they exist + Skip adding/removing IPv4 ranges if metdata lookup failed + Improve error handling and logging in Azure + Set SCRIPTDIR when installing netconfig wrapper ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:869-1 Released: Wed Mar 13 10:48:51 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1221202 This update for cloud-netconfig fixes the following issues: - Update to version 1.12 (bsc#1221202) * If token access succeeds using IPv4 do not use the IPv6 endpoint only use the IPv6 IMDS endpoint if IPv4 access fails. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1085-1 Released: Tue Apr 2 11:24:09 2024 Summary: Recommended update for cloud-netconfig Type: recommended Severity: moderate References: 1221757 This update for cloud-netconfig fixes the following issues: - Update to version 1.14 + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1576-1 Released: Mon May 19 06:48:35 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1228634,1232533,1241012,1241045,CVE-2025-32728 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1580-1 Released: Mon May 19 15:11:59 2025 Summary: Recommended update for librdkafka Type: recommended Severity: important References: 1242842 This update for librdkafka fixes the following issues: - Avoid endless loops under certain conditions (bsc#1242842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1620-1 Released: Wed May 21 11:58:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625). The following non-security bugs were fixed: - cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777). - cpufreq: Allow drivers to advertise boost enabled (bsc#1236777). - cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777). - cpufreq: Support per-policy performance boost (bsc#1236777). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1626-1 Released: Wed May 21 12:00:29 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1235958,1235971,1239651 This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged. Also the following issue was fixed: - Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1643-1 Released: Wed May 21 16:32:37 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1689-1 Released: Fri May 23 12:46:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1240648 This update for hwinfo fixes the following issues: - Version update v21.88 - Fix network card detection on aarch64 (bsc#1240648). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1764-1 Released: Fri May 30 08:45:46 2025 Summary: Recommended update for kexec-tools Type: recommended Severity: important References: 1241249 This update for kexec-tools fixes the following issues: - add support for lockless ringbuffer (bsc#1241249) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1776-1 Released: Fri May 30 15:02:52 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,CVE-2025-47268 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1810-1 Released: Wed Jun 4 11:28:57 2025 Summary: Security update for python3-setuptools Type: security Severity: important References: 1243313,CVE-2025-47273 This update for python3-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1825-1 Released: Thu Jun 5 16:38:39 2025 Summary: Recommended update for google-guest-agent Type: recommended Severity: moderate References: 1243254,1243505 This update for google-guest-agent fixes the following issues: - Update to version 20250506.01 (bsc#1243254, bsc#1243505) - Make sure agent added connections are activated by NM - Wrap NSS cache refresh in a goroutine - Wicked: Only reload interfaces for which configurations are written or changed. - Add AuthorizedKeysCompat to windows packaging - Remove error messages from gce_workload_cert_refresh and metadata script runner - Update guest-logging-go dependency - Add 'created-by' metadata, and pass it as option to logging library - Re-enable disabled services if the core plugin was enabled - Enable guest services on package upgrade - Fix core plugin path - Fix package build issues - Fix dependencies ran go mod tidy -v - Bundle compat metadata script runner binary in package - Bump golang.org/x/net from 0.27.0 to 0.36.0 - Update startup/shutdown services to launch compat manager - Bundle new gce metadata script runner binary in agent package - Revert 'Revert bundling new binaries in the package' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1836-1 Released: Mon Jun 9 16:11:28 2025 Summary: Recommended update for cloud-netconfig Type: recommended Severity: important References: 1240869 This update for cloud-netconfig fixes the following issues: - Add support for creating IPv6 default route in GCE (bsc#1240869) - Minor fix when looking up IPv6 default route ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1860-1 Released: Tue Jun 10 10:11:56 2025 Summary: Security update for xen Type: security Severity: moderate References: 1234282,1238043,1243117,CVE-2024-28956,CVE-2024-53241,CVE-2025-1713 This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282) - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2008-1 Released: Wed Jun 18 16:03:56 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the 'metalink' attribute and reflect that the 'url' elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2025-1 Released: Thu Jun 19 15:17:49 2025 Summary: Recommended update for google-guest-configs Type: recommended Severity: important References: 1241112 This update for google-guest-configs fixes the following issues: - Check that %{_sysconfdir}/sysconfig/network/ifcfg-eth0 actually exists before making any modifications to it (bsc#1241112) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2082-1 Released: Tue Jun 24 12:28:23 2025 Summary: Security update for pam-config Type: security Severity: important References: 1243226,CVE-2025-6018 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2103-1 Released: Wed Jun 25 10:26:23 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: important References: 1243488 This update for cifs-utils fixes the following issues: - Add patches: * Fix cifs.mount with krb5 auth (bsc#1243488) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2149-1 Released: Fri Jun 27 07:21:48 2025 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1239948,1244304,1244503,CVE-2024-45339 This update for google-osconfig-agent fixes the following issues: - Update to version 20250416.02 (bsc#1244304, bsc#1244503) * defaultSleeper: tolerate 10% difference to reduce test flakiness * Add output of some packagemanagers to the testdata - from version 20250416.01 * Refactor OS Info package - from version 20250416.00 * Report RPM inventory as YUM instead of empty SoftwarePackage when neither Zypper nor YUM are installed. - from version 20250414.00 * Update hash computation algorithm - Update to version 20250320.00 * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 - from version 20250318.00 * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 - from version 20250317.02 * Bump cel.dev/expr from 0.18.0 to 0.22.0 * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group - from version 20250317.01 * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 - from version 20250317.00 * Add tests for retryutil package. - from version 20250306.00 * Update OWNERS - from version 20250206.01 * Use separate counters for pre- and post-patch reboots. - from version 20250206.00 * Update owners - from version 20250203.00 * Fix the vet errors for contants in logging - from version 20250122.00 * change available package check - from version 20250121.00 * Fix Inventory reporting e2e tests. - from version 20250120.00 * fix e2e tests - Add -buildmode=pie to go build command line (bsc#1239948) - merged upstream - Renumber patches ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2173-1 Released: Mon Jun 30 15:01:26 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184350,1193629,1204562,1204569,1204619,1204705,1205282,1206051,1206073,1206649,1206843,1206886,1206887,1207361,1208105,1208542,1209292,1209556,1209684,1209780,1209980,1210337,1210763,1210767,1211465,1213012,1213013,1213094,1213096,1213233,1213946,1214991,1218470,1222629,1223096,1225903,1228659,1231293,1232649,1234395,1234454,1234887,1235100,1235870,1238303,1238570,1239986,1240785,1240802,1241038,1241525,1241640,1242006,1242146,1242147,1242150,1242151,1242154,1242157,1242158,1242160,1242164,1242165,1242169,1242215,1242217,1242218,1242219,1242222,1242224,1242226,1242227,1242228,1242229,1242230,1242231,1242232,1242237,1242239,1242240,1242241,1242244,1242245,1242248,1242249,1242261,1242264,1242265,1242270,1242276,1242278,1242279,1242280,1242281,1242282,1242285,1242286,1242289,1242294,1242295,1242298,1242302,1242305,1242311,1242312,1242320,1242338,1242349,1242351,1242352,1242353,1242355,1242357,1242358,1242359,1242360,1242361,1242365,1242366,1242369,1242370,1242371,1242372,1 242377,1242378,1242380,1242381,1242382,1242385,1242387,1242389,1242391,1242392,1242393,1242394,1242398,1242399,1242400,1242402,1242403,1242405,1242406,1242409,1242410,1242411,1242415,1242416,1242421,1242422,1242425,1242426,1242428,1242440,1242443,1242448,1242449,1242452,1242453,1242454,1242455,1242456,1242458,1242464,1242465,1242467,1242469,1242473,1242474,1242478,1242481,1242484,1242489,1242497,1242527,1242542,1242544,1242545,1242547,1242548,1242549,1242550,1242551,1242558,1242570,1242580,1242586,1242589,1242596,1242597,1242685,1242686,1242688,1242689,1242695,1242716,1242733,1242734,1242735,1242736,1242739,1242740,1242743,1242744,1242745,1242746,1242747,1242748,1242749,1242751,1242752,1242753,1242756,1242759,1242762,1242765,1242767,1242778,1242779,1242790,1242791,1243047,1243133,1243737,1243919,CVE-2022-3564,CVE-2022-3619,CVE-2022-3640,CVE-2022-49762,CVE-2022-49763,CVE-2022-49769,CVE-2022-49770,CVE-2022-49771,CVE-2022-49772,CVE-2022-49773,CVE-2022-49775,CVE-2022-49776,CVE-2022-4977 7,CVE-2022-49779,CVE-2022-49781,CVE-2022-49783,CVE-2022-49784,CVE-2022-49786,CVE-2022-49787,CVE-2022-49788,CVE-2022-49789,CVE-2022-49790,CVE-2022-49792,CVE-2022-49793,CVE-2022-49794,CVE-2022-49795,CVE-2022-49796,CVE-2022-49797,CVE-2022-49799,CVE-2022-49800,CVE-2022-49801,CVE-2022-49802,CVE-2022-49807,CVE-2022-49809,CVE-2022-49810,CVE-2022-49812,CVE-2022-49813,CVE-2022-49818,CVE-2022-49821,CVE-2022-49822,CVE-2022-49823,CVE-2022-49824,CVE-2022-49825,CVE-2022-49826,CVE-2022-49827,CVE-2022-49830,CVE-2022-49832,CVE-2022-49834,CVE-2022-49835,CVE-2022-49836,CVE-2022-49837,CVE-2022-49839,CVE-2022-49841,CVE-2022-49842,CVE-2022-49845,CVE-2022-49846,CVE-2022-49850,CVE-2022-49853,CVE-2022-49858,CVE-2022-49860,CVE-2022-49861,CVE-2022-49863,CVE-2022-49864,CVE-2022-49865,CVE-2022-49868,CVE-2022-49869,CVE-2022-49870,CVE-2022-49871,CVE-2022-49874,CVE-2022-49879,CVE-2022-49880,CVE-2022-49881,CVE-2022-49885,CVE-2022-49886,CVE-2022-49887,CVE-2022-49888,CVE-2022-49889,CVE-2022-49890,CVE-2022-49891,CVE-2 022-49892,CVE-2022-49900,CVE-2022-49901,CVE-2022-49902,CVE-2022-49905,CVE-2022-49906,CVE-2022-49908,CVE-2022-49909,CVE-2022-49910,CVE-2022-49915,CVE-2022-49916,CVE-2022-49917,CVE-2022-49918,CVE-2022-49921,CVE-2022-49922,CVE-2022-49923,CVE-2022-49924,CVE-2022-49925,CVE-2022-49927,CVE-2022-49928,CVE-2022-49929,CVE-2022-49931,CVE-2023-1990,CVE-2023-28866,CVE-2023-53035,CVE-2023-53036,CVE-2023-53038,CVE-2023-53039,CVE-2023-53040,CVE-2023-53041,CVE-2023-53042,CVE-2023-53044,CVE-2023-53045,CVE-2023-53049,CVE-2023-53052,CVE-2023-53054,CVE-2023-53056,CVE-2023-53057,CVE-2023-53058,CVE-2023-53059,CVE-2023-53060,CVE-2023-53062,CVE-2023-53064,CVE-2023-53065,CVE-2023-53066,CVE-2023-53068,CVE-2023-53070,CVE-2023-53071,CVE-2023-53073,CVE-2023-53074,CVE-2023-53075,CVE-2023-53077,CVE-2023-53078,CVE-2023-53079,CVE-2023-53081,CVE-2023-53082,CVE-2023-53084,CVE-2023-53087,CVE-2023-53089,CVE-2023-53090,CVE-2023-53091,CVE-2023-53092,CVE-2023-53093,CVE-2023-53095,CVE-2023-53096,CVE-2023-53098,CVE-2023-5309 9,CVE-2023-53100,CVE-2023-53101,CVE-2023-53102,CVE-2023-53105,CVE-2023-53106,CVE-2023-53108,CVE-2023-53109,CVE-2023-53111,CVE-2023-53112,CVE-2023-53114,CVE-2023-53116,CVE-2023-53118,CVE-2023-53119,CVE-2023-53123,CVE-2023-53124,CVE-2023-53125,CVE-2023-53128,CVE-2023-53131,CVE-2023-53134,CVE-2023-53137,CVE-2023-53139,CVE-2023-53140,CVE-2023-53142,CVE-2023-53143,CVE-2023-53145,CVE-2024-26804,CVE-2024-28956,CVE-2024-53168,CVE-2024-56558,CVE-2025-21999,CVE-2025-22056,CVE-2025-23145,CVE-2025-37785,CVE-2025-37789 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). The following non-security bugs were fixed: - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737). - Move upstreamed sched/membarrier patch into sorted section - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.4 anymore. - Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.5 anymore. - Use gcc-13 for build on SLE16 (jsc#PED-10028). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737). - hv_netvsc: Remove rmsg_pgcnt (bsc#1243737). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737). - mtd: phram: Add the kernel lock down check (bsc#1232649). - net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395). - net: mana: Add gdma stats to ethtool output for mana (bsc#1234395). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2179-1 Released: Mon Jun 30 19:54:01 2025 Summary: Security update for sudo Type: security Severity: important References: 1245274,CVE-2025-32462 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2198-1 Released: Wed Jul 2 11:22:33 2025 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2226-1 Released: Fri Jul 4 15:31:04 2025 Summary: Security update for vim Type: security Severity: moderate References: 1228776,1239602,CVE-2024-41965,CVE-2025-29768 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2235-1 Released: Mon Jul 7 14:08:03 2025 Summary: Recommended update for haveged Type: recommended Severity: moderate References: 1165294,1222296 This update for haveged fixes the following issues: - Add patch files introducing the '--once' flag (bsc#1222296, bsc#1165294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2263-1 Released: Thu Jul 10 07:25:48 2025 Summary: Recommended update for google-guest-oslogin Type: recommended Severity: important References: 1243997 This update for google-guest-oslogin fixes the following issues: - Override upstream version to address upgrade problems (bsc#1243997) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2264-1 Released: Thu Jul 10 10:25:37 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1205701,1206451,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1230827,1232504,1234156,1234381,1235464,1235637,1236821,1236822,1237159,1237312,1237313,1238526,1238876,1241900,1242221,1242414,1242504,1242596,1242778,1242782,1242924,1243330,1243543,1243627,1243649,1243660,1243832,1244114,1244179,1244180,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244772,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244791,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244805,1244806,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244826,1244827,1244830,1244831,1244832,1 244834,1244836,1244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244858,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244888,1244890,1244892,1244893,1244895,1244898,1244899,1244900,1244901,1244902,1244903,1244904,1244905,1244908,1244911,1244912,1244914,1244915,1244928,1244936,1244940,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244953,1244955,1244956,1244957,1244958,1244959,1244960,1244961,1244965,1244966,1244967,1244968,1244969,1244970,1244973,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244987,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245015,1245018,1245019,1245023,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245040,1245041,1245047,1245048,1245051,1245052,1245057,1245058,1245060,1245062,1245063,1245064,1245069,1245070,1245072,124507 3,1245088,1245089,1245092,1245093,1245094,1245098,1245103,1245116,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,1245154,1245155,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245340,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49935,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49943,CVE-2022-49944,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49949,CVE-2022-49950,CVE-2022-49951,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49962,CVE-2022-49963,CVE-2022-49964,CVE-2022-49965,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49971,CVE-2022-49972,CVE-2022-49977,CVE-2022-49978,CVE-2022-49980,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983 ,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50002,CVE-2022-50003,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50015,CVE-2022-50016,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-2022-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50035,CVE-2022-50036,CVE-2022-50037,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50041,CVE-2022-50044,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50049,CVE-2022-50050,CVE-2022-50051,CVE-2022-50052,CVE-2022-50053,CVE-2022-50054,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-20 22-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50086,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50115,CVE-2022-50116,CVE-2022-50117,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50133,CVE-2022-50134,CVE-2022-50135,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142,CVE-2022-50143,CVE-2022-50144,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50166,CVE-2022-50169,CVE-2022-50171,CVE-2022-5017 2,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50183,CVE-2022-50184,CVE-2022-50185,CVE-2022-50186,CVE-2022-50187,CVE-2022-50188,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50221,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53046,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-2024-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53125,CVE-2024-53141,CVE-2024-53197,CVE-2024-56770,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-20 25-37752,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37948,CVE-2025-37953,CVE-2025-37963,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38060,CVE-2025-38083 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468). - CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552). - CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821). - CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504) - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - ovl: fix use inode directly in rcu-walk mode (bsc#1241900). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2278-1 Released: Thu Jul 10 18:02:28 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2325-1 Released: Wed Jul 16 08:37:39 2025 Summary: Security update for xen Type: security Severity: important References: 1238896,1244644,1246112,CVE-2024-36350,CVE-2024-36357,CVE-2025-27465 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2345-1 Released: Thu Jul 17 13:10:49 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1233880,1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2375-1 Released: Fri Jul 18 15:16:14 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1242844,CVE-2025-4373 This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory corruption (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2384-1 Released: Fri Jul 18 18:45:53 2025 Summary: Security update for jq Type: security Severity: moderate References: 1243450,CVE-2024-23337 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2430-1 Released: Mon Jul 21 13:23:17 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1243772,CVE-2025-48964 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2539-1 Released: Tue Jul 29 09:03:00 2025 Summary: Recommended update for google-dracut-config Type: recommended Severity: moderate References: 1245352 This update for google-dracut-config fixes the following issues: - Add sed and find to requirements (bsc#1245352) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2562-1 Released: Wed Jul 30 22:26:54 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM (bsc#1243457). - zypper does not distinguish between install and upgrade in %postinstall (bsc#1243279). - Most recent version released for nvidia-open-driver-G06-signed-kmp-default differs from nvidia-driver-G06-kmp-default (bsc#1244042). - Set proxy settings for zypper (bsc#1244710). - KVM guest installation show Unexpected Application Error (bsc#1245452). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - Implement color filtering when adding update targets. - Support orderwithrequires dependencies in susedata.xml. - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2588-1 Released: Fri Aug 1 14:35:14 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1233551,1234480,1234863,1236104,1236333,1238160,1239644,1242417,1244523,1245217,1245431,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-37797,CVE-2025-38079,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2589-1 Released: Fri Aug 1 15:05:54 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2661-1 Released: Mon Aug 4 13:15:46 2025 Summary: Recommended update for google-guest-oslogin Type: recommended Severity: important References: 1243992 This update for google-guest-oslogin fixes the following issues: - Stop retrying bad requests causing timeouts during container startup (bsc#1243992) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2706-1 Released: Tue Aug 5 12:08:28 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2713-1 Released: Wed Aug 6 11:21:54 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2723-1 Released: Thu Aug 7 09:36:30 2025 Summary: Recommended update for SSSD Type: recommended Severity: moderate References: This update for fixes the following issues: - Added additional SSSD packages and dependencies to SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#PED-12639) - krb5-client - python3-sssd-config - sssd-dbus - sssd-tools - realmd ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2773-1 Released: Wed Aug 13 02:10:16 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2805-1 Released: Fri Aug 15 08:00:49 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1246231 This update for grub2 fixes the following issues: - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2951-1 Released: Thu Aug 21 14:55:35 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3065-1 Released: Thu Sep 4 08:36:30 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - modified default SLE presets ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3083-1 Released: Fri Sep 5 11:02:28 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1224400,1240950 This update for suse-module-tools fixes the following issues: - Version update 15.5.7: - Add blacklist entry for reiserfs (jsc#PED-6167). - Add more modules to file system blacklist (jsc#PED-6167). - Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632). - udevrules: activate CPUs on hotplug for s390 (bsc#1224400). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3216-1 Released: Mon Sep 15 08:37:40 2025 Summary: Recommended update for Type: recommended Severity: important References: 1246081 This update for fixes the following issues: - Add lmdb binary into Basesystem 15-SP6 and 15-SP7 (bsc#1246081) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3267-1 Released: Thu Sep 18 13:05:51 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3270-1 Released: Thu Sep 18 13:18:05 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3303-1 Released: Tue Sep 23 11:10:02 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix( rngd): adjust license to match the license of the whole project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3331-1 Released: Wed Sep 24 08:54:17 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3344-1 Released: Wed Sep 24 15:34:13 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1229334,1233640,1234896,1236333,1237164,1240799,1242414,1242780,1244309,1244824,1245110,1245506,1245711,1245956,1245970,1245986,1246211,1246473,1246781,1246911,1247143,1247314,1247347,1247348,1247349,1247374,1247437,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,1249353,CVE-2022-49980,CVE-2022-50116,CVE-2023-53117,CVE-2024-42265,CVE-2024-53093,CVE-2024-53177,CVE-2024-57947,CVE-2024-58239,CVE-2025-21701,CVE-2025-21971,CVE-2025-37798,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38180,CVE-2025-38184,CVE-2025-38323,CVE-2025-38350,CVE-2025-38352,CVE-2025-38460,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - Disable N_GSM (jsc#PED-8240). - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211). - kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3432-1 Released: Tue Sep 30 15:51:49 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3438-1 Released: Tue Sep 30 16:37:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3593-1 Released: Mon Oct 13 15:34:44 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3603-1 Released: Wed Oct 15 15:37:24 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3615-1 Released: Thu Oct 16 07:49:00 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1205205,1206451,1206456,1206468,1206843,1206883,1206884,1207158,1207361,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1209980,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213533,1213666,1213747,1214073,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1223959,1234639,1236104,1237449,1238160,1241353,1242846,1243539,1244337,1244732,1245666,1246879,1246968,1247028,1247172,1247239,1248108,1248111,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249159,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249638,1249639,1249641,1249642,1249648,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249673,1249677,1249681,1249683,1249685,1249687,1249695,1249696,1249699,1249700,1249701,1249704,1249705,1249706,1249707,1249708,1249709,1249712,1249713,1 249715,1249716,1249718,1249722,1249727,1249730,1249733,1249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249756,1249757,1249758,1249762,1249767,1249777,1249780,1249781,1249782,1249784,1249791,1249799,1249800,1249802,1249808,1249810,1249816,1249820,1249824,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249861,1249864,1249865,1249866,1249867,1249868,1249869,1249872,1249874,1249877,1249880,1249882,1249883,1249884,1249885,1249890,1249892,1249894,1249908,1249910,1249911,1249913,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249940,1249944,1249947,1249949,1249950,1249951,1249954,1249958,1249979,1249981,1249991,1249994,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250017,1250023,1250024,1250026,1250037,1250039,1250040,1250041,1250042,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,125006 6,1250068,1250070,1250071,1250072,1250075,1250077,1250080,1250081,1250083,1250089,1250103,1250104,1250105,1250106,1250107,1250108,1250112,1250114,1250117,1250118,1250121,1250127,1250128,1250130,1250131,1250132,1250134,1250137,1250138,1250140,1250144,1250145,1250151,1250153,1250156,1250157,1250159,1250161,1250165,1250168,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250189,1250191,1250197,1250198,1250200,1250201,1250208,1250209,1250211,1250215,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250278,1250285,1250287,1250293,1250301,1250303,1250306,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250327,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250397,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250765,1250767,1250768,1250771,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250793,1250797,1250799,1250807,125 0810,1250811,1250814,1250818,1250819,1250822,1250823,1250824,1250825,1250829,1250830,1250831,1250832,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250849,1250850,1250851,1250853,1250856,1250861,1250862,1250863,1250864,1250866,1250867,1250868,1250872,1250873,1250874,1250875,1250877,1250879,1250881,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250913,1250915,1250917,1250923,1250927,1250928,1250931,1250932,1250948,1250949,1250953,1250963,1250964,1250965,CVE-2022-2602,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50242,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-502 79,CVE-2022-50282,CVE-2022-50286,CVE-2022-50287,CVE-2022-50288,CVE-2022-50289,CVE-2022-50292,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50303,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50323,CVE-2022-50324,CVE-2022-50325,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50339,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50354,CVE-2022-50355,CVE-2022-50356,CVE-2022-50357,CVE-2022-50358,CVE-2022-50359,CVE-2022-50360,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50378,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50390,CVE-2022-50391,CVE-2022-50392,CVE-2022-50393,CVE- 2022-50394,CVE-2022-50395,CVE-2022-50396,CVE-2022-50398,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50406,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50412,CVE-2022-50414,CVE-2022-50417,CVE-2022-50418,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50433,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50441,CVE-2022-50443,CVE-2022-50444,CVE-2022-50447,CVE-2022-50449,CVE-2022-50452,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50464,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53153,CVE-2023-53165,CVE-2023-5316 7,CVE-2023-53168,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53181,CVE-2023-53182,CVE-2023-53185,CVE-2023-53189,CVE-2023-53193,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53210,CVE-2023-53213,CVE-2023-53215,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53232,CVE-2023-53234,CVE-2023-53237,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53259,CVE-2023-53263,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53284,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2 023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-2023-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53320,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53332,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53340,CVE-2023-53344,CVE-2023-53347,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53357,CVE-2023-53359,CVE-2023-53368,CVE-2023-53370,CVE-2023-53371,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53378,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53383,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53391,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53398,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53442,CVE-2023-534 43,CVE-2023-53444,CVE-2023-53446,CVE-2023-53448,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53466,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-53474,CVE-2023-53475,CVE-2023-53476,CVE-2023-53480,CVE-2023-53482,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53489,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53511,CVE-2023-53512,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2023-53531,CVE-2023-53532,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-37738,CVE-2025-37958,CVE-2025-38014,CVE-2025-38111,CVE-2025-38380,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38683,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE- 2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - build_bug.h: Add KABI assert (bsc#1249186). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - supported.conf: mark hyperv_drm as external - use uniform permission checks for all mount propagation changes (git-fixes). - xfs: rework datasync tracking and execution (bsc#1237449). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - bind-utils-9.16.50-150500.8.27.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - cifs-utils-6.15-150400.3.15.1 updated - cloud-netconfig-gce-1.15-150000.25.26.1 added - coreutils-8.32-150400.9.9.1 updated - curl-8.14.1-150400.5.69.1 updated - dracut-055+suse.398.g8f75016e-150500.3.32.1 updated - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated - google-dracut-config-0.0.4-150300.7.12.1 updated - google-guest-agent-20250506.01-150000.1.63.1 updated - google-guest-configs-20241205.00-150400.13.22.1 updated - google-guest-oslogin-20240311.01-150000.1.56.1 updated - google-osconfig-agent-20250416.02-150000.1.50.1 updated - grub2-i386-pc-2.06-150500.29.56.1 updated - grub2-x86_64-efi-2.06-150500.29.56.1 updated - grub2-2.06-150500.29.56.1 updated - haveged-1.9.14-150400.3.8.1 updated - hwdata-0.394-150000.3.77.2 updated - hwinfo-21.89-150500.3.12.1 updated - iputils-20221126-150500.3.14.1 updated - jq-1.6-150000.3.9.1 updated - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - kernel-default-5.14.21-150500.55.124.1 updated - kexec-tools-2.0.20-150500.20.3.1 updated - krb5-1.20.1-150500.3.17.1 updated - libavahi-client3-0.8-150400.7.23.1 updated - libavahi-common3-0.8-150400.7.23.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libcurl4-8.14.1-150400.5.69.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.9.4-150500.12.3.3 updated - libglib-2_0-0-2.70.5-150400.3.23.1 updated - libgnutls30-3.7.3-150400.4.50.1 updated - libhavege2-1.9.14-150400.3.8.1 updated - libjq1-1.6-150000.3.9.1 updated - liblmdb-0_9_30-0.9.30-150500.3.2.1 updated - libncurses6-6.1-150000.5.30.1 updated - libopenssl1_1-1.1.1l-150500.17.43.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - librdkafka1-0.11.6-150000.1.11.1 updated - libsolv-tools-base-0.7.34-150500.6.12.3 updated - libsolv-tools-0.7.34-150500.6.12.3 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libssh-config-0.9.8-150400.3.9.1 updated - libssh4-0.9.8-150400.3.9.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libwayland-client0-1.21.0-150500.1.1 added - libxml2-2-2.10.3-150500.5.32.1 updated - libzypp-17.37.18-150500.6.64.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - openssh-clients-8.4p1-150300.3.49.1 updated - openssh-common-8.4p1-150300.3.49.1 updated - openssh-server-8.4p1-150300.3.49.1 updated - openssh-8.4p1-150300.3.49.1 updated - openssl-1_1-1.1.1l-150500.17.43.1 updated - pam-config-1.1-150200.3.14.1 updated - pam-1.3.0-150000.6.86.1 updated - perl-base-5.26.1-150300.17.20.1 updated - perl-5.26.1-150300.17.20.1 updated - permissions-20201225-150400.5.22.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-bind-9.16.50-150500.8.27.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-ply-3.10-150000.3.8.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-3.6.15-150300.10.97.2 updated - runc-1.2.6-150000.73.2 updated - samba-client-libs-4.17.12+git.510.0efaadf376b-150500.3.34.1 updated - sudo-1.9.12p1-150500.7.13.1 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.5.7-150500.3.15.3 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - systemd-presets-branding-SLE-15.1-150100.20.17.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - terminfo-base-6.1-150000.5.30.1 updated - terminfo-6.1-150000.5.30.1 updated - udev-249.17-150400.8.49.2 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - vim-9.1.1629-150500.20.33.1 updated - xen-libs-4.17.5_10-150500.3.50.1 updated - zypper-1.14.94-150500.6.42.1 updated - catatonit-0.2.0-150500.3.3.1 removed - docker-27.5.1_ce-150000.218.1 removed - e2fsprogs-1.46.4-150400.3.9.2 removed - iptables-1.8.7-1.1 removed - libext2fs2-1.46.4-150400.3.9.2 removed - libip6tc2-1.8.7-1.1 removed - libnftnl11-1.2.0-150400.1.6 removed - libprocps8-3.3.17-150000.7.42.1 removed - procps-3.3.17-150000.7.42.1 removed - xtables-plugins-1.8.7-1.1 removed From sle-container-updates at lists.suse.com Fri Oct 24 07:14:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 09:14:05 +0200 (CEST) Subject: SUSE-IU-2025:3245-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251024071405.BDB86F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3245-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.95 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.95 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241292 1241353 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249413 1249479 1249481 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250006 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-161 Released: Thu Oct 23 18:01:09 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241353,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1 249279,1249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249346,1249374,1249413,1249479,1249481,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,124998 8,1249990,1249993,1249994,1249997,1250002,1250004,1250006,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,125 0830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-5325 7,CVE-2023-53258,CVE-2023-53260,CVE-2023-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2 023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-384 66,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE- 2025-39681,CVE-2025-39682,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39 844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - Fix BPF selftests compilation error in bpf_iter.c (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: Use Step repository for building Leap kernel bs-upload-kernel does not understand the Leap repository layout - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: drop kvm_x86_ops from kabi relevant symbols. - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source.spec: Depend on python3-base for build Both kernel-binary and kernel-docs already have this dependency. - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - sched: add a sched_ttwu_queue sysctl (bsc#1247963, jsc#PED-13659). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). The following package changes have been done: - kernel-rt-6.4.0-37.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:00:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:00:41 +0200 (CEST) Subject: SUSE-IU-2025:3246-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251024080041.A284EF778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3246-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.22 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.22 Severity : moderate Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 318 Released: Thu Oct 23 14:42:35 2025 Summary: Security update for libxslt Type: security Severity: moderate References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979) - CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553) The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.63 updated - libxslt1-1.1.38-slfo.1.1_5.1 updated - container:SL-Micro-base-container-2.2.1-5.44 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:08:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:08:35 +0200 (CEST) Subject: SUSE-CU-2025:7538-1: Security update of suse/mariadb-client Message-ID: <20251024080835.A76E0F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7538-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.14 , suse/mariadb-client:10.11.14-66.3 Container Release : 66.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:11:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:11:08 +0200 (CEST) Subject: SUSE-CU-2025:7539-1: Security update of bci/spack Message-ID: <20251024081108.068A1F778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7539-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.67 Container Release : 11.67 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-devel-1.20.1-150600.11.14.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:11:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:11:21 +0200 (CEST) Subject: SUSE-CU-2025:7540-1: Security update of suse/bind Message-ID: <20251024081121.AFA08F778@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7540-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-69.3 , suse/bind:latest Container Release : 69.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:11:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:11:29 +0200 (CEST) Subject: SUSE-CU-2025:7541-1: Security update of suse/mariadb-client Message-ID: <20251024081129.E1EB6F783@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7541-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-64.3 , suse/mariadb-client:latest Container Release : 64.3 Severity : moderate Type : security References : 1241219 1249396 CVE-2025-3576 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3694-1 Released: Tue Oct 21 07:48:19 2025 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: 1249396 This update for mariadb fixes the following issues: - Read config files when doing mysql_upgrade (bsc#1249396) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - mariadb-errormessages-11.8.3-150700.3.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - mariadb-client-11.8.3-150700.3.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:11:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:11:42 +0200 (CEST) Subject: SUSE-CU-2025:7542-1: Security update of suse/samba-client Message-ID: <20251024081142.6B62EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7542-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-68.3 , suse/samba-client:latest Container Release : 68.3 Severity : critical Type : security References : 1241219 1251279 1251280 CVE-2025-10230 CVE-2025-3576 CVE-2025-9640 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3676-1 Released: Mon Oct 20 10:19:57 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). Update to 4.21.8: * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). * kinit command is failing with Missing cache Error; (bso#15840). * Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891). * Delayed leader broadcast can block ctdb forever; (bso#15892). * 'net ads group' failed to list domain groups; (bso#15900). * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663). * Fix handling of empty GPO link; (bso#15877). * SMB ACL inheritance doesn't work for files created; (bso#15880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - libldb2-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - krb5-1.20.1-150600.11.14.1 updated - samba-client-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - samba-client-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:11:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:11:54 +0200 (CEST) Subject: SUSE-CU-2025:7543-1: Security update of suse/samba-server Message-ID: <20251024081154.80AE4F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7543-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-68.3 , suse/samba-server:latest Container Release : 68.3 Severity : critical Type : security References : 1241219 1251279 1251280 CVE-2025-10230 CVE-2025-3576 CVE-2025-9640 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3676-1 Released: Mon Oct 20 10:19:57 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). Update to 4.21.8: * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). * kinit command is failing with Missing cache Error; (bso#15840). * Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891). * Delayed leader broadcast can block ctdb forever; (bso#15892). * 'net ads group' failed to list domain groups; (bso#15900). * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663). * Fix handling of empty GPO link; (bso#15877). * SMB ACL inheritance doesn't work for files created; (bso#15880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - libldb2-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - krb5-1.20.1-150600.11.14.1 updated - samba-client-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - samba-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - samba-client-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - samba-dcerpc-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - samba-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:12:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:12:05 +0200 (CEST) Subject: SUSE-CU-2025:7544-1: Security update of suse/samba-toolbox Message-ID: <20251024081205.C57C6F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7544-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-68.3 , suse/samba-toolbox:latest Container Release : 68.3 Severity : critical Type : security References : 1241219 1251279 1251280 CVE-2025-10230 CVE-2025-3576 CVE-2025-9640 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3676-1 Released: Mon Oct 20 10:19:57 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). Update to 4.21.8: * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bso#15876). * kinit command is failing with Missing cache Error; (bso#15840). * Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891). * Delayed leader broadcast can block ctdb forever; (bso#15892). * 'net ads group' failed to list domain groups; (bso#15900). * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663). * Fix handling of empty GPO link; (bso#15877). * SMB ACL inheritance doesn't work for files created; (bso#15880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - libldb2-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - krb5-1.20.1-150600.11.14.1 updated - samba-client-libs-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - samba-client-4.21.8+git.418.e80c9b2a88c-150700.3.11.2 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:12:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:12:19 +0200 (CEST) Subject: SUSE-CU-2025:7545-1: Security update of suse/sle15 Message-ID: <20251024081219.3EA2EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7545-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.1 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.1 , suse/sle15:latest Container Release : 5.11.1 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - curl-8.14.1-150700.7.2.1 updated - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:12:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:12:28 +0200 (CEST) Subject: SUSE-CU-2025:7546-1: Security update of suse/stunnel Message-ID: <20251024081228.28F43F778@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7546-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-67.3 , suse/stunnel:latest Container Release : 67.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:12:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:12:37 +0200 (CEST) Subject: SUSE-CU-2025:7547-1: Security update of suse/valkey Message-ID: <20251024081237.2C9EDF778@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7547-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-66.3 , suse/valkey:latest Container Release : 66.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.7-d36081e98ce32c994ddc5040947999e9d8c2098074802f4382d029673fb91903-0 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:37:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:37:28 +0200 (CEST) Subject: SUSE-CU-2025:7549-1: Security update of containers/open-webui Message-ID: <20251024113728.74133F780@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7549-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.30 Container Release : 12.30 Severity : important Type : security References : 1111638 1226308 1239896 1241219 1243958 1246197 1246974 1247581 1247582 1247589 1248117 1248330 1249191 1249348 1249367 1249375 1249584 1250232 1251137 CVE-2018-18088 CVE-2024-13978 CVE-2025-10148 CVE-2025-30348 CVE-2025-3576 CVE-2025-50422 CVE-2025-5455 CVE-2025-59375 CVE-2025-59728 CVE-2025-7700 CVE-2025-8114 CVE-2025-8277 CVE-2025-8534 CVE-2025-8961 CVE-2025-9086 CVE-2025-9165 CVE-2025-9230 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:768-1 Released: Mon Mar 3 09:58:01 2025 Summary: Recommended update for python-kubernetes Type: recommended Severity: moderate References: This update for python-kubernetes fixes the following issues: - Factory version sync for python-kubernetes ??? v31.0.0, (jsc#PED-11099) - New dependency for python-kubernetes: python-durationpy ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1612-1 Released: Wed May 21 10:11:11 2025 Summary: Recommended update for python-durationpy Type: recommended Severity: moderate References: This update for python-durationpy, python3-kubernetes fixes the following issues: python3-kubernetes was updated from version 26.1.0 to 31.0.0 (jsc#PED-12710, PED-12477): - Key changes in version 31.0.0: - Alignment with significant API changes in Kubernetes. - Enhancements to Dynamic Resource Allocation (DRA) with new API versions and features. - Node improvements like user namespace support and supplemental group policies scheduling performance upgrades. - Changes to API servers include such as atomic updates for Ingress objects and tricter validation of encryption provider configurations. - Kube-proxy now has a 'primary' nodeport address option, and several feature gates have graduated or been removed. - Improvements to CustomResourceDefinitions (CRDs), Service CIDR allocation, OCI artifact-based volumes, and logging. - Full list of changes: https://github.com/kubernetes-client/python/blob/v31.0.0/CHANGELOG.md - Key changes in version 29.0.0: - Updates to API versions for scheduling components and priority/fairness mechanism. - Enhanced configuration options for kube-proxy (including a new experimental mode). - Improved handling of authentication and authorization through configuration files. - New capabilities for pod lifecycle management (pre-stop hooks), resource management (image garbage collection), and network configuration, along with more flexible options for pod affinity and anti-affinity rules. - Full list of changes: https://github.com/kubernetes-client/python/blob/v29.0.0/CHANGELOG.md#v2900 - Key changes in version 28.1.0: - API improvements and updates, notably the removal of a deprecated API version for kube-scheduler configurations, requiring migration. - New features were also added, such as sidecar containers for enhanced pod lifecycle management, more granular control over Job retry limits, and improvements to CustomResourceDefinition (CRD) validation. - Updates were also made to pod management, networking, and security, with a general focus on enhancing flexibility, performance, and user experience. - Full list of changes: https://github.com/kubernetes-client/python/blob/v28.1.0/CHANGELOG.md - Key changes in version 27.2.0: - Enhancements to admission control policies, including features for runtime cost calculation and audit annotations. - Networking received updates with a new ClusterIP allocator, and a new API (ClusterTrustBundle) was introduced. - Scheduling was optimized through adjustments to pod affinity, and API interactions were improved with the implementation of streaming for the watch-cache. - Component updates included increased QPS limits for the kubelet. - Changes related to pods involve label updates, mutable resource type and resize policies. - Changes to API server encryption. - Improved logging capabilities. - Deprecations and removals of older features. - Full list of changes: https://github.com/kubernetes-client/python/blob/v27.2.0/CHANGELOG.md ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3348-1 Released: Wed Sep 24 16:05:03 2025 Summary: Security update for tiff Type: security Severity: moderate References: 1247581,1247582,1248117,1248330,CVE-2024-13978,CVE-2025-8534,CVE-2025-8961,CVE-2025-9165 This update for tiff fixes the following issues: - CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330). - CVE-2024-13978: null pointer dereference in component fax2ps (bsc#1247581) - CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582). - CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3352-1 Released: Thu Sep 25 13:50:15 2025 Summary: Security update for openjpeg2 Type: security Severity: low References: 1111638,CVE-2018-18088 This update for openjpeg2 fixes the following issues: - CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function. (bsc#1111638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3449-1 Released: Thu Oct 2 09:15:17 2025 Summary: Security update for cairo Type: security Severity: low References: 1247589,CVE-2025-50422 This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that does not have the FT_Color type. + Cairo tests now build on Solaris 11.4 with GCC 14. + The DirectWrite backend now builds on MINGW 11. + The DirectWrite backend now supports font variations and proper glyph coverage. - Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. - Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. - Convert to source service: allows for easier upgrades by the GNOME team. - Update to version 1.18.2: + The malloc-stats code has been removed from the tests directory + Cairo now requires a version of pixman equal to, or newer than, 0.40. + There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. + PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. + Both stroke and fill colors are now set when showing glyphs on a PDF surface. + All the font options are copied when creating a fallback font object. + When drawing text on macOS, Cairo now tries harder to select the appropriate font name. + Cairo now prefers the COLRv1 table inside a font, if one is available. + Cairo requires a C11 toolchain when building. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3715-1 Released: Wed Oct 22 09:11:23 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1226308,1251137,CVE-2025-59728,CVE-2025-7700 This update for ffmpeg-4 fixes the following issues: - CVE-2025-59728: allocated space for the appended '/' (bsc#1251137) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3723-1 Released: Wed Oct 22 13:22:09 2025 Summary: Security update for libqt5-qtbase Type: security Severity: moderate References: 1239896,1243958,CVE-2025-30348,CVE-2025-5455 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash (bsc#1243958). - CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance (bsc#1239896). Other issues fixed: - Initialize a member variable in `QObjectPrivate::Signal` that was uninitialized under some circumstances. - Fix a crash when parsing a particular glyph in a particular font. - Avoid repeatedly registering xsettings callbacks when switching cursor themes. - Check validity of RandR output info before using it. - Fix reparenting a window so it takes effect even if there are no other state changes to the window. The following package changes have been done: - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenjp2-7-2.3.0-150000.3.21.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libtbb12-2022.2.0-150600.1.1 updated - libbrotlienc1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libpng16-16-1.6.44-150600.1.1 updated - libtiff6-4.7.0-150600.3.18.1 updated - libQt5Core5-5.15.12+kde151-150600.3.9.1 updated - libQt5Test5-5.15.12+kde151-150600.3.9.1 updated - libQt5DBus5-5.15.12+kde151-150600.3.9.1 updated - libcairo2-1.18.4-150600.3.3.1 updated - libavutil56_70-4.4.6-150600.13.33.1 updated - libswscale5_9-4.4.6-150600.13.33.1 updated - libswresample3_9-4.4.6-150600.13.33.1 updated - libpostproc55_9-4.4.6-150600.13.33.1 updated - libavresample4_0-4.4.6-150600.13.33.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libavcodec58_134-4.4.6-150600.13.33.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libavformat58_76-4.4.6-150600.13.33.1 updated - libavfilter7_110-4.4.6-150600.13.33.1 updated - python311-xxhash-3.5.0-150600.1.1 updated - python311-xmltodict-0.13.0-150600.1.14 updated - python311-xlrd-2.0.1-150600.1.14 updated - python311-wrapt-1.16.0-150600.1.14 updated - python311-websockets-13.1-150600.1.5 updated - python311-websocket-client-1.8.0-150600.1.1 updated - python311-validators-0.35.0-150600.1.2 updated - python311-uritemplate-4.1.1-150600.1.12 updated - python311-tzdata-2024.1-150600.1.13 updated - python311-tqdm-4.66.4-150600.1.14 updated - python311-tenacity-9.0.0-150600.1.12 updated - python311-sniffio-1.3.1-150600.1.14 updated - python311-six-1.16.0-150600.1.14 updated - python311-setuptools-78.1.1-150600.1.1 updated - python311-sentencepiece-0.2.0-150600.1.2 updated - python311-safetensors-0.4.3-150600.1.24 updated - python311-regex-2024.5.15-150600.1.15 updated - python311-rapidocr-onnxruntime-1.4.4-150600.1.2 updated - python311-pyxlsb-1.0.10-150600.1.14 updated - python311-pytube-15.0.0-150600.1.14 updated - python311-python-iso639-2024.4.27-150600.1.13 updated - python311-pymongo-4.6.3-150600.1.17 updated - python311-pyclipper-1.3.0.post5-150600.1.14 updated - python311-psycopg2-2.9.9-150600.1.24 updated - python311-psutil-7.0.0-150600.1.1 updated - python311-protobuf-5.29.3-150600.3.3 updated - python311-propcache-0.2.0-150600.1.7 updated - python311-primp-0.15.0-150600.1.5 updated - python311-peewee-3.18.2-150600.1.3 updated - python311-overrides-7.7.0-150600.1.14 updated - python311-orjson-3.10.7-150600.1.28 updated - python311-onnxruntime-1.20.1-150600.1.2 updated - python311-olefile-0.47-150600.1.14 updated - python311-numpy1-1.26.4-150600.1.59 updated - python311-nest-asyncio-1.6.0-150600.1.13 updated - python311-monotonic-1.6-150600.1.12 updated - python311-mmh3-4.1.0-150600.1.19 updated - python311-langfuse-2.44.0-150600.1.13 updated - python311-jsonpath-python-1.0.6-150600.1.14 updated - python311-jiter-0.5.0-150600.1.23 updated - python311-jdcal-1.4.1-150600.1.13 updated - python311-importlib-resources-6.1.1-150600.1.15 updated - python311-grpcio-1.69.0-150600.1.9 updated - python311-greenlet-3.1.0-150600.1.21 updated - python311-filetype-1.2.0-150600.1.12 updated - python311-filelock-3.18.0-150600.1.1 updated - python311-fake-useragent-2.1.0-150600.1.2 updated - python311-emoji-2.13.2-150600.1.14 updated - python311-durationpy-0.9-150400.9.6.2 added - python311-docx2txt-0.8-150600.1.14 updated - python311-django-cache-url-3.4.5-150600.1.21 updated - python311-dj-email-url-1.0.6-150600.1.12 updated - python311-distro-1.9.0-150600.1.14 updated - python311-dill-0.3.8-150600.1.18 updated - python311-defusedxml-0.7.1-150600.1.14 updated - python311-ctranslate2-4.4.0-150600.1.16 updated - python311-charset-normalizer-3.3.2-150600.1.14 updated - python311-certifi-2024.7.4-150600.1.55 updated - python311-cchardet-2.1.19-150600.1.52 updated - python311-bitarray-2.9.2-150600.1.14 updated - python311-bcrypt-4.3.0-150600.1.6 updated - python311-async_timeout-4.0.3-150600.1.5 updated - python311-appdirs-1.4.4-150600.1.12 updated - python311-aiohappyeyeballs-2.3.7-150600.1.13 updated - python311-XlsxWriter-3.2.0-150600.1.13 updated - python311-PyYAML-6.0.2-150600.1.3 updated - python311-Brotli-1.1.0-150600.1.2 updated - libavdevice58_13-4.4.6-150600.13.33.1 updated - python311-pydantic-core-2.35.1-150600.1.3 updated - python311-importlib-metadata-8.6.1-150600.1.1 updated - python311-asgiref-3.8.1-150600.1.13 updated - python311-cffi-1.17.0-150600.1.16 updated - python311-proto-plus-1.26.1-150600.1.1 updated - python311-Pillow-11.3.0-150600.1.2 updated - python311-scipy-1.14.1-150600.1.63 updated - python311-rank-bm25-0.2.2-150600.1.14 updated - python311-pyarrow-17.0.0-150600.2.51 updated - python311-pgvector-0.4.1-150600.1.2 updated - python311-joblib-1.4.2-150600.1.15 updated - python311-chroma-hnswlib-0.7.6-150600.2.15 updated - python311-Shapely-2.0.6-150600.1.17 updated - python311-typing-inspect-0.9.0-150600.1.14 updated - python311-markdown-it-py-3.0.0-150600.1.1 updated - python311-jsonpatch-1.33-150600.1.13 updated - python311-yarl-1.18.3-150600.1.7 updated - python311-anyio-4.9.0-150600.1.2 updated - python311-h2-4.2.0-150600.1.5 updated - python311-grpcio-tools-1.68.1-150600.1.11 updated - python311-googleapis-common-protos-1.63.2-150600.1.19 updated - python311-SQLAlchemy-2.0.40-150600.1.3 updated - python311-mpmath-1.3.0-150600.1.14 updated - python311-multiprocess-0.70.16-150600.1.15 updated - python311-lxml-5.3.2-150600.1.3 updated - python311-python-oxmsg-0.0.1-150600.1.12 updated - python311-python-dotenv-1.1.0-150600.1.1 updated - python311-peewee-migrate-1.13.0-150600.1.13 updated - libQt5Network5-5.15.12+kde151-150600.3.9.1 updated - python311-av-11.0.0-150600.1.21 updated - ffmpeg-4-4.4.6-150600.13.33.1 updated - python311-playwright-1.49.1-150600.1.2 updated - python311-pandas-2.2.3-150600.1.71 updated - python311-marshmallow-3.20.2-150600.1.11 updated - python311-cryptography-43.0.1-150600.1.27 updated - python311-brotlicffi-1.0.9.2-150600.1.2 updated - python311-SoundFile-0.13.1-150600.1.5 updated - python311-rich-14.0.0-150600.1.1 updated - python311-pycrdt-0.12.26-150600.1.3 updated - python311-simple-websocket-1.0.0-150600.1.14 updated - python311-grpcio-status-1.62.2-150600.1.14 updated - python311-sympy-1.13.3-150600.1.2 updated - python311-python-jose-3.4.0-150600.1.2 updated - python311-aiohttp-3.11.11-150600.1.10 updated - python311-python-pptx-1.0.2-150600.1.13 updated - python311-et_xmlfile-1.0.1-150600.1.14 updated - python311-ddgs-9.5.1-150600.1.2 updated - python311-aiocache-0.12.3-150600.1.7 updated - python311-gcp-storage-emulator-2024.8.3-150600.1.11 updated - python311-alembic-1.14.1-150600.1.6 updated - libQt5Gui5-5.15.12+kde151-150600.3.9.1 updated - python311-pydub-0.25.1-150600.1.24 updated - python311-scikit-learn-1.5.1-150600.1.65 updated - python311-pyOpenSSL-24.2.1-150600.1.12 updated - python311-PyJWT-2.10.1-150600.2.1 updated - python311-typer-slim-0.17.4-150600.1.1 updated - python311-fastapi-0.115.12-150600.1.1 updated - python311-torch-2.8.0-150600.1.1 updated - python311-FontTools-4.53.1-150600.1.14 updated - python311-openpyxl-3.1.5-150600.1.13 updated - libQt5Widgets5-5.15.12+kde151-150600.3.9.1 updated - python311-typer-0.17.4-150600.1.1 updated - python311-openai-1.91.0-150600.1.1 updated - python311-fpdf2-2.8.2-150600.1.11 updated - libQt5OpenGL5-5.15.12+kde151-150600.3.9.1 updated - python311-requests-2.32.4-150600.1.2 updated - python311-qdrant-client-1.15.1-150600.1.2 updated - python311-pinecone-6.0.2-150600.1.2 updated - python311-elastic-transport-8.17.1-150600.1.2 updated - python311-dj-database-url-2.3.0-150600.1.20 updated - python311-tiktoken-0.7.0-150600.1.25 updated - python311-tencentcloud-sdk-python-3.0.1375-150600.1.2 updated - python311-responses-0.25.7-150600.1.2 updated - python311-python-engineio-4.12.0-150600.1.2 updated - python311-posthog-6.3.3-150600.1.2 updated - python311-nltk-3.9.1-150600.1.22 updated - python311-msal-1.32.3-150600.1.2 updated - python311-google-auth-2.34.0-150600.1.20 updated - python311-firecrawl-py-2.5.4-150600.1.2 updated - python311-docker-7.1.0-150600.1.15 updated - python311-botocore-1.36.11-150600.1.5 updated - python311-azure-core-1.34.0-150600.1.2 updated - python311-fsspec-2024.3.1-150600.1.14 updated - python311-unstructured-client-0.25.9-150600.1.13 updated - python311-python-socketio-5.13.0-150600.1.2 updated - python311-msal-extensions-1.3.1-150600.1.2 updated - python311-kubernetes-33.1.0-150600.1.1 updated - python311-google-genai-1.28.0-150600.1.2 updated - python311-google-auth-oauthlib-1.2.1-150600.1.11 updated - python311-google-auth-httplib2-0.2.0-150600.1.20 updated - python311-google-api-core-2.19.2-150600.2.2 updated - python311-s3transfer-0.11.1-150600.1.7 updated - python311-opensearch-py-2.8.0-150600.1.5 updated - python311-azure-storage-blob-12.25.1-150600.1.2 updated - python311-azure-ai-documentintelligence-1.0.2-150600.1.2 updated - python311-huggingface-hub-0.33.1-150600.1.1 updated - python311-azure-identity-1.21.0-150600.1.2 updated - python311-google-api-python-client-2.143.0-150600.1.25 updated - python311-google-ai-generativelanguage-0.6.18-150600.1.2 updated - python311-boto3-1.36.11-150600.1.7 updated - python311-pymilvus-2.5.4-150600.1.5 updated - python311-tokenizers-0.21.1-150600.1.1 updated - python311-accelerate-0.33.0-150600.1.2 updated - python311-google-cloud-storage-2.19.0-150600.1.5 updated - python311-google-generativeai-0.8.5-150600.1.2 updated - python311-moto-5.1.0-150600.1.2 updated - python311-faster_whisper-1.1.1-150600.1.5 updated - python311-chromadb-0.6.3-150600.1.5 updated - python311-datasets-3.0.1-150600.1.27 updated - python311-transformers-4.51.1-150600.1.1 updated - python311-unstructured-0.16.23-150600.1.5 updated - python311-sentence-transformers-4.1.0-150600.1.2 updated - python311-colbert-ai-0.2.21-150600.1.29 updated - container:registry.suse.com-bci-bci-base-15.6-36f2298f193581751a2641e139e053bcc89441095c3f89d73108e1fdc5bec114-0 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated - libuv1-1.44.2-150500.3.5.1 removed From sle-container-updates at lists.suse.com Fri Oct 24 11:37:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:37:54 +0200 (CEST) Subject: SUSE-CU-2025:7550-1: Security update of containers/pytorch Message-ID: <20251024113754.94B37F780@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7550-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.6 Container Release : 3.6 Severity : important Type : security References : 1212476 1216545 1218588 1218664 1228260 1236589 1240058 1241219 1243197 1243397 1243706 1243933 1245938 1245939 1245942 1245943 1245946 1246197 1246197 1246965 1246974 1247144 1247148 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1249584 1250232 1250232 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-27613 CVE-2025-27614 CVE-2025-3576 CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-4947 CVE-2025-5025 CVE-2025-5399 CVE-2025-59375 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3012-1 Released: Fri Aug 29 02:07:38 2025 Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML Type: security Severity: important References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - glibc-2.38-150600.14.37.1 updated - cuda-cccl-12-8-12.8.90-150600.5.1 updated - cuda-crt-12-8-12.8.93-150600.5.1 updated - cuda-nvrtc-12-8-12.8.93-150600.5.1 updated - cuda-nvvm-12-8-12.8.93-150600.5.1 updated - cuda-toolkit-12-8-config-common-12.8.90-150600.5.1 updated - cuda-toolkit-12-config-common-12.8.90-150600.5.1 updated - cuda-toolkit-config-common-12.8.90-150600.5.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - libnvjitlink-12-8-12.8.93-150600.5.1 updated - libcurand-12-8-10.3.9.90-150600.5.1 updated - libcufft-12-8-11.3.3.83-150600.5.1 updated - cuda-cudart-12-8-12.8.90-150600.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libcusparse-12-8-12.5.8.93-150600.5.1 updated - cuda-nvtx-12-8-12.8.90-150600.5.1 updated - krb5-1.20.1-150600.11.14.1 updated - libcusolver-12-8-11.7.3.90-150600.5.1 updated - glibc-devel-2.38-150600.14.37.1 updated - nccl-2.28.11-150600.1.5 added - libssh4-0.9.8-150600.11.6.1 updated - libcurl4-8.14.1-150600.4.28.1 updated - git-core-2.51.0-150600.3.12.1 updated - python311-six-1.16.0-150600.1.14 updated - python311-setuptools-78.1.1-150600.1.1 updated - python311-numpy-2.1.1-150600.1.59 updated - python311-mpmath-1.3.0-150600.1.14 updated - python311-sympy-1.13.3-150600.1.2 updated - python311-torch-cuda-2.8.0-150600.1.2 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated - libabsl2401_0_0-20240116.3-150600.19.3.15 removed - libnuma1-2.0.14.20.g4ee5e0c-150400.1.24 removed - libprotobuf29_3_0-29.3-150600.3.1 removed - libutf8_range-29_3_0-29.3-150600.3.1 removed - libuv1-1.44.2-150500.3.5.1 removed - python311-protobuf-5.29.3-150600.3.2 removed From sle-container-updates at lists.suse.com Fri Oct 24 11:42:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:42:59 +0200 (CEST) Subject: SUSE-IU-2025:3373-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20251024114259.798CBF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3373-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.386 , suse/sle-micro/5.5:latest Image Release : 5.5.386 Severity : moderate Type : recommended References : 1205770 1235731 1243291 1250661 1251923 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3773-1 Released: Fri Oct 24 08:34:10 2025 Summary: Recommended update for selinux-policy Type: recommended Severity: moderate References: 1205770,1235731,1243291,1250661,1251923 This update for selinux-policy fixes the following issues: - Make wicked script backwards compatible (bsc#1251923) - Allow wicket to manage its proc directories (bsc#1235731) - Allow NM to manage wicked pid files (bsc#1235731) - Allow NM to reach systemd unit files (bsc#1235731) - Dontaudit getty and plymouth the checkpoint_restore capability - allow wicked to connect to networkmanager and mange pid files for it (bsc#1243291) - Introduce unconfined wicked_script_t (bsc#1205770, bsc#1250661) The following package changes have been done: - selinux-policy-20230511+git32.d19008bdb-150500.3.32.1 updated - selinux-policy-targeted-20230511+git32.d19008bdb-150500.3.32.1 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:51:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:51:25 +0200 (CEST) Subject: SUSE-CU-2025:7553-1: Security update of bci/dotnet-aspnet Message-ID: <20251024115125.97BCFF780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7553-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.21 , bci/dotnet-aspnet:8.0.21-73.2 Container Release : 73.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:51:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:51:44 +0200 (CEST) Subject: SUSE-CU-2025:7554-1: Security update of bci/dotnet-aspnet Message-ID: <20251024115144.250F2F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7554-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.10 , bci/dotnet-aspnet:9.0.10-32.2 , bci/dotnet-aspnet:latest Container Release : 32.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:52:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:52:04 +0200 (CEST) Subject: SUSE-CU-2025:7555-1: Security update of bci/dotnet-sdk Message-ID: <20251024115204.38CD6F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7555-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.21 , bci/dotnet-sdk:8.0.21-73.2 Container Release : 73.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:52:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:52:22 +0200 (CEST) Subject: SUSE-CU-2025:7556-1: Security update of bci/dotnet-sdk Message-ID: <20251024115222.3E6A9F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7556-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.10 , bci/dotnet-sdk:9.0.10-33.2 , bci/dotnet-sdk:latest Container Release : 33.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:52:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:52:42 +0200 (CEST) Subject: SUSE-CU-2025:7557-1: Security update of bci/dotnet-runtime Message-ID: <20251024115242.E2F54F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7557-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.21 , bci/dotnet-runtime:8.0.21-73.2 Container Release : 73.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 11:53:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 13:53:01 +0200 (CEST) Subject: SUSE-CU-2025:7558-1: Security update of bci/dotnet-runtime Message-ID: <20251024115301.743F2F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7558-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.10 , bci/dotnet-runtime:9.0.10-32.2 , bci/dotnet-runtime:latest Container Release : 32.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:05:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:05:33 +0200 (CEST) Subject: SUSE-IU-2025:3422-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251025070533.BF704F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3422-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.214 , suse/sle-micro/base-5.5:latest Image Release : 5.8.214 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:06:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:06:40 +0200 (CEST) Subject: SUSE-IU-2025:3423-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251025070640.5B5F0F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3423-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.410 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.410 Severity : important Type : security References : 1228343 1230042 1240157 1246974 1249375 1251822 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3792-1 Released: Fri Oct 24 17:25:01 2025 Summary: Recommended update for qemu Type: recommended Severity: important References: 1228343,1230042,1240157,1251822 This update for qemu fixes the following issues: - [openSUSE] rpm/spec: qemu-vgabios is required on ppc (bsc#1230042) - [openSUSE][RPM] spec: Require ipxe and virtio-gpu packages for more arch-es (bsc#1240157) - [openSUSE] supportconfig: Adapt plugin to modern supportconfig (bsc#1251822) - tests/acpi: q35: Update host address width in DMAR (bsc#1228343) - intel_iommu: Set default aw_bits to 48 starting from QEMU 9.2 (bsc#1228343) - tests/acpi: q35: allow DMAR acpi table changes (bsc#1228343) The following package changes have been done: - qemu-guest-agent-7.1.0-150500.49.33.2 updated - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.214 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:08:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:08:18 +0200 (CEST) Subject: SUSE-IU-2025:3424-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251025070818.EFFF1F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3424-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.512 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.512 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.388 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:15:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:15:48 +0200 (CEST) Subject: SUSE-CU-2025:7562-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251025071548.835EFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7562-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.198 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.198 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:18:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:18:36 +0200 (CEST) Subject: SUSE-CU-2025:7563-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251025071836.0431DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7563-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.75 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.75 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:20:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:20:19 +0200 (CEST) Subject: SUSE-CU-2025:7564-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251025072019.B7CCFF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7564-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.198 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.198 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:21:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:21:48 +0200 (CEST) Subject: SUSE-CU-2025:7565-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20251025072148.969D0F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7565-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.105 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.105 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:27:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:27:45 +0200 (CEST) Subject: SUSE-IU-2025:3429-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251025072745.3BF90F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3429-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.23 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.23 Severity : important Type : security References : 1218424 1236045 1236046 1236801 1249154 CVE-2024-45336 CVE-2024-45341 CVE-2025-22866 CVE-2025-9566 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 319 Released: Fri Oct 24 14:38:16 2025 Summary: Security update for podman Type: security Severity: important References: 1218424,1236045,1236046,1236801,1249154,CVE-2024-45336,CVE-2024-45341,CVE-2025-22866,CVE-2025-9566 This update for podman fixes the following issues: - CVE-2025-9566: Fixed kube play command overwriting host files (bsc#1249154) The following package changes have been done: - podman-5.4.2-slfo.1.1_2.1 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:34:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:34:57 +0200 (CEST) Subject: SUSE-CU-2025:7572-1: Security update of suse/389-ds Message-ID: <20251025073457.32145F778@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7572-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-64.4 , suse/389-ds:latest Container Release : 64.4 Severity : important Type : security References : 1241219 1249033 1250232 CVE-2025-3576 CVE-2025-9230 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3692-1 Released: Tue Oct 21 07:46:57 2025 Summary: Recommended update for 389-ds Type: recommended Severity: important References: 1249033 This update for 389-ds fixes the following issues: - prevent segfault on extremely large queries (bsc#1249033). - do not delete referrals on chain_on_update backend - prevent stack depth being hit - The parentId attribute is indexed with improper matching rule - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default - memberOf - ignored deferred updates with LMDB - Compilation failure with rust-1.89 on Fedora ELN - UI - Replace deprecated Select components with new TypeaheadSelect - UI - Fix typeahead Select fields losing values on Enter keypress - UI - Show error message when trying to use unavailable ports - More UI fixes - Revise time skew check in healthcheck tool and add option to exclude checks - UI - update Radio handlers and LDAP entries last modified time - dsconf monitor server fails with ldapi:// due to absent server ID - Make user/subtree policy creation idempotent - AddressSanitizer: leak in agmt_update_init_status - AddressSanitizer: leak in do_search - AddressSanitizer: memory leak in mdb_init - Memory leak in roles_cache_create_object_from_entry part 2 - Memory leak in roles_cache_create_object_from_entry - RFE - Allow system to manage uid/gid at startup - Adjust xfail marks - ns-slapd crashes when a referral is added - CLI - Fix default error log level - Fix disk monitoring test failures and improve test maintainability - Mask password hashes in audit logs - Add test for numSubordinates replication consistency with tombstones - Add test for entryUSN overflow on failed add operations - Crash if repl keep alive entry can not be created - Log user that is updated during password modify extended operation - dsconf - Replicas with the 'consumer' role allow for viewing and modification of their changelog. - instance read-only mode is broken - Prevent repeated disconnect logs during shutdown - compressed log rotation creates files with world readable permission - str2filter is not fully applying matching rules - UI - schema attribute table expansion break after moving to a new page - CLI, UI - Properly handle disabled NDN cache - uiduniq: allow specifying match rules in the filter ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - krb5-client-1.20.1-150600.11.14.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - libsvrcore0-2.5.3~git144.95b15d57c-150700.3.6.1 updated - python3-ldap-3.4.0-150400.3.3.1 updated - lib389-2.5.3~git144.95b15d57c-150700.3.6.1 updated - 389-ds-2.5.3~git144.95b15d57c-150700.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:35:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:35:12 +0200 (CEST) Subject: SUSE-CU-2025:7573-1: Security update of bci/bci-base-fips Message-ID: <20251025073512.B2FF7F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7573-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-10.2 , bci/bci-base-fips:latest Container Release : 10.2 Severity : important Type : security References : 1250232 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) The following package changes have been done: - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:35:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:35:27 +0200 (CEST) Subject: SUSE-CU-2025:7574-1: Security update of bci/gcc Message-ID: <20251025073527.8988CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7574-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-14.3 , bci/gcc:latest Container Release : 14.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:35:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:35:37 +0200 (CEST) Subject: SUSE-CU-2025:7575-1: Security update of suse/git Message-ID: <20251025073537.B5958F778@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7575-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-64.4 , suse/git:latest Container Release : 64.4 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated - container:registry.suse.com-bci-bci-micro-15.7-40dd8129e29c9984d8a5a4cfdc038201897e5d0c571d7659f58488fc21676a3d-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:35:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:35:54 +0200 (CEST) Subject: SUSE-CU-2025:7576-1: Security update of bci/golang Message-ID: <20251025073554.C3910F778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7576-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-78.3 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-78.3 Container Release : 78.3 Severity : moderate Type : security References : 1236217 1241219 1247816 1248082 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3619-1 Released: Thu Oct 16 15:03:39 2025 Summary: Recommended update for go1.24-openssl Type: recommended Severity: moderate References: 1236217,1247816,1248082 This update for go1.24-openssl fixes the following issues: Update to version 1.24.7 cut from the go1.24-fips-release branch at the revision tagged go1.24.7-1-openssl-fips. (jsc#SLE-18320) go1.24.7 (released 2025-09-03) includes fixes to the go command, and the net and os/exec packages. ( bsc#1236217 go1.24 release tracking) * go#75007 os/exec: TestLookPath fails on plan9 after CL 685755 * go#74821 cmd/go: 'get toolchain at latest' should ignore release candidates * go#74818 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - go1.24-openssl-doc-1.24.7-150600.13.12.1 updated - go1.24-openssl-1.24.7-150600.13.12.1 updated - go1.24-openssl-race-1.24.7-150600.13.12.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated - libopenssl-devel-3.2.3-150700.1.1 removed - openssl-3.2.3-150700.1.1 removed - openssl-3-3.2.3-150700.5.21.1 removed From sle-container-updates at lists.suse.com Sat Oct 25 07:36:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:36:10 +0200 (CEST) Subject: SUSE-CU-2025:7577-1: Security update of bci/golang Message-ID: <20251025073610.852CFF778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7577-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.75.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.75.3 Container Release : 75.3 Severity : important Type : security References : 1241219 1244485 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3681-1 Released: Mon Oct 20 14:45:36 2025 Summary: Security update for go1.25 Type: security Severity: important References: 1244485 This update for go1.25 fixes the following issues: go1.25.3 (released 2025-10-13) includes fixes to the crypto/x509 package. (bsc#1244485) * go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot * go#75777 spec: Go1.25 spec should be dated closer to actual release date * Further fixups to the fix for net/url allowing IP literals with IPv4 mapped IPv6 addresses. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - go1.25-doc-1.25.3-150000.1.19.1 updated - go1.25-1.25.3-150000.1.19.1 updated - go1.25-race-1.25.3-150000.1.19.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:36:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:36:27 +0200 (CEST) Subject: SUSE-CU-2025:7578-1: Security update of bci/bci-init Message-ID: <20251025073627.703C1F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7578-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-46.3 , bci/bci-init:latest Container Release : 46.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:36:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:36:38 +0200 (CEST) Subject: SUSE-CU-2025:7579-1: Security update of suse/kea Message-ID: <20251025073638.12CF8F778@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7579-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-66.3 , suse/kea:latest Container Release : 66.3 Severity : important Type : security References : 1241219 1250232 CVE-2025-3576 CVE-2025-9230 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:37:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:37:03 +0200 (CEST) Subject: SUSE-CU-2025:7580-1: Security update of bci/kiwi Message-ID: <20251025073703.AA5B3F778@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7580-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-23.3 , bci/kiwi:latest Container Release : 23.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:37:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:37:18 +0200 (CEST) Subject: SUSE-CU-2025:7581-1: Security update of suse/nginx Message-ID: <20251025073718.611D2F778@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7581-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-65.3 , suse/nginx:latest Container Release : 65.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:08:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:08:02 +0100 (CET) Subject: SUSE-CU-2025:7581-1: Security update of suse/nginx Message-ID: <20251026080802.B5D8AF780@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7581-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-65.3 , suse/nginx:latest Container Release : 65.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:08:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:08:14 +0100 (CET) Subject: SUSE-CU-2025:7582-1: Security update of bci/nodejs Message-ID: <20251026080814.A11A4F780@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7582-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-13.3 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-13.3 , bci/nodejs:latest Container Release : 13.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:08:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:08:44 +0100 (CET) Subject: SUSE-CU-2025:7584-1: Security update of bci/openjdk Message-ID: <20251026080844.6A6D3F783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7584-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.16.0 , bci/openjdk:17.0.16.0-11.3 Container Release : 11.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:08:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:08:56 +0100 (CET) Subject: SUSE-CU-2025:7585-1: Security update of bci/openjdk-devel Message-ID: <20251026080856.BB246F783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7585-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-16.3 , bci/openjdk-devel:latest Container Release : 16.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:bci-openjdk-21-15.7.21-14.3 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:09:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:09:08 +0100 (CET) Subject: SUSE-CU-2025:7586-1: Security update of bci/openjdk Message-ID: <20251026080908.DD04BFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7586-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.8.0 , bci/openjdk:21.0.8.0-14.3 , bci/openjdk:latest Container Release : 14.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:09:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:09:30 +0100 (CET) Subject: SUSE-CU-2025:7587-1: Security update of suse/pcp Message-ID: <20251026080930.D4679FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7587-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-67.3 , suse/pcp:latest Container Release : 67.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:bci-bci-init-15.7-e420f8c31b1d1cc08c1ad59bf7235594419f2771daa99ea8d2e7830670e85aa7-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:09:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:09:47 +0100 (CET) Subject: SUSE-CU-2025:7588-1: Security update of bci/php-apache Message-ID: <20251026080947.0C59CFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7588-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-15.3 , bci/php-apache:latest Container Release : 15.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:10:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:10:01 +0100 (CET) Subject: SUSE-CU-2025:7589-1: Security update of bci/php-fpm Message-ID: <20251026081001.4310FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7589-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-15.3 , bci/php-fpm:latest Container Release : 15.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:10:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:10:12 +0100 (CET) Subject: SUSE-CU-2025:7590-1: Security update of bci/php Message-ID: <20251026081012.CCA72FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7590-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-15.3 , bci/php:latest Container Release : 15.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:10:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:10:26 +0100 (CET) Subject: SUSE-CU-2025:7591-1: Security update of bci/python Message-ID: <20251026081026.F1B16FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7591-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-77.3 Container Release : 77.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:10:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:10:44 +0100 (CET) Subject: SUSE-CU-2025:7592-1: Security update of bci/python Message-ID: <20251026081044.BFEF3FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7592-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.7 , bci/python:3.13.7-79.3 , bci/python:latest Container Release : 79.3 Severity : moderate Type : security References : 1241219 1244705 1247249 1251264 CVE-2025-3576 CVE-2025-6069 CVE-2025-8194 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3706-1 Released: Tue Oct 21 17:07:32 2025 Summary: Security update for python313 Type: security Severity: moderate References: 1244705,1247249,CVE-2025-6069,CVE-2025-8194 This update for python313 fixes the following issues: Update to version 3.13.7. - Fixes in 3.13.7: * gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object (such as ssl.SSLSocket.send) was subsequently called in another thread. * gh-137044: Return large limit values as positive integers instead of negative integers in resource.getrlimit(). Accept large values and reject negative values (except RLIM_INFINITY) for limits in resource.setrlimit(). * gh-136914: Fix retrieval of doctest.DocTest.lineno for objects decorated with functools.cache() or functools.cached_property. * gh-131788: Make ResourceTracker.send from multiprocessing re-entrant safe * gh-136155: We are now checking for fatal errors in EPUB builds in CI. * gh-137400: Fix a crash in the free threading build when disabling profiling or tracing across all threads with PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() or their Python equivalents threading.settrace_all_threads() and threading.setprofile_all_threads(). - Fixes in 3.13.6: * Security - gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. - Whitespaces no longer accepted between does not end the script section. - Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space. - Null character (U+0000) no longer ends the tag name. - Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. . - Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. . - Multiple = between attribute name and value are no longer collapsed. E.g. produces attribute ???foo??? with value ???=bar???. - gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->. - gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs ??? comments and declarations are automatically closed, tags are ignored (CVE-2025-6069, bsc#1244705). - gh-118350: Fix support of escapable raw text mode (elements ???textarea??? and ???title???) in html.parser.HTMLParser. * Core and Builtins - gh-58124: Fix name of the Python encoding in Unicode errors of the code page codec: use ???cp65000??? and ???cp65001??? instead of ???CP_UTF7??? and ???CP_UTF8??? which are not valid Python code names. Patch by Victor Stinner. - gh-137314: Fixed a regression where raw f-strings incorrectly interpreted escape sequences in format specifications. Raw f-strings now properly preserve literal backslashes in format specs, matching the behavior from Python 3.11. For example, rf'{obj:\xFF}' now correctly produces '\\xFF' instead of '??'. Patch by Pablo Galindo. - gh-136541: Fix some issues with the perf trampolines on x86-64 and aarch64. The trampolines were not being generated correctly for some cases, which could lead to the perf integration not working correctly. Patch by Pablo Galindo. - gh-109700: Fix memory error handling in PyDict_SetDefault(). - gh-78465: Fix error message for cls.__new__(cls, ...) where cls is not instantiable builtin or extension type (with tp_new set to NULL). - gh-135871: Non-blocking mutex lock attempts now return immediately when the lock is busy instead of briefly spinning in the free threading build. - gh-135607: Fix potential weakref races in an object???s destructor on the free threaded build. - gh-135496: Fix typo in the f-string conversion type error (???exclamanation??? -> ???exclamation???). - gh-130077: Properly raise custom syntax errors when incorrect syntax containing names that are prefixes of soft keywords is encountered. Patch by Pablo Galindo. - gh-135148: Fixed a bug where f-string debug expressions (using =) would incorrectly strip out parts of strings containing escaped quotes and # characters. Patch by Pablo Galindo. - gh-133136: Limit excess memory usage in the free threading build when a large dictionary or list is resized and accessed by multiple threads. - gh-132617: Fix dict.update() modification check that could incorrectly raise a ???dict mutated during update??? error when a different dictionary was modified that happens to share the same underlying keys object. - gh-91153: Fix a crash when a bytearray is concurrently mutated during item assignment. - gh-127971: Fix off-by-one read beyond the end of a string in string search. - gh-125723: Fix crash with gi_frame.f_locals when generator frames outlive their generator. Patch by Mikhail Efimov. * Library - gh-132710: If possible, ensure that uuid.getnode() returns the same result even across different processes. Previously, the result was constant only within the same process. Patch by B??n??dikt Tran. - gh-137273: Fix debug assertion failure in locale.setlocale() on Windows. - gh-137257: Bump the version of pip bundled in ensurepip to version 25.2 - gh-81325: tarfile.TarFile now accepts a path-like when working on a tar archive. (Contributed by Alexander Enrique Urieles Nieto in gh-81325.) - gh-130522: Fix unraisable TypeError raised during interpreter shutdown in the threading module. - gh-130577: tarfile now validates archives to ensure member offsets are non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249). - gh-136549: Fix signature of threading.excepthook(). - gh-136523: Fix wave.Wave_write emitting an unraisable when open raises. - gh-52876: Add missing keepends (default True) parameter to codecs.StreamReaderWriter.readline() and codecs.StreamReaderWriter.readlines(). - gh-85702: If zoneinfo._common.load_tzdata is given a package without a resource a zoneinfo.ZoneInfoNotFoundError is raised rather than a PermissionError. Patch by Victor Stinner. - gh-134759: Fix UnboundLocalError in email.message.Message.get_payload() when the payload to decode is a bytes object. Patch by Kliment Lamonov. - gh-136028: Fix parsing month names containing ???????? (U+0130, LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime(). This affects locales az_AZ, ber_DZ, ber_MA and crh_UA. - gh-135995: In the palmos encoding, make byte 0x9b decode to ??? (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK). - gh-53203: Fix time.strptime() for %c and %x formats on locales byn_ER, wal_ET and lzh_TW, and for %X format on locales ar_SA, bg_BG and lzh_TW. - gh-91555: An earlier change, which was introduced in 3.13.4, has been reverted. It disabled logging for a logger during handling of log messages for that logger. Since the reversion, the behaviour should be as it was before 3.13.4. - gh-135878: Fixes a crash of types.SimpleNamespace on free threading builds, when several threads were calling its __repr__() method at the same time. - gh-135836: Fix IndexError in asyncio.loop.create_connection() that could occur when non-OSError exception is raised during connection and socket???s close() raises OSError. - gh-135836: Fix IndexError in asyncio.loop.create_connection() that could occur when the Happy Eyeballs algorithm resulted in an empty exceptions list during connection attempts. - gh-135855: Raise TypeError instead of SystemError when _interpreters.set___main___attrs() is passed a non-dict object. Patch by Brian Schubert. - gh-135815: netrc: skip security checks if os.getuid() is missing. Patch by B??n??dikt Tran. - gh-135640: Address bug where it was possible to call xml.etree.ElementTree.ElementTree.write() on an ElementTree object with an invalid root element. This behavior blanked the file passed to write if it already existed. - gh-135444: Fix asyncio.DatagramTransport.sendto() to account for datagram header size when data cannot be sent. - gh-135497: Fix os.getlogin() failing for longer usernames on BSD-based platforms. - gh-135487: Fix reprlib.Repr.repr_int() when given integers with more than sys.get_int_max_str_digits() digits. Patch by B??n??dikt Tran. - gh-135335: multiprocessing: Flush stdout and stderr after preloading modules in the forkserver. - gh-135244: uuid: when the MAC address cannot be determined, the 48-bit node ID is now generated with a cryptographically-secure pseudo-random number generator (CSPRNG) as per RFC 9562, ??6.10.3. This affects uuid1(). - gh-135069: Fix the ???Invalid error handling??? exception in encodings.idna.IncrementalDecoder to correctly replace the ???errors??? parameter. - gh-134698: Fix a crash when calling methods of ssl.SSLContext or ssl.SSLSocket across multiple threads. - gh-132124: On POSIX-compliant systems, multiprocessing.util.get_temp_dir() now ignores TMPDIR (and similar environment variables) if the path length of AF_UNIX socket files exceeds the platform-specific maximum length when using the forkserver start method. Patch by B??n??dikt Tran. - gh-133439: Fix dot commands with trailing spaces are mistaken for multi-line SQL statements in the sqlite3 command-line interface. - gh-132969: Prevent the ProcessPoolExecutor executor thread, which remains running when shutdown(wait=False), from attempting to adjust the pool???s worker processes after the object state has already been reset during shutdown. A combination of conditions, including a worker process having terminated abormally, resulted in an exception and a potential hang when the still-running executor thread attempted to replace dead workers within the pool. - gh-130664: Support the '_' digit separator in formatting of the integral part of Decimal???s. Patch by Sergey B Kirpichev. - gh-85702: If zoneinfo._common.load_tzdata is given a package without a resource a ZoneInfoNotFoundError is raised rather than a IsADirectoryError. - gh-130664: Handle corner-case for Fraction???s formatting: treat zero-padding (preceding the width field by a zero ('0') character) as an equivalent to a fill character of '0' with an alignment type of '=', just as in case of float???s. * Tools/Demos - gh-135968: Stubs for strip are now provided as part of an iOS install. * Tests - gh-135966: The iOS testbed now handles the app_packages folder as a site directory. - gh-135494: Fix regrtest to support excluding tests from --pgo tests. Patch by Victor Stinner. - gh-135489: Show verbose output for failing tests during PGO profiling step with ???enable-optimizations. * Documentation - gh-135171: Document that the iterator for the leftmost for clause in the generator expression is created immediately. * Build - gh-135497: Fix the detection of MAXLOGNAME in the configure.ac script. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - libpython3_13-1_0-3.13.7-150700.4.23.1 updated - python313-base-3.13.7-150700.4.23.1 updated - python313-3.13.7-150700.4.23.1 updated - python313-devel-3.13.7-150700.4.23.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:11:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:11:00 +0100 (CET) Subject: SUSE-CU-2025:7593-1: Security update of bci/python Message-ID: <20251026081100.E7F7FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7593-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-76.3 Container Release : 76.3 Severity : important Type : security References : 1241219 1250232 1251264 CVE-2025-3576 CVE-2025-9230 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:11:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:11:19 +0100 (CET) Subject: SUSE-CU-2025:7594-1: Security update of bci/ruby Message-ID: <20251026081119.29E34FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7594-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-17.3 Container Release : 17.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:11:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:11:33 +0100 (CET) Subject: SUSE-CU-2025:7595-1: Security update of bci/rust Message-ID: <20251026081133.678FCFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7595-1 Container Tags : bci/rust:1.89 , bci/rust:1.89.0 , bci/rust:1.89.0-2.2.3 , bci/rust:oldstable , bci/rust:oldstable-2.2.3 Container Release : 2.3 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:12:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:12:08 +0100 (CET) Subject: SUSE-CU-2025:7597-1: Security update of bci/spack Message-ID: <20251026081208.E681FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7597-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-18.3 , bci/spack:latest Container Release : 18.3 Severity : important Type : security References : 1240954 1241219 1245743 1250232 1251264 CVE-2025-3576 CVE-2025-9230 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3623-1 Released: Thu Oct 16 16:36:00 2025 Summary: Recommended update for sudo Type: recommended Severity: important References: 1240954,1245743 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - sudo-1.9.15p5-150600.3.12.1 updated - krb5-devel-1.20.1-150600.11.14.1 updated - libcurl-devel-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:08:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:08:30 +0100 (CET) Subject: SUSE-CU-2025:7583-1: Security update of bci/openjdk-devel Message-ID: <20251026080830.9FE59F780@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7583-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-13.3 Container Release : 13.3 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:bci-openjdk-17-15.7.17-11.3 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:14:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:14:03 +0100 (CET) Subject: SUSE-CU-2025:7598-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20251026081403.869DDF780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7598-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.189 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.189 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3787-1 Released: Fri Oct 24 15:28:35 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150200.13.12.1 updated - libssh4-0.9.8-150200.13.12.1 updated From sle-container-updates at lists.suse.com Sun Oct 26 08:19:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:19:27 +0100 (CET) Subject: SUSE-CU-2025:7600-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251026081927.6AF1CF780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7600-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.191 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.191 Severity : moderate Type : security References : 1246974 1249375 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3787-1 Released: Fri Oct 24 15:28:35 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). The following package changes have been done: - libssh-config-0.9.8-150200.13.12.1 updated - libssh4-0.9.8-150200.13.12.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:03:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:03:01 +0100 (CET) Subject: SUSE-CU-2025:7601-1: Security update of containers/lmcache-lmstack-router Message-ID: <20251028080301.AEC41F780@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7601-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.11 Container Release : 2.11 Severity : important Type : security References : 1241219 1249584 1250232 CVE-2025-3576 CVE-2025-59375 CVE-2025-9230 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - python311-certifi-2024.7.4-150600.1.55 updated - python311-bcrypt-4.3.0-150600.1.6 updated - python311-pydantic-core-2.35.1-150600.1.3 updated - python311-cryptography-43.0.1-150600.1.27 updated - python311-fastapi-0.115.12-150600.1.1 updated - container:registry.suse.com-bci-bci-micro-15.6-223b856a8844c1c69e31fcc4cbd69fb51bee333c717d1f3611f851b323d7945a-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:06:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:06:35 +0100 (CET) Subject: SUSE-IU-2025:3483-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251028080635.54642FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3483-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.412 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.412 Severity : important Type : security References : 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.215 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:08:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:08:33 +0100 (CET) Subject: SUSE-IU-2025:3484-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20251028080833.40E0DFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3484-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.515 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.515 Severity : important Type : security References : 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.390 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:03:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:03:25 +0100 (CET) Subject: SUSE-CU-2025:7603-1: Security update of containers/pytorch Message-ID: <20251028080325.B356EF780@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7603-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.7 Container Release : 3.7 Severity : low Type : security References : 1248461 CVE-2025-9301 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3812-1 Released: Mon Oct 27 17:13:21 2025 Summary: Security update for cmake Type: security Severity: low References: 1248461,CVE-2025-9301 This update for cmake fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) The following package changes have been done: - nccl-2.28.11-150600.1.6 updated - cmake-full-3.28.3-150600.3.3.1 updated - cmake-3.28.3-150600.3.3.1 updated - python311-torch-cuda-2.8.0-150600.1.3 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:10:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:10:21 +0100 (CET) Subject: SUSE-IU-2025:3485-1: Security update of suse/sle-micro/5.5 Message-ID: <20251028081021.E8023F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3485-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.390 , suse/sle-micro/5.5:latest Image Release : 5.5.390 Severity : important Type : security References : 1246974 1249154 1249375 1251263 CVE-2025-8114 CVE-2025-8277 CVE-2025-9187 CVE-2025-9566 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3782-1 Released: Fri Oct 24 15:27:36 2025 Summary: Security update for podman Type: security Severity: important References: 1249154,CVE-2025-9566 This update for podman fixes the following issues: - CVE-2025-9566: fixed a case when kube play command could overwrite host files (bsc#1249154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3788-1 Released: Fri Oct 24 15:28:50 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - libssh-config-0.9.8-150400.3.12.1 updated - libssh4-0.9.8-150400.3.12.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - podman-4.9.5-150500.3.49.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.215 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:05:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:05:19 +0100 (CET) Subject: SUSE-IU-2025:3482-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251028080519.40ADDF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3482-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.215 , suse/sle-micro/base-5.5:latest Image Release : 5.8.215 Severity : important Type : security References : 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:19:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:19:08 +0100 (CET) Subject: SUSE-CU-2025:7608-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20251028081908.EBEC6F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7608-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.200 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.200 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.73.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:22:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:22:20 +0100 (CET) Subject: SUSE-CU-2025:7609-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251028082220.87D81F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7609-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.76 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.76 Severity : important Type : recommended References : 1230042 1240157 1251822 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3801-1 Released: Mon Oct 27 09:30:43 2025 Summary: Recommended update for qemu Type: recommended Severity: important References: 1230042,1240157,1251822 This update for qemu fixes the following issues: - [openSUSE] rpm/spec: qemu-vgabios is required on ppc (bsc#1230042) - [openSUSE] supportconfig: Adapt plugin to modern supportconfig (bsc#1251822) - [openSUSE][RPM] spec: Require ipxe and virtio-gpu packages for more arch-es (bsc#1240157) The following package changes have been done: - qemu-guest-agent-6.2.0-150400.37.43.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:22:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:22:21 +0100 (CET) Subject: SUSE-CU-2025:7610-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251028082221.D3239F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7610-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.77 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.77 Severity : important Type : security References : 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:24:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:24:26 +0100 (CET) Subject: SUSE-CU-2025:7611-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20251028082426.E53ACF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7611-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.200 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.200 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.73.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:26:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:26:14 +0100 (CET) Subject: SUSE-CU-2025:7612-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251028082614.B5BE8F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7612-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.107 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.107 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.73.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:33:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:33:44 +0100 (CET) Subject: SUSE-CU-2025:7617-1: Security update of bci/bci-base-fips Message-ID: <20251028083344.C968EF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7617-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.36.3 Container Release : 36.3 Severity : important Type : security References : 1249584 CVE-2025-59375 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). The following package changes have been done: - libexpat1-2.7.1-150400.3.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:34:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:34:59 +0100 (CET) Subject: SUSE-CU-2025:7618-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251028083459.554BAF778@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7618-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.119 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.119 Severity : important Type : security References : 1241219 1249584 1251263 CVE-2025-3576 CVE-2025-59375 CVE-2025-9187 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.73.1 updated - krb5-1.20.1-150600.11.14.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:36:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:36:06 +0100 (CET) Subject: SUSE-CU-2025:7619-1: Security update of bci/bci-init Message-ID: <20251028083606.1297AF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7619-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.49.4 Container Release : 49.4 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:37:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:37:07 +0100 (CET) Subject: SUSE-CU-2025:7620-1: Security update of bci/nodejs Message-ID: <20251028083707.91BD7F778@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7620-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-58.4 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-58.4 Container Release : 58.4 Severity : important Type : security References : 1241219 1249584 CVE-2025-3576 CVE-2025-59375 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:38:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:38:16 +0100 (CET) Subject: SUSE-CU-2025:7621-1: Security update of bci/python Message-ID: <20251028083816.E240CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7621-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-75.4 Container Release : 75.4 Severity : important Type : security References : 1241219 1249584 CVE-2025-3576 CVE-2025-59375 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:41:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:41:54 +0100 (CET) Subject: SUSE-CU-2025:7623-1: Security update of suse/sle15 Message-ID: <20251028084154.9562CF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7623-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.1 , suse/sle15:15.6 , suse/sle15:15.6.47.26.1 Container Release : 47.26.1 Severity : moderate Type : security References : 1241219 CVE-2025-3576 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:43:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:43:15 +0100 (CET) Subject: SUSE-CU-2025:7624-1: Security update of bci/spack Message-ID: <20251028084315.70419F778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7624-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.69 Container Release : 11.69 Severity : low Type : security References : 1248461 CVE-2025-9301 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3812-1 Released: Mon Oct 27 17:13:21 2025 Summary: Security update for cmake Type: security Severity: low References: 1248461,CVE-2025-9301 This update for cmake fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - cmake-full-3.28.3-150600.3.3.1 updated - cmake-3.28.3-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:43:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:43:37 +0100 (CET) Subject: SUSE-CU-2025:7625-1: Security update of bci/openjdk-devel Message-ID: <20251028084337.2B312F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7625-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.8.0 , bci/openjdk-devel:21.0.8.0-16.4 , bci/openjdk-devel:latest Container Release : 16.4 Severity : important Type : security References : 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - container:bci-openjdk-21-15.7.21-14.4 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:44:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:44:10 +0100 (CET) Subject: SUSE-CU-2025:7627-1: Security update of bci/rust Message-ID: <20251028084410.85CECF778@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7627-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.3.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.1 Container Release : 3.1 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Fri Oct 24 08:02:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 Oct 2025 10:02:50 +0200 (CEST) Subject: SUSE-IU-2025:3249-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251024080250.52644F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3249-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.34 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.34 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241292 1241353 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249346 1249374 1249413 1249479 1249481 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250006 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250169 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-161 Released: Thu Oct 23 18:01:09 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241353,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1 249279,1249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249346,1249374,1249413,1249479,1249481,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,124998 8,1249990,1249993,1249994,1249997,1250002,1250004,1250006,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250169,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,125 0830,1250831,1250837,1250841,1250861,1250863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-5325 7,CVE-2023-53258,CVE-2023-53260,CVE-2023-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2 023-53425,CVE-2023-53426,CVE-2023-53428,CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-384 66,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE- 2025-39681,CVE-2025-39682,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39 844,CVE-2025-39845,CVE-2025-39846,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - Fix BPF selftests compilation error in bpf_iter.c (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186). - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: Use Step repository for building Leap kernel bs-upload-kernel does not understand the Leap repository layout - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: drop kvm_x86_ops from kabi relevant symbols. - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source.spec: Depend on python3-base for build Both kernel-binary and kernel-docs already have this dependency. - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - sched: add a sched_ttwu_queue sysctl (bsc#1247963, jsc#PED-13659). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.63 updated - kernel-rt-6.4.0-37.1 updated - container:SL-Micro-container-2.2.1-7.22 updated From sle-container-updates at lists.suse.com Sat Oct 25 07:02:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:02:59 +0200 (CEST) Subject: SUSE-IU-2025:3418-1: Security update of suse-sles-15-sp4-chost-byos-v20251022-x86_64-gen2 Message-ID: <20251025070259.D5B7EF778@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20251022-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3418-1 Image Tags : suse-sles-15-sp4-chost-byos-v20251022-x86_64-gen2:20251022 Image Release : Severity : critical Type : security References : 1065729 1065729 1156395 1164051 1193629 1193629 1194869 1194869 1198410 1199356 1199487 1201160 1201956 1202094 1202095 1202564 1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361 1204228 1205128 1205220 1205514 1206051 1206456 1206468 1206664 1206878 1206880 1206883 1206884 1207158 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208607 1209287 1209291 1210584 1211226 1211960 1212051 1212476 1212603 1213015 1213016 1213040 1213041 1213061 1213090 1213099 1213104 1213666 1213747 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1218184 1218234 1218459 1218470 1220185 1220186 1221107 1221829 1222634 1223675 1224095 1224597 1225468 1225820 1226514 1226552 1228659 1229334 1230262 1230267 1230267 1230649 1230827 1230932 1231293 1232234 1232504 1232526 1233012 1233012 1233012 1233012 1233012 1233012 1233421 1233551 1233880 1234156 1234381 1234454 1234863 1234896 1234959 1235637 1235873 1236104 1236104 1236333 1236333 1236821 1236822 1237143 1237159 1237312 1237313 1237442 1237595 1238160 1238160 1238303 1238491 1238526 1238570 1238876 1239566 1239644 1239938 1239986 1240185 1240785 1240788 1240799 1240950 1241038 1241219 1241353 1241549 1242221 1242414 1242414 1242417 1242504 1242573 1242596 1242780 1242782 1242846 1242924 1242960 1243001 1243273 1243279 1243330 1243457 1243539 1243543 1243581 1243627 1243832 1243935 1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244114 1244116 1244154 1244179 1244234 1244241 1244277 1244309 1244309 1244337 1244337 1244401 1244553 1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771 1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783 1244784 1244786 1244787 1244788 1244790 1244793 1244794 1244796 1244797 1244798 1244800 1244802 1244804 1244807 1244808 1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824 1244824 1244825 1244830 1244831 1244832 1244834 1244836 1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848 1244849 1244851 1244853 1244854 1244856 1244860 1244861 1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887 1244890 1244895 1244899 1244900 1244901 1244902 1244903 1244908 1244911 1244915 1244925 1244936 1244941 1244942 1244943 1244944 1244945 1244948 1244949 1244950 1244956 1244958 1244959 1244965 1244966 1244967 1244968 1244969 1244970 1244974 1244976 1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244991 1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245018 1245019 1245024 1245028 1245031 1245032 1245033 1245038 1245039 1245041 1245047 1245051 1245057 1245058 1245060 1245062 1245064 1245069 1245072 1245073 1245088 1245089 1245092 1245093 1245098 1245103 1245110 1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245180 1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265 1245348 1245431 1245431 1245452 1245455 1245496 1245498 1245499 1245506 1245573 1245666 1245672 1245711 1245936 1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038 1246045 1246073 1246149 1246186 1246197 1246197 1246221 1246232 1246233 1246267 1246296 1246299 1246431 1246466 1246473 1246533 1246570 1246597 1246602 1246604 1246608 1246697 1246776 1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239 1247249 1247288 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108 1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248410 1248511 1248614 1248621 1248628 1248639 1248687 1248748 1248847 1249049 1249126 1249128 1249158 1249186 1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249348 1249348 1249367 1249367 1249374 1249516 1249538 1249548 1249584 1249604 1249608 1249638 1249639 1249641 1249642 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249677 1249681 1249683 1249685 1249687 1249691 1249695 1249699 1249700 1249701 1249705 1249706 1249707 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249758 1249762 1249767 1249777 1249781 1249784 1249791 1249799 1249808 1249810 1249820 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249864 1249865 1249866 1249867 1249868 1249872 1249877 1249880 1249882 1249885 1249890 1249892 1249908 1249910 1249911 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249944 1249947 1249949 1249950 1249954 1249958 1249979 1249981 1249991 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250023 1250024 1250026 1250039 1250041 1250043 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250070 1250071 1250072 1250077 1250080 1250081 1250083 1250105 1250106 1250107 1250108 1250114 1250118 1250121 1250127 1250128 1250131 1250132 1250137 1250138 1250140 1250145 1250151 1250153 1250156 1250159 1250161 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250191 1250197 1250198 1250200 1250209 1250211 1250232 1250237 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250287 1250293 1250301 1250303 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250328 1250331 1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250767 1250768 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250797 1250799 1250807 1250810 1250811 1250818 1250819 1250822 1250823 1250824 1250825 1250830 1250831 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250850 1250851 1250853 1250856 1250863 1250864 1250866 1250867 1250868 1250872 1250874 1250875 1250877 1250879 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250915 1250917 1250923 1250927 1250928 1250948 1250949 1250953 1250955 1250963 1250964 1250965 1251279 1251280 142461 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-36280 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-49138 CVE-2022-49138 CVE-2022-49770 CVE-2022-49934 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49950 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960 CVE-2022-49964 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034 CVE-2022-50036 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50051 CVE-2022-50053 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112 CVE-2022-50116 CVE-2022-50116 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50134 CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50185 CVE-2022-50187 CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50289 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50324 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50355 CVE-2022-50358 CVE-2022-50359 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50391 CVE-2022-50392 CVE-2022-50394 CVE-2022-50395 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50414 CVE-2022-50417 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50443 CVE-2022-50444 CVE-2022-50449 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-53048 CVE-2023-53076 CVE-2023-53097 CVE-2023-53117 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53182 CVE-2023-53185 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53213 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53234 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53255 CVE-2023-53259 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53286 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53307 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53344 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53359 CVE-2023-53368 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53443 CVE-2023-53446 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53512 CVE-2023-53513 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-35840 CVE-2024-36978 CVE-2024-42265 CVE-2024-46800 CVE-2024-47175 CVE-2024-52615 CVE-2024-53057 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53177 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-21700 CVE-2025-21702 CVE-2025-21703 CVE-2025-21756 CVE-2025-21881 CVE-2025-21971 CVE-2025-23141 CVE-2025-23145 CVE-2025-23155 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37885 CVE-2025-37890 CVE-2025-37932 CVE-2025-37953 CVE-2025-37958 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38470 CVE-2025-38476 CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39797 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-46836 CVE-2025-48060 CVE-2025-50181 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-58060 CVE-2025-58364 CVE-2025-59375 CVE-2025-6069 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20251022-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2464-1 Released: Tue Jul 22 13:40:15 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2519-1 Released: Fri Jul 25 10:51:53 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1233880,1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2537-1 Released: Mon Jul 28 17:08:58 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1228659,1230827,1231293,1232504,1233551,1234156,1234381,1234454,1235637,1236333,1236821,1236822,1237159,1237312,1237313,1238303,1238526,1238570,1238876,1239986,1240785,1241038,1242221,1242414,1242417,1242504,1242596,1242782,1242924,1243001,1243330,1243543,1243627,1243832,1244114,1244179,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244830,1244831,1244832,1244834,1244836,1 244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244890,1244895,1244899,1244900,1244901,1244902,1244903,1244908,1244911,1244915,1244936,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244956,1244958,1244959,1244965,1244966,1244967,1244968,1244969,1244970,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245018,1245019,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245041,1245047,1245051,1245057,1245058,1245060,1245062,1245064,1245069,1245072,1245073,1245088,1245089,1245092,1245093,1245098,1245103,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,124515 4,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49950,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49964,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49977,CVE-2022-49978,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-202 2-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50036,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50051,CVE-2022-50053,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-2022-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50116,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50134,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142 ,CVE-2022-50143,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50169,CVE-2022-50171,CVE-2022-50172,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50185,CVE-2022-50187,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-202 4-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53057,CVE-2024-53125,CVE-2024-53141,CVE-2024-56770,CVE-2024-57947,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-2025-37752,CVE-2025-37797,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37953,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38083 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468). - CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552). - CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821). - CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504) - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82 - Use gcc-13 for build on SLE16 (jsc#PED-10028). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - check-for-config-changes: Fix flag name typo - doc/README.SUSE: Point to the updated version of LKMPG - hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - kernel-source: Also replace bin/env - kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env' - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used - rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64. - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/package-descriptions: Add rt and rt_debug descriptions - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rpm: Stop using is_kotd_qa macro - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2556-1 Released: Wed Jul 30 21:04:22 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2559-1 Released: Wed Jul 30 22:15:25 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042). There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - Implement color filtering when adding update targets. - Support orderwithrequires dependencies in susedata.xml. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2589-1 Released: Fri Aug 1 15:05:54 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2712-1 Released: Wed Aug 6 11:21:38 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2727-1 Released: Thu Aug 7 11:02:04 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2849-1 Released: Mon Aug 18 17:56:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2952-1 Released: Thu Aug 21 14:56:24 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3065-1 Released: Thu Sep 4 08:36:30 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - modified default SLE presets ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3085-1 Released: Fri Sep 5 11:03:27 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1240950 This update for suse-module-tools fixes the following issues: - Version update 15.4.20 - Add blacklist entry for reiserfs (jsc#PED-6167). - Add more modules to file system blacklist (jsc#PED-6167). - Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3240-1 Released: Tue Sep 16 21:56:57 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Update to version 9.1.1629. - CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604). - CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602). - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938). - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3260-1 Released: Thu Sep 18 02:09:31 2025 Summary: Security update for net-tools Type: security Severity: moderate References: 1243581,1246608,1248410,1248687,142461,CVE-2025-46836 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3261-1 Released: Thu Sep 18 06:35:19 2025 Summary: Security update for cups Type: security Severity: important References: 1230932,1246533,1249049,1249128,CVE-2024-47175,CVE-2025-58060,CVE-2025-58364 This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). - CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3267-1 Released: Thu Sep 18 13:05:51 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3302-1 Released: Tue Sep 23 11:09:49 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3314-1 Released: Tue Sep 23 20:34:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1234896,1244824,1245970,1246473,1246911,1247143,1247374,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,CVE-2022-50116,CVE-2024-53177,CVE-2024-58239,CVE-2025-38180,CVE-2025-38323,CVE-2025-38352,CVE-2025-38460,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - Disable N_GSM (jsc#PED-8240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3331-1 Released: Wed Sep 24 08:54:17 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3334-1 Released: Wed Sep 24 08:56:48 2025 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1212476,1244154 This update for hyper-v fixes the following issues: - fcopy bugfix - Fix irregularities with size of ring buffer - Fix incorrect file path conversion - Enable debug logs for hv_kvp_daemon (bsc#1244154). - Update route parsing in kvp daemon - Remove obsolete obsolete code for SLE11SP2 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476). - Use %patch -P N instead of deprecated %patchN. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3433-1 Released: Tue Sep 30 15:52:31 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3618-1 Released: Thu Oct 16 09:37:00 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3628-1 Released: Fri Oct 17 13:34:30 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1206456,1206468,1206883,1206884,1207158,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213666,1213747,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1236104,1238160,1241353,1242573,1242846,1242960,1243539,1244337,1244732,1245110,1245498,1245499,1245666,1245956,1246879,1246968,1247028,1247172,1247239,1247288,1247317,1248108,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249608,1249638,1249639,1249641,1249642,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249699,1249700,1249701,1249705,1249706,1249707,1249709,1249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1 249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249758,1249762,1249767,1249777,1249781,1249784,1249791,1249799,1249808,1249810,1249820,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249864,1249865,1249866,1249867,1249868,1249872,1249877,1249880,1249882,1249885,1249890,1249892,1249908,1249910,1249911,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249944,1249947,1249949,1249950,1249954,1249958,1249979,1249981,1249991,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250023,1250024,1250026,1250039,1250041,1250043,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,1250066,1250070,1250071,1250072,1250077,1250080,1250081,1250083,1250105,1250106,1250107,1250108,1250114,1250118,1250121,1250127,1250128,1250131,1250132,1250137,1250138,1250140,1250145,1250151,1250153,1250156,1250159,1250161,125016 8,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250191,1250197,1250198,1250200,1250209,1250211,1250237,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250287,1250293,1250301,1250303,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250767,1250768,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250797,1250799,1250807,1250810,1250811,1250818,1250819,1250822,1250823,1250824,1250825,1250830,1250831,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250850,1250851,1250853,1250856,1250863,1250864,1250866,1250867,1250868,1250872,1250874,1250875,1250877,1250879,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250915,1250917,1250923,1250927,1250928,1250948,1250949,1250953,1250955,1250963,1250964,1250965,CVE-2022-26 02,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-49980,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50289,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50324,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50355,CVE-2022-50358,CVE-2 022-50359,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50391,CVE-2022-50392,CVE-2022-50394,CVE-2022-50395,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50414,CVE-2022-50417,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50443,CVE-2022-50444,CVE-2022-50449,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197 ,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53153,CVE-2023-53165,CVE-2023-53167,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53182,CVE-2023-53185,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53213,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53234,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53255,CVE-2023-53259,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53286,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2023-53305,CVE-2023-53307,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-20 23-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53344,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53359,CVE-2023-53368,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53443,CVE-2023-53446,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-5347 4,CVE-2023-53475,CVE-2023-53476,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53512,CVE-2023-53513,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-23155,CVE-2025-37738,CVE-2025-37885,CVE-2025-37958,CVE-2025-38014,CVE-2025-38084,CVE-2025-38085,CVE-2025-38111,CVE-2025-38184,CVE-2025-38380,CVE-2025-38470,CVE-2025-38476,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39797,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer. - Revert backported patches for bsc#1238160 because the CVSS less than 7.0 - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158). - build_bug.h: Add KABI assert (bsc#1249186). - kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers. - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - use uniform permission checks for all mount propagation changes (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3729-1 Released: Wed Oct 22 15:19:26 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - bind-utils-9.16.50-150400.5.49.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - cups-config-2.2.7-150000.3.72.1 updated - curl-8.14.1-150400.5.69.1 updated - dracut-055+suse.361.g448229ea-150400.3.40.1 updated - grub2-i386-pc-2.06-150400.11.63.1 updated - grub2-x86_64-efi-2.06-150400.11.63.1 updated - grub2-2.06-150400.11.63.1 updated - hwinfo-21.89-150400.3.21.1 updated - hyper-v-9-150200.14.12.2 updated - jq-1.6-150000.3.9.1 updated - kernel-default-5.14.21-150400.24.179.1 updated - krb5-1.19.2-150400.3.18.1 updated - libavahi-client3-0.8-150400.7.23.1 updated - libavahi-common3-0.8-150400.7.23.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libcups2-2.2.7-150000.3.72.1 updated - libcurl4-8.14.1-150400.5.69.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.9.4-150400.6.11.1 updated - libgnutls30-3.7.3-150400.4.50.1 updated - libjq1-1.6-150000.3.9.1 updated - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libsolv-tools-base-0.7.34-150400.3.41.1 updated - libsolv-tools-0.7.34-150400.3.41.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libxml2-2-2.9.14-150400.5.47.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libzypp-17.37.18-150400.3.148.1 updated - net-tools-2.0+git20170221.479bb4a-150000.5.13.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated - pam-1.3.0-150000.6.86.1 updated - permissions-20201225-150400.5.22.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-apipkg-1.4-150000.3.8.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-attrs-19.3.0-150200.3.9.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-bind-9.16.50-150400.5.49.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-ply-3.10-150000.3.8.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - python3-zipp-0.6.0-150100.3.8.1 updated - python3-3.6.15-150300.10.97.2 updated - samba-client-libs-4.15.13+git.736.b791be993ba-150400.3.40.1 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.4.20-150400.3.20.3 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - systemd-presets-branding-SLE-15.1-150100.20.17.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - vim-data-common-9.1.1629-150000.5.78.1 updated - vim-9.1.1629-150000.5.78.1 updated - zypper-1.14.94-150400.3.101.1 updated - catatonit-0.2.0-150300.10.8.1 removed - docker-28.2.2_ce-150000.227.1 removed - xxd-9.1.1406-150000.5.75.1 removed From sle-container-updates at lists.suse.com Sat Oct 25 07:03:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:03:14 +0200 (CEST) Subject: SUSE-IU-2025:3419-1: Security update of suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64 Message-ID: <20251025070314.49F2CF778@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3419-1 Image Tags : suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64:20251022 Image Release : Severity : critical Type : security References : 1065729 1065729 1156395 1164051 1193629 1193629 1194869 1194869 1198410 1199356 1199487 1201160 1201956 1202094 1202095 1202564 1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361 1204228 1205128 1205220 1205514 1206051 1206456 1206468 1206664 1206878 1206880 1206883 1206884 1207158 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208607 1209287 1209291 1210584 1211226 1211960 1212051 1212603 1213015 1213016 1213040 1213041 1213061 1213090 1213099 1213104 1213666 1213747 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1218184 1218234 1218459 1218470 1220185 1220186 1221107 1221829 1222634 1223675 1224095 1224597 1225468 1225820 1226514 1226552 1228659 1229334 1230262 1230267 1230267 1230649 1230827 1230932 1231293 1232234 1232504 1232526 1233012 1233012 1233012 1233012 1233012 1233012 1233421 1233551 1233880 1234156 1234381 1234454 1234863 1234896 1234959 1235637 1235873 1236104 1236104 1236333 1236333 1236821 1236822 1237143 1237159 1237312 1237313 1237442 1237595 1238160 1238160 1238303 1238491 1238526 1238570 1238876 1239566 1239644 1239938 1239986 1240185 1240785 1240788 1240799 1240950 1241038 1241219 1241353 1241549 1242221 1242414 1242414 1242417 1242504 1242573 1242596 1242780 1242782 1242846 1242924 1242960 1243001 1243273 1243279 1243330 1243457 1243539 1243543 1243581 1243627 1243832 1243935 1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244114 1244116 1244179 1244234 1244241 1244277 1244309 1244309 1244337 1244337 1244401 1244553 1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771 1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783 1244784 1244786 1244787 1244788 1244790 1244793 1244794 1244796 1244797 1244798 1244800 1244802 1244804 1244807 1244808 1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824 1244824 1244825 1244830 1244831 1244832 1244834 1244836 1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848 1244849 1244851 1244853 1244854 1244856 1244860 1244861 1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887 1244890 1244895 1244899 1244900 1244901 1244902 1244903 1244908 1244911 1244915 1244925 1244936 1244941 1244942 1244943 1244944 1244945 1244948 1244949 1244950 1244956 1244958 1244959 1244965 1244966 1244967 1244968 1244969 1244970 1244974 1244976 1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244991 1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245018 1245019 1245024 1245028 1245031 1245032 1245033 1245038 1245039 1245041 1245047 1245051 1245057 1245058 1245060 1245062 1245064 1245069 1245072 1245073 1245088 1245089 1245092 1245093 1245098 1245103 1245110 1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245180 1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265 1245348 1245431 1245431 1245452 1245455 1245496 1245498 1245499 1245506 1245573 1245666 1245672 1245711 1245936 1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038 1246045 1246073 1246149 1246186 1246197 1246197 1246221 1246232 1246233 1246267 1246296 1246299 1246431 1246466 1246473 1246533 1246570 1246597 1246602 1246604 1246608 1246697 1246776 1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239 1247249 1247288 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108 1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248410 1248511 1248614 1248621 1248628 1248639 1248687 1248748 1248847 1249049 1249126 1249128 1249158 1249186 1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249348 1249348 1249367 1249367 1249374 1249516 1249538 1249548 1249584 1249604 1249608 1249638 1249639 1249641 1249642 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249677 1249681 1249683 1249685 1249687 1249691 1249695 1249699 1249700 1249701 1249705 1249706 1249707 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249758 1249762 1249767 1249777 1249781 1249784 1249791 1249799 1249808 1249810 1249820 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249864 1249865 1249866 1249867 1249868 1249872 1249877 1249880 1249882 1249885 1249890 1249892 1249908 1249910 1249911 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249944 1249947 1249949 1249950 1249954 1249958 1249979 1249981 1249991 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250023 1250024 1250026 1250039 1250041 1250043 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250070 1250071 1250072 1250077 1250080 1250081 1250083 1250105 1250106 1250107 1250108 1250114 1250118 1250121 1250127 1250128 1250131 1250132 1250137 1250138 1250140 1250145 1250151 1250153 1250156 1250159 1250161 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250191 1250197 1250198 1250200 1250209 1250211 1250232 1250237 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250287 1250293 1250301 1250303 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250328 1250331 1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250767 1250768 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250797 1250799 1250807 1250810 1250811 1250818 1250819 1250822 1250823 1250824 1250825 1250830 1250831 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250850 1250851 1250853 1250856 1250863 1250864 1250866 1250867 1250868 1250872 1250874 1250875 1250877 1250879 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250915 1250917 1250923 1250927 1250928 1250948 1250949 1250953 1250955 1250963 1250964 1250965 1251279 1251280 142461 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-36280 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-49138 CVE-2022-49138 CVE-2022-49770 CVE-2022-49934 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49950 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960 CVE-2022-49964 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034 CVE-2022-50036 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50051 CVE-2022-50053 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112 CVE-2022-50116 CVE-2022-50116 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50134 CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50185 CVE-2022-50187 CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50289 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50324 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50355 CVE-2022-50358 CVE-2022-50359 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50391 CVE-2022-50392 CVE-2022-50394 CVE-2022-50395 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50414 CVE-2022-50417 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50443 CVE-2022-50444 CVE-2022-50449 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-53048 CVE-2023-53076 CVE-2023-53097 CVE-2023-53117 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53182 CVE-2023-53185 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53213 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53234 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53255 CVE-2023-53259 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53286 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53307 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53344 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53359 CVE-2023-53368 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53443 CVE-2023-53446 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53512 CVE-2023-53513 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-35840 CVE-2024-36978 CVE-2024-42265 CVE-2024-46800 CVE-2024-47175 CVE-2024-52615 CVE-2024-53057 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53177 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-21700 CVE-2025-21702 CVE-2025-21703 CVE-2025-21756 CVE-2025-21881 CVE-2025-21971 CVE-2025-23141 CVE-2025-23145 CVE-2025-23155 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37885 CVE-2025-37890 CVE-2025-37932 CVE-2025-37953 CVE-2025-37958 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38470 CVE-2025-38476 CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39797 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-46836 CVE-2025-48060 CVE-2025-50181 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-58060 CVE-2025-58364 CVE-2025-59375 CVE-2025-6069 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20251022-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2464-1 Released: Tue Jul 22 13:40:15 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2519-1 Released: Fri Jul 25 10:51:53 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1233880,1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2537-1 Released: Mon Jul 28 17:08:58 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1228659,1230827,1231293,1232504,1233551,1234156,1234381,1234454,1235637,1236333,1236821,1236822,1237159,1237312,1237313,1238303,1238526,1238570,1238876,1239986,1240785,1241038,1242221,1242414,1242417,1242504,1242596,1242782,1242924,1243001,1243330,1243543,1243627,1243832,1244114,1244179,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244830,1244831,1244832,1244834,1244836,1 244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244890,1244895,1244899,1244900,1244901,1244902,1244903,1244908,1244911,1244915,1244936,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244956,1244958,1244959,1244965,1244966,1244967,1244968,1244969,1244970,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245018,1245019,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245041,1245047,1245051,1245057,1245058,1245060,1245062,1245064,1245069,1245072,1245073,1245088,1245089,1245092,1245093,1245098,1245103,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,124515 4,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49950,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49964,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49977,CVE-2022-49978,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-202 2-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50036,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50051,CVE-2022-50053,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-2022-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50116,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50134,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142 ,CVE-2022-50143,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50169,CVE-2022-50171,CVE-2022-50172,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50185,CVE-2022-50187,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-202 4-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53057,CVE-2024-53125,CVE-2024-53141,CVE-2024-56770,CVE-2024-57947,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-2025-37752,CVE-2025-37797,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37953,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38083 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468). - CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552). - CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821). - CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504) - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82 - Use gcc-13 for build on SLE16 (jsc#PED-10028). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - check-for-config-changes: Fix flag name typo - doc/README.SUSE: Point to the updated version of LKMPG - hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - kernel-source: Also replace bin/env - kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env' - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used - rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64. - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/package-descriptions: Add rt and rt_debug descriptions - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rpm: Stop using is_kotd_qa macro - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2556-1 Released: Wed Jul 30 21:04:22 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2559-1 Released: Wed Jul 30 22:15:25 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042). There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - Implement color filtering when adding update targets. - Support orderwithrequires dependencies in susedata.xml. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2589-1 Released: Fri Aug 1 15:05:54 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2712-1 Released: Wed Aug 6 11:21:38 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2727-1 Released: Thu Aug 7 11:02:04 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2849-1 Released: Mon Aug 18 17:56:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2952-1 Released: Thu Aug 21 14:56:24 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3065-1 Released: Thu Sep 4 08:36:30 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - modified default SLE presets ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3085-1 Released: Fri Sep 5 11:03:27 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1240950 This update for suse-module-tools fixes the following issues: - Version update 15.4.20 - Add blacklist entry for reiserfs (jsc#PED-6167). - Add more modules to file system blacklist (jsc#PED-6167). - Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3240-1 Released: Tue Sep 16 21:56:57 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Update to version 9.1.1629. - CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604). - CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602). - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938). - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3260-1 Released: Thu Sep 18 02:09:31 2025 Summary: Security update for net-tools Type: security Severity: moderate References: 1243581,1246608,1248410,1248687,142461,CVE-2025-46836 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3261-1 Released: Thu Sep 18 06:35:19 2025 Summary: Security update for cups Type: security Severity: important References: 1230932,1246533,1249049,1249128,CVE-2024-47175,CVE-2025-58060,CVE-2025-58364 This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). - CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3267-1 Released: Thu Sep 18 13:05:51 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3302-1 Released: Tue Sep 23 11:09:49 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3314-1 Released: Tue Sep 23 20:34:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1234896,1244824,1245970,1246473,1246911,1247143,1247374,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,CVE-2022-50116,CVE-2024-53177,CVE-2024-58239,CVE-2025-38180,CVE-2025-38323,CVE-2025-38352,CVE-2025-38460,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - Disable N_GSM (jsc#PED-8240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3331-1 Released: Wed Sep 24 08:54:17 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3433-1 Released: Tue Sep 30 15:52:31 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3618-1 Released: Thu Oct 16 09:37:00 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3628-1 Released: Fri Oct 17 13:34:30 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1206456,1206468,1206883,1206884,1207158,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213666,1213747,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1236104,1238160,1241353,1242573,1242846,1242960,1243539,1244337,1244732,1245110,1245498,1245499,1245666,1245956,1246879,1246968,1247028,1247172,1247239,1247288,1247317,1248108,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249608,1249638,1249639,1249641,1249642,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249699,1249700,1249701,1249705,1249706,1249707,1249709,1249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1 249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249758,1249762,1249767,1249777,1249781,1249784,1249791,1249799,1249808,1249810,1249820,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249864,1249865,1249866,1249867,1249868,1249872,1249877,1249880,1249882,1249885,1249890,1249892,1249908,1249910,1249911,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249944,1249947,1249949,1249950,1249954,1249958,1249979,1249981,1249991,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250023,1250024,1250026,1250039,1250041,1250043,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,1250066,1250070,1250071,1250072,1250077,1250080,1250081,1250083,1250105,1250106,1250107,1250108,1250114,1250118,1250121,1250127,1250128,1250131,1250132,1250137,1250138,1250140,1250145,1250151,1250153,1250156,1250159,1250161,125016 8,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250191,1250197,1250198,1250200,1250209,1250211,1250237,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250287,1250293,1250301,1250303,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250767,1250768,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250797,1250799,1250807,1250810,1250811,1250818,1250819,1250822,1250823,1250824,1250825,1250830,1250831,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250850,1250851,1250853,1250856,1250863,1250864,1250866,1250867,1250868,1250872,1250874,1250875,1250877,1250879,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250915,1250917,1250923,1250927,1250928,1250948,1250949,1250953,1250955,1250963,1250964,1250965,CVE-2022-26 02,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-49980,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50289,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50324,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50355,CVE-2022-50358,CVE-2 022-50359,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50391,CVE-2022-50392,CVE-2022-50394,CVE-2022-50395,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50414,CVE-2022-50417,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50443,CVE-2022-50444,CVE-2022-50449,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197 ,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53153,CVE-2023-53165,CVE-2023-53167,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53182,CVE-2023-53185,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53213,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53234,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53255,CVE-2023-53259,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53286,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2023-53305,CVE-2023-53307,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-20 23-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53344,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53359,CVE-2023-53368,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53443,CVE-2023-53446,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-5347 4,CVE-2023-53475,CVE-2023-53476,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53512,CVE-2023-53513,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-23155,CVE-2025-37738,CVE-2025-37885,CVE-2025-37958,CVE-2025-38014,CVE-2025-38084,CVE-2025-38085,CVE-2025-38111,CVE-2025-38184,CVE-2025-38380,CVE-2025-38470,CVE-2025-38476,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39797,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer. - Revert backported patches for bsc#1238160 because the CVSS less than 7.0 - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158). - build_bug.h: Add KABI assert (bsc#1249186). - kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers. - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - use uniform permission checks for all mount propagation changes (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3729-1 Released: Wed Oct 22 15:19:26 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - bind-utils-9.16.50-150400.5.49.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - cups-config-2.2.7-150000.3.72.1 updated - curl-8.14.1-150400.5.69.1 updated - dracut-055+suse.361.g448229ea-150400.3.40.1 updated - grub2-i386-pc-2.06-150400.11.63.1 updated - grub2-x86_64-efi-2.06-150400.11.63.1 updated - grub2-x86_64-xen-2.06-150400.11.63.1 updated - grub2-2.06-150400.11.63.1 updated - hwinfo-21.89-150400.3.21.1 updated - jq-1.6-150000.3.9.1 updated - kernel-default-5.14.21-150400.24.179.1 updated - krb5-1.19.2-150400.3.18.1 updated - libavahi-client3-0.8-150400.7.23.1 updated - libavahi-common3-0.8-150400.7.23.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libcups2-2.2.7-150000.3.72.1 updated - libcurl4-8.14.1-150400.5.69.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.9.4-150400.6.11.1 updated - libgnutls30-3.7.3-150400.4.50.1 updated - libjq1-1.6-150000.3.9.1 updated - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libsolv-tools-base-0.7.34-150400.3.41.1 updated - libsolv-tools-0.7.34-150400.3.41.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libxml2-2-2.9.14-150400.5.47.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libzypp-17.37.18-150400.3.148.1 updated - net-tools-2.0+git20170221.479bb4a-150000.5.13.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated - pam-1.3.0-150000.6.86.1 updated - permissions-20201225-150400.5.22.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-apipkg-1.4-150000.3.8.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-attrs-19.3.0-150200.3.9.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-bind-9.16.50-150400.5.49.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-ply-3.10-150000.3.8.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - python3-zipp-0.6.0-150100.3.8.1 updated - python3-3.6.15-150300.10.97.2 updated - samba-client-libs-4.15.13+git.736.b791be993ba-150400.3.40.1 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.4.20-150400.3.20.3 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - systemd-presets-branding-SLE-15.1-150100.20.17.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - vim-data-common-9.1.1629-150000.5.78.1 updated - vim-9.1.1629-150000.5.78.1 updated - zypper-1.14.94-150400.3.101.1 updated - catatonit-0.2.0-150300.10.8.1 removed - docker-28.2.2_ce-150000.227.1 removed - iptables-1.8.7-1.1 removed - libip6tc2-1.8.7-1.1 removed - libnftnl11-1.2.0-150400.1.6 removed - xtables-plugins-1.8.7-1.1 removed - xxd-9.1.1406-150000.5.75.1 removed From sle-container-updates at lists.suse.com Sat Oct 25 07:03:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 Oct 2025 09:03:39 +0200 (CEST) Subject: SUSE-IU-2025:3420-1: Security update of sles-15-sp4-chost-byos-v20251022-arm64 Message-ID: <20251025070339.62A59F778@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20251022-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3420-1 Image Tags : sles-15-sp4-chost-byos-v20251022-arm64:20251022 Image Release : Severity : critical Type : security References : 1065729 1065729 1156395 1164051 1193629 1193629 1194869 1194869 1198410 1199356 1199487 1201160 1201956 1202094 1202095 1202564 1202700 1202716 1202823 1202860 1203063 1203197 1203332 1203361 1204228 1205128 1205220 1205514 1206051 1206456 1206468 1206664 1206878 1206880 1206883 1206884 1207158 1207361 1207621 1207624 1207625 1207628 1207629 1207631 1207638 1207645 1207651 1208607 1209287 1209291 1210584 1211226 1211960 1212051 1212603 1213015 1213016 1213040 1213041 1213061 1213090 1213099 1213104 1213666 1213747 1214953 1214967 1215150 1215696 1215911 1216976 1217790 1218184 1218234 1218459 1218470 1220185 1220186 1221107 1221829 1222634 1223675 1224095 1224597 1225468 1225820 1226514 1226552 1228659 1229334 1230262 1230267 1230267 1230649 1230827 1230932 1231293 1232234 1232504 1232526 1233012 1233012 1233012 1233012 1233012 1233421 1233551 1233880 1234156 1234381 1234454 1234863 1234896 1234959 1235637 1235873 1236104 1236104 1236333 1236333 1236821 1236822 1237143 1237159 1237312 1237313 1237442 1237595 1238160 1238160 1238303 1238491 1238526 1238570 1238876 1239566 1239644 1239938 1239986 1240185 1240785 1240788 1240799 1240950 1241038 1241219 1241353 1241549 1242221 1242414 1242414 1242417 1242504 1242573 1242596 1242780 1242782 1242846 1242924 1242960 1243001 1243273 1243279 1243330 1243457 1243539 1243543 1243627 1243832 1243935 1243991 1243992 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244114 1244116 1244179 1244234 1244241 1244277 1244309 1244309 1244337 1244337 1244401 1244553 1244705 1244710 1244732 1244732 1244764 1244765 1244767 1244770 1244771 1244773 1244774 1244776 1244779 1244780 1244781 1244782 1244783 1244784 1244786 1244787 1244788 1244790 1244793 1244794 1244796 1244797 1244798 1244800 1244802 1244804 1244807 1244808 1244811 1244813 1244814 1244815 1244816 1244819 1244820 1244823 1244824 1244824 1244825 1244830 1244831 1244832 1244834 1244836 1244838 1244839 1244840 1244841 1244842 1244843 1244845 1244846 1244848 1244849 1244851 1244853 1244854 1244856 1244860 1244861 1244866 1244867 1244868 1244869 1244870 1244871 1244872 1244873 1244875 1244876 1244878 1244879 1244881 1244883 1244884 1244886 1244887 1244890 1244895 1244899 1244900 1244901 1244902 1244903 1244908 1244911 1244915 1244936 1244941 1244942 1244943 1244944 1244945 1244948 1244949 1244950 1244956 1244958 1244959 1244965 1244966 1244967 1244968 1244969 1244970 1244974 1244976 1244977 1244978 1244979 1244983 1244984 1244985 1244986 1244991 1244992 1244993 1245006 1245007 1245009 1245011 1245012 1245018 1245019 1245024 1245028 1245031 1245032 1245033 1245038 1245039 1245041 1245047 1245051 1245057 1245058 1245060 1245062 1245064 1245069 1245072 1245073 1245088 1245089 1245092 1245093 1245098 1245103 1245110 1245117 1245118 1245119 1245121 1245122 1245125 1245129 1245131 1245133 1245134 1245135 1245136 1245138 1245139 1245140 1245142 1245146 1245147 1245149 1245152 1245154 1245180 1245183 1245189 1245191 1245195 1245197 1245217 1245220 1245220 1245223 1245265 1245348 1245352 1245431 1245431 1245452 1245455 1245496 1245498 1245499 1245506 1245573 1245666 1245672 1245711 1245936 1245950 1245956 1245970 1245985 1245986 1246000 1246029 1246037 1246038 1246045 1246073 1246149 1246186 1246197 1246197 1246221 1246232 1246233 1246267 1246296 1246299 1246431 1246466 1246473 1246533 1246597 1246602 1246604 1246697 1246776 1246781 1246835 1246879 1246911 1246912 1246968 1247028 1247054 1247143 1247172 1247239 1247249 1247288 1247314 1247317 1247347 1247348 1247349 1247374 1247437 1247518 1247690 1247819 1247938 1247939 1247976 1248108 1248223 1248255 1248297 1248306 1248312 1248338 1248399 1248511 1248614 1248621 1248628 1248639 1248748 1248847 1249049 1249126 1249128 1249158 1249186 1249191 1249191 1249195 1249200 1249220 1249266 1249315 1249324 1249346 1249348 1249348 1249367 1249367 1249374 1249516 1249538 1249548 1249584 1249604 1249608 1249638 1249639 1249641 1249642 1249650 1249651 1249658 1249661 1249664 1249667 1249669 1249677 1249681 1249683 1249685 1249687 1249691 1249695 1249699 1249700 1249701 1249705 1249706 1249707 1249709 1249712 1249713 1249715 1249716 1249718 1249722 1249727 1249730 1249733 1249734 1249739 1249740 1249741 1249742 1249743 1249745 1249746 1249747 1249749 1249750 1249751 1249753 1249758 1249762 1249767 1249777 1249781 1249784 1249791 1249799 1249808 1249810 1249820 1249825 1249827 1249836 1249840 1249844 1249846 1249853 1249858 1249860 1249864 1249865 1249866 1249867 1249868 1249872 1249877 1249880 1249882 1249885 1249890 1249892 1249908 1249910 1249911 1249914 1249917 1249918 1249920 1249923 1249924 1249925 1249927 1249928 1249930 1249933 1249934 1249936 1249938 1249939 1249944 1249947 1249949 1249950 1249954 1249958 1249979 1249981 1249991 1249997 1250002 1250006 1250007 1250009 1250010 1250011 1250014 1250015 1250023 1250024 1250026 1250039 1250041 1250043 1250044 1250047 1250049 1250052 1250055 1250058 1250060 1250062 1250065 1250066 1250070 1250071 1250072 1250077 1250080 1250081 1250083 1250105 1250106 1250107 1250108 1250114 1250118 1250121 1250127 1250128 1250131 1250132 1250137 1250138 1250140 1250145 1250151 1250153 1250156 1250159 1250161 1250168 1250178 1250180 1250181 1250182 1250183 1250184 1250187 1250191 1250197 1250198 1250200 1250209 1250211 1250232 1250237 1250245 1250247 1250250 1250257 1250264 1250269 1250277 1250287 1250293 1250301 1250303 1250309 1250311 1250313 1250315 1250316 1250322 1250323 1250324 1250325 1250328 1250331 1250343 1250358 1250362 1250363 1250370 1250374 1250391 1250392 1250393 1250394 1250395 1250406 1250412 1250418 1250425 1250428 1250453 1250454 1250457 1250459 1250522 1250759 1250761 1250762 1250763 1250767 1250768 1250774 1250781 1250784 1250786 1250787 1250790 1250791 1250792 1250797 1250799 1250807 1250810 1250811 1250818 1250819 1250822 1250823 1250824 1250825 1250830 1250831 1250839 1250841 1250842 1250843 1250846 1250847 1250848 1250850 1250851 1250853 1250856 1250863 1250864 1250866 1250867 1250868 1250872 1250874 1250875 1250877 1250879 1250883 1250887 1250888 1250889 1250890 1250891 1250905 1250915 1250917 1250923 1250927 1250928 1250948 1250949 1250953 1250955 1250963 1250964 1250965 1251279 1251280 831629 CVE-2016-9840 CVE-2021-47557 CVE-2021-47595 CVE-2022-1679 CVE-2022-2585 CVE-2022-2586 CVE-2022-2602 CVE-2022-2905 CVE-2022-2978 CVE-2022-36280 CVE-2022-3903 CVE-2022-4095 CVE-2022-43945 CVE-2022-4662 CVE-2022-49138 CVE-2022-49138 CVE-2022-49770 CVE-2022-49934 CVE-2022-49936 CVE-2022-49937 CVE-2022-49938 CVE-2022-49940 CVE-2022-49942 CVE-2022-49945 CVE-2022-49946 CVE-2022-49948 CVE-2022-49950 CVE-2022-49952 CVE-2022-49954 CVE-2022-49956 CVE-2022-49957 CVE-2022-49958 CVE-2022-49960 CVE-2022-49964 CVE-2022-49966 CVE-2022-49968 CVE-2022-49969 CVE-2022-49977 CVE-2022-49978 CVE-2022-49980 CVE-2022-49981 CVE-2022-49982 CVE-2022-49983 CVE-2022-49984 CVE-2022-49985 CVE-2022-49986 CVE-2022-49987 CVE-2022-49989 CVE-2022-49990 CVE-2022-49993 CVE-2022-49995 CVE-2022-49999 CVE-2022-50005 CVE-2022-50006 CVE-2022-50008 CVE-2022-50010 CVE-2022-50011 CVE-2022-50012 CVE-2022-50019 CVE-2022-50020 CVE-2022-50021 CVE-2022-50022 CVE-2022-50023 CVE-2022-50024 CVE-2022-50026 CVE-2022-50027 CVE-2022-50028 CVE-2022-50029 CVE-2022-50030 CVE-2022-50031 CVE-2022-50032 CVE-2022-50033 CVE-2022-50034 CVE-2022-50036 CVE-2022-50038 CVE-2022-50039 CVE-2022-50040 CVE-2022-50045 CVE-2022-50046 CVE-2022-50047 CVE-2022-50051 CVE-2022-50053 CVE-2022-50055 CVE-2022-50059 CVE-2022-50060 CVE-2022-50061 CVE-2022-50062 CVE-2022-50065 CVE-2022-50066 CVE-2022-50067 CVE-2022-50068 CVE-2022-50072 CVE-2022-50073 CVE-2022-50074 CVE-2022-50076 CVE-2022-50077 CVE-2022-50079 CVE-2022-50083 CVE-2022-50084 CVE-2022-50085 CVE-2022-50087 CVE-2022-50092 CVE-2022-50093 CVE-2022-50094 CVE-2022-50095 CVE-2022-50097 CVE-2022-50098 CVE-2022-50099 CVE-2022-50100 CVE-2022-50101 CVE-2022-50102 CVE-2022-50103 CVE-2022-50104 CVE-2022-50108 CVE-2022-50109 CVE-2022-50110 CVE-2022-50111 CVE-2022-50112 CVE-2022-50116 CVE-2022-50116 CVE-2022-50118 CVE-2022-50120 CVE-2022-50121 CVE-2022-50124 CVE-2022-50125 CVE-2022-50126 CVE-2022-50127 CVE-2022-50129 CVE-2022-50131 CVE-2022-50132 CVE-2022-50134 CVE-2022-50136 CVE-2022-50137 CVE-2022-50138 CVE-2022-50139 CVE-2022-50140 CVE-2022-50141 CVE-2022-50142 CVE-2022-50143 CVE-2022-50145 CVE-2022-50146 CVE-2022-50149 CVE-2022-50151 CVE-2022-50152 CVE-2022-50153 CVE-2022-50154 CVE-2022-50155 CVE-2022-50156 CVE-2022-50157 CVE-2022-50158 CVE-2022-50160 CVE-2022-50161 CVE-2022-50162 CVE-2022-50164 CVE-2022-50165 CVE-2022-50169 CVE-2022-50171 CVE-2022-50172 CVE-2022-50173 CVE-2022-50175 CVE-2022-50176 CVE-2022-50178 CVE-2022-50179 CVE-2022-50181 CVE-2022-50185 CVE-2022-50187 CVE-2022-50190 CVE-2022-50191 CVE-2022-50192 CVE-2022-50194 CVE-2022-50196 CVE-2022-50197 CVE-2022-50198 CVE-2022-50199 CVE-2022-50200 CVE-2022-50201 CVE-2022-50202 CVE-2022-50203 CVE-2022-50204 CVE-2022-50206 CVE-2022-50207 CVE-2022-50208 CVE-2022-50209 CVE-2022-50211 CVE-2022-50212 CVE-2022-50213 CVE-2022-50215 CVE-2022-50218 CVE-2022-50220 CVE-2022-50222 CVE-2022-50226 CVE-2022-50228 CVE-2022-50229 CVE-2022-50231 CVE-2022-50233 CVE-2022-50234 CVE-2022-50235 CVE-2022-50239 CVE-2022-50241 CVE-2022-50246 CVE-2022-50247 CVE-2022-50248 CVE-2022-50249 CVE-2022-50250 CVE-2022-50251 CVE-2022-50252 CVE-2022-50255 CVE-2022-50257 CVE-2022-50258 CVE-2022-50260 CVE-2022-50261 CVE-2022-50264 CVE-2022-50266 CVE-2022-50267 CVE-2022-50268 CVE-2022-50269 CVE-2022-50271 CVE-2022-50272 CVE-2022-50275 CVE-2022-50276 CVE-2022-50277 CVE-2022-50278 CVE-2022-50279 CVE-2022-50282 CVE-2022-50286 CVE-2022-50289 CVE-2022-50294 CVE-2022-50297 CVE-2022-50298 CVE-2022-50299 CVE-2022-50301 CVE-2022-50308 CVE-2022-50309 CVE-2022-50312 CVE-2022-50317 CVE-2022-50318 CVE-2022-50320 CVE-2022-50321 CVE-2022-50324 CVE-2022-50328 CVE-2022-50329 CVE-2022-50330 CVE-2022-50331 CVE-2022-50333 CVE-2022-50340 CVE-2022-50342 CVE-2022-50344 CVE-2022-50346 CVE-2022-50347 CVE-2022-50348 CVE-2022-50349 CVE-2022-50351 CVE-2022-50353 CVE-2022-50355 CVE-2022-50358 CVE-2022-50359 CVE-2022-50362 CVE-2022-50364 CVE-2022-50367 CVE-2022-50368 CVE-2022-50369 CVE-2022-50370 CVE-2022-50372 CVE-2022-50373 CVE-2022-50374 CVE-2022-50375 CVE-2022-50376 CVE-2022-50379 CVE-2022-50381 CVE-2022-50385 CVE-2022-50386 CVE-2022-50388 CVE-2022-50389 CVE-2022-50391 CVE-2022-50392 CVE-2022-50394 CVE-2022-50395 CVE-2022-50399 CVE-2022-50401 CVE-2022-50402 CVE-2022-50404 CVE-2022-50408 CVE-2022-50409 CVE-2022-50410 CVE-2022-50411 CVE-2022-50414 CVE-2022-50417 CVE-2022-50419 CVE-2022-50422 CVE-2022-50423 CVE-2022-50425 CVE-2022-50427 CVE-2022-50428 CVE-2022-50429 CVE-2022-50430 CVE-2022-50431 CVE-2022-50432 CVE-2022-50434 CVE-2022-50435 CVE-2022-50436 CVE-2022-50437 CVE-2022-50439 CVE-2022-50440 CVE-2022-50443 CVE-2022-50444 CVE-2022-50449 CVE-2022-50453 CVE-2022-50454 CVE-2022-50456 CVE-2022-50458 CVE-2022-50459 CVE-2022-50460 CVE-2022-50465 CVE-2022-50466 CVE-2022-50467 CVE-2022-50468 CVE-2022-50469 CVE-2023-1380 CVE-2023-28328 CVE-2023-3111 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-52923 CVE-2023-52923 CVE-2023-52924 CVE-2023-52925 CVE-2023-52927 CVE-2023-53048 CVE-2023-53076 CVE-2023-53097 CVE-2023-53117 CVE-2023-53147 CVE-2023-53149 CVE-2023-53150 CVE-2023-53151 CVE-2023-53153 CVE-2023-53165 CVE-2023-53167 CVE-2023-53171 CVE-2023-53174 CVE-2023-53176 CVE-2023-53178 CVE-2023-53179 CVE-2023-53182 CVE-2023-53185 CVE-2023-53196 CVE-2023-53197 CVE-2023-53199 CVE-2023-53201 CVE-2023-53205 CVE-2023-53213 CVE-2023-53216 CVE-2023-53219 CVE-2023-53222 CVE-2023-53223 CVE-2023-53226 CVE-2023-53229 CVE-2023-53230 CVE-2023-53234 CVE-2023-53238 CVE-2023-53239 CVE-2023-53241 CVE-2023-53242 CVE-2023-53244 CVE-2023-53245 CVE-2023-53246 CVE-2023-53249 CVE-2023-53250 CVE-2023-53251 CVE-2023-53255 CVE-2023-53259 CVE-2023-53265 CVE-2023-53268 CVE-2023-53270 CVE-2023-53272 CVE-2023-53273 CVE-2023-53275 CVE-2023-53276 CVE-2023-53277 CVE-2023-53280 CVE-2023-53281 CVE-2023-53282 CVE-2023-53286 CVE-2023-53288 CVE-2023-53295 CVE-2023-53297 CVE-2023-53298 CVE-2023-53299 CVE-2023-53302 CVE-2023-53304 CVE-2023-53305 CVE-2023-53307 CVE-2023-53309 CVE-2023-53311 CVE-2023-53313 CVE-2023-53314 CVE-2023-53315 CVE-2023-53316 CVE-2023-53317 CVE-2023-53321 CVE-2023-53322 CVE-2023-53324 CVE-2023-53326 CVE-2023-53330 CVE-2023-53331 CVE-2023-53333 CVE-2023-53334 CVE-2023-53335 CVE-2023-53337 CVE-2023-53344 CVE-2023-53349 CVE-2023-53352 CVE-2023-53356 CVE-2023-53359 CVE-2023-53368 CVE-2023-53373 CVE-2023-53375 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53381 CVE-2023-53384 CVE-2023-53386 CVE-2023-53388 CVE-2023-53390 CVE-2023-53393 CVE-2023-53395 CVE-2023-53396 CVE-2023-53400 CVE-2023-53404 CVE-2023-53405 CVE-2023-53406 CVE-2023-53409 CVE-2023-53413 CVE-2023-53414 CVE-2023-53415 CVE-2023-53416 CVE-2023-53422 CVE-2023-53427 CVE-2023-53431 CVE-2023-53435 CVE-2023-53436 CVE-2023-53437 CVE-2023-53438 CVE-2023-53440 CVE-2023-53443 CVE-2023-53446 CVE-2023-53449 CVE-2023-53451 CVE-2023-53452 CVE-2023-53453 CVE-2023-53454 CVE-2023-53457 CVE-2023-53458 CVE-2023-53463 CVE-2023-53464 CVE-2023-53465 CVE-2023-53468 CVE-2023-53471 CVE-2023-53472 CVE-2023-53473 CVE-2023-53474 CVE-2023-53475 CVE-2023-53476 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53492 CVE-2023-53494 CVE-2023-53496 CVE-2023-53498 CVE-2023-53499 CVE-2023-53505 CVE-2023-53506 CVE-2023-53509 CVE-2023-53512 CVE-2023-53513 CVE-2023-53515 CVE-2023-53518 CVE-2023-53519 CVE-2023-53521 CVE-2023-53524 CVE-2023-53525 CVE-2023-53526 CVE-2023-53530 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-26583 CVE-2024-26584 CVE-2024-26643 CVE-2024-26808 CVE-2024-26924 CVE-2024-26935 CVE-2024-27397 CVE-2024-35840 CVE-2024-36978 CVE-2024-42265 CVE-2024-46800 CVE-2024-47175 CVE-2024-52615 CVE-2024-53057 CVE-2024-53125 CVE-2024-53141 CVE-2024-53164 CVE-2024-53177 CVE-2024-56738 CVE-2024-56770 CVE-2024-57947 CVE-2024-57947 CVE-2024-57999 CVE-2024-58239 CVE-2024-58240 CVE-2025-10148 CVE-2025-10148 CVE-2025-10230 CVE-2025-21700 CVE-2025-21702 CVE-2025-21703 CVE-2025-21756 CVE-2025-21881 CVE-2025-21971 CVE-2025-23141 CVE-2025-23145 CVE-2025-23155 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3576 CVE-2025-37738 CVE-2025-37752 CVE-2025-37797 CVE-2025-37798 CVE-2025-37798 CVE-2025-37823 CVE-2025-37885 CVE-2025-37890 CVE-2025-37932 CVE-2025-37953 CVE-2025-37958 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38014 CVE-2025-38014 CVE-2025-38079 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38088 CVE-2025-38111 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38184 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38380 CVE-2025-38460 CVE-2025-38468 CVE-2025-38470 CVE-2025-38476 CVE-2025-38477 CVE-2025-38488 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38572 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 CVE-2025-38659 CVE-2025-38664 CVE-2025-38678 CVE-2025-38685 CVE-2025-38706 CVE-2025-38713 CVE-2025-38734 CVE-2025-39691 CVE-2025-39703 CVE-2025-39726 CVE-2025-39746 CVE-2025-39751 CVE-2025-39790 CVE-2025-39797 CVE-2025-39823 CVE-2025-39824 CVE-2025-39860 CVE-2025-39869 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-48060 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-58060 CVE-2025-58364 CVE-2025-59375 CVE-2025-6069 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-8194 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20251022-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2464-1 Released: Tue Jul 22 13:40:15 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2519-1 Released: Fri Jul 25 10:51:53 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1233880,1246431 This update for samba fixes the following issues: - Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName (bsc#1246431). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2537-1 Released: Mon Jul 28 17:08:58 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1193629,1194869,1198410,1199356,1199487,1201160,1201956,1202094,1202095,1202564,1202716,1202823,1202860,1203197,1203361,1205220,1205514,1206664,1206878,1206880,1207361,1207638,1211226,1212051,1213090,1218184,1218234,1218470,1222634,1223675,1224095,1224597,1225468,1225820,1226514,1226552,1228659,1230827,1231293,1232504,1233551,1234156,1234381,1234454,1235637,1236333,1236821,1236822,1237159,1237312,1237313,1238303,1238526,1238570,1238876,1239986,1240785,1241038,1242221,1242414,1242417,1242504,1242596,1242782,1242924,1243001,1243330,1243543,1243627,1243832,1244114,1244179,1244234,1244241,1244277,1244309,1244337,1244732,1244764,1244765,1244767,1244770,1244771,1244773,1244774,1244776,1244779,1244780,1244781,1244782,1244783,1244784,1244786,1244787,1244788,1244790,1244793,1244794,1244796,1244797,1244798,1244800,1244802,1244804,1244807,1244808,1244811,1244813,1244814,1244815,1244816,1244819,1244820,1244823,1244824,1244825,1244830,1244831,1244832,1244834,1244836,1 244838,1244839,1244840,1244841,1244842,1244843,1244845,1244846,1244848,1244849,1244851,1244853,1244854,1244856,1244860,1244861,1244866,1244867,1244868,1244869,1244870,1244871,1244872,1244873,1244875,1244876,1244878,1244879,1244881,1244883,1244884,1244886,1244887,1244890,1244895,1244899,1244900,1244901,1244902,1244903,1244908,1244911,1244915,1244936,1244941,1244942,1244943,1244944,1244945,1244948,1244949,1244950,1244956,1244958,1244959,1244965,1244966,1244967,1244968,1244969,1244970,1244974,1244976,1244977,1244978,1244979,1244983,1244984,1244985,1244986,1244991,1244992,1244993,1245006,1245007,1245009,1245011,1245012,1245018,1245019,1245024,1245028,1245031,1245032,1245033,1245038,1245039,1245041,1245047,1245051,1245057,1245058,1245060,1245062,1245064,1245069,1245072,1245073,1245088,1245089,1245092,1245093,1245098,1245103,1245117,1245118,1245119,1245121,1245122,1245125,1245129,1245131,1245133,1245134,1245135,1245136,1245138,1245139,1245140,1245142,1245146,1245147,1245149,1245152,124515 4,1245180,1245183,1245189,1245191,1245195,1245197,1245265,1245348,1245431,1245455,CVE-2021-47557,CVE-2021-47595,CVE-2022-1679,CVE-2022-2585,CVE-2022-2586,CVE-2022-2905,CVE-2022-3903,CVE-2022-4095,CVE-2022-4662,CVE-2022-49934,CVE-2022-49936,CVE-2022-49937,CVE-2022-49938,CVE-2022-49940,CVE-2022-49942,CVE-2022-49945,CVE-2022-49946,CVE-2022-49948,CVE-2022-49950,CVE-2022-49952,CVE-2022-49954,CVE-2022-49956,CVE-2022-49957,CVE-2022-49958,CVE-2022-49960,CVE-2022-49964,CVE-2022-49966,CVE-2022-49968,CVE-2022-49969,CVE-2022-49977,CVE-2022-49978,CVE-2022-49981,CVE-2022-49982,CVE-2022-49983,CVE-2022-49984,CVE-2022-49985,CVE-2022-49986,CVE-2022-49987,CVE-2022-49989,CVE-2022-49990,CVE-2022-49993,CVE-2022-49995,CVE-2022-49999,CVE-2022-50005,CVE-2022-50006,CVE-2022-50008,CVE-2022-50010,CVE-2022-50011,CVE-2022-50012,CVE-2022-50019,CVE-2022-50020,CVE-2022-50021,CVE-2022-50022,CVE-2022-50023,CVE-2022-50024,CVE-2022-50026,CVE-2022-50027,CVE-2022-50028,CVE-2022-50029,CVE-2022-50030,CVE-2022-50031,CVE-202 2-50032,CVE-2022-50033,CVE-2022-50034,CVE-2022-50036,CVE-2022-50038,CVE-2022-50039,CVE-2022-50040,CVE-2022-50045,CVE-2022-50046,CVE-2022-50047,CVE-2022-50051,CVE-2022-50053,CVE-2022-50055,CVE-2022-50059,CVE-2022-50060,CVE-2022-50061,CVE-2022-50062,CVE-2022-50065,CVE-2022-50066,CVE-2022-50067,CVE-2022-50068,CVE-2022-50072,CVE-2022-50073,CVE-2022-50074,CVE-2022-50076,CVE-2022-50077,CVE-2022-50079,CVE-2022-50083,CVE-2022-50084,CVE-2022-50085,CVE-2022-50087,CVE-2022-50092,CVE-2022-50093,CVE-2022-50094,CVE-2022-50095,CVE-2022-50097,CVE-2022-50098,CVE-2022-50099,CVE-2022-50100,CVE-2022-50101,CVE-2022-50102,CVE-2022-50103,CVE-2022-50104,CVE-2022-50108,CVE-2022-50109,CVE-2022-50110,CVE-2022-50111,CVE-2022-50112,CVE-2022-50116,CVE-2022-50118,CVE-2022-50120,CVE-2022-50121,CVE-2022-50124,CVE-2022-50125,CVE-2022-50126,CVE-2022-50127,CVE-2022-50129,CVE-2022-50131,CVE-2022-50132,CVE-2022-50134,CVE-2022-50136,CVE-2022-50137,CVE-2022-50138,CVE-2022-50139,CVE-2022-50140,CVE-2022-50141,CVE-2022-50142 ,CVE-2022-50143,CVE-2022-50145,CVE-2022-50146,CVE-2022-50149,CVE-2022-50151,CVE-2022-50152,CVE-2022-50153,CVE-2022-50154,CVE-2022-50155,CVE-2022-50156,CVE-2022-50157,CVE-2022-50158,CVE-2022-50160,CVE-2022-50161,CVE-2022-50162,CVE-2022-50164,CVE-2022-50165,CVE-2022-50169,CVE-2022-50171,CVE-2022-50172,CVE-2022-50173,CVE-2022-50175,CVE-2022-50176,CVE-2022-50178,CVE-2022-50179,CVE-2022-50181,CVE-2022-50185,CVE-2022-50187,CVE-2022-50190,CVE-2022-50191,CVE-2022-50192,CVE-2022-50194,CVE-2022-50196,CVE-2022-50197,CVE-2022-50198,CVE-2022-50199,CVE-2022-50200,CVE-2022-50201,CVE-2022-50202,CVE-2022-50203,CVE-2022-50204,CVE-2022-50206,CVE-2022-50207,CVE-2022-50208,CVE-2022-50209,CVE-2022-50211,CVE-2022-50212,CVE-2022-50213,CVE-2022-50215,CVE-2022-50218,CVE-2022-50220,CVE-2022-50222,CVE-2022-50226,CVE-2022-50228,CVE-2022-50229,CVE-2022-50231,CVE-2023-3111,CVE-2023-52924,CVE-2023-52925,CVE-2023-53048,CVE-2023-53076,CVE-2023-53097,CVE-2024-26808,CVE-2024-26924,CVE-2024-26935,CVE-2024-27397,CVE-202 4-35840,CVE-2024-36978,CVE-2024-46800,CVE-2024-53057,CVE-2024-53125,CVE-2024-53141,CVE-2024-56770,CVE-2024-57947,CVE-2024-57999,CVE-2025-21700,CVE-2025-21702,CVE-2025-21703,CVE-2025-21756,CVE-2025-23141,CVE-2025-23145,CVE-2025-37752,CVE-2025-37797,CVE-2025-37798,CVE-2025-37823,CVE-2025-37890,CVE-2025-37932,CVE-2025-37953,CVE-2025-37997,CVE-2025-38000,CVE-2025-38001,CVE-2025-38014,CVE-2025-38083 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468). - CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552). - CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821). - CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504) - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82 - Use gcc-13 for build on SLE16 (jsc#PED-10028). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - check-for-config-changes: Fix flag name typo - doc/README.SUSE: Point to the updated version of LKMPG - hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - kernel-source: Also replace bin/env - kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env' - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used - rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64. - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/package-descriptions: Add rt and rt_debug descriptions - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rpm: Stop using is_kotd_qa macro - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2539-1 Released: Tue Jul 29 09:03:00 2025 Summary: Recommended update for google-dracut-config Type: recommended Severity: moderate References: 1245352 This update for google-dracut-config fixes the following issues: - Add sed and find to requirements (bsc#1245352) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2556-1 Released: Wed Jul 30 21:04:22 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2559-1 Released: Wed Jul 30 22:15:25 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1 + MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042). There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - Implement color filtering when adding update targets. - Support orderwithrequires dependencies in susedata.xml. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2589-1 Released: Fri Aug 1 15:05:54 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2620-1 Released: Mon Aug 4 09:42:43 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2661-1 Released: Mon Aug 4 13:15:46 2025 Summary: Recommended update for google-guest-oslogin Type: recommended Severity: important References: 1243992 This update for google-guest-oslogin fixes the following issues: - Stop retrying bad requests causing timeouts during container startup (bsc#1243992) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2675-1 Released: Mon Aug 4 15:53:48 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2712-1 Released: Wed Aug 6 11:21:38 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1245950 This update for hwinfo fixes the following issues: - Fix usb network card detection (bsc#1245950) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2727-1 Released: Thu Aug 7 11:02:04 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1234959,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2838-1 Released: Mon Aug 18 10:56:16 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1245223 This update for suse-build-key fixes the following issue: - adjust SLES16 signing key UID (name,email) with official names (bsc#1245223). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2849-1 Released: Mon Aug 18 17:56:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). The following non-security bugs were fixed: - Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).' - Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' - Revert 'mm/hugetlb: unshare page tables during VMA split, not before' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2915-1 Released: Tue Aug 19 14:56:35 2025 Summary: Security update for jq Type: security Severity: moderate References: 1244116,CVE-2025-48060 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2927-1 Released: Wed Aug 20 11:47:47 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1246776 This update for permissions fixes the following issues: Update to version 20201225: * nvidia-modprobe: SLE-15-SP4 backport of setuid root permissions (bsc#1246776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2952-1 Released: Thu Aug 21 14:56:24 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3065-1 Released: Thu Sep 4 08:36:30 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - modified default SLE presets ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3085-1 Released: Fri Sep 5 11:03:27 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1240950 This update for suse-module-tools fixes the following issues: - Version update 15.4.20 - Add blacklist entry for reiserfs (jsc#PED-6167). - Add more modules to file system blacklist (jsc#PED-6167). - Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3240-1 Released: Tue Sep 16 21:56:57 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Update to version 9.1.1629. - CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604). - CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602). - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938). - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3261-1 Released: Thu Sep 18 06:35:19 2025 Summary: Security update for cups Type: security Severity: important References: 1230932,1246533,1249049,1249128,CVE-2024-47175,CVE-2025-58060,CVE-2025-58364 This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). - CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3267-1 Released: Thu Sep 18 13:05:51 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3288-1 Released: Mon Sep 22 12:13:27 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - permissions: remove unnecessary static dirs and devices (bsc#1235873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3302-1 Released: Tue Sep 23 11:09:49 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1247819 This update for dracut fixes the following issues: - fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819) - fix (rngd): adjust license to match the license of the whole project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3314-1 Released: Tue Sep 23 20:34:40 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1234896,1244824,1245970,1246473,1246911,1247143,1247374,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,CVE-2022-50116,CVE-2024-53177,CVE-2024-58239,CVE-2025-38180,CVE-2025-38323,CVE-2025-38352,CVE-2025-38460,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - Disable N_GSM (jsc#PED-8240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3331-1 Released: Wed Sep 24 08:54:17 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3433-1 Released: Tue Sep 30 15:52:31 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3437-1 Released: Tue Sep 30 16:36:42 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3594-1 Released: Mon Oct 13 15:35:27 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3618-1 Released: Thu Oct 16 09:37:00 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3628-1 Released: Fri Oct 17 13:34:30 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1164051,1193629,1194869,1202700,1203063,1203332,1204228,1205128,1206456,1206468,1206883,1206884,1207158,1207621,1207624,1207625,1207628,1207629,1207631,1207645,1207651,1208607,1209287,1209291,1210584,1211960,1212603,1213015,1213016,1213040,1213041,1213061,1213099,1213104,1213666,1213747,1214953,1214967,1215150,1215696,1215911,1216976,1217790,1220185,1220186,1236104,1238160,1241353,1242573,1242846,1242960,1243539,1244337,1244732,1245110,1245498,1245499,1245666,1245956,1246879,1246968,1247028,1247172,1247239,1247288,1247317,1248108,1248255,1248399,1248628,1248639,1248847,1249126,1249158,1249186,1249195,1249200,1249220,1249266,1249315,1249324,1249346,1249374,1249516,1249538,1249548,1249604,1249608,1249638,1249639,1249641,1249642,1249650,1249651,1249658,1249661,1249664,1249667,1249669,1249677,1249681,1249683,1249685,1249687,1249691,1249695,1249699,1249700,1249701,1249705,1249706,1249707,1249709,1249712,1249713,1249715,1249716,1249718,1249722,1249727,1249730,1249733,1 249734,1249739,1249740,1249741,1249742,1249743,1249745,1249746,1249747,1249749,1249750,1249751,1249753,1249758,1249762,1249767,1249777,1249781,1249784,1249791,1249799,1249808,1249810,1249820,1249825,1249827,1249836,1249840,1249844,1249846,1249853,1249858,1249860,1249864,1249865,1249866,1249867,1249868,1249872,1249877,1249880,1249882,1249885,1249890,1249892,1249908,1249910,1249911,1249914,1249917,1249918,1249920,1249923,1249924,1249925,1249927,1249928,1249930,1249933,1249934,1249936,1249938,1249939,1249944,1249947,1249949,1249950,1249954,1249958,1249979,1249981,1249991,1249997,1250002,1250006,1250007,1250009,1250010,1250011,1250014,1250015,1250023,1250024,1250026,1250039,1250041,1250043,1250044,1250047,1250049,1250052,1250055,1250058,1250060,1250062,1250065,1250066,1250070,1250071,1250072,1250077,1250080,1250081,1250083,1250105,1250106,1250107,1250108,1250114,1250118,1250121,1250127,1250128,1250131,1250132,1250137,1250138,1250140,1250145,1250151,1250153,1250156,1250159,1250161,125016 8,1250178,1250180,1250181,1250182,1250183,1250184,1250187,1250191,1250197,1250198,1250200,1250209,1250211,1250237,1250245,1250247,1250250,1250257,1250264,1250269,1250277,1250287,1250293,1250301,1250303,1250309,1250311,1250313,1250315,1250316,1250322,1250323,1250324,1250325,1250328,1250331,1250358,1250362,1250363,1250370,1250374,1250391,1250392,1250393,1250394,1250395,1250406,1250412,1250418,1250425,1250428,1250453,1250454,1250457,1250459,1250522,1250759,1250761,1250762,1250763,1250767,1250768,1250774,1250781,1250784,1250786,1250787,1250790,1250791,1250792,1250797,1250799,1250807,1250810,1250811,1250818,1250819,1250822,1250823,1250824,1250825,1250830,1250831,1250839,1250841,1250842,1250843,1250846,1250847,1250848,1250850,1250851,1250853,1250856,1250863,1250864,1250866,1250867,1250868,1250872,1250874,1250875,1250877,1250879,1250883,1250887,1250888,1250889,1250890,1250891,1250905,1250915,1250917,1250923,1250927,1250928,1250948,1250949,1250953,1250955,1250963,1250964,1250965,CVE-2022-26 02,CVE-2022-2978,CVE-2022-36280,CVE-2022-43945,CVE-2022-49138,CVE-2022-49980,CVE-2022-50233,CVE-2022-50234,CVE-2022-50235,CVE-2022-50239,CVE-2022-50241,CVE-2022-50246,CVE-2022-50247,CVE-2022-50248,CVE-2022-50249,CVE-2022-50250,CVE-2022-50251,CVE-2022-50252,CVE-2022-50255,CVE-2022-50257,CVE-2022-50258,CVE-2022-50260,CVE-2022-50261,CVE-2022-50264,CVE-2022-50266,CVE-2022-50267,CVE-2022-50268,CVE-2022-50269,CVE-2022-50271,CVE-2022-50272,CVE-2022-50275,CVE-2022-50276,CVE-2022-50277,CVE-2022-50278,CVE-2022-50279,CVE-2022-50282,CVE-2022-50286,CVE-2022-50289,CVE-2022-50294,CVE-2022-50297,CVE-2022-50298,CVE-2022-50299,CVE-2022-50301,CVE-2022-50308,CVE-2022-50309,CVE-2022-50312,CVE-2022-50317,CVE-2022-50318,CVE-2022-50320,CVE-2022-50321,CVE-2022-50324,CVE-2022-50328,CVE-2022-50329,CVE-2022-50330,CVE-2022-50331,CVE-2022-50333,CVE-2022-50340,CVE-2022-50342,CVE-2022-50344,CVE-2022-50346,CVE-2022-50347,CVE-2022-50348,CVE-2022-50349,CVE-2022-50351,CVE-2022-50353,CVE-2022-50355,CVE-2022-50358,CVE-2 022-50359,CVE-2022-50362,CVE-2022-50364,CVE-2022-50367,CVE-2022-50368,CVE-2022-50369,CVE-2022-50370,CVE-2022-50372,CVE-2022-50373,CVE-2022-50374,CVE-2022-50375,CVE-2022-50376,CVE-2022-50379,CVE-2022-50381,CVE-2022-50385,CVE-2022-50386,CVE-2022-50388,CVE-2022-50389,CVE-2022-50391,CVE-2022-50392,CVE-2022-50394,CVE-2022-50395,CVE-2022-50399,CVE-2022-50401,CVE-2022-50402,CVE-2022-50404,CVE-2022-50408,CVE-2022-50409,CVE-2022-50410,CVE-2022-50411,CVE-2022-50414,CVE-2022-50417,CVE-2022-50419,CVE-2022-50422,CVE-2022-50423,CVE-2022-50425,CVE-2022-50427,CVE-2022-50428,CVE-2022-50429,CVE-2022-50430,CVE-2022-50431,CVE-2022-50432,CVE-2022-50434,CVE-2022-50435,CVE-2022-50436,CVE-2022-50437,CVE-2022-50439,CVE-2022-50440,CVE-2022-50443,CVE-2022-50444,CVE-2022-50449,CVE-2022-50453,CVE-2022-50454,CVE-2022-50456,CVE-2022-50458,CVE-2022-50459,CVE-2022-50460,CVE-2022-50465,CVE-2022-50466,CVE-2022-50467,CVE-2022-50468,CVE-2022-50469,CVE-2023-1380,CVE-2023-28328,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197 ,CVE-2023-42753,CVE-2023-52923,CVE-2023-53147,CVE-2023-53149,CVE-2023-53150,CVE-2023-53151,CVE-2023-53153,CVE-2023-53165,CVE-2023-53167,CVE-2023-53171,CVE-2023-53174,CVE-2023-53176,CVE-2023-53178,CVE-2023-53179,CVE-2023-53182,CVE-2023-53185,CVE-2023-53196,CVE-2023-53197,CVE-2023-53199,CVE-2023-53201,CVE-2023-53205,CVE-2023-53213,CVE-2023-53216,CVE-2023-53219,CVE-2023-53222,CVE-2023-53223,CVE-2023-53226,CVE-2023-53229,CVE-2023-53230,CVE-2023-53234,CVE-2023-53238,CVE-2023-53239,CVE-2023-53241,CVE-2023-53242,CVE-2023-53244,CVE-2023-53245,CVE-2023-53246,CVE-2023-53249,CVE-2023-53250,CVE-2023-53251,CVE-2023-53255,CVE-2023-53259,CVE-2023-53265,CVE-2023-53268,CVE-2023-53270,CVE-2023-53272,CVE-2023-53273,CVE-2023-53275,CVE-2023-53276,CVE-2023-53277,CVE-2023-53280,CVE-2023-53281,CVE-2023-53282,CVE-2023-53286,CVE-2023-53288,CVE-2023-53295,CVE-2023-53297,CVE-2023-53298,CVE-2023-53299,CVE-2023-53302,CVE-2023-53304,CVE-2023-53305,CVE-2023-53307,CVE-2023-53309,CVE-2023-53311,CVE-2023-53313,CVE-20 23-53314,CVE-2023-53315,CVE-2023-53316,CVE-2023-53317,CVE-2023-53321,CVE-2023-53322,CVE-2023-53324,CVE-2023-53326,CVE-2023-53330,CVE-2023-53331,CVE-2023-53333,CVE-2023-53334,CVE-2023-53335,CVE-2023-53337,CVE-2023-53344,CVE-2023-53349,CVE-2023-53352,CVE-2023-53356,CVE-2023-53359,CVE-2023-53368,CVE-2023-53373,CVE-2023-53375,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53381,CVE-2023-53384,CVE-2023-53386,CVE-2023-53388,CVE-2023-53390,CVE-2023-53393,CVE-2023-53395,CVE-2023-53396,CVE-2023-53400,CVE-2023-53404,CVE-2023-53405,CVE-2023-53406,CVE-2023-53409,CVE-2023-53413,CVE-2023-53414,CVE-2023-53415,CVE-2023-53416,CVE-2023-53422,CVE-2023-53427,CVE-2023-53431,CVE-2023-53435,CVE-2023-53436,CVE-2023-53437,CVE-2023-53438,CVE-2023-53440,CVE-2023-53443,CVE-2023-53446,CVE-2023-53449,CVE-2023-53451,CVE-2023-53452,CVE-2023-53453,CVE-2023-53454,CVE-2023-53457,CVE-2023-53458,CVE-2023-53463,CVE-2023-53464,CVE-2023-53465,CVE-2023-53468,CVE-2023-53471,CVE-2023-53472,CVE-2023-53473,CVE-2023-5347 4,CVE-2023-53475,CVE-2023-53476,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53492,CVE-2023-53494,CVE-2023-53496,CVE-2023-53498,CVE-2023-53499,CVE-2023-53505,CVE-2023-53506,CVE-2023-53509,CVE-2023-53512,CVE-2023-53513,CVE-2023-53515,CVE-2023-53518,CVE-2023-53519,CVE-2023-53521,CVE-2023-53524,CVE-2023-53525,CVE-2023-53526,CVE-2023-53530,CVE-2024-26583,CVE-2024-26584,CVE-2024-58240,CVE-2025-23155,CVE-2025-37738,CVE-2025-37885,CVE-2025-37958,CVE-2025-38014,CVE-2025-38084,CVE-2025-38085,CVE-2025-38111,CVE-2025-38184,CVE-2025-38380,CVE-2025-38470,CVE-2025-38476,CVE-2025-38488,CVE-2025-38553,CVE-2025-38572,CVE-2025-38659,CVE-2025-38664,CVE-2025-38678,CVE-2025-38685,CVE-2025-38706,CVE-2025-38713,CVE-2025-38734,CVE-2025-39691,CVE-2025-39703,CVE-2025-39726,CVE-2025-39746,CVE-2025-39751,CVE-2025-39790,CVE-2025-39797,CVE-2025-39823,CVE-2025-39824,CVE-2025-39860,CVE-2025-39869 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732). - CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007). - CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247). - CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer. - Revert backported patches for bsc#1238160 because the CVSS less than 7.0 - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158). - build_bug.h: Add KABI assert (bsc#1249186). - kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers. - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - net/sched: ets: use old 'nbands' while purging unused classes (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - use uniform permission checks for all mount propagation changes (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3729-1 Released: Wed Oct 22 15:19:26 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - bind-utils-9.16.50-150400.5.49.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - cups-config-2.2.7-150000.3.72.1 updated - curl-8.14.1-150400.5.69.1 updated - dracut-055+suse.361.g448229ea-150400.3.40.1 updated - google-dracut-config-0.0.4-150300.7.12.1 updated - google-guest-oslogin-20240311.01-150000.1.56.1 updated - grub2-i386-pc-2.06-150400.11.63.1 updated - grub2-x86_64-efi-2.06-150400.11.63.1 updated - grub2-2.06-150400.11.63.1 updated - hwinfo-21.89-150400.3.21.1 updated - jq-1.6-150000.3.9.1 updated - kernel-default-5.14.21-150400.24.179.1 updated - krb5-1.19.2-150400.3.18.1 updated - libavahi-client3-0.8-150400.7.23.1 updated - libavahi-common3-0.8-150400.7.23.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libcups2-2.2.7-150000.3.72.1 updated - libcurl4-8.14.1-150400.5.69.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libgcrypt20-1.9.4-150400.6.11.1 updated - libgnutls30-3.7.3-150400.4.50.1 updated - libjq1-1.6-150000.3.9.1 updated - libopenssl1_1-1.1.1l-150400.7.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - libsolv-tools-base-0.7.34-150400.3.41.1 updated - libsolv-tools-0.7.34-150400.3.41.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libsystemd0-249.17-150400.8.49.2 updated - libudev1-249.17-150400.8.49.2 updated - libxml2-2-2.9.14-150400.5.47.1 updated - libzypp-17.37.18-150400.3.148.1 updated - openssl-1_1-1.1.1l-150400.7.84.1 updated - pam-1.3.0-150000.6.86.1 updated - permissions-20201225-150400.5.22.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-bind-9.16.50-150400.5.49.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-ply-3.10-150000.3.8.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-six-1.14.0-150200.15.1 updated - python3-3.6.15-150300.10.97.2 updated - samba-client-libs-4.15.13+git.736.b791be993ba-150400.3.40.1 updated - suse-build-key-12.0-150000.8.61.2 updated - suse-module-tools-15.4.20-150400.3.20.3 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - sysconfig-0.85.10-150200.15.1 updated - systemd-presets-branding-SLE-15.1-150100.20.17.2 updated - systemd-rpm-macros-16-150000.7.42.1 updated - systemd-sysvinit-249.17-150400.8.49.2 updated - systemd-249.17-150400.8.49.2 updated - udev-249.17-150400.8.49.2 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - vim-data-common-9.1.1629-150000.5.78.1 updated - vim-9.1.1629-150000.5.78.1 updated - zypper-1.14.94-150400.3.101.1 updated - catatonit-0.2.0-150300.10.8.1 removed - docker-28.2.2_ce-150000.227.1 removed - iptables-1.8.7-1.1 removed - libip6tc2-1.8.7-1.1 removed - libnftnl11-1.2.0-150400.1.6 removed - libprocps8-3.3.17-150000.7.42.1 removed - procps-3.3.17-150000.7.42.1 removed - xtables-plugins-1.8.7-1.1 removed - xxd-9.1.1406-150000.5.75.1 removed From sle-container-updates at lists.suse.com Sun Oct 26 08:11:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 26 Oct 2025 09:11:49 +0100 (CET) Subject: SUSE-CU-2025:7596-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251026081149.440D2FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7596-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-51.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 51.3 Severity : important Type : security References : 1212533 1216527 1218644 1227555 1230062 1236897 1237449 1237776 1238782 1240324 1241166 1241219 1241292 1241866 1243112 1245538 1245700 1245963 1246057 1246190 1246248 1246298 1246509 1246782 1247099 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248616 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249163 1249172 1249176 1249183 1249186 1249193 1249199 1249201 1249202 1249206 1249258 1249262 1249274 1249284 1249290 1249295 1249300 1249303 1249305 1249306 1249315 1249333 1249334 1249374 1249481 1249482 1249488 1249494 1249504 1249508 1249510 1249513 1249516 1249524 1249526 1249533 1249540 1249545 1249566 1249604 1249608 1249770 1249887 1249906 1249915 1249974 1250002 1250021 1250025 1250057 1250179 1250232 1250251 1250267 1250294 1250334 1250336 1250344 1250365 1250407 1250522 1250530 1250574 1250655 1250722 1250952 1251264 CVE-2023-53261 CVE-2023-5633 CVE-2024-58090 CVE-2025-22022 CVE-2025-3576 CVE-2025-38119 CVE-2025-38216 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38628 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38684 CVE-2025-38701 CVE-2025-38703 CVE-2025-38705 CVE-2025-38709 CVE-2025-38710 CVE-2025-38721 CVE-2025-38722 CVE-2025-38730 CVE-2025-38732 CVE-2025-39677 CVE-2025-39678 CVE-2025-39681 CVE-2025-39682 CVE-2025-39691 CVE-2025-39695 CVE-2025-39703 CVE-2025-39705 CVE-2025-39707 CVE-2025-39711 CVE-2025-39718 CVE-2025-39738 CVE-2025-39744 CVE-2025-39746 CVE-2025-39747 CVE-2025-39749 CVE-2025-39754 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39773 CVE-2025-39782 CVE-2025-39787 CVE-2025-39797 CVE-2025-39807 CVE-2025-39811 CVE-2025-39816 CVE-2025-39823 CVE-2025-39825 CVE-2025-39830 CVE-2025-39834 CVE-2025-39835 CVE-2025-39838 CVE-2025-39842 CVE-2025-39857 CVE-2025-39865 CVE-2025-39885 CVE-2025-39890 CVE-2025-39922 CVE-2025-40300 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3601-1 Released: Wed Oct 15 14:56:34 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1212533,1216527,1218644,1227555,1230062,1236897,1237449,1237776,1238782,1240324,1241166,1241292,1241866,1243112,1245538,1245700,1245963,1246057,1246190,1246248,1246298,1246509,1246782,1247099,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248616,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249163,1249172,1249176,1249183,1249186,1249193,1249199,1249201,1249202,1249206,1249258,1249262,1249274,1249284,1249290,1249295,1249300,1249303,1249305,1249306,1249315,1249333,1249334,1249374,1249481,1249482,1249488,1249494,1249504,1249508,1249510,1249513,1249516,1249524,1249526,1249533,1249540,1249545,1249566,1249604,1249608,1249770,1249887,1249906,1249915,1249974,1250002,1250021,1250025,1250057,1250179,1 250251,1250267,1250294,1250334,1250336,1250344,1250365,1250407,1250522,1250530,1250574,1250655,1250722,1250952,CVE-2023-53261,CVE-2023-5633,CVE-2024-58090,CVE-2025-22022,CVE-2025-38119,CVE-2025-38216,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-2025-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38628,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38684,CVE-2025-38701,CVE-2025-38703,CVE-2025-38705,CVE-2025-38709,CVE-2025-38710,CVE-2025-38721,CVE-2025-38722,CVE-2025-38730,CVE-2025-38732,CVE-2025-39677,CVE-2025-39678,CVE-2025-39681,CV E-2025-39682,CVE-2025-39691,CVE-2025-39695,CVE-2025-39703,CVE-2025-39705,CVE-2025-39707,CVE-2025-39711,CVE-2025-39718,CVE-2025-39738,CVE-2025-39744,CVE-2025-39746,CVE-2025-39747,CVE-2025-39749,CVE-2025-39754,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39773,CVE-2025-39782,CVE-2025-39787,CVE-2025-39797,CVE-2025-39807,CVE-2025-39811,CVE-2025-39816,CVE-2025-39823,CVE-2025-39825,CVE-2025-39830,CVE-2025-39834,CVE-2025-39835,CVE-2025-39838,CVE-2025-39842,CVE-2025-39857,CVE-2025-39865,CVE-2025-39885,CVE-2025-39890,CVE-2025-39922,CVE-2025-40300 The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974). - CVE-2025-39834: net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (bsc#1250021). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - !CONFIG & reference -> this is bug, immediate fail - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes). - ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Add alt-commit to drm v3d patch - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: ISO: free rx_skb if not consumed (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - Drop PCI patches that broke kdump capture boot (bsc#1246509) - Drop arm64 patches that may lead to module load failure (bsc#1250057) - Drop ath12k patch that was reverted in the upstream (git-fixes) - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - Fix source string __assign_string() (bsc#1238782) - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186) - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - Revert 'usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running' (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf/selftests: Fix test_tcpnotify_user (poo#189822). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - request reserved interrupt for virtual function (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes). - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes). - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Fix mismatch type comparison (stable-fixes). - drm/amd/display: Fix unnecessary cast warnings from checkpatch (stable-fixes). - drm/amd/display: Reduce accessing remote DPCD overhead (git-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/discovery: fix fw based ip discovery (git-fixes). - drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes). - drm/amdgpu/mes: add missing locking in helper functions (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation (git-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes). - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect MALL size for GFX1151 (stable-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/ast: Use msleep instead of mdelay for edid read (git-fixes). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/cirrus-qemu: Fix pitch programming (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes). - drm/i915/icl+/tc: Cache the max lane count value (stable-fixes). - drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes). - drm/nouveau: select FW caching (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes). - drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes). - drm/panthor: validate group queue count (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/simpledrm: Do not upcast in release helpers (git-fixes). - drm/xe/bmg: Add new PCI IDs (stable-fixes). - drm/xe/bmg: Update Wa_22019338487 (git-fixes). - drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes). - drm/xe/tile: Release kobject for the failure path (git-fixes). - drm/xe: Allow dropping kunit dependency as built-in (git-fixes). - drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes). - drm/xe: Carve out wopcm portion from the stolen memory (git-fixes). - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes). - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes). - drm/xe: Fix and re-enable xe_print_blob_ascii85() (git-fixes). - drm/xe: Move page fault init after topology init (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - i3c: master: svc: Use manual response for IBI events (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: chips-media: wave5: Fix gray color on screen (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-auth: do not re-authenticate queues with no prior authentication (bsc#1227555). - nvme-pci: try function level reset on init failure (git-fixes). - nvme-tcp: remove tag set when second admin queue config fails (git-fixes). - nvmet-auth: always free derived key data (git-fixes). - nvmet-auth: authenticate on admin queue only (bsc#1227555). - nvmet: auth: use NULL to clear a pointer in (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1249183). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/debug: Add a reverse mode for debug_dump() (git-fixes jsc#PED-13260). - s390/debug: Add debug_dump() to write debug view to a string buffer (git-fixes jsc#PED-13260). - s390/debug: Simplify and document debug_next_entry() logic (git-fixes jsc#PED-13260). - s390/debug: Split private data alloc/free out of file operations (git-fixes jsc#PED-13260). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Add pci_msg debug view to PCI report (git-fixes jsc#PED-13260). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/pci: Report PCI error recovery results via SCLP (git-fixes jsc#PED-13260). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues (stable-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation (stable-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes). - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes). - wifi: ath12k: fix the fetching of combined rssi (git-fixes). - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath12k: fix wrong logging ID used for CE (git-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: Remove redundant header files (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP (bsc#1245538). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: dbc: decouple endpoint allocation from initialization (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - kernel-macros-6.4.0-150700.53.19.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - kernel-devel-6.4.0-150700.53.19.1 updated - kernel-default-devel-6.4.0-150700.53.19.1 updated - kernel-syms-6.4.0-150700.53.19.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Tue Oct 28 08:40:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 Oct 2025 09:40:58 +0100 (CET) Subject: SUSE-CU-2025:7622-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251028084058.7894BF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7622-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.5 Container Release : 54.5 Severity : important Type : security References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150 1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062 1236897 1237449 1237776 1240324 1241166 1241219 1241292 1241866 1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190 1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136 1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963 1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296 1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392 1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639 1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847 1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159 1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177 1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202 1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255 1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271 1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285 1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303 1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323 1249324 1249334 1249338 1249374 1249413 1249479 1249482 1249486 1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510 1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533 1249538 1249540 1249542 1249545 1249548 1249554 1249584 1249598 1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662 1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698 1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768 1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815 1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845 1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865 1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896 1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938 1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990 1249993 1249994 1249997 1250002 1250004 1250007 1250012 1250022 1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057 1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070 1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120 1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161 1250163 1250166 1250167 1250171 1250177 1250179 1250180 1250186 1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208 1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263 1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291 1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325 1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377 1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426 1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713 1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808 1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825 1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867 1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923 1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949 1250952 1250957 1250964 1251263 CVE-2023-31248 CVE-2023-3772 CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150 CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170 CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180 CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187 CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201 CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208 CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220 CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231 CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247 CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255 CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263 CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280 CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292 CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311 CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319 CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325 CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338 CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352 CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362 CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369 CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379 CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391 CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420 CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428 CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441 CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448 CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461 CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479 CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490 CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496 CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507 CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518 CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527 CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090 CVE-2024-58240 CVE-2025-22022 CVE-2025-3576 CVE-2025-38119 CVE-2025-38234 CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408 CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466 CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533 CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614 CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664 CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721 CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746 CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808 CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871 CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891 CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300 CVE-2025-59375 CVE-2025-9187 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3600-1 Released: Wed Oct 15 14:54:51 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1 249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249374,1249413,1249479,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,124999 4,1249997,1250002,1250004,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,125 0863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023 -53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428, CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-202 5-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39684 ,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-20 25-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs: Limit patch filenames to 100 characters (bsc#1249604). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus < first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - kernel-macros-6.4.0-150600.23.73.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - kernel-devel-6.4.0-150600.23.73.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-tools-3.112.2-150400.3.60.1 updated - kernel-default-devel-6.4.0-150600.23.73.1 updated - kernel-syms-6.4.0-150600.23.73.1 updated - container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:03:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:03:02 +0100 (CET) Subject: SUSE-CU-2025:7628-1: Recommended update of containers/lmcache-lmstack-router Message-ID: <20251029080302.4DC59F780@maintenance.suse.de> SUSE Container Update Advisory: containers/lmcache-lmstack-router ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7628-1 Container Tags : containers/lmcache-lmstack-router:0 , containers/lmcache-lmstack-router:0.1.6 , containers/lmcache-lmstack-router:0.1.6-2.13 Container Release : 2.13 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/lmcache-lmstack-router was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:03:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:03:03 +0100 (CET) Subject: SUSE-CU-2025:7629-1: Recommended update of containers/mcpo Message-ID: <20251029080303.D7CFCF780@maintenance.suse.de> SUSE Container Update Advisory: containers/mcpo ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7629-1 Container Tags : containers/mcpo:0 , containers/mcpo:0.0.17 , containers/mcpo:0.0.17-3.2 Container Release : 3.2 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/mcpo was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-4.4-150400.27.6.1 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:03:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:03:20 +0100 (CET) Subject: SUSE-CU-2025:7631-1: Recommended update of containers/open-webui-pipelines Message-ID: <20251029080320.5D2D8F780@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7631-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.9 Container Release : 7.9 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:05:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:05:28 +0100 (CET) Subject: SUSE-IU-2025:3487-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251029080528.5F21DF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3487-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.216 , suse/sle-micro/base-5.5:latest Image Release : 5.8.216 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:06:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:06:40 +0100 (CET) Subject: SUSE-IU-2025:3488-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251029080640.9023AF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3488-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.414 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.414 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.216 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:08:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:08:38 +0100 (CET) Subject: SUSE-IU-2025:3489-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20251029080838.100D2F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3489-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.518 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.518 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.392 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:10:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:10:26 +0100 (CET) Subject: SUSE-IU-2025:3490-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20251029081026.7E2E1F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3490-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.392 , suse/sle-micro/5.5:latest Image Release : 5.5.392 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.216 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:12 +0100 (CET) Subject: SUSE-CU-2025:7634-1: Recommended update of private-registry/harbor-core Message-ID: <20251029081312.C8045F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7634-1 Container Tags : private-registry/harbor-core:2.13 , private-registry/harbor-core:2.13.2 , private-registry/harbor-core:2.13.2-3.26 , private-registry/harbor-core:latest Container Release : 3.26 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:19 +0100 (CET) Subject: SUSE-CU-2025:7635-1: Recommended update of private-registry/harbor-db Message-ID: <20251029081319.7DB77F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7635-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-3.27 , private-registry/harbor-db:latest Container Release : 3.27 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:24 +0100 (CET) Subject: SUSE-CU-2025:7636-1: Recommended update of private-registry/harbor-exporter Message-ID: <20251029081324.694A3F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7636-1 Container Tags : private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2-3.26 , private-registry/harbor-exporter:latest Container Release : 3.26 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:29 +0100 (CET) Subject: SUSE-CU-2025:7637-1: Recommended update of private-registry/harbor-jobservice Message-ID: <20251029081329.7365FF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7637-1 Container Tags : private-registry/harbor-jobservice:2.13 , private-registry/harbor-jobservice:2.13.2 , private-registry/harbor-jobservice:2.13.2-3.26 , private-registry/harbor-jobservice:latest Container Release : 3.26 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:37 +0100 (CET) Subject: SUSE-CU-2025:7638-1: Recommended update of private-registry/harbor-nginx Message-ID: <20251029081337.D93C8F780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7638-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.65 , private-registry/harbor-nginx:latest Container Release : 2.65 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:46 +0100 (CET) Subject: SUSE-CU-2025:7639-1: Recommended update of private-registry/harbor-portal Message-ID: <20251029081346.14C29F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7639-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.31 , private-registry/harbor-portal:latest Container Release : 3.31 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:51 +0100 (CET) Subject: SUSE-CU-2025:7640-1: Recommended update of private-registry/harbor-registry Message-ID: <20251029081351.913E4F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7640-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.67 , private-registry/harbor-registry:latest Container Release : 2.67 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:13:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:13:56 +0100 (CET) Subject: SUSE-CU-2025:7641-1: Recommended update of private-registry/harbor-registryctl Message-ID: <20251029081356.ED7AEF778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7641-1 Container Tags : private-registry/harbor-registryctl:2.13 , private-registry/harbor-registryctl:2.13.2 , private-registry/harbor-registryctl:2.13.2-3.26 , private-registry/harbor-registryctl:latest Container Release : 3.26 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:14:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:14:04 +0100 (CET) Subject: SUSE-CU-2025:7642-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20251029081404.7DAD7F778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7642-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.64 , private-registry/harbor-trivy-adapter:latest Container Release : 2.64 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:14:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:14:08 +0100 (CET) Subject: SUSE-CU-2025:7643-1: Recommended update of private-registry/harbor-valkey Message-ID: <20251029081408.ED00CF778@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7643-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.55 , private-registry/harbor-valkey:latest Container Release : 2.55 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:21:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:21:29 +0100 (CET) Subject: SUSE-CU-2025:7645-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20251029082129.58F1DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7645-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.201 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.201 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:25:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:25:04 +0100 (CET) Subject: SUSE-CU-2025:7646-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251029082504.AD516F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7646-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.78 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.78 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:27:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:27:26 +0100 (CET) Subject: SUSE-CU-2025:7647-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20251029082726.1FC6CF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7647-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.201 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.201 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Wed Oct 29 08:29:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 Oct 2025 09:29:18 +0100 (CET) Subject: SUSE-CU-2025:7648-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251029082918.371DDF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7648-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.108 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.108 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:03:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:03:59 +0100 (CET) Subject: SUSE-CU-2025:7649-1: Recommended update of containers/milvus Message-ID: <20251030080359.E4D83F780@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7649-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.203 Container Release : 7.203 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:05:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:05:31 +0100 (CET) Subject: SUSE-CU-2025:7650-1: Recommended update of containers/ollama Message-ID: <20251030080531.597D1F780@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7650-1 Container Tags : containers/ollama:0 , containers/ollama:0.11.4 , containers/ollama:0.11.4-10.85 Container Release : 10.85 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:07:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:07:28 +0100 (CET) Subject: SUSE-CU-2025:7651-1: Recommended update of containers/open-webui Message-ID: <20251030080728.BAC6BF780@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7651-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.35 Container Release : 12.35 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:07:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:07:52 +0100 (CET) Subject: SUSE-CU-2025:7653-1: Recommended update of containers/pytorch Message-ID: <20251030080752.AE8DFF780@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7653-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.8.0-nvidia , containers/pytorch:2.8.0-nvidia-3.9 Container Release : 3.9 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:12:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:12:40 +0100 (CET) Subject: SUSE-IU-2025:3492-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20251030081240.824CDF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3492-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.393 , suse/sle-micro/5.5:latest Image Release : 5.5.393 Severity : moderate Type : recommended References : 1229750 1250593 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. The following package changes have been done: - vim-data-common-9.1.1629-150500.20.38.1 updated - vim-small-9.1.1629-150500.20.38.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:21:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:21:34 +0100 (CET) Subject: SUSE-CU-2025:7660-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20251030082134.D467EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7660-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.202 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.202 Severity : moderate Type : recommended References : 1229750 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3853-1 Released: Wed Oct 29 15:06:03 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750 This update for vim fixes the following issues: - Fix: vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. The following package changes have been done: - vim-data-common-9.1.1629-150000.5.81.1 updated - vim-9.1.1629-150000.5.81.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:24:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:24:59 +0100 (CET) Subject: SUSE-CU-2025:7661-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251030082459.43DE0F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7661-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.79 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.79 Severity : moderate Type : recommended References : 1229750 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3853-1 Released: Wed Oct 29 15:06:03 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750 This update for vim fixes the following issues: - Fix: vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. The following package changes have been done: - vim-data-common-9.1.1629-150000.5.81.1 updated - vim-small-9.1.1629-150000.5.81.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:27:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:27:04 +0100 (CET) Subject: SUSE-CU-2025:7662-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20251030082704.33FDBF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7662-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.202 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.202 Severity : moderate Type : recommended References : 1229750 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3853-1 Released: Wed Oct 29 15:06:03 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750 This update for vim fixes the following issues: - Fix: vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. The following package changes have been done: - vim-data-common-9.1.1629-150000.5.81.1 updated - vim-9.1.1629-150000.5.81.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:28:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:28:59 +0100 (CET) Subject: SUSE-CU-2025:7648-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251030082859.BEF9DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7648-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.108 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.108 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:29:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:29:00 +0100 (CET) Subject: SUSE-CU-2025:7663-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20251030082900.AAD00F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7663-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.109 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.109 Severity : moderate Type : recommended References : 1229750 1250593 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. The following package changes have been done: - vim-data-common-9.1.1629-150500.20.38.1 updated - vim-9.1.1629-150500.20.38.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:32:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:32:31 +0100 (CET) Subject: SUSE-CU-2025:7664-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20251030083231.D86B5F778@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7664-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.149 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.149 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3837-1 Released: Tue Oct 28 11:38:30 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-4.3-83.36.1 updated - libreadline6-6.3-83.36.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:37:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:37:13 +0100 (CET) Subject: SUSE-CU-2025:7666-1: Recommended update of bci/bci-base-fips Message-ID: <20251030083713.29574F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7666-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.36.9 Container Release : 36.9 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:38:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:38:34 +0100 (CET) Subject: SUSE-CU-2025:7668-1: Recommended update of bci/bci-init Message-ID: <20251030083834.01FBFF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7668-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.49.10 Container Release : 49.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:38:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:38:43 +0100 (CET) Subject: SUSE-CU-2025:7669-1: Recommended update of bci/bci-micro-fips Message-ID: <20251030083843.5C755F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7669-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.11.9 Container Release : 11.9 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:39:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:39:13 +0100 (CET) Subject: SUSE-CU-2025:7670-1: Recommended update of bci/bci-micro Message-ID: <20251030083913.DBE49F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7670-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.53.6 Container Release : 53.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:bci-bci-base-15.6-4508111fdccc492541ff3fe7e57350d384649beb8cdfd285b4be78ff82a099c8-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:39:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:39:49 +0100 (CET) Subject: SUSE-CU-2025:7671-1: Recommended update of bci/bci-minimal Message-ID: <20251030083949.ED3C3F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7671-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.44.2 Container Release : 44.2 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:41:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:41:04 +0100 (CET) Subject: SUSE-CU-2025:7673-1: Recommended update of bci/nodejs Message-ID: <20251030084104.8C7ABF778@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7673-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-58.10 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-58.10 Container Release : 58.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:42:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:42:30 +0100 (CET) Subject: SUSE-CU-2025:7675-1: Recommended update of bci/python Message-ID: <20251030084230.86A56F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7675-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-75.10 Container Release : 75.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:43:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:43:11 +0100 (CET) Subject: SUSE-CU-2025:7676-1: Recommended update of suse/mariadb-client Message-ID: <20251030084311.E71C5F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7676-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.14 , suse/mariadb-client:10.11.14-66.13 Container Release : 66.13 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:46:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:46:36 +0100 (CET) Subject: SUSE-CU-2025:7678-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251030084636.A9F56F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7678-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.10 Container Release : 54.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 08:47:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 09:47:44 +0100 (CET) Subject: SUSE-CU-2025:7679-1: Recommended update of suse/sle15 Message-ID: <20251030084744.B936EF778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7679-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.2 , suse/sle15:15.6 , suse/sle15:15.6.47.26.2 Container Release : 47.26.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.73.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:11:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:11:17 +0100 (CET) Subject: SUSE-IU-2025:3495-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251030121117.7BF60F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3495-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.36 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.36 Severity : important Type : recommended References : 1248586 1252217 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 323 Released: Thu Oct 30 09:16:08 2025 Summary: Recommended update for sqlite3 Type: recommended Severity: important References: 1248586,1252217 This update for sqlite3 fixes the following issues: - Add a %license file (bsc#1252217). - Fix icu-enabled build (bsc#1248586). - Fix two long-standings cases of the use of uninitialized variables in obscure circumstances. - Fix a possible memory error that can occur if a query is made against FTS5 index that has been deliberately corrupted in a very specific way. - Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. - Fix an incorrect answer due to over-optimization of an AND operator. The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.64 updated - libsqlite3-0-3.50.4-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.1-7.24 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:17:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:17:00 +0100 (CET) Subject: SUSE-CU-2025:7681-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251030121700.E36E4F780@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7681-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.121 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.121 Severity : critical Type : recommended References : 1229750 1243381 1245190 1245199 1250593 1250754 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsolv-tools-base-0.7.34-150600.8.19.2 updated - vim-data-common-9.1.1629-150500.20.38.1 updated - vim-small-9.1.1629-150500.20.38.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:19:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:19:44 +0100 (CET) Subject: SUSE-CU-2025:7679-1: Recommended update of suse/sle15 Message-ID: <20251030121944.EF250F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7679-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.2 , suse/sle15:15.6 , suse/sle15:15.6.47.26.2 Container Release : 47.26.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.73.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:19:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:19:46 +0100 (CET) Subject: SUSE-CU-2025:7682-1: Recommended update of suse/sle15 Message-ID: <20251030121946.1768EF780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7682-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.3 , suse/sle15:15.6 , suse/sle15:15.6.47.26.3 Container Release : 47.26.3 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:19:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:19:47 +0100 (CET) Subject: SUSE-CU-2025:7683-1: Recommended update of suse/sle15 Message-ID: <20251030121947.2DC85F780@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7683-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.4 , suse/sle15:15.6 , suse/sle15:15.6.47.26.4 Container Release : 47.26.4 Severity : critical Type : recommended References : 1243381 1245190 1250754 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) The following package changes have been done: - libsolv-tools-base-0.7.34-150600.8.19.2 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:21:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:21:25 +0100 (CET) Subject: SUSE-CU-2025:7685-1: Recommended update of bci/spack Message-ID: <20251030122125.60086F780@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7685-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.73 Container Release : 11.73 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8a7fd1333cc96039953f1ab73deed18c837cbe51e34dde659fc9091393086943-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:21:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:21:50 +0100 (CET) Subject: SUSE-CU-2025:7686-1: Security update of suse/389-ds Message-ID: <20251030122150.3C35CF780@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7686-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-64.9 , suse/389-ds:latest Container Release : 64.9 Severity : important Type : security References : 1245199 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-tools-3.112.2-150400.3.60.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:22:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:22:11 +0100 (CET) Subject: SUSE-CU-2025:7687-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251030122211.56E12F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7687-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.21 , bci/dotnet-aspnet:8.0.21-73.4 Container Release : 73.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:22:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:22:29 +0100 (CET) Subject: SUSE-CU-2025:7689-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251030122229.478B1F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7689-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.10 , bci/dotnet-aspnet:9.0.10-32.4 , bci/dotnet-aspnet:latest Container Release : 32.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:22:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:22:50 +0100 (CET) Subject: SUSE-CU-2025:7691-1: Recommended update of bci/bci-base-fips Message-ID: <20251030122250.19C94F780@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7691-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-10.6 , bci/bci-base-fips:latest Container Release : 10.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:23:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:23:06 +0100 (CET) Subject: SUSE-CU-2025:7692-1: Recommended update of suse/bind Message-ID: <20251030122306.78091F780@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7692-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.11 , suse/bind:9.20.11-69.11 , suse/bind:latest Container Release : 69.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:23:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:23:15 +0100 (CET) Subject: SUSE-CU-2025:7693-1: Recommended update of suse/cosign Message-ID: <20251030122315.56C0DF780@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7693-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-16.10 , suse/cosign:latest Container Release : 16.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:23:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:23:34 +0100 (CET) Subject: SUSE-CU-2025:7694-1: Recommended update of bci/dotnet-sdk Message-ID: <20251030122334.F34FEF780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7694-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.21 , bci/dotnet-sdk:8.0.21-73.4 Container Release : 73.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:23:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:23:53 +0100 (CET) Subject: SUSE-CU-2025:7696-1: Recommended update of bci/dotnet-sdk Message-ID: <20251030122353.F1597F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7696-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.10 , bci/dotnet-sdk:9.0.10-33.4 , bci/dotnet-sdk:latest Container Release : 33.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:24:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:24:14 +0100 (CET) Subject: SUSE-CU-2025:7698-1: Recommended update of bci/dotnet-runtime Message-ID: <20251030122414.279C9F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7698-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.21 , bci/dotnet-runtime:8.0.21-73.4 Container Release : 73.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:24:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:24:31 +0100 (CET) Subject: SUSE-CU-2025:7700-1: Recommended update of bci/dotnet-runtime Message-ID: <20251030122431.787F2F780@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7700-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.10 , bci/dotnet-runtime:9.0.10-32.4 , bci/dotnet-runtime:latest Container Release : 32.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:24:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:24:48 +0100 (CET) Subject: SUSE-CU-2025:7702-1: Recommended update of bci/gcc Message-ID: <20251030122448.EA85CF780@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7702-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-14.7 , bci/gcc:latest Container Release : 14.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:25:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:25:08 +0100 (CET) Subject: SUSE-CU-2025:7703-1: Security update of bci/golang Message-ID: <20251030122508.39C6CF780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7703-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.9 , bci/golang:1.24.9-2.75.4 , bci/golang:oldstable , bci/golang:oldstable-2.75.4 Container Release : 75.4 Severity : important Type : security References : 1236217 1241219 1251253 1251254 1251255 1251256 1251257 1251258 1251259 1251260 1251261 1251262 1251264 CVE-2025-3576 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189 CVE-2025-61723 CVE-2025-61724 CVE-2025-61725 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3682-1 Released: Mon Oct 20 15:12:08 2025 Summary: Security update for go1.24 Type: security Severity: important References: 1236217,1251253,1251254,1251255,1251256,1251257,1251258,1251259,1251260,1251261,1251262,CVE-2025-47912,CVE-2025-58183,CVE-2025-58185,CVE-2025-58186,CVE-2025-58187,CVE-2025-58188,CVE-2025-58189,CVE-2025-61723,CVE-2025-61724,CVE-2025-61725 This update for go1.24 fixes the following issues: go1.24.9 (released 2025-10-13) includes fixes to the crypto/x509 package. (bsc#1236217) * crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 (released 2025-10-07) includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the linker, and the debug/pe, net/http, os, and sync/atomic packages. (bsc#1236217) CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724: * bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information * bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress * bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys * bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion * bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion * bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs * bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map * bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames * bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints * bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse * os: Root.OpenRoot sets incorrect name, losing prefix of original root * debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * cmd/link: panic on riscv64 with CGO enabled due to empty container symbol * net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9 * crypto/internal/fips140/rsa: requires a panic if self-tests fail * net/http: internal error: connCount underflow * cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * sync/atomic: comment for Uintptr.Or incorrectly describes return value ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - go1.24-doc-1.24.9-150000.1.42.1 updated - go1.24-1.24.9-150000.1.42.1 updated - go1.24-race-1.24.9-150000.1.42.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:25:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:25:09 +0100 (CET) Subject: SUSE-CU-2025:7704-1: Recommended update of bci/golang Message-ID: <20251030122509.2620CF780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7704-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.9 , bci/golang:1.24.9-2.75.6 , bci/golang:oldstable , bci/golang:oldstable-2.75.6 Container Release : 75.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:25:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:25:30 +0100 (CET) Subject: SUSE-CU-2025:7705-1: Recommended update of bci/golang Message-ID: <20251030122530.BE041F780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7705-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-78.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-78.7 Container Release : 78.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:25:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:25:51 +0100 (CET) Subject: SUSE-CU-2025:7706-1: Recommended update of bci/golang Message-ID: <20251030122551.737C4F780@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7706-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.75.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.75.6 Container Release : 75.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:56:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:56:52 +0100 (CET) Subject: SUSE-IU-2025:3500-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20251030125652.7869FF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3500-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.45 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.45 Severity : important Type : recommended References : 1241957 1248586 1252217 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 323 Released: Thu Oct 30 09:16:08 2025 Summary: Recommended update for sqlite3 Type: recommended Severity: important References: 1241957,1248586,1252217 This update for sqlite3 fixes the following issues: - Add a %license file (bsc#1252217). - Fix icu-enabled build (bsc#1248586). - Fix two long-standings cases of the use of uninitialized variables in obscure circumstances. - Fix a possible memory error that can occur if a query is made against FTS5 index that has been deliberately corrupted in a very specific way. - Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. - Fix an incorrect answer due to over-optimization of an AND operator. The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.64 updated - libsqlite3-0-3.50.4-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-4.82 updated From sle-container-updates at lists.suse.com Thu Oct 30 12:57:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 13:57:50 +0100 (CET) Subject: SUSE-IU-2025:3501-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251030125750.30024F780@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3501-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.48 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.48 Severity : important Type : recommended References : 1241957 1248586 1252217 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 323 Released: Thu Oct 30 09:16:08 2025 Summary: Recommended update for sqlite3 Type: recommended Severity: important References: 1241957,1248586,1252217 This update for sqlite3 fixes the following issues: - Add a %license file (bsc#1252217). - Fix icu-enabled build (bsc#1248586). - Fix two long-standings cases of the use of uninitialized variables in obscure circumstances. - Fix a possible memory error that can occur if a query is made against FTS5 index that has been deliberately corrupted in a very specific way. - Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. - Fix an incorrect answer due to over-optimization of an AND operator. The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.64 updated - libsqlite3-0-3.50.4-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.45 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:02:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:02:42 +0100 (CET) Subject: SUSE-CU-2025:7706-1: Recommended update of bci/golang Message-ID: <20251030130242.07050F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7706-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.75.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.75.6 Container Release : 75.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:02:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:02:51 +0100 (CET) Subject: SUSE-CU-2025:7708-1: Recommended update of suse/helm Message-ID: <20251030130251.AE689F783@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7708-1 Container Tags : suse/helm:3 , suse/helm:3.18 , suse/helm:3.18.3 , suse/helm:3.18.3-66.10 , suse/helm:latest Container Release : 66.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:03:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:03:11 +0100 (CET) Subject: SUSE-CU-2025:7709-1: Recommended update of bci/bci-init Message-ID: <20251030130311.03976F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7709-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-46.7 , bci/bci-init:latest Container Release : 46.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:03:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:03:23 +0100 (CET) Subject: SUSE-CU-2025:7710-1: Recommended update of suse/kea Message-ID: <20251030130323.64DEAF783@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7710-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-66.7 , suse/kea:latest Container Release : 66.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:03:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:03:50 +0100 (CET) Subject: SUSE-CU-2025:7711-1: Security update of bci/kiwi Message-ID: <20251030130350.9FC2CF783@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7711-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-23.5 , bci/kiwi:latest Container Release : 23.5 Severity : important Type : security References : 1245199 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - readline-devel-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:03:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:03:57 +0100 (CET) Subject: SUSE-CU-2025:7713-1: Recommended update of suse/kubectl Message-ID: <20251030130357.55ED5F783@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7713-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.66.10 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.66.10 Container Release : 66.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:04:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:04:03 +0100 (CET) Subject: SUSE-CU-2025:7714-1: Recommended update of suse/kubectl Message-ID: <20251030130403.94F5AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7714-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.66.10 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.66.10 Container Release : 66.10 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:04:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:04:12 +0100 (CET) Subject: SUSE-CU-2025:7715-1: Recommended update of bci/bci-micro-fips Message-ID: <20251030130412.2CD7DF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7715-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-12.6 , bci/bci-micro-fips:latest Container Release : 12.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:04:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:04:19 +0100 (CET) Subject: SUSE-CU-2025:7716-1: Recommended update of bci/bci-micro Message-ID: <20251030130419.5B588F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7716-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-50.6 , bci/bci-micro:latest Container Release : 50.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:04:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:04:26 +0100 (CET) Subject: SUSE-CU-2025:7717-1: Recommended update of bci/bci-minimal Message-ID: <20251030130426.2BBDCF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7717-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-16.2 , bci/bci-minimal:latest Container Release : 16.2 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:04:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:04:44 +0100 (CET) Subject: SUSE-CU-2025:7718-1: Recommended update of suse/nginx Message-ID: <20251030130444.28B1FF783@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7718-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-65.7 , suse/nginx:latest Container Release : 65.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:04:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:04:59 +0100 (CET) Subject: SUSE-CU-2025:7719-1: Recommended update of bci/nodejs Message-ID: <20251030130459.B7381F783@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7719-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-13.7 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-13.7 , bci/nodejs:latest Container Release : 13.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:05:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:05:17 +0100 (CET) Subject: SUSE-CU-2025:7720-1: Security update of bci/openjdk-devel Message-ID: <20251030130517.D9267F783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7720-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-13.5 Container Release : 13.5 Severity : important Type : security References : 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. The following package changes have been done: - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - container:bci-openjdk-17-15.7.17-11.5 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:05:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:05:18 +0100 (CET) Subject: SUSE-CU-2025:7721-1: Recommended update of bci/openjdk-devel Message-ID: <20251030130518.D909DF783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7721-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.16.0 , bci/openjdk-devel:17.0.16.0-13.9 Container Release : 13.9 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:bci-openjdk-17-15.7.17-12.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:05:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:05:40 +0100 (CET) Subject: SUSE-CU-2025:7722-1: Recommended update of suse/pcp Message-ID: <20251030130540.6442AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7722-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-67.6 , suse/pcp:latest Container Release : 67.6 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:bci-bci-init-15.7-b7619f9d39bcc1fa0ef8a90fcc6012863a03864e23b8483cbd95bae927f0650b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:05:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:05:56 +0100 (CET) Subject: SUSE-CU-2025:7723-1: Recommended update of bci/php-fpm Message-ID: <20251030130556.56F9CF783@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7723-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-15.7 , bci/php-fpm:latest Container Release : 15.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:06:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:06:12 +0100 (CET) Subject: SUSE-CU-2025:7724-1: Recommended update of bci/php Message-ID: <20251030130612.0B377F783@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7724-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-15.7 , bci/php:latest Container Release : 15.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:06:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:06:23 +0100 (CET) Subject: SUSE-CU-2025:7725-1: Security update of suse/postgres Message-ID: <20251030130623.03D98F783@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7725-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-79.1 Container Release : 79.1 Severity : important Type : security References : 1241219 1245199 CVE-2025-3576 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:06:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:06:41 +0100 (CET) Subject: SUSE-CU-2025:7726-1: Recommended update of bci/python Message-ID: <20251030130641.896F9F783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7726-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-77.7 Container Release : 77.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:53:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:53:04 +0100 (CET) Subject: SUSE-CU-2025:7726-1: Recommended update of bci/python Message-ID: <20251030135304.D5778F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7726-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.13 , bci/python:3.11.13-77.7 Container Release : 77.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:53:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:53:26 +0100 (CET) Subject: SUSE-CU-2025:7727-1: Recommended update of bci/python Message-ID: <20251030135326.CEFBAF778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7727-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.7 , bci/python:3.13.7-79.7 , bci/python:latest Container Release : 79.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:53:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:53:48 +0100 (CET) Subject: SUSE-CU-2025:7728-1: Recommended update of bci/python Message-ID: <20251030135348.C6957F778@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7728-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-76.7 Container Release : 76.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:53:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:53:59 +0100 (CET) Subject: SUSE-CU-2025:7729-1: Recommended update of suse/mariadb-client Message-ID: <20251030135359.2732DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7729-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-64.11 , suse/mariadb-client:latest Container Release : 64.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:54:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:54:17 +0100 (CET) Subject: SUSE-CU-2025:7627-1: Security update of bci/rust Message-ID: <20251030135417.D0C4EF778@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7627-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.3.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.1 Container Release : 3.1 Severity : moderate Type : security References : 1241219 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:54:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:54:18 +0100 (CET) Subject: SUSE-CU-2025:7730-1: Recommended update of bci/rust Message-ID: <20251030135418.B63BFF778@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7730-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-1.3.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.4 Container Release : 3.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:54:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:54:33 +0100 (CET) Subject: SUSE-CU-2025:7731-1: Recommended update of suse/samba-client Message-ID: <20251030135433.DBDE0F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7731-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-68.11 , suse/samba-client:latest Container Release : 68.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:54:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:54:49 +0100 (CET) Subject: SUSE-CU-2025:7732-1: Recommended update of suse/samba-server Message-ID: <20251030135449.3B53FF778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7732-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-68.11 , suse/samba-server:latest Container Release : 68.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:55:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:55:03 +0100 (CET) Subject: SUSE-CU-2025:7733-1: Recommended update of suse/samba-toolbox Message-ID: <20251030135503.80550F778@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7733-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-68.11 , suse/samba-toolbox:latest Container Release : 68.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:55:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:55:23 +0100 (CET) Subject: SUSE-CU-2025:7734-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251030135523.A0360F778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7734-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-51.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 51.7 Severity : important Type : security References : 1245199 1251263 CVE-2025-9187 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - mozilla-nss-tools-3.112.2-150400.3.60.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:55:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:55:40 +0100 (CET) Subject: SUSE-CU-2025:7735-1: Recommended update of suse/sle15 Message-ID: <20251030135540.E6DB3F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7735-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.3 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.3 , suse/sle15:latest Container Release : 5.11.3 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3805-1 Released: Mon Oct 27 12:36:40 2025 Summary: Recommended udpate for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect rebuilds it against the current go1.25 release. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - container-suseconnect-2.5.5-150000.4.73.1 updated - libreadline7-7.0-150400.27.6.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:55:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:55:41 +0100 (CET) Subject: SUSE-CU-2025:7736-1: Recommended update of suse/sle15 Message-ID: <20251030135541.CD5B5F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7736-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.11.4 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.11.4 , suse/sle15:latest Container Release : 5.11.4 Severity : critical Type : recommended References : 1243381 1245190 1250754 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) The following package changes have been done: - libsolv-tools-base-0.7.35-150700.11.5.2 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:56:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:56:08 +0100 (CET) Subject: SUSE-CU-2025:7737-1: Security update of bci/spack Message-ID: <20251030135608.76746F778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7737-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-18.4 , bci/spack:latest Container Release : 18.4 Severity : low Type : security References : 1248461 CVE-2025-9301 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3812-1 Released: Mon Oct 27 17:13:21 2025 Summary: Security update for cmake Type: security Severity: low References: 1248461,CVE-2025-9301 This update for cmake fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) The following package changes have been done: - cmake-full-3.28.3-150600.3.3.1 updated - cmake-3.28.3-150600.3.3.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:56:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:56:09 +0100 (CET) Subject: SUSE-CU-2025:7738-1: Recommended update of bci/spack Message-ID: <20251030135609.6A686F778@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7738-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-18.7 , bci/spack:latest Container Release : 18.7 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:56:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:56:21 +0100 (CET) Subject: SUSE-CU-2025:7739-1: Recommended update of suse/valkey Message-ID: <20251030135621.278D2F778@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7739-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-66.11 , suse/valkey:latest Container Release : 66.11 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-3fe955ccc9efe104a9b6c583c183bb635f63c746a7a9b605b32f689e8d4e7330-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Thu Oct 30 13:59:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 14:59:38 +0100 (CET) Subject: SUSE-CU-2025:7764-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251030135938.EECBBF778@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7764-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.2 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.2 Severity : important Type : security References : 1227577 1227577 1246277 1246277 1246439 1246439 1248252 1250911 CVE-2025-53192 CVE-2025-53880 CVE-2025-53880 CVE-2025-53883 CVE-2025-53883 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3826-1 Released: Tue Oct 28 08:26:43 2025 Summary: Security update 4.3.16.1 SUSE Manager Server and Proxy 4.3 LTS Type: security Severity: important References: 1227577,1246277,1246439,1250911,CVE-2025-53880,CVE-2025-53883 This update fixes the following issues: This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3827-1 Released: Tue Oct 28 08:26:54 2025 Summary: Maintenance update for Multi-Linux Manager 4.3 LTS Release Notes Release Notes Type: security Severity: important References: 1227577,1246277,1246439,1248252,CVE-2025-53192,CVE-2025-53880,CVE-2025-53883 Maintenance update for Multi-Linux Manager 4.3 LTS Release Notes Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2 updated - python3-defusedxml-0.6.0-1.42 added - python3-rhnlib-4.3.7-150400.3.9.4 updated - spacewalk-backend-4.3.34-150400.3.58.6 updated - susemanager-tftpsync-recv-4.3.11-150400.3.15.3 updated From sle-container-updates at lists.suse.com Thu Oct 30 14:05:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:05:21 +0100 (CET) Subject: SUSE-CU-2025:7773-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20251030140521.26A38F780@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7773-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.5.1 , suse/manager/5.0/x86_64/proxy-httpd:5.0.5.1.7.26.2 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 7.26.2 Severity : important Type : security References : 1218459 1221107 1227577 1228260 1229655 1230262 1230267 1230267 1231150 1231157 1232234 1232526 1233012 1233012 1233012 1233012 1233012 1236589 1236931 1237442 1238491 1239012 1239119 1239543 1239566 1239817 1239938 1240058 1240132 1240788 1241219 1241463 1241549 1243226 1243273 1243279 1243397 1243457 1243486 1243706 1243767 1243887 1243901 1243933 1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244079 1244105 1244401 1244509 1244553 1244705 1244710 1245220 1245220 1245309 1245310 1245311 1245314 1245452 1245496 1245573 1245672 1245936 1245985 1246038 1246149 1246169 1246197 1246197 1246221 1246277 1246296 1246302 1246303 1246305 1246306 1246307 1246421 1246439 1246466 1246477 1246570 1246597 1246697 1246835 1246912 1246965 1246974 1247054 1247144 1247148 1247249 1247690 1248085 1248252 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1249584 1250232 1250232 1250343 1250911 831629 CVE-2016-9840 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-42516 CVE-2024-43204 CVE-2024-47252 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-23048 CVE-2025-30258 CVE-2025-3576 CVE-2025-40909 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4877 CVE-2025-4878 CVE-2025-4947 CVE-2025-49630 CVE-2025-49812 CVE-2025-5025 CVE-2025-5278 CVE-2025-53020 CVE-2025-5318 CVE-2025-53192 CVE-2025-5372 CVE-2025-53880 CVE-2025-53883 CVE-2025-5399 CVE-2025-59375 CVE-2025-6018 CVE-2025-6020 CVE-2025-6069 CVE-2025-6297 CVE-2025-6965 CVE-2025-7425 CVE-2025-8058 CVE-2025-8114 CVE-2025-8194 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2007-1 Released: Wed Jun 18 16:03:17 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the 'metalink' attribute and reflect that the 'url' elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2259-1 Released: Wed Jul 9 17:18:02 2025 Summary: Recommended update for gpg2 Type: security Severity: low References: 1236931,1239119,1239817,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119). Other bugfixes: - Do not install expired sks certificate (bsc#1243069). - gpg hangs when importing a key (bsc#1236931). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2684-1 Released: Mon Aug 4 17:07:20 2025 Summary: Security update for apache2 Type: security Severity: important References: 1246169,1246302,1246303,1246305,1246306,1246307,1246477,CVE-2024-42516,CVE-2024-43204,CVE-2024-47252,CVE-2025-23048,CVE-2025-49630,CVE-2025-49812,CVE-2025-53020 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3066-1 Released: Thu Sep 4 08:37:17 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - Modified default SLE presets. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-3825 Released: Tue Oct 28 08:25:58 2025 Summary: Security update 5.0.5.1 for for Multi-Linux Manager Type: security Severity: important References: 1227577,1231150,1231157,1246277,1246421,1246439,1248085,1248252,1250911,CVE-2025-53192,CVE-2025-53880,CVE-2025-53883 Security update 5.0.5.1 for for Multi-Linux Manager: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - glibc-2.38-150600.14.37.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - perl-base-5.26.1-150300.17.20.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libglib-2_0-0-2.78.6-150600.4.16.1 updated - libudev1-254.27-150600.4.43.3 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libcurl4-8.14.1-150600.4.28.1 updated - coreutils-8.32-150400.9.9.1 updated - gpg2-2.4.4-150600.3.9.1 updated - pam-1.3.0-150000.6.86.1 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libzypp-17.37.18-150600.3.82.1 updated - zypper-1.14.94-150600.10.52.1 updated - curl-8.14.1-150600.4.28.1 updated - libbrotlienc1-1.0.7-150200.3.5.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - release-notes-susemanager-proxy-5.0.5.1-150600.11.31.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - python3-base-3.6.15-150300.10.97.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - systemd-presets-branding-SLE-15.1-150600.35.3.1 updated - apache2-prefork-2.4.58-150600.5.35.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-six-1.14.0-150200.15.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-defusedxml-0.6.0-1.42 added - python3-chardet-3.0.4-150000.5.6.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - systemd-254.27-150600.4.43.3 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-libxml2-2.10.3-150500.5.32.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - apache2-2.4.58-150600.5.35.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-rhnlib-5.0.5-150600.4.6.4 updated - spacewalk-backend-5.0.15-150600.4.20.9 updated - susemanager-tftpsync-recv-5.0.3-150600.3.6.4 updated - container:sles15-image-15.6.0-47.24.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 14:05:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:05:29 +0100 (CET) Subject: SUSE-CU-2025:7774-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20251030140529.F19EDFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7774-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.5.1 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.5.1.7.28.2 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 7.28.2 Severity : important Type : security References : 1218459 1221107 1228260 1229655 1230262 1230267 1230267 1232234 1232526 1233012 1233012 1236589 1236931 1237442 1238491 1239012 1239119 1239543 1239566 1239817 1239938 1240058 1240132 1240788 1241219 1241463 1241549 1242827 1242844 1243226 1243273 1243279 1243397 1243457 1243486 1243706 1243767 1243887 1243901 1243933 1243935 1243991 1244032 1244042 1244050 1244056 1244059 1244060 1244061 1244079 1244105 1244401 1244509 1244554 1244555 1244557 1244590 1244596 1244700 1244705 1244710 1245220 1245220 1245309 1245310 1245311 1245314 1245452 1245496 1245672 1245936 1245985 1246038 1246149 1246197 1246197 1246221 1246296 1246466 1246570 1246597 1246697 1246912 1246965 1246974 1247054 1247144 1247148 1247249 1247690 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1249584 1250232 1250232 1250343 831629 CVE-2016-9840 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-30258 CVE-2025-3576 CVE-2025-40909 CVE-2025-4138 CVE-2025-4330 CVE-2025-4373 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-4598 CVE-2025-4877 CVE-2025-4878 CVE-2025-4947 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5025 CVE-2025-5278 CVE-2025-5318 CVE-2025-5372 CVE-2025-5399 CVE-2025-59375 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6052 CVE-2025-6069 CVE-2025-6170 CVE-2025-6965 CVE-2025-7425 CVE-2025-8058 CVE-2025-8114 CVE-2025-8194 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2007-1 Released: Wed Jun 18 16:03:17 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105 This update for libzypp, zypper fixes the following issues: - Fix credential handling in HEAD requests (bsc#1244105) - RepoInfo: use pathNameSetTrailingSlash - Fix wrong userdata parameter type when running zypp with debug verbosity (bsc#1239012) - Do not warn about no mirrors if mirrorlist was switched on automatically. (bsc#1243901) - Relax permission of cached packages to 0644 & ~umask (bsc#1243887) - Add a note to service maintained .repo file entries - Support using %{url} variable in a RIS service's repo section. - Use a cookie file to validate mirrorlist cache. This patch extends the mirrorlist code to use a cookie file to validate the contents of the cache against the source URL, making sure that we do not accidentially use a old cache when the mirrorlist url was changed. For example when migrating a system from one release to the next where the same repo alias might just have a different URL. - Let Service define and update gpgkey, mirrorlist and metalink. - Preserve a mirrorlist file in the raw cache during refresh. - Enable curl2 backend and parallel package download by default. Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off. - Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now primarily uses gpgKeyUrl information from the repo files and only falls back to a automatically generated key Url if a gpgKeyUrl was not specified. - Introduce mirrors into the Media backends (bsc#1240132) - Drop MediaMultiCurl backend. - Throttle progress updates when preloading packages (bsc#1239543) - Check if request is in valid state in CURL callbacks - spec/CMake: add conditional build '--with[out] classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin default for SUSE, otherwise it's single_rpmtrans. The `enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed from the spec file. Accordingly the CMake option ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed. - BuildRequires: libzypp-devel >= 17.37.0. - Use libzypp improvements for preload and mirror handling. - xmlout.rnc: Update repo-element (bsc#1241463) Add the 'metalink' attribute and reflect that the 'url' elements list may in fact be empty, if no baseurls are defined in the .repo files. - man: update --allow-unsigned-rpm description. Explain how to achieve the same for packages provided by repositories. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2167-1 Released: Mon Jun 30 09:14:40 2025 Summary: Security update for glib2 Type: security Severity: important References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052 This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596). - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2244-1 Released: Tue Jul 8 10:44:02 2025 Summary: Security update for systemd Type: security Severity: moderate References: 1242827,1243935,CVE-2025-4598 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: - logs-show: get timestamp and boot ID only when necessary (bsc#1242827). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2259-1 Released: Wed Jul 9 17:18:02 2025 Summary: Recommended update for gpg2 Type: security Severity: low References: 1236931,1239119,1239817,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119). Other bugfixes: - Do not install expired sks certificate (bsc#1243069). - gpg hangs when importing a key (bsc#1236931). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2558-1 Released: Wed Jul 30 22:14:27 2025 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: 1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672 This update for libsolv fixes the following issues: - Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM (bsc#1243457). - implement color filtering when adding update targets. - support orderwithrequires dependencies in susedata.xml. - Fix SEGV in MediaDISK handler (bsc#1245452). - Fix evaluation of libproxy results (bsc#1244710). - Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes (bsc#1230267). - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. - Enhancements with mirror handling during repo refresh, needs zypper 1.14.91. - Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042) There was no testcase written for the very first solver run. - zypper does not allow distinctions between install and upgrade in %postinstall (bsc#1243279). - Ignore DeltaRpm download errors, in case of a failure the full rpm is downloaded (bsc#1245672). - Improve fix for incorrect filesize handling and download data exceeded errors on HTTP responses (bsc#1245220). - sh: Reset solver options after command (bsc#1245496). - BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34 is required (bsc#1243486). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2536-1 Released: Thu Jul 31 16:44:39 2025 Summary: Security update for boost Type: security Severity: important References: 1245936,CVE-2016-9840 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2921-1 Released: Tue Aug 19 16:54:12 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1218459,1245220,1245985,1246038,1246149,1246466,1247054,1247690 This update for libzypp, zypper fixes the following issues: - Fix evaluation of libproxy results (bsc#1247690) - Replace URL variables inside mirrorlist/metalink files - Append RepoInfo::path() to the mirror URLs in Preloader (bsc#1247054) - During installation indicate the backend being used (bsc#1246038) If some package actually needs to know, it should test for ZYPP_CLASSIC_RPMTRANS being set in the environment. Otherwise the transaction is driven by librpm. - Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459) - Verbose log libproxy results if PX_DEBUG=1 is set. - BuildRequires: cmake >= 3.17. - Allow explicit request to probe an added repo's URL (bsc#1246466) - Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 - Add runtime check for a broken rpm-4.18.0 --runpostrans (bsc#1246149) - Add regression test for (bsc#1245220) and some other filesize related tests. - Fix addrepo to handle explicit --check and --no-check requests (bsc#1246466) - Accept 'show' as alias for 'info' (bsc#1245985) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - glibc-2.38-150600.14.37.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - perl-base-5.26.1-150300.17.20.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libglib-2_0-0-2.78.6-150600.4.16.1 updated - libudev1-254.27-150600.4.43.3 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libcurl4-8.14.1-150600.4.28.1 updated - coreutils-8.32-150400.9.9.1 updated - gpg2-2.4.4-150600.3.9.1 updated - pam-1.3.0-150000.6.86.1 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libzypp-17.37.18-150600.3.82.1 updated - zypper-1.14.94-150600.10.52.1 updated - curl-8.14.1-150600.4.28.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - container:sles15-image-15.6.0-47.24.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 14:05:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:05:38 +0100 (CET) Subject: SUSE-CU-2025:7775-1: Security update of suse/manager/5.0/x86_64/proxy-squid Message-ID: <20251030140538.1B63CF780@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7775-1 Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.5.1 , suse/manager/5.0/x86_64/proxy-squid:5.0.5.1.7.26.1 , suse/manager/5.0/x86_64/proxy-squid:latest Container Release : 7.26.1 Severity : important Type : security References : 1229655 1230262 1232234 1232526 1237442 1238491 1239566 1239938 1240058 1240788 1241219 1241549 1243226 1243767 1243991 1244050 1244079 1244509 1244554 1244555 1244557 1244590 1244700 1246221 1246296 1246597 1246965 1247144 1247148 1250232 CVE-2024-10041 CVE-2025-3576 CVE-2025-40909 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-5278 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6170 CVE-2025-6965 CVE-2025-7425 CVE-2025-8058 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2027-1 Released: Thu Jun 19 17:15:41 2025 Summary: Security update for perl Type: security Severity: moderate References: 1244079,CVE-2025-40909 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2314-1 Released: Tue Jul 15 14:34:08 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2758-1 Released: Tue Aug 12 12:05:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - glibc-2.38-150600.14.37.1 updated - libsasl2-3-2.1.28-150600.7.6.2 updated - perl-base-5.26.1-150300.17.20.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - coreutils-8.32-150400.9.9.1 updated - pam-1.3.0-150000.6.86.1 updated - container:sles15-image-15.6.0-47.24.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 14:05:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:05:45 +0100 (CET) Subject: SUSE-CU-2025:7776-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20251030140545.CF6F1F780@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7776-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.5.1 , suse/manager/5.0/x86_64/proxy-ssh:5.0.5.1.7.26.1 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 7.26.1 Severity : important Type : security References : 1221107 1230262 1232234 1232526 1233012 1233012 1237442 1238491 1239566 1239938 1240058 1240788 1241219 1241549 1243226 1243273 1243767 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244509 1244705 1246221 1246570 1246597 1246697 1246965 1247144 1247148 1247249 1249584 1250232 1250232 831629 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2025-3576 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-5278 CVE-2025-59375 CVE-2025-6018 CVE-2025-6020 CVE-2025-6069 CVE-2025-6965 CVE-2025-8058 CVE-2025-8194 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2447-1 Released: Mon Jul 21 16:45:25 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - glibc-2.38-150600.14.37.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libudev1-254.27-150600.4.43.3 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libgcrypt20-1.10.3-150600.3.9.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - coreutils-8.32-150400.9.9.1 updated - pam-1.3.0-150000.6.86.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - libsystemd0-254.27-150600.4.43.3 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - container:sles15-image-15.6.0-47.24.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 14:05:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:05:53 +0100 (CET) Subject: SUSE-CU-2025:7777-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20251030140553.75145F780@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7777-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.5.1 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.5.1.7.26.1 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 7.26.1 Severity : important Type : security References : 1230262 1232526 1233012 1233012 1233012 1233012 1233012 1233012 1237442 1238491 1239566 1239938 1240058 1240788 1241219 1241549 1243273 1243767 1243991 1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244705 1244925 1245573 1246570 1246597 1246697 1246965 1247144 1247148 1247249 1249584 1250232 1250232 831629 CVE-2024-12718 CVE-2025-3576 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-50181 CVE-2025-5278 CVE-2025-59375 CVE-2025-6069 CVE-2025-6297 CVE-2025-6965 CVE-2025-8058 CVE-2025-8194 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2237-1 Released: Mon Jul 7 14:59:13 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: This update for openssl-3 fixes the following issues: - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2362-1 Released: Fri Jul 18 11:07:24 2025 Summary: Security update for coreutils Type: security Severity: moderate References: 1243767,CVE-2025-5278 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - glibc-2.38-150600.14.37.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - coreutils-8.32-150400.9.9.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-six-1.14.0-150200.15.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-py-1.10.0-150100.5.15.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - python3-requests-2.25.1-150300.3.18.1 updated - container:sles15-image-15.6.0-47.24.1 updated From sle-container-updates at lists.suse.com Thu Oct 30 14:15:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:15:39 +0100 (CET) Subject: SUSE-CU-2025:7778-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20251030141539.7FAF2F780@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7778-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.5.1 , suse/manager/5.0/x86_64/server-attestation:5.0.5.1.6.30.2 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 6.30.2 Severity : important Type : security References : 1227577 1230262 1231150 1231157 1232526 1237442 1238491 1239566 1239938 1240058 1240788 1241549 1242601 1243869 1243991 1244050 1245573 1246197 1246277 1246421 1246439 1246575 1246580 1246584 1246595 1246597 1246598 1246965 1247144 1247148 1248085 1248252 1248252 1249191 1249348 1249367 1250232 1250911 1251263 CVE-2024-12224 CVE-2025-10148 CVE-2025-30749 CVE-2025-30754 CVE-2025-30761 CVE-2025-3416 CVE-2025-50059 CVE-2025-50106 CVE-2025-53192 CVE-2025-53192 CVE-2025-53880 CVE-2025-53883 CVE-2025-6297 CVE-2025-6965 CVE-2025-8058 CVE-2025-9086 CVE-2025-9187 CVE-2025-9230 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2666-1 Released: Mon Aug 4 14:35:30 2025 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1246575,1246580,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-30761,CVE-2025-50059,CVE-2025-50106 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-30761: Improve scripting supports (bsc#1246580) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-8026976: ECParameters, Point does not match field size + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8231058: VerifyOops crashes with assert(_offset >= 0) failed: offset for non comment? + JDK-8232625: HttpClient redirect policy should be more conservative + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8301753: AppendFile/WriteFile has differences between make 3.81 and 4+ + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8328957: Update PKCS11Test.java to not use hardcoded path + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345625: Better HTTP connections + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8348110: Update LCMS to 2.17 + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349594: Enhance TLS protocol support + JDK-8350469: [11u] Test AbsPathsInImage.java fails - JDK-8239429 public clone + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350991: Improve HTTP client header handling + JDK-8351099: Bump update version of OpenJDK: 11.0.28 + JDK-8351422: Improve scripting supports + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3285-1 Released: Sun Sep 21 11:18:05 2025 Summary: Security update for mybatis, ognl Type: security Severity: important References: 1248252,CVE-2025-53192 This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: * Bug fixes: + Improved performance under JDK 8. #2223 Version update to 3.5.8: * List of changes: + Avoid NullPointerException when mapping an empty string to java.lang.Character. #2368 + Fixed an incorrect argument when initializing static object. This resolves a compatibility issue with quarkus-mybatis. #2284 + Performance improvements. #2297 #2335 #2340 Version update to 3.5.9: * List of changes: + Add nullable to . If enabled, it skips the iteration when the collection is null instead of throwing an exception. To enable this feature globally, set nullableOnForEach=true in the config. #1883 Version update to 3.5.10: * Bug fixes: + Unexpected illegal reflective access warning (or InaccessibleObjectException on Java 16+) when calling method in OGNL expression. #2392 + IllegalAccessException when auto-mapping Records (JEP-359) #2195 + 'interrupted' status is not set when PooledConnection#getConnection() is interrupted. #2503 * Enhancements: + A new option argNameBasedConstructorAutoMapping is added. If enabled, constructor argument names are used to look up columns when auto-mapping. #2192 + Added a new property skipSetAutoCommitOnClose to JdbcTransactionFactory. Skipping setAutoCommit() call could improve performance with some drivers. #2426 + can now be listed after in . #2541 Version update to 3.5.11: * Bug fixes: + OGNL could throw IllegalArgumentException when invoking inherited method. #2609 + returnInstanceForEmptyRow is not applied to constructor auto-mapping. #2665 Version update to 3.5.12 * User impactful changes + #2703 Referencing collection parameter by name fails fixing #2693 + #2709 Fix a race condition caused by other threads calling mapper methods while mapped tables are being constructed + #2727 Enable ability to provide custom configuration to XMLConfigBuilder + #2731 Adding mapper could fail under JPMS + #2741 Add 'affectedData' attribute to @select, @SelectProvider, and + #2767 Resolve resultType by namespace and id when not provided resultType and resultMap + #2804 Search readable property when resolving constructor arg type by name + Minor correction: 'boolean' can never be null (primative) + General library updates + Uses parameters option for compiler now (needed by spring boot 3) (for reflection needs) * Code cleanup + #2816 Use open rewrite to partially cleanup java code + #2817 Add private constructors per open rewrite + #2819 Add final where appropriate per open rewrite + #2825 Cleanup if statement breaks / return logic + #2826 Eclipse based cleanup * Build + #2820 Remove test ci group profile in favor of more direct usage on GH-Actions and update deprecated surefire along in overview in README.md + Adjustments to build so shaded ognl and javassist no longer throw warnings + Build with jdk 21-ea as well now + Various test cleanup, updates, and additions + Turn on auto formatting of all java code including note to contributors on readme to skip formatting when necessary in code blocks + Tests may use jdk 11 now while retaining jdk 8 runtime + Pom cleanup / better clarification on parameters * Documentation + Various documentation updates Version update to 3.5.13: * Bug fix: + Unable to resolve result type when the target property has a getter with different return type #2834 Version update to 3.5.14: * Bug fixes: + Registered type handler is not used for anonymous enums #2956 + Discriminator does not work in constructor mapping #2913 Version update to 3.5.15: * Changes + XNode#toString() should output all child nodes. See #3001 and associated tickets on this issue + Fix performance of mappedColumnNames.contains by using 'set' rather than 'list'. See #3023 + Fix osgi issue with javassist. See #3031 + Updated shaded OGNL to 3.4.2. See #3035 + Add support method for generating dynamic sql on SQL class. See #2887 + General library updates + General document updates * Build + We now show builds from java 11, 17, 21, and 22 on Github Actions. Code is still java 8 compatible at this time. + Update vulnerable hsqldb to 2.7.2 fixing our tests that now work due to newer support. Note, users were never affected by this but at least one user pull request was attempted opened in addition to both renovate and dependabot and various reporting on it. + Now using more properties to define versions in pom to lower the frequency of pull requests from renovate Version update to 3.5.16: * Security: + Prevent Invocation from being used by vulnerable applications. #3115 * Bugs: + When database ID resolution is failed, invalid bound statement is used. #3040 * Enhancements: + It is now possible to write a custom map wrapper to customize how to map column name with dots or brackets. #13 #3062 * Performance: + Improved compatibility with Virtual Threads introduced by Loom. + Reduced memory footprint when performing the default (i.e. order based) constructor auto-mapping. #3113 * Build: + Include the shaded libraries (OGNL and Javassist) in the sources.jar. Version update to 3.5.17: * Bugs: + VendorDatabaseIdProvider#getDatabaseId() should return product name when properties is empty #3297 + Update NClobTypeHandler to use methods for national character set #3298 * Enhancements: + Allow DefaultSqlSessionFactory to provide a custom SqlSession #3128 Version update to 3.5.18: * Regressions + Fixed issue in 3.5.17 #3334 * New + Ignore empty xnode per #3349 + Share expression validator #3339 + Throw helpful error instead of IndexOutOfBoundsException (automapping) #3327 + Optimize mapper builder #3252 * Tests + Add TransactionFactory, Transaction test cases #3277 * Build + Reworked pom to match current java 17 build usage + Moved all tests to newer java standards + Cleaned up github actions + Run 'site' branch only on release commits Version update to 3.5.19: * Revert Regression introduced by #3349. - Initial packaging with version 3.4.7 ognl replaces the EOLed apache-commons-ognl that has an unpatched security bug (bsc#1248252, CVE-2025-53192) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3300-1 Released: Tue Sep 23 11:03:41 2025 Summary: Security update for vim Type: security Severity: moderate References: 1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim???s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim???s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3333-1 Released: Wed Sep 24 08:55:10 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1233421,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3371-1 Released: Fri Sep 26 13:41:03 2025 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1237595 This update for sysconfig fixes the following issues: - Update to version 0.85.10 - codespell run for all repository files and changes file - spec: define permissions for ghost file attrs to avoid rpm --restore resets them to 0 (bsc#1237595). - spec: fix name-repeated-in-summary rpmlint warning ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3372-1 Released: Fri Sep 26 13:42:10 2025 Summary: Recommended update for iproute2 Type: recommended Severity: important References: 1243005,1248660 This update for iproute2 fixes the following issues: - add post-6.4 follow-up fixes (bsc#1243005) - sync UAPI header copies with SLE15-SP6 kernel - devlink: support ipsec_crypto and ipsec_packet cap (bsc#1248660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3431-1 Released: Tue Sep 30 15:51:12 2025 Summary: Recommended update for bind Type: recommended Severity: important References: 1230649 This update for bind fixes the following issues: - ensure file descriptors 0-2 are in use before using libuv (bsc#1230649) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3487-1 Released: Wed Oct 8 08:17:19 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1249088 This update for grub2 fixes the following issues: - Fix boot hangs in setting up serial console when ACPI SPCR table is present and redirection is disabled (bsc#1249088) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3591-1 Released: Mon Oct 13 15:33:33 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1230267,1246912,1250343 This update for libzypp, zypper fixes the following issues: - runposttrans: strip root prefix from tmppath (bsc#1250343) - fixup! Make ld.so ignore the subarch packages during install (bsc#1246912) - Make ld.so ignore the subarch packages during install (bsc#1246912) - Fixed `bash-completion`: `zypper refresh` now ignores repository priority lines. - Changes to support building against restructured libzypp in stack build (bsc#1230267) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3612-1 Released: Thu Oct 16 06:04:17 2025 Summary: Security update for samba Type: security Severity: critical References: 1251279,1251280,CVE-2025-10230,CVE-2025-9640 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3623-1 Released: Thu Oct 16 16:36:00 2025 Summary: Recommended update for sudo Type: recommended Severity: important References: 1240954,1245743 This update for sudo fixes the following issues: - Fix loss of SSH connection does not propagate through sudo (bsc#1240954, bsc#1245743). If user's tty goes away, tell monitor to revoke the tty in its session. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:3746-1 Released: Thu Oct 23 10:33:56 2025 Summary: Optional update for perl packages Type: optional Severity: low References: 1244183 This update for perl packages fixes the following issues: - Add packages needed by products like openQA (bsc#1244183). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:3747-1 Released: Thu Oct 23 10:34:49 2025 Summary: Optional update for python-tempora Type: optional Severity: low References: 37681 This update for python-tempora fixes the following issue: - Use update-alternatives tempora binaries (bsc#1223694) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-3825 Released: Tue Oct 28 08:25:58 2025 Summary: Security update 5.0.5.1 for for Multi-Linux Manager Type: security Severity: important References: 1227577,1231150,1231157,1246277,1246421,1246439,1248085,1248252,1250911,CVE-2025-53192,CVE-2025-53880,CVE-2025-53883 Security update 5.0.5.1 for for Multi-Linux Manager: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - glibc-2.38-150600.14.37.1 updated - boost-license1_66_0-1.66.0-150200.12.7.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libxml2-2-2.10.3-150500.5.32.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libudev1-254.27-150600.4.43.3 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libboost_system1_66_0-1.66.0-150200.12.7.1 updated - libboost_thread1_66_0-1.66.0-150200.12.7.1 updated - libcurl4-8.14.1-150600.4.28.1 updated - pam-1.3.0-150000.6.86.1 updated - libsolv-tools-base-0.7.34-150600.8.17.2 updated - libzypp-17.37.18-150600.3.82.1 updated - zypper-1.14.94-150600.10.52.1 updated - curl-8.14.1-150600.4.28.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - systemd-presets-branding-SLE-15.1-150600.35.3.1 updated - systemd-254.27-150600.4.43.3 updated - krb5-1.20.1-150600.11.14.1 updated - glibc-locale-base-2.38-150600.14.37.1 updated - libarchive13-3.7.2-150600.3.17.1 updated - libatomic1-14.3.0+git11799-150000.1.11.1 updated - libavahi-common3-0.8-150600.15.9.1 updated - libbrotlienc1-1.0.7-150200.3.5.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - libgomp1-14.3.0+git11799-150000.1.11.1 updated - libitm1-14.3.0+git11799-150000.1.11.1 updated - liblmdb-0_9_30-0.9.30-150500.3.2.1 updated - liblsan0-14.3.0+git11799-150000.1.11.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libpq5-17.6-150600.13.16.1 updated - libquadmath0-14.3.0+git11799-150000.1.11.1 updated - libsolv-tools-0.7.34-150600.8.17.2 updated - libwayland-client0-1.22.0-150600.1.6 added - libxml2-tools-2.10.3-150500.5.32.1 updated - libyaml-0-2-0.1.7-150000.3.4.1 updated - release-notes-susemanager-5.0.5.1-150600.11.42.2 updated - sudo-1.9.15p5-150600.3.12.1 updated - systemd-rpm-macros-16-150000.7.42.1 updated - uyuni-config-modules-5.0.17-150600.3.22.1 updated - vim-data-common-9.1.1629-150500.20.33.1 updated - glibc-locale-2.38-150600.14.37.1 updated - libavahi-client3-0.8-150600.15.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.97.1 updated - python3-base-3.6.15-150300.10.97.1 updated - python3-3.6.15-150300.10.97.2 updated - python3-curses-3.6.15-150300.10.97.2 updated - postgresql16-16.10-150600.16.21.1 updated - bind-utils-9.18.33-150600.3.9.1 updated - iproute2-6.4-150600.7.9.1 updated - glibc-devel-2.38-150600.14.37.1 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - spacewalk-java-lib-5.0.28-150600.3.36.8 updated - vim-9.1.1629-150500.20.33.1 updated - perl-DBI-1.647.0-150600.12.6.1 updated - apache2-prefork-2.4.58-150600.5.35.1 updated - libgnutls30-3.8.3-150600.4.9.1 updated - sysconfig-0.85.10-150200.15.1 updated - sysconfig-netconfig-0.85.10-150200.15.1 updated - python3-zypp-plugin-0.6.5-150600.18.8.1 updated - python3-solv-0.7.34-150600.8.17.2 updated - python3-six-1.14.0-150200.15.1 updated - python3-pytz-2022.1-150300.3.9.1 updated - python3-pyparsing-2.4.7-150300.3.3.1 updated - python3-pycparser-2.17-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.8.1 updated - python3-more-itertools-8.10.0-150400.10.1 updated - python3-iniconfig-1.1.1-150000.1.13.1 updated - python3-idna-2.6-150000.3.6.1 updated - python3-defusedxml-0.6.0-1.42 added - python3-decorator-4.4.2-150200.7.6.1 updated - python3-chardet-3.0.4-150000.5.6.1 updated - python3-certifi-2018.1.18-150000.3.6.1 updated - python3-asn1crypto-0.24.0-150000.3.5.1 updated - python3-appdirs-1.4.3-150000.3.3.1 updated - python3-PyYAML-5.4.1-150300.3.6.1 updated - postgresql16-server-16.10-150600.16.21.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - perl-DBD-Pg-3.18.0-150600.14.6.1 updated - apache2-2.4.58-150600.5.35.1 updated - grub2-2.12-150600.8.37.1 updated - grub2-i386-pc-2.12-150600.8.37.1 updated - rsyslog-8.2406.0-150600.12.8.1 updated - salt-shaptools-0.3.19+git.1757602235.33fff4c-150200.3.15.1 updated - python3-python-dateutil-2.8.1-150300.3.3.1 updated - python3-tempora-1.8-150200.3.8.1 updated - python3-packaging-21.3-150200.3.6.1 updated - python3-cffi-1.13.2-150200.3.5.1 updated - python3-libxml2-2.10.3-150500.5.32.1 updated - python3-py-1.10.0-150100.5.15.1 updated - postgresql16-contrib-16.10-150600.16.21.1 updated - samba-client-libs-4.19.8+git.435.78ced6cf30d-150600.3.21.1 updated - libnm0-1.44.2-150600.3.4.1 updated - java-17-openjdk-headless-17.0.16.0-150400.3.57.1 updated - perl-HTML-Parser-3.830.0-150000.3.3.1 updated - susemanager-build-keys-15.5.3-150600.5.12.1 updated - grub2-x86_64-efi-2.12-150600.8.37.1 updated - grub2-powerpc-ieee1275-2.12-150600.8.37.1 updated - grub2-arm64-efi-2.12-150600.8.37.1 updated - python3-setuptools-44.1.1-150400.9.15.1 updated - spacewalk-backend-sql-postgresql-5.0.15-150600.4.20.9 updated - typelib-1_0-NM-1_0-1.44.2-150600.3.4.1 updated - tomcat-servlet-4_0-api-9.0.108-150200.91.1 updated - tomcat-el-3_0-api-9.0.108-150200.91.1 updated - apache-commons-lang3-3.18.0-150200.3.12.1 updated - java-17-openjdk-17.0.16.0-150400.3.57.1 updated - spacewalk-base-minimal-5.0.22-150600.3.30.10 updated - susemanager-build-keys-web-15.5.3-150600.5.12.1 updated - python3-cryptography-3.3.2-150400.26.1 updated - tomcat-jsp-2_3-api-9.0.108-150200.91.1 updated - ognl-3.4.7-150200.5.3.1 added - javamail-1.6.2-150200.3.7.1 updated - netty-4.1.126-150200.4.34.1 updated - python3-firewall-2.0.1-150600.3.12.1 updated - spacewalk-base-minimal-config-5.0.22-150600.3.30.10 updated - python3-pyOpenSSL-21.0.0-150400.10.1 updated - tomcat-lib-9.0.108-150200.91.1 updated - mybatis-3.5.19-150200.5.9.1 updated - firewalld-2.0.1-150600.3.12.1 updated - python3-urllib3-1.25.10-150300.4.18.1 updated - python3-rhnlib-5.0.5-150600.4.6.4 updated - python3-requests-2.25.1-150300.3.18.1 updated - spacewalk-backend-5.0.15-150600.4.20.9 updated - spacewalk-base-5.0.22-150600.3.30.10 updated - spacewalk-search-5.0.5-150600.3.9.2 updated - fence-agents-4.13.1+git.1704296072.32469f29-150600.3.22.1 updated - spacewalk-backend-sql-5.0.15-150600.4.20.9 updated - tomcat-9.0.108-150200.91.1 updated - spacewalk-backend-server-5.0.15-150600.4.20.9 updated - susemanager-sls-5.0.17-150600.3.22.1 updated - spacewalk-java-postgresql-5.0.28-150600.3.36.8 updated - spacewalk-java-config-5.0.28-150600.3.36.8 updated - spacewalk-backend-xmlrpc-5.0.15-150600.4.20.9 updated - spacewalk-backend-xml-export-libs-5.0.15-150600.4.20.9 updated - spacewalk-backend-package-push-server-5.0.15-150600.4.20.9 updated - spacewalk-backend-iss-5.0.15-150600.4.20.9 updated - spacewalk-backend-app-5.0.15-150600.4.20.9 updated - saltboot-formula-0.1.1750679229.f368550-150600.3.9.2 updated - spacewalk-html-5.0.22-150600.3.30.10 updated - spacewalk-taskomatic-5.0.28-150600.3.36.8 updated - spacewalk-java-5.0.28-150600.3.36.8 updated - spacewalk-backend-iss-export-5.0.15-150600.4.20.9 updated - spacewalk-backend-tools-5.0.15-150600.4.20.9 updated - container:suse-manager-5.0-init-5.0.5.1-5.0.5.1-7.24.10 added - apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 removed - container:suse-manager-5.0-init-5.0.5-5.0.5-7.21.12 removed From sle-container-updates at lists.suse.com Thu Oct 30 14:24:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 Oct 2025 15:24:16 +0100 (CET) Subject: SUSE-CU-2025:7794-1: Security update of suse/multi-linux-manager/5.1/x86_64/server Message-ID: <20251030142416.C7D44F780@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7794-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server:5.1.1 , suse/multi-linux-manager/5.1/x86_64/server:5.1.1.8.7.1 , suse/multi-linux-manager/5.1/x86_64/server:latest Container Release : 8.7.1 Severity : critical Type : security References : 1212476 1216545 1218588 1218664 1221107 1229825 1230262 1230267 1230649 1230959 1231748 1232234 1232326 1232526 1233012 1233012 1233012 1233012 1233012 1233012 1233421 1234959 1237143 1237442 1237595 1238491 1239566 1239618 1239938 1240058 1240788 1240882 1240954 1241211 1241219 1241549 1241880 1243005 1243197 1243273 1243331 1243486 1243611 1243704 1243895 1243991 1244027 1244032 1244050 1244056 1244059 1244060 1244061 1244061 1244127 1244183 1244183 1244183 1244219 1244270 1244272 1244273 1244279 1244336 1244401 1244424 1244488 1244552 1244553 1244705 1244705 1244925 1244925 1245099 1245120 1245199 1245323 1245541 1245573 1245702 1245743 1245938 1245939 1245942 1245943 1245946 1246068 1246081 1246100 1246113 1246157 1246169 1246197 1246221 1246231 1246232 1246233 1246237 1246267 1246277 1246296 1246299 1246302 1246303 1246305 1246306 1246307 1246318 1246320 1246373 1246388 1246389 1246397 1246421 1246428 1246477 1246522 1246553 1246570 1246575 1246584 1246595 1246597 1246598 1246602 1246604 1246654 1246663 1246697 1246789 1246835 1246873 1246882 1246906 1246912 1246934 1246965 1246974 1247144 1247148 1247249 1247249 1247688 1247836 1247938 1247939 1247991 1248085 1248119 1248119 1248120 1248120 1248122 1248122 1248174 1248252 1248252 1248660 1248804 1249059 1249088 1249116 1249134 1249191 1249348 1249367 1249375 1249434 1249584 1250232 1250232 1250343 1250911 1251263 1251264 1251278 1251279 1251280 831629 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2024-42516 CVE-2024-43204 CVE-2024-47252 CVE-2024-52615 CVE-2024-56738 CVE-2024-8176 CVE-2025-10148 CVE-2025-10230 CVE-2025-23048 CVE-2025-27613 CVE-2025-27614 CVE-2025-30749 CVE-2025-30754 CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-3576 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-48924 CVE-2025-48989 CVE-2025-49125 CVE-2025-49630 CVE-2025-49812 CVE-2025-50059 CVE-2025-50106 CVE-2025-50181 CVE-2025-50181 CVE-2025-52434 CVE-2025-52520 CVE-2025-53020 CVE-2025-53192 CVE-2025-53192 CVE-2025-53506 CVE-2025-53880 CVE-2025-53905 CVE-2025-53906 CVE-2025-55157 CVE-2025-55158 CVE-2025-55163 CVE-2025-58056 CVE-2025-58057 CVE-2025-5914 CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 CVE-2025-59375 CVE-2025-6069 CVE-2025-6069 CVE-2025-6297 CVE-2025-6395 CVE-2025-6965 CVE-2025-7425 CVE-2025-7962 CVE-2025-8058 CVE-2025-8114 CVE-2025-8194 CVE-2025-8194 CVE-2025-8277 CVE-2025-8713 CVE-2025-8713 CVE-2025-8714 CVE-2025-8714 CVE-2025-8715 CVE-2025-8715 CVE-2025-9086 CVE-2025-9187 CVE-2025-9230 CVE-2025-9230 CVE-2025-9640 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2512-1 Released: Thu Jul 24 11:10:40 2025 Summary: Recommended update for libvirt Type: recommended Severity: moderate References: 1244488,1245541 This update for libvirt fixes the following issues: - qemu: Fix NVRAM image conversion check (bsc#1245541) - qemu: Avoid crash in qemuDomainCheckCPU with unknown host CPU - cpu: Do not call g_strv_contains on NULL list - qemu: Be more forgiving when acquiring QUERY job when formatting domain XML - qemu: Fix failure when reverting to internal snapshots (bsc#1244488) - Add support for 'sparse' save image format - Add support for parallel save and restore - Improve VM Suspend and Resume Performance (jsc#PED-12599) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2543-1 Released: Tue Jul 29 11:09:01 2025 Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 Type: recommended Severity: moderate References: 1233012 This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2548-1 Released: Wed Jul 30 09:45:22 2025 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1245323,1246373 This update for perl-Bootloader fixes the following issues: - avoid spurious warning messages when parsing /etc/default/grub (bsc#1246373, bsc#1245323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2566-1 Released: Thu Jul 31 09:18:44 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2572-1 Released: Thu Jul 31 11:11:10 2025 Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp Type: recommended Severity: moderate References: 1233012 This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2573-1 Released: Thu Jul 31 11:15:06 2025 Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six Type: recommended Severity: moderate References: 1233012 This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2574-1 Released: Thu Jul 31 11:19:37 2025 Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools Type: recommended Severity: moderate References: 1233012 This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2580-1 Released: Thu Jul 31 13:53:43 2025 Summary: Recommended update for firewalld Type: recommended Severity: moderate References: 1246100 This update for firewalld fixes the following issues: - Do not recommend python311-firewalld (bsc#1246100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2585-1 Released: Fri Aug 1 09:22:26 2025 Summary: Recommended update for fence-agents Type: recommended Severity: moderate References: This update for fence-agents fixes the following issues: - Activate checks - Adding new fence agent for Nutanix AHV (jsc#PED-13087) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2595-1 Released: Fri Aug 1 17:13:59 2025 Summary: Security update for gnutls Type: security Severity: important References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2617-1 Released: Mon Aug 4 09:04:59 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1246296,CVE-2025-7425 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2667-1 Released: Mon Aug 4 14:37:23 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246575,1246584,1246595,1246598,CVE-2025-30749,CVE-2025-30754,CVE-2025-50059,CVE-2025-50106 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU): - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-4850101: Setting mnemonic to VK_F4 underlines the letter S in a button. + JDK-5074006: Swing JOptionPane shows tag as a string after newline + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't move selection on next cell in JTable on Aqua L&F + JDK-8042134: JOptionPane bungles HTML messages + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8077371: Binary files in JAXP test should be removed + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8196465: javax/swing/JComboBox/8182031/ComboPopupTest.java fails on Linux + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8218474: JComboBox display issue with GTKLookAndFeel + JDK-8224267: JOptionPane message string with 5000+ newlines produces StackOverflowError + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8251505: Use of types in compiler shared code should be consistent. + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8254786: java/net/httpclient/CancelRequestTest.java failing intermittently + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8269516: AArch64: Assembler cleanups + JDK-8271419: Refactor test code for modifying CDS archive contents + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8277983: Remove unused fields from sun.net.www.protocol.jar.JarURLConnection + JDK-8279884: Use better file for cygwin source permission check + JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java timeouts on Windows 11 + JDK-8280468: Crashes in getConfigColormap, getConfigVisualId, XVisualIDFromVisual on Linux + JDK-8280820: Clean up bug8033699 and bug8075609.java tests: regtesthelpers aren't used + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/ /FullscreenWindowProps.java fails on Windows 10 with HiDPI screen + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8286925: Move JSON parser used in JFR tests to test library + JDK-8287352: DockerTestUtils::execute shows incorrect elapsed time + JDK-8287801: Fix test-bugs related to stress flags + JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java: setFloating does not work correctly + JDK-8290162: Reset recursion counter missed in fix of JDK-8224267 + JDK-8292064: Convert java/lang/management/MemoryMXBean shell tests to java version + JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java #Epsilon-64 failed assertGreaterThanOrEqual: expected MMM >= NNN + JDK-8294038: Remove 'Classpath' exception from javax/swing tests + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295470: Update openjdk.java.net => openjdk.org URLs in test code + JDK-8295670: Remove duplication in java/util/Formatter/Basic*.java + JDK-8295804: javax/swing/JFileChooser/JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream + JDK-8296167: test/langtools/tools/jdeps/jdkinternals/ /ShowReplacement.java failing after JDK-8296072 + JDK-8296920: Regression Test DialogOrient.java fails on MacOS + JDK-8297173: usageTicks and totalTicks should be volatile to ensure that different threads get the latest ticks + JDK-8297242: Use-after-free during library unloading on Linux + JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/ /btree012.java failed with 'fatal error: refcount has gone to zero' + JDK-8298147: Clang warns about pointless comparisons + JDK-8298248: Limit sscanf output width in cgroup file parsers + JDK-8298709: Fix typos in src/java.desktop/ and various test classes of client component + JDK-8298730: Refactor subsystem_file_line_contents and add docs and tests + JDK-8300645: Handle julong values in logging of GET_CONTAINER_INFO macros + JDK-8300658: memory_and_swap_limit() reporting wrong values on systems with swapaccount=0 + JDK-8302226: failure_handler native.core should wait for coredump to finish + JDK-8303549: [AIX] TestNativeStack.java is failing with exit value 1 + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in remote X11 sessions + JDK-8306997: C2: 'malformed control flow' assert due to missing safepoint on backedge with a switch + JDK-8307318: Test serviceability/sa/ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/ /GetScreenInsetsCustomGC.java failed with 'Cannot invoke 'sun.awt.X11GraphicsDevice.getInsets()' because 'device' is null' + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8312246: NPE when HSDB visits bad oop + JDK-8314120: Add tests for FileDescriptor.sync + JDK-8314236: Overflow in Collections.rotate + JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java fails intermittently on Linux + JDK-8314320: Mark runtime/CommandLine/ tests as flagless + JDK-8314828: Mark 3 jcmd command-line options test as vm.flagless + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315721: CloseRace.java#id0 fails transiently on libgraal + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316156: ByteArrayInputStream.transferTo causes MaxDirectMemorySize overflow + JDK-8316228: jcmd tests are broken by 8314828 + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316451: 6 java/lang/instrument/PremainClass tests ignore VM flags + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316460: 4 javax/management tests ignore VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8318962: Update ProcessTools javadoc with suggestions in 8315097 + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319578: Few java/lang/instrument ignore test.java.opts and accept test.vm.opts only + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321713: Harmonize executeTestJvm with create[Limited]TestJavaProcessBuilder + JDK-8321718: ProcessTools.executeProcess calls waitFor before logging + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343205: CompileBroker::possibly_add_compiler_threads excessively polls available memory + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked tate + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime error: division by zero + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347576: Error output in libjsound has non matching format strings + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347911: Limit the length of inflated text chunks + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349039: Adjust exception No type named in database + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails java.lang.NoClassDefFoundError + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350540: [17u,11u] B8312065.java fails Network is unreachable + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16 + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/BlockDeviceSize.java test manual + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/TimestampCheck.java is failing + JDK-8352649: [17u] guarantee(is_result_safe || is_in_asgct()) failed inside AsyncGetCallTrace + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353714: [17u] Backport of 8347740 incomplete + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354554: Open source several clipboard tests batch1 + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8361674: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2672-1 Released: Mon Aug 4 15:06:13 2025 Summary: Security update for sqlite3 Type: security Severity: important References: 1246597,CVE-2025-6965 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2685-1 Released: Mon Aug 4 17:08:00 2025 Summary: Security update for apache2 Type: security Severity: important References: 1246169,1246302,1246303,1246305,1246306,1246307,1246477,CVE-2024-42516,CVE-2024-43204,CVE-2024-47252,CVE-2025-23048,CVE-2025-49630,CVE-2025-49812,CVE-2025-53020 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2714-1 Released: Wed Aug 6 11:36:56 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - triggers.systemd: skip update of hwdb, journal-catalog if executed during an offline update. - systemd-repart is no more considered as experimental (jsc#PED-13213) - Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2717-1 Released: Wed Aug 6 15:39:46 2025 Summary: Security update for python311 Type: security Severity: important References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2719-1 Released: Thu Aug 7 05:38:32 2025 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1221107,1246934,CVE-2024-2236 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2730-1 Released: Fri Aug 8 06:51:35 2025 Summary: Recommended update for perl-DBD-Pg Type: recommended Severity: moderate References: 1244183 This update for perl-DBD-Pg fixes the following issues: - Dependency submission for the openQA stack (bsc#1244183) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2731-1 Released: Fri Aug 8 06:51:47 2025 Summary: Recommended update for perl-DBI Type: recommended Severity: moderate References: 1244183 This update for perl-DBI fixes the following issues: - Dependency submission for the openQA stack (bsc#1244183) - Updated to 1.647.0 (1.647) * Remove 'experimental' tag from statistics_info * RT tickets moved to github issues (rwfranks++) * Fix install issue ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2734-1 Released: Fri Aug 8 10:05:10 2025 Summary: Security update for dpkg Type: security Severity: moderate References: 1245573,CVE-2025-6297 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2735-1 Released: Fri Aug 8 10:06:06 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2761-1 Released: Tue Aug 12 14:17:29 2025 Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa Type: recommended Severity: moderate References: 1233012 This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues: - Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:2763-1 Released: Tue Aug 12 14:45:40 2025 Summary: Optional update for libyaml Type: optional Severity: moderate References: 1246570 This update for libyaml ships the missing libyaml-0-2 library package to SUSE MicroOS 5.1 and 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2776-1 Released: Wed Aug 13 08:10:36 2025 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1237143 This update for systemd-rpm-macros fixes the following issues: - Introduce %udev_trigger_with_reload() for packages that need to trigger events in theirs scriplets. The new macro automatically triggers a reload of the udev rule files as this step is often overlooked by packages (bsc#1237143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2778-1 Released: Wed Aug 13 08:45:57 2025 Summary: Security update for python3 Type: security Severity: important References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2813-1 Released: Fri Aug 15 14:53:07 2025 Summary: Recommended update for grub2 Type: security Severity: moderate References: 1234959,1246157,1246231,1246237,CVE-2024-56738 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2818-1 Released: Fri Aug 15 14:56:21 2025 Summary: Security update for apache-commons-lang3 Type: security Severity: moderate References: 1246397,CVE-2025-48924 This update for apache-commons-lang3 fixes the following issues: - Update to version 3.18.0 - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. (bsc#1246397) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2890-1 Released: Tue Aug 19 09:54:32 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2985-1 Released: Mon Aug 25 15:55:03 2025 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1244925,CVE-2025-50181 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2986-1 Released: Tue Aug 26 12:41:07 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3012-1 Released: Fri Aug 29 02:07:38 2025 Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML Type: security Severity: important References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3024-1 Released: Fri Aug 29 14:40:10 2025 Summary: Security update for tomcat Type: security Severity: important References: 1243895,1246318,1246388,1246389,CVE-2025-48989,CVE-2025-49125,CVE-2025-52434,CVE-2025-52520,CVE-2025-53506 This update for tomcat fixes the following issues: Updated to 9.0.108: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) - CVE-2025-52434: Fixed race condition on connection close when using the APR/Native connector leading to a JVM crash (bsc#1246389) - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset (bsc#1243895) Other: - Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3025-1 Released: Fri Aug 29 14:42:18 2025 Summary: Security update for javamail Type: security Severity: moderate References: 1246873,CVE-2025-7962 This update for javamail fixes the following issues: - Update to version 1.6.2 - CVE-2025-7962: Fixed an improper neutralization of \r and \n UTF-8 characters can lead to SMTP injection (bsc#1246873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3066-1 Released: Thu Sep 4 08:37:17 2025 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1244553,1246835 This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysstat_collect.timer and sysstat_summary.timer (bsc#1244553, bsc#1246835). - Modified default SLE presets. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:3094-1 Released: Mon Sep 8 11:46:41 2025 Summary: Optional update for NetworkManager Type: optional Severity: low References: 1246113 This update for NetworkManager fixes the following issue - Add NetworkManager-wwan to SLE-Module-Desktop-Applications_15-SP7 (bsc#1246113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3114-1 Released: Tue Sep 9 12:35:12 2025 Summary: Security update for netty, netty-tcnative Type: security Severity: important References: 1247991,1249116,1249134,CVE-2025-55163,CVE-2025-58056,CVE-2025-58057 This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.126. Security issues fixed: - CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can cause a denial of service (bsc#1249134). - CVE-2025-58056: incorrect parsing of chunk extensions can lead to request smuggling (bsc#1249116). - CVE-2025-55163: 'MadeYouReset' denial of serivce attack in the HTTP/2 protocol (bsc#1247991). Other issues fixed: - Fixes from version 4.1.126 * Fix IllegalReferenceCountException on invalid upgrade response. * Drop unknown frame on missing stream. * Don't try to handle incomplete upgrade request. * Update to netty-tcnative 2.0.73Final. - Fixes from version 4.1.124 * Fix NPE and AssertionErrors when many tasks are scheduled and cancelled. * HTTP2: Http2ConnectionHandler should always use Http2ConnectionEncoder. * Epoll: Correctly handle UDP packets with source port of 0. * Fix netty-common OSGi Import-Package header. * MqttConnectPayload.toString() includes password. - Fixes from version 4.1.123 * Fix chunk reuse bug in adaptive allocator. * More accurate adaptive memory usage accounting. * Introduce size-classes for the adaptive allocator. * Reduce magazine proliferation eagerness. * Fix concurrent ByteBuffer access issue in AdaptiveByteBuf.getBytes. * Fix possible buffer corruption caused by incorrect setCharSequence(...) implementation. * AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes() to take writerIndex() into account. * Optimize capacity bumping for adaptive ByteBufs. * AbstractDnsRecord: equals() and hashCode() to ignore name field's case. * Backport Unsafe guards. * Guard recomputed offset access with hasUnsafe. * HTTP2: Always produce a RST frame on stream exception. * Correct what artifacts included in netty-bom. - Fixes from version 4.1.122 * DirContextUtils.addNameServer(...) should just catch Exception internally. * Make public API specify explicit maxAllocation to prevent OOM. * Fix concurrent ByteBuf write access bug in adaptive allocator. * Fix transport-native-kqueue Bundle-SymbolicNames. * Fix resolver-dns-native-macos Bundle-SymbolicNames. * Always correctly calculate the memory address of the ByteBuf even if sun.misc.Unsafe is not usable. * Upgrade lz4 dependencies as the old version did not correctly handle ByteBuffer that have an arrayOffset > 0. * Optimize ByteBuf.setCharSequence for adaptive allocator. * Kqueue: Fix registration failure when fd is reused. * Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as level. * Ensure OpenSsl.availableJavaCipherSuites does not contain null values. * Always prefer direct buffers for pooled allocators if not explicit disabled. * Update to netty-tcnative 2.0.72.Final. * Re-enable sun.misc.Unsafe by default on Java 24+. * Kqueue: Delay removal from registration map to fix noisy warnings. - Fixes from version 4.1.121 * Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch amd64. * Fix transport-native-epoll Bundle-SymbolicNames. - Fixes from version 4.1.120 * Fix flawed termination condition check in HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for current InterfaceHttpData. * Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and decoderEnforceMaxRstFramesPerWindow. * ThreadExecutorMap must restore old EventExecutor. * Make Recycler virtual thread friendly. * Disable sun.misc.Unsafe by default on Java 24+. * Adaptive: Correctly enforce leak detection when using AdaptiveByteBufAllocator. * Add suppressed exception to original cause when calling Future.sync*. * Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2 settings. * Correct computation for suboptimal chunk retirement probability. * Fix bug in method AdaptivePoolingAllocator.allocateWithoutLock(...). * Fix a Bytebuf leak in TcpDnsQueryDecoder. * SSL: Clear native error if named group is not supported. * WebSocketClientCompressionHandler shouldn't claim window bits support when jzlib is not available. * Fix the assignment error of maxQoS parameter in ConnAck Properties. - Fixes from version 4.1.119 * Replace SSL assertion with explicit record length check. * Fix NPE when upgrade message fails to aggregate. * SslHandler: Fix possible NPE when executor is used for delegating. * Consistently add channel info in HTTP/2 logs. * Add QueryStringDecoder option to leave '+' alone. * Use initialized BouncyCastle providers when available. - Fix pom.xml errors that will be fatal with Maven 4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3132-1 Released: Wed Sep 10 13:54:02 2025 Summary: Recommended update for salt and Python dependencies Type: recommended Severity: moderate References: This update for salt and Python dependencies fixes the following issues: - Implementation of python311-salt package and required Python 3.11 dependencies on SUSE Linux Enterprise 15 SP4 (no source changes) (jsc#PED-13283) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:3134-1 Released: Wed Sep 10 14:22:55 2025 Summary: Feature update for salt and Python dependencies Type: feature Severity: moderate References: This update for salt and Python dependencies fixes the following issues: - Implementation of python311-salt and missing required Python 3.11 dependencies on the following SUSE Linux Enterprise 15 SP4 Products (no source changes) (jsc#PED-13283): * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 LTSS and ESPOS ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3005-1 Released: Thu Sep 11 12:21:40 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715 This update for postgresql16 fixes the following issues: Upgraded to 16.10: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3216-1 Released: Mon Sep 15 08:37:40 2025 Summary: Recommended update for Type: recommended Severity: important References: 1246081 This update for fixes the following issues: - Add lmdb binary into Basesystem 15-SP6 and 15-SP7 (bsc#1246081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3228-1 Released: Mon Sep 15 14:51:02 2025 Summary: Recommended update for console-setup, kbd Type: recommended Severity: important References: 1246522 This update for console-setup and kbd fixes the following issues: console-setup: - Fix unicode check (bsc#1246522) kbd: - Improve error message on unsupported unicode value ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3239-1 Released: Tue Sep 16 19:04:00 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: expat was updated to version 2.7.1: - Bug fixes: - Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext - Other changes: - Fix printf format specifiers for 32bit Emscripten - docs: Promote OpenSSF Best Practices self-certification - tests/benchmark: Resolve mistaken double close - Address compiler warnings - Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Version update to 2.7.0 (CVE-2024-8176, bsc#1239618, jsc#PED-12507) * Security fixes: - CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: - docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 - docs: Document need for C++11 compiler for use from C++ - Address Cppcheck warnings - Mass-migrate links from http:// to https:// - Document changes since the previous release - Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3241-1 Released: Wed Sep 17 08:28:28 2025 Summary: Recommended update for salt-shaptools Type: recommended Severity: important References: 1248174 This update for salt-shaptools fixes the following issues: - Fix crmsh import usage using crm binary python version. This enables salt modules/states correct usage when the Salt Bundle is used (bsc#1248174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3285-1 Released: Sun Sep 21 11:18:05 2025 Summary: Security update for mybatis, ognl Type: security Severity: important References: 1248252,CVE-2025-53192 This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: * Bug fixes: + Improved performance under JDK 8. #2223 Version update to 3.5.8: * List of changes: + Avoid NullPointerException when mapping an empty string to java.lang.Character. #2368 + Fixed an incorrect argument when initializing static object. This resolves a compatibility issue with quarkus-mybatis. #2284 + Performance improvements. #2297 #2335 #2340 Version update to 3.5.9: * List of changes: + Add nullable to . If enabled, it skips the iteration when the collection is null instead of throwing an exception. To enable this feature globally, set nullableOnForEach=true in the config. #1883 Version update to 3.5.10: * Bug fixes: + Unexpected illegal reflective access warning (or InaccessibleObjectException on Java 16+) when calling method in OGNL expression. #2392 + IllegalAccessException when auto-mapping Records (JEP-359) #2195 + 'interrupted' status is not set when PooledConnection#getConnection() is interrupted. #2503 * Enhancements: + A new option argNameBasedConstructorAutoMapping is added. If enabled, constructor argument names are used to look up columns when auto-mapping. #2192 + Added a new property skipSetAutoCommitOnClose to JdbcTransactionFactory. Skipping setAutoCommit() call could improve performance with some drivers. #2426 + can now be listed after in . #2541 Version update to 3.5.11: * Bug fixes: + OGNL could throw IllegalArgumentException when invoking inherited method. #2609 + returnInstanceForEmptyRow is not applied to constructor auto-mapping. #2665 Version update to 3.5.12 * User impactful changes + #2703 Referencing collection parameter by name fails fixing #2693 + #2709 Fix a race condition caused by other threads calling mapper methods while mapped tables are being constructed + #2727 Enable ability to provide custom configuration to XMLConfigBuilder + #2731 Adding mapper could fail under JPMS + #2741 Add 'affectedData' attribute to @select, @SelectProvider, and + #2767 Resolve resultType by namespace and id when not provided resultType and resultMap + #2804 Search readable property when resolving constructor arg type by name + Minor correction: 'boolean' can never be null (primative) + General library updates + Uses parameters option for compiler now (needed by spring boot 3) (for reflection needs) * Code cleanup + #2816 Use open rewrite to partially cleanup java code + #2817 Add private constructors per open rewrite + #2819 Add final where appropriate per open rewrite + #2825 Cleanup if statement breaks / return logic + #2826 Eclipse based cleanup * Build + #2820 Remove test ci group profile in favor of more direct usage on GH-Actions and update deprecated surefire along in overview in README.md + Adjustments to build so shaded ognl and javassist no longer throw warnings + Build with jdk 21-ea as well now + Various test cleanup, updates, and additions + Turn on auto formatting of all java code including note to contributors on readme to skip formatting when necessary in code blocks + Tests may use jdk 11 now while retaining jdk 8 runtime + Pom cleanup / better clarification on parameters * Documentation + Various documentation updates Version update to 3.5.13: * Bug fix: + Unable to resolve result type when the target property has a getter with different return type #2834 Version update to 3.5.14: * Bug fixes: + Registered type handler is not used for anonymous enums #2956 + Discriminator does not work in constructor mapping #2913 Version update to 3.5.15: * Changes + XNode#toString() should output all child nodes. See #3001 and associated tickets on this issue + Fix performance of mappedColumnNames.contains by using 'set' rather than 'list'. See #3023 + Fix osgi issue with javassist. See #3031 + Updated shaded OGNL to 3.4.2. See #3035 + Add support method for generating dynamic sql on SQL class. See #2887 + General library updates + General document updates * Build + We now show builds from java 11, 17, 21, and 22 on Github Actions. Code is still java 8 compatible at this time. + Update vulnerable hsqldb to 2.7.2 fixing our tests that now work due to newer support. Note, users were never affected by this but at least one user pull request was attempted opened in addition to both renovate and dependabot and various reporting on it. + Now using more properties to define versions in pom to lower the frequency of pull requests from renovate Version update to 3.5.16: * Security: + Prevent Invocation from being used by vulnerable applications. #3115 * Bugs: + When database ID resolution is failed, invalid bound statement is used. #3040 * Enhancements: + It is now possible to write a custom map wrapper to customize how to map column name with dots or brackets. #13 #3062 * Performance: + Improved compatibility with Virtual Threads introduced by Loom. + Reduced memory footprint when performing the default (i.e. order based) constructor auto-mapping. #3113 * Build: + Include the shaded libraries (OGNL and Javassist) in the sources.jar. Version update to 3.5.17: * Bugs: + VendorDatabaseIdProvider#getDatabaseId() should return product name when properties is empty #3297 + Update NClobTypeHandler to use methods for national character set #3298 * Enhancements: + Allow DefaultSqlSessionFactory to provide a custom SqlSession #3128 Version update to 3.5.18: * Regressions + Fixed issue in 3.5.17 #3334 * New + Ignore empty xnode per #3349 + Share expression validator #3339 + Throw helpful error instead of IndexOutOfBoundsException (automapping) #3327 + Optimize mapper builder #3252 * Tests + Add TransactionFactory, Transaction test cases #3277 * Build + Reworked pom to match current java 17 build usage + Moved all tests to newer java standards + Cleaned up github actions + Run 'site' branch only on release commits Version update to 3.5.19: * Revert Regression introduced by #3349. - Initial packaging with version 3.4.7 ognl replaces the EOLed apache-commons-ognl that has an unpatched security bug (bsc#1248252, CVE-2025-53192) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3804-1 Released: Mon Oct 27 12:35:04 2025 Summary: Security update for mozilla-nss Type: security Severity: important References: 1251263,CVE-2025-9187 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3839-1 Released: Tue Oct 28 15:41:20 2025 Summary: Maintenance update for Multi-Linux Manager 5.1.1 Type: security Severity: important References: 1229825,1240882,1241880,1243331,1243486,1243611,1243704,1244027,1244127,1244219,1244424,1244552,1245099,1245120,1245702,1246068,1246277,1246320,1246421,1246553,1246654,1246663,1246789,1246882,1246906,1247688,1247836,1248085,1248252,1248804,1249059,1249434,1250911,1251278,CVE-2025-53192,CVE-2025-53880 Maintenance update for Multi-Linux Manager 5.1.1: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - glibc-2.38-150600.14.37.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libsqlite3-0-3.50.2-150000.3.33.1 updated - libgcc_s1-14.3.0+git11799-150000.1.11.1 updated - libstdc++6-14.3.0+git11799-150000.1.11.1 updated - libopenssl3-3.2.3-150700.5.21.1 updated - libgcrypt20-1.11.0-150700.5.7.1 updated - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - openssl-3-3.2.3-150700.5.21.1 updated - bash-4.4-150400.27.6.1 updated - libfreebl3-3.112.2-150400.3.60.1 updated - update-alternatives-1.19.0.4-150000.4.7.1 updated - libsystemd0-254.27-150600.4.43.3 updated - mozilla-nss-certs-3.112.2-150400.3.60.1 updated - mozilla-nss-3.112.2-150400.3.60.1 updated - libsoftokn3-3.112.2-150400.3.60.1 updated - java-17-openjdk-headless-17.0.16.0-150400.3.57.1 added - ognl-3.4.7-150200.5.3.1 added - mybatis-3.5.19-150200.5.9.1 updated - uyuni-java-common-5.1.5-150700.3.5.2 updated - uyuni-coco-attestation-core-5.1.5-150700.3.5.2 updated - uyuni-coco-attestation-module-snpguest-5.1.5-150700.3.5.2 updated - uyuni-coco-attestation-module-secureboot-5.1.5-150700.3.5.2 updated - container:bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated - apache-commons-ognl-4.0~20191021git51cf8f4-150200.5.7.6 removed - java-11-openjdk-headless-11.0.27.0-150000.3.125.1 removed - libglib-2_0-0-2.78.6-150600.4.16.1 removed - libgraphite2-3-1.3.14-150600.1.5 removed - libharfbuzz0-8.3.0-150600.1.3 removed From sle-container-updates at lists.suse.com Fri Oct 31 08:04:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:04:36 +0100 (CET) Subject: SUSE-CU-2025:7799-1: Security update of containers/open-webui Message-ID: <20251031080436.72E7EF780@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7799-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.38 Container Release : 12.38 Severity : important Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libxslt1-1.1.34-150400.3.13.1 updated - container:registry.suse.com-bci-bci-base-15.6-f74ef9ec04860ce6d64c6a0557b0176c37f22cf1484dff9da1ac0f0b5c04b082-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:08:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:08:32 +0100 (CET) Subject: SUSE-IU-2025:3539-1: Security update of suse/sle-micro/5.5 Message-ID: <20251031080832.965ABF780@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3539-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.394 , suse/sle-micro/5.5:latest Image Release : 5.5.394 Severity : important Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libxslt1-1.1.34-150400.3.13.1 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:10:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:10:42 +0100 (CET) Subject: SUSE-CU-2025:7803-1: Security update of private-registry/harbor-nginx Message-ID: <20251031081042.4D92EF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7803-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.68 , private-registry/harbor-nginx:latest Container Release : 2.68 Severity : important Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libxslt1-1.1.34-150400.3.13.1 updated - container:suse-sle15-15.6-f74ef9ec04860ce6d64c6a0557b0176c37f22cf1484dff9da1ac0f0b5c04b082-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:10:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:10:48 +0100 (CET) Subject: SUSE-CU-2025:7804-1: Security update of private-registry/harbor-portal Message-ID: <20251031081048.D94AFF780@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7804-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-3.34 , private-registry/harbor-portal:latest Container Release : 3.34 Severity : important Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libxslt1-1.1.34-150400.3.13.1 updated - container:suse-sle15-15.6-f74ef9ec04860ce6d64c6a0557b0176c37f22cf1484dff9da1ac0f0b5c04b082-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:17:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:17:15 +0100 (CET) Subject: SUSE-CU-2025:7806-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251031081715.ECE95F778@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7806-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.81 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.81 Severity : important Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libxslt1-1.1.34-150400.3.13.1 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:18:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:18:57 +0100 (CET) Subject: SUSE-IU-2025:3540-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251031081857.CB038F778@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3540-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.25 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.25 Severity : important Type : recommended References : 1241957 1248586 1252217 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 323 Released: Thu Oct 30 09:16:08 2025 Summary: Recommended update for sqlite3 Type: recommended Severity: important References: 1241957,1248586,1252217 This update for sqlite3 fixes the following issues: - Add a %license file (bsc#1252217). - Fix icu-enabled build (bsc#1248586). - Fix two long-standings cases of the use of uninitialized variables in obscure circumstances. - Fix a possible memory error that can occur if a query is made against FTS5 index that has been deliberately corrupted in a very specific way. - Fix the parser so that it ignored SQL comments in all places of a CREATE TRIGGER statement. This resolves a problem that was introduced by the introduction of the SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0. - Fix an incorrect answer due to over-optimization of an AND operator. The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.65 updated - libsqlite3-0-3.50.4-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.46 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:30:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:30:20 +0100 (CET) Subject: SUSE-CU-2025:7817-1: Security update of suse/mariadb Message-ID: <20251031083020.5E887F778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7817-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.14 , suse/mariadb:10.11.14-75.1 Container Release : 75.1 Severity : important Type : security References : 1241219 1245199 1249584 CVE-2025-3576 CVE-2025-59375 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libexpat1-2.7.1-150400.3.31.1 updated - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.6-f74ef9ec04860ce6d64c6a0557b0176c37f22cf1484dff9da1ac0f0b5c04b082-0 updated - container:registry.suse.com-bci-bci-micro-15.6-3e70642eea783640a56f57853c00e8cfbb8ef429906e8655c53c3ddeb843c644-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:34:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:34:39 +0100 (CET) Subject: SUSE-CU-2025:7822-1: Recommended update of bci/bci-busybox Message-ID: <20251031083439.20D7FF778@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7822-1 Container Tags : bci/bci-busybox:15.7 , bci/bci-busybox:15.7-15.2 , bci/bci-busybox:latest Container Release : 15.2 Severity : moderate Type : recommended References : 1247779 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3861-1 Released: Thu Oct 30 12:09:39 2025 Summary: Recommended update for busybox Type: recommended Severity: moderate References: 1247779 This update for busybox fixes the following issues: - Fix adduser inside containers on an SELinux host (bsc#1247779): - Don't throw debug info away during build, let RPM separate it afterwards The following package changes have been done: - busybox-adduser-1.37.0-150700.12.5.1 updated - busybox-attr-1.37.0-150700.12.5.1 updated - busybox-bc-1.37.0-150700.12.5.1 updated - busybox-bind-utils-1.37.0-150700.12.5.1 updated - busybox-bzip2-1.37.0-150700.12.5.1 updated - busybox-coreutils-1.37.0-150700.12.5.1 updated - busybox-cpio-1.37.0-150700.12.5.1 updated - busybox-diffutils-1.37.0-150700.12.5.1 updated - busybox-dos2unix-1.37.0-150700.12.5.1 updated - busybox-ed-1.37.0-150700.12.5.1 updated - busybox-findutils-1.37.0-150700.12.5.1 updated - busybox-gawk-1.37.0-150700.12.5.1 updated - busybox-grep-1.37.0-150700.12.5.1 updated - busybox-gzip-1.37.0-150700.12.5.1 updated - busybox-hexedit-1.37.0-150700.12.5.1 updated - busybox-hostname-1.37.0-150700.12.5.1 updated - busybox-iproute2-1.37.0-150700.12.5.1 updated - busybox-iputils-1.37.0-150700.12.5.1 updated - busybox-kbd-1.37.0-150700.12.5.1 updated - busybox-less-1.37.0-150700.12.5.1 updated - busybox-links-1.37.0-150700.12.5.1 updated - busybox-man-1.37.0-150700.12.5.1 updated - busybox-misc-1.37.0-150700.12.5.1 updated - busybox-ncurses-utils-1.37.0-150700.12.5.1 updated - busybox-net-tools-1.37.0-150700.12.5.1 updated - busybox-netcat-1.37.0-150700.12.5.1 updated - busybox-patch-1.37.0-150700.12.5.1 updated - busybox-policycoreutils-1.37.0-150700.12.5.1 updated - busybox-procps-1.37.0-150700.12.5.1 updated - busybox-psmisc-1.37.0-150700.12.5.1 updated - busybox-sed-1.37.0-150700.12.5.1 updated - busybox-selinux-tools-1.37.0-150700.12.5.1 updated - busybox-sendmail-1.37.0-150700.12.5.1 updated - busybox-sha3sum-1.37.0-150700.12.5.1 updated - busybox-sharutils-1.37.0-150700.12.5.1 updated - busybox-sh-1.37.0-150700.12.5.1 updated - busybox-syslogd-1.37.0-150700.12.5.1 updated - busybox-sysvinit-tools-1.37.0-150700.12.5.1 updated - busybox-tar-1.37.0-150700.12.5.1 updated - busybox-telnet-1.37.0-150700.12.5.1 updated - busybox-tftp-1.37.0-150700.12.5.1 updated - busybox-time-1.37.0-150700.12.5.1 updated - busybox-traceroute-1.37.0-150700.12.5.1 updated - busybox-tunctl-1.37.0-150700.12.5.1 updated - busybox-udhcpc-1.37.0-150700.12.5.1 updated - busybox-unzip-1.37.0-150700.12.5.1 updated - busybox-util-linux-1.37.0-150700.12.5.1 updated - busybox-vi-1.37.0-150700.12.5.1 updated - busybox-vlan-1.37.0-150700.12.5.1 updated - busybox-wget-1.37.0-150700.12.5.1 updated - busybox-which-1.37.0-150700.12.5.1 updated - busybox-whois-1.37.0-150700.12.5.1 updated - busybox-xz-1.37.0-150700.12.5.1 updated - busybox-1.37.0-150700.18.7.1 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:34:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:34:49 +0100 (CET) Subject: SUSE-CU-2025:7823-1: Recommended update of suse/git Message-ID: <20251031083449.D363DF778@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7823-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-64.14 , suse/git:latest Container Release : 64.14 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:35:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:35:05 +0100 (CET) Subject: SUSE-CU-2025:7824-1: Security update of bci/golang Message-ID: <20251031083505.5DB5AF778@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7824-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-78.10 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-78.10 Container Release : 78.10 Severity : important Type : security References : 1241219 1245199 1251264 CVE-2025-3576 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - libcurl4-8.14.1-150700.7.2.1 updated - curl-8.14.1-150700.7.2.1 updated - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:35:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:35:48 +0100 (CET) Subject: SUSE-CU-2025:7827-1: Security update of suse/nginx Message-ID: <20251031083548.A3E7CF778@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7827-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-65.11 , suse/nginx:latest Container Release : 65.11 Severity : important Type : security References : 1250553 1251979 CVE-2025-10911 CVE-2025-11731 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libxslt1-1.1.34-150400.3.13.1 updated - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:36:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:36:18 +0100 (CET) Subject: SUSE-CU-2025:7829-1: Security update of bci/openjdk-devel Message-ID: <20251031083618.8E573F778@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7829-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-16.13 , bci/openjdk-devel:latest Container Release : 16.13 Severity : important Type : security References : 1245199 1246806 1252414 1252417 1252418 CVE-2025-53057 CVE-2025-53066 CVE-2025-61748 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3859-1 Released: Wed Oct 29 16:10:22 2025 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1246806,1252414,1252417,1252418,CVE-2025-53057,CVE-2025-53066,CVE-2025-61748 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). - CVE-2025-61748: Fixed unauthenticated attacker can achive unauthorized update, insert or delete access to some resources (bsc#1252418). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - java-21-openjdk-headless-21.0.9.0-150600.3.18.2 updated - java-21-openjdk-21.0.9.0-150600.3.18.2 updated - java-21-openjdk-devel-21.0.9.0-150600.3.18.2 updated - container:bci-openjdk-21-15.7.21-15.5 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:36:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:36:27 +0100 (CET) Subject: SUSE-CU-2025:7830-1: Security update of suse/postgres Message-ID: <20251031083627.DF046F778@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7830-1 Container Tags : suse/postgres:17 , suse/postgres:17.6 , suse/postgres:17.6 , suse/postgres:17.6-69.4 , suse/postgres:latest Container Release : 69.4 Severity : important Type : security References : 1241219 1245199 CVE-2025-3576 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:36:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:36:36 +0100 (CET) Subject: SUSE-CU-2025:7831-1: Security update of suse/mariadb Message-ID: <20251031083636.A086BF778@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7831-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-66.4 , suse/mariadb:latest Container Release : 66.4 Severity : important Type : security References : 1241219 1245199 1249396 1250232 CVE-2025-3576 CVE-2025-9230 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3635-1 Released: Fri Oct 17 16:33:06 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3694-1 Released: Tue Oct 21 07:48:19 2025 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: 1249396 This update for mariadb fixes the following issues: - Read config files when doing mysql_upgrade (bsc#1249396) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - mariadb-errormessages-11.8.3-150700.3.6.1 updated - libopenssl1_1-1.1.1w-150700.11.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - mariadb-tools-11.8.3-150700.3.6.1 updated - mariadb-client-11.8.3-150700.3.6.1 updated - mariadb-11.8.3-150700.3.6.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:36:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:36:49 +0100 (CET) Subject: SUSE-CU-2025:7832-1: Security update of suse/rmt-server Message-ID: <20251031083649.21696F778@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7832-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-76.11 , suse/rmt-server:latest Container Release : 76.11 Severity : important Type : security References : 1241219 1245199 1250553 1251979 CVE-2025-10911 CVE-2025-11731 CVE-2025-3576 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - libxslt1-1.1.34-150400.3.13.1 updated - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:37:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:37:06 +0100 (CET) Subject: SUSE-CU-2025:7833-1: Recommended update of bci/ruby Message-ID: <20251031083706.6375CF778@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7833-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-18.4 Container Release : 18.4 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - xz-5.4.1-150600.3.3.1 added - container:registry.suse.com-bci-bci-base-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:37:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:37:54 +0100 (CET) Subject: SUSE-CU-2025:7836-1: Recommended update of suse/stunnel Message-ID: <20251031083754.18B02F778@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7836-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-67.14 , suse/stunnel:latest Container Release : 67.14 Severity : important Type : recommended References : 1245199 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated From sle-container-updates at lists.suse.com Fri Oct 31 08:38:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 Oct 2025 09:38:06 +0100 (CET) Subject: SUSE-CU-2025:7837-1: Security update of suse/kiosk/xorg Message-ID: <20251031083806.D6D7BF778@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:7837-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-70.4 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 70.4 Severity : important Type : security References : 1241219 1245199 1250304 1251958 1251959 1251960 CVE-2025-3576 CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:3726-1 Released: Wed Oct 22 14:43:43 2025 Summary: Optional update for llvm19 Type: optional Severity: low References: 1250304 This update for llvm19 fixes the following issues: - Add llvm19-devel to Dev. Tools, no source changes. (bsc#1250304) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3865-1 Released: Thu Oct 30 14:40:10 2025 Summary: Security update for xorg-x11-server Type: security Severity: important References: 1251958,1251959,1251960,CVE-2025-62229,CVE-2025-62230,CVE-2025-62231 This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958) - Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959) - Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960) The following package changes have been done: - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libLLVM19-19.1.7-150700.3.6.1 updated - krb5-1.20.1-150600.11.14.1 updated - xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 updated - xorg-x11-server-21.1.15-150700.5.11.1 updated - container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated - container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated