From sle-container-updates at lists.suse.com Tue Feb 3 08:13:49 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:13:49 +0100 (CET) Subject: SUSE-IU-2026:628-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20260203081349.A1A9EFCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:628-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.88 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.88 Severity : moderate Type : recommended References : 1249435 1257068 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 568 Released: Mon Feb 2 11:13:32 2026 Summary: Recommended update for libzypp, libsolv Type: recommended Severity: moderate References: 1249435,1257068 This update for libzypp, libsolv fixes the following issues: libsolv was udpated to 0.7.35: - fixed rare crash in the handling of allowuninstall in combination with forcebest updates - new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency libzypp was updated to 17.38.2: - Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. - Fix runtime check for broken rpm --runposttrans (bsc#1257068) - Avoid libcurl-mini4 when building as it does not support ftp protocol. - Translation: updated .pot file. - zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. - cmake: correctly detect rpm6 (fixes #689) - Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) - zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) The following package changes have been done: - libsolv-tools-base-0.7.35-1.1 updated - libzypp-17.38.2-1.1 updated - container:suse-toolbox-image-1.0.0-9.61 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:07:20 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:07:20 +0100 (CET) Subject: SUSE-IU-2026:625-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260203080720.14EC9FD85@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:625-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.451 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.451 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.46.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.235 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:05:50 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:05:50 +0100 (CET) Subject: SUSE-IU-2026:624-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260203080550.F3724FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:624-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.235 , suse/sle-micro/base-5.5:latest Image Release : 5.8.235 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:359-1 Released: Mon Feb 2 10:54:54 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.46.1 updated - openssl-1_1-1.1.1l-150500.17.46.1 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:20:19 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:20:19 +0100 (CET) Subject: SUSE-CU-2026:587-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20260203082019.CB183FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:587-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.61 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.61 Severity : moderate Type : recommended References : 1232211 1246912 1249435 1250343 1257068 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 124 Released: Mon Feb 3 10:11:47 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1232211,1246912,1250343 This update for elemental-operator contains the following fixes: - Update to version 1.6.6: * Do not include Config to MachineRegistration as pointer. (bsc#1232211) * Align values.yaml and questions.yaml. ----------------------------------------------------------------- Advisory ID: 568 Released: Mon Feb 2 11:13:32 2026 Summary: Recommended update for libzypp, libsolv Type: recommended Severity: moderate References: 1249435,1257068 This update for libzypp, libsolv fixes the following issues: libsolv was udpated to 0.7.35: - fixed rare crash in the handling of allowuninstall in combination with forcebest updates - new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency libzypp was updated to 17.38.2: - Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. - Fix runtime check for broken rpm --runposttrans (bsc#1257068) - Avoid libcurl-mini4 when building as it does not support ftp protocol. - Translation: updated .pot file. - zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. - cmake: correctly detect rpm6 (fixes #689) - Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) - zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) The following package changes have been done: - libsolv-tools-base-0.7.35-1.1 updated - libzypp-17.38.2-1.1 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:20:45 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:20:45 +0100 (CET) Subject: SUSE-IU-2026:631-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260203082045.85EA5FCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:631-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.34 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.34 Severity : moderate Type : security References : 1236217 1238572 1257049 1257353 1257354 1257355 CVE-2025-22870 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 235 Released: Tue Mar 11 12:10:55 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1238572,1257049,1257353,1257354,1257355,CVE-2025-22870,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for go1.24 fixes the following issues: - go1.24.1 (released 2025-03-04) includes security fixes to the net/http, x/net/proxy, and x/net/http/httpproxy packages, as well as bug fixes to the compiler, the runtime, the go command and the crypto, debug, os and reflect packages. ( bsc#1236217 ) CVE-2025-22870 * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js The following package changes have been done: - typelib-1_0-GLib-2_0-2.84.4-160000.2.1 updated - typelib-1_0-GObject-2_0-2.84.4-160000.2.1 updated - typelib-1_0-GModule-2_0-2.84.4-160000.2.1 updated - typelib-1_0-Gio-2_0-2.84.4-160000.2.1 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:20:46 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:20:46 +0100 (CET) Subject: SUSE-IU-2026:632-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260203082046.805C3FCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:632-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.35 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.35 Severity : moderate Type : recommended References : 1232024 1256829 1256830 1256831 1256832 1256833 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257274 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 237 Released: Tue Mar 11 15:12:04 2025 Summary: Recommended update for amazon-dracut-config Type: recommended Severity: moderate References: 1232024,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for amazon-dracut-config fixes the following issues: - Initial release for amazon-dracut config on Micro 6.0: Already include the following fixes: - Update to 0.0.4: + Move dracut config files to usr/lib/ dir - Update to 0.0.3: + Add provides and conflicts on generic name dracut-instance-change-config - Update to 0.0.2: + Rename config for nvme for consistency + Add dracut build requirement - Initial release v0.0.1 (PED-11572) The following package changes have been done: - libopenssl3-3.5.0-160000.5.1 updated - libglib-2_0-0-2.84.4-160000.2.1 updated - libgobject-2_0-0-2.84.4-160000.2.1 updated - libgmodule-2_0-0-2.84.4-160000.2.1 updated - libgio-2_0-0-2.84.4-160000.2.1 updated - glib2-tools-2.84.4-160000.2.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-ae3514d0b84fd71a2430abd3bf6e671516a25b3cde81072842e48c11b68cefc8-0 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:25:14 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:25:14 +0100 (CET) Subject: SUSE-IU-2026:639-1: Recommended update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260203082514.4ABFEFCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:639-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.26 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.26 Severity : moderate Type : recommended References : 1205462 1214285 1220338 1229228 1231048 1232227 1232844 1233752 1234015 1234313 1234765 1243112 1245193 1247500 1250388 1252046 1252861 1253155 1253238 1253262 1253365 1253400 1253413 1253414 1253442 1253458 1253623 1253674 1253739 1254126 1254128 1254195 1254244 1254363 1254378 1254408 1254477 1254510 1254518 1254519 1254520 1254615 1254616 1254618 1254621 1254624 1254791 1254793 1254794 1254795 1254796 1254797 1254798 1254808 1254809 1254813 1254815 1254821 1254824 1254825 1254827 1254828 1254829 1254830 1254832 1254835 1254840 1254843 1254846 1254847 1254849 1254850 1254851 1254852 1254854 1254856 1254858 1254860 1254861 1254864 1254868 1254869 1254871 1254894 1254957 1254959 1254961 1254964 1254996 1255026 1255030 1255034 1255035 1255039 1255040 1255041 1255042 1255057 1255058 1255064 1255065 1255068 1255071 1255072 1255075 1255077 1255081 1255082 1255083 1255087 1255092 1255094 1255095 1255097 1255099 1255103 1255116 1255120 1255121 1255122 1255124 1255131 1255134 1255135 1255136 1255138 1255140 1255142 1255145 1255146 1255149 1255150 1255152 1255154 1255155 1255156 1255161 1255167 1255169 1255171 1255175 1255179 1255181 1255182 1255186 1255187 1255190 1255193 1255196 1255197 1255199 1255202 1255203 1255206 1255209 1255218 1255220 1255221 1255223 1255226 1255227 1255228 1255230 1255231 1255233 1255234 1255242 1255243 1255246 1255247 1255251 1255252 1255253 1255255 1255256 1255259 1255260 1255261 1255262 1255272 1255273 1255274 1255276 1255279 1255297 1255312 1255316 1255318 1255325 1255329 1255346 1255349 1255351 1255354 1255357 1255377 1255379 1255380 1255395 1255401 1255415 1255428 1255433 1255434 1255480 1255483 1255488 1255489 1255493 1255495 1255505 1255507 1255508 1255509 1255533 1255541 1255550 1255552 1255553 1255567 1255580 1255601 1255603 1255611 1255614 1255672 1255688 1255698 1255706 1255707 1255709 1255722 1255723 1255724 1255812 1255813 1255814 1255816 1255931 1255932 1255934 1255943 1255944 1256238 1256495 1256606 1256794 CVE-2025-38704 CVE-2025-39880 CVE-2025-39977 CVE-2025-40042 CVE-2025-40123 CVE-2025-40130 CVE-2025-40160 CVE-2025-40167 CVE-2025-40170 CVE-2025-40179 CVE-2025-40190 CVE-2025-40209 CVE-2025-40211 CVE-2025-40212 CVE-2025-40213 CVE-2025-40214 CVE-2025-40215 CVE-2025-40218 CVE-2025-40219 CVE-2025-40220 CVE-2025-40221 CVE-2025-40223 CVE-2025-40225 CVE-2025-40226 CVE-2025-40231 CVE-2025-40233 CVE-2025-40235 CVE-2025-40237 CVE-2025-40238 CVE-2025-40239 CVE-2025-40240 CVE-2025-40242 CVE-2025-40246 CVE-2025-40248 CVE-2025-40250 CVE-2025-40251 CVE-2025-40252 CVE-2025-40254 CVE-2025-40255 CVE-2025-40256 CVE-2025-40258 CVE-2025-40262 CVE-2025-40263 CVE-2025-40264 CVE-2025-40266 CVE-2025-40268 CVE-2025-40269 CVE-2025-40271 CVE-2025-40272 CVE-2025-40273 CVE-2025-40274 CVE-2025-40275 CVE-2025-40276 CVE-2025-40277 CVE-2025-40278 CVE-2025-40279 CVE-2025-40280 CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40287 CVE-2025-40288 CVE-2025-40289 CVE-2025-40292 CVE-2025-40293 CVE-2025-40294 CVE-2025-40297 CVE-2025-40301 CVE-2025-40302 CVE-2025-40303 CVE-2025-40304 CVE-2025-40307 CVE-2025-40308 CVE-2025-40309 CVE-2025-40310 CVE-2025-40311 CVE-2025-40314 CVE-2025-40315 CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40319 CVE-2025-40320 CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328 CVE-2025-40329 CVE-2025-40330 CVE-2025-40331 CVE-2025-40332 CVE-2025-40337 CVE-2025-40338 CVE-2025-40339 CVE-2025-40340 CVE-2025-40342 CVE-2025-40343 CVE-2025-40344 CVE-2025-40345 CVE-2025-40346 CVE-2025-40347 CVE-2025-40350 CVE-2025-40353 CVE-2025-40354 CVE-2025-40355 CVE-2025-40357 CVE-2025-40359 CVE-2025-40360 CVE-2025-40362 CVE-2025-68167 CVE-2025-68170 CVE-2025-68171 CVE-2025-68172 CVE-2025-68176 CVE-2025-68180 CVE-2025-68181 CVE-2025-68183 CVE-2025-68184 CVE-2025-68185 CVE-2025-68190 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68197 CVE-2025-68198 CVE-2025-68201 CVE-2025-68202 CVE-2025-68206 CVE-2025-68207 CVE-2025-68208 CVE-2025-68209 CVE-2025-68210 CVE-2025-68213 CVE-2025-68215 CVE-2025-68217 CVE-2025-68222 CVE-2025-68223 CVE-2025-68230 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238 CVE-2025-68239 CVE-2025-68242 CVE-2025-68244 CVE-2025-68249 CVE-2025-68252 CVE-2025-68254 CVE-2025-68255 CVE-2025-68256 CVE-2025-68257 CVE-2025-68258 CVE-2025-68259 CVE-2025-68264 CVE-2025-68283 CVE-2025-68284 CVE-2025-68285 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289 CVE-2025-68290 CVE-2025-68293 CVE-2025-68298 CVE-2025-68301 CVE-2025-68302 CVE-2025-68303 CVE-2025-68305 CVE-2025-68306 CVE-2025-68307 CVE-2025-68308 CVE-2025-68311 CVE-2025-68312 CVE-2025-68313 CVE-2025-68317 CVE-2025-68327 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331 CVE-2025-68332 CVE-2025-68335 CVE-2025-68339 CVE-2025-68340 CVE-2025-68342 CVE-2025-68343 CVE-2025-68344 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68351 CVE-2025-68352 CVE-2025-68353 CVE-2025-68354 CVE-2025-68362 CVE-2025-68363 CVE-2025-68378 CVE-2025-68380 CVE-2025-68724 CVE-2025-68732 CVE-2025-68736 CVE-2025-68740 CVE-2025-68742 CVE-2025-68744 CVE-2025-68746 CVE-2025-68747 CVE-2025-68748 CVE-2025-68749 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758 CVE-2025-68759 CVE-2025-68765 CVE-2025-68766 CVE-2025-71096 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1205462,1214285,1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765,1243112,1245193,1247500,1250388,1252046,1252861,1253155,1253238,1253262,1253365,1253400,1253413,1253414,1253442,1253458,1253623,1253674,1253739,1254126,1254128,1254195,1254244,1254363,1254378,1254408,1254477,1254510,1254518,1254519,1254520,1254615,1254616,1254618,1254621,1254624,1254791,1254793,1254794,1254795,1254796,1254797,1254798,1254808,1254809,1254813,1254815,1254821,1254824,1254825,1254827,1254828,1254829,1254830,1254832,1254835,1254840,1254843,1254846,1254847,1254849,1254850,1254851,1254852,1254854,1254856,1254858,1254860,1254861,1254864,1254868,1254869,1254871,1254894,1254957,1254959,1254961,1254964,1254996,1255026,1255030,1255034,1255035,1255039,1255040,1255041,1255042,1255057,1255058,1255064,1255065,1255068,1255071,1255072,1255075,1255077,1255081,1255082,1255083,1255087,1255092,1255094,1255095,1255097,1255099,1255103,1255116,1255120,1255121,1255122,1255124,1255131,1255134,1 255135,1255136,1255138,1255140,1255142,1255145,1255146,1255149,1255150,1255152,1255154,1255155,1255156,1255161,1255167,1255169,1255171,1255175,1255179,1255181,1255182,1255186,1255187,1255190,1255193,1255196,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255220,1255221,1255223,1255226,1255227,1255228,1255230,1255231,1255233,1255234,1255242,1255243,1255246,1255247,1255251,1255252,1255253,1255255,1255256,1255259,1255260,1255261,1255262,1255272,1255273,1255274,1255276,1255279,1255297,1255312,1255316,1255318,1255325,1255329,1255346,1255349,1255351,1255354,1255357,1255377,1255379,1255380,1255395,1255401,1255415,1255428,1255433,1255434,1255480,1255483,1255488,1255489,1255493,1255495,1255505,1255507,1255508,1255509,1255533,1255541,1255550,1255552,1255553,1255567,1255580,1255601,1255603,1255611,1255614,1255672,1255688,1255698,1255706,1255707,1255709,1255722,1255723,1255724,1255812,1255813,1255814,1255816,1255931,1255932,1255934,1255943,1255944,1256238,1256495,1256606,1256794,CVE-20 25-38704,CVE-2025-39880,CVE-2025-39977,CVE-2025-40042,CVE-2025-40123,CVE-2025-40130,CVE-2025-40160,CVE-2025-40167,CVE-2025-40170,CVE-2025-40179,CVE-2025-40190,CVE-2025-40209,CVE-2025-40211,CVE-2025-40212,CVE-2025-40213,CVE-2025-40214,CVE-2025-40215,CVE-2025-40218,CVE-2025-40219,CVE-2025-40220,CVE-2025-40221,CVE-2025-40223,CVE-2025-40225,CVE-2025-40226,CVE-2025-40231,CVE-2025-40233,CVE-2025-40235,CVE-2025-40237,CVE-2025-40238,CVE-2025-40239,CVE-2025-40240,CVE-2025-40242,CVE-2025-40246,CVE-2025-40248,CVE-2025-40250,CVE-2025-40251,CVE-2025-40252,CVE-2025-40254,CVE-2025-40255,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40264,CVE-2025-40266,CVE-2025-40268,CVE-2025-40269,CVE-2025-40271,CVE-2025-40272,CVE-2025-40273,CVE-2025-40274,CVE-2025-40275,CVE-2025-40276,CVE-2025-40277,CVE-2025-40278,CVE-2025-40279,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40287,CVE-2025-40288,CVE-2025-40289,CVE-2025-40292,CVE-2025-40293,CVE-2025-40294,CVE-2025-4029 7,CVE-2025-40301,CVE-2025-40302,CVE-2025-40303,CVE-2025-40304,CVE-2025-40307,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40319,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40330,CVE-2025-40331,CVE-2025-40332,CVE-2025-40337,CVE-2025-40338,CVE-2025-40339,CVE-2025-40340,CVE-2025-40342,CVE-2025-40343,CVE-2025-40344,CVE-2025-40345,CVE-2025-40346,CVE-2025-40347,CVE-2025-40350,CVE-2025-40353,CVE-2025-40354,CVE-2025-40355,CVE-2025-40357,CVE-2025-40359,CVE-2025-40360,CVE-2025-40362,CVE-2025-68167,CVE-2025-68170,CVE-2025-68171,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68181,CVE-2025-68183,CVE-2025-68184,CVE-2025-68185,CVE-2025-68190,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68197,CVE-2025-68198,CVE-2025-68201,CVE-2025-68202,CVE-2025-68206,CVE-2025-68207,CVE-2025-68208,CVE-2025-68209,CVE-2025-68210,CVE-2 025-68213,CVE-2025-68215,CVE-2025-68217,CVE-2025-68222,CVE-2025-68223,CVE-2025-68230,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68239,CVE-2025-68242,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68254,CVE-2025-68255,CVE-2025-68256,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68264,CVE-2025-68283,CVE-2025-68284,CVE-2025-68285,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68293,CVE-2025-68298,CVE-2025-68301,CVE-2025-68302,CVE-2025-68303,CVE-2025-68305,CVE-2025-68306,CVE-2025-68307,CVE-2025-68308,CVE-2025-68311,CVE-2025-68312,CVE-2025-68313,CVE-2025-68317,CVE-2025-68327,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68340,CVE-2025-68342,CVE-2025-68343,CVE-2025-68344,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68351,CVE-2025-68352,CVE-2025-68353,CVE-2025-68354,CVE-2025-68362,CVE-2025-68363,CVE-2025-68378,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-687 36,CVE-2025-68740,CVE-2025-68742,CVE-2025-68744,CVE-2025-68746,CVE-2025-68747,CVE-2025-68748,CVE-2025-68749,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766,CVE-2025-71096 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. The following package changes have been done: - kernel-default-base-6.12.0-160000.9.1.160000.2.6 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:25:15 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:25:15 +0100 (CET) Subject: SUSE-IU-2026:640-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260203082515.419FDFCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:640-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.27 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.27 Severity : moderate Type : security References : 1232024 1236217 1238572 1256829 1256830 1256831 1256832 1256833 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257049 1257274 1257353 1257354 1257355 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-22870 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 235 Released: Tue Mar 11 12:10:55 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1238572,1257049,1257353,1257354,1257355,CVE-2025-22870,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for go1.24 fixes the following issues: - go1.24.1 (released 2025-03-04) includes security fixes to the net/http, x/net/proxy, and x/net/http/httpproxy packages, as well as bug fixes to the compiler, the runtime, the go command and the crypto, debug, os and reflect packages. ( bsc#1236217 ) CVE-2025-22870 * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js ----------------------------------------------------------------- Advisory ID: 237 Released: Tue Mar 11 15:12:04 2025 Summary: Recommended update for amazon-dracut-config Type: recommended Severity: moderate References: 1232024,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for amazon-dracut-config fixes the following issues: - Initial release for amazon-dracut config on Micro 6.0: Already include the following fixes: - Update to 0.0.4: + Move dracut config files to usr/lib/ dir - Update to 0.0.3: + Add provides and conflicts on generic name dracut-instance-change-config - Update to 0.0.2: + Rename config for nvme for consistency + Add dracut build requirement - Initial release v0.0.1 (PED-11572) The following package changes have been done: - libopenssl3-3.5.0-160000.5.1 updated - libglib-2_0-0-2.84.4-160000.2.1 updated - libgobject-2_0-0-2.84.4-160000.2.1 updated - libgmodule-2_0-0-2.84.4-160000.2.1 updated - libgio-2_0-0-2.84.4-160000.2.1 updated - glib2-tools-2.84.4-160000.2.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-ae3514d0b84fd71a2430abd3bf6e671516a25b3cde81072842e48c11b68cefc8-0 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:26:16 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:26:16 +0100 (CET) Subject: SUSE-IU-2026:644-1: Recommended update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260203082616.0FC17FCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:644-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.34 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.34 Severity : moderate Type : recommended References : 1205462 1214285 1220338 1229228 1231048 1232227 1232844 1233752 1234015 1234313 1234765 1243112 1245193 1247500 1250388 1252046 1252861 1253155 1253238 1253262 1253365 1253400 1253413 1253414 1253442 1253458 1253623 1253674 1253739 1254126 1254128 1254195 1254244 1254363 1254378 1254408 1254477 1254510 1254518 1254519 1254520 1254615 1254616 1254618 1254621 1254624 1254791 1254793 1254794 1254795 1254796 1254797 1254798 1254808 1254809 1254813 1254815 1254821 1254824 1254825 1254827 1254828 1254829 1254830 1254832 1254835 1254840 1254843 1254846 1254847 1254849 1254850 1254851 1254852 1254854 1254856 1254858 1254860 1254861 1254864 1254868 1254869 1254871 1254894 1254957 1254959 1254961 1254964 1254996 1255026 1255030 1255034 1255035 1255039 1255040 1255041 1255042 1255057 1255058 1255064 1255065 1255068 1255071 1255072 1255075 1255077 1255081 1255082 1255083 1255087 1255092 1255094 1255095 1255097 1255099 1255103 1255116 1255120 1255121 1255122 1255124 1255131 1255134 1255135 1255136 1255138 1255140 1255142 1255145 1255146 1255149 1255150 1255152 1255154 1255155 1255156 1255161 1255167 1255169 1255171 1255175 1255179 1255181 1255182 1255186 1255187 1255190 1255193 1255196 1255197 1255199 1255202 1255203 1255206 1255209 1255218 1255220 1255221 1255223 1255226 1255227 1255228 1255230 1255231 1255233 1255234 1255242 1255243 1255246 1255247 1255251 1255252 1255253 1255255 1255256 1255259 1255260 1255261 1255262 1255272 1255273 1255274 1255276 1255279 1255297 1255312 1255316 1255318 1255325 1255329 1255346 1255349 1255351 1255354 1255357 1255377 1255379 1255380 1255395 1255401 1255415 1255428 1255433 1255434 1255480 1255483 1255488 1255489 1255493 1255495 1255505 1255507 1255508 1255509 1255533 1255541 1255550 1255552 1255553 1255567 1255580 1255601 1255603 1255611 1255614 1255672 1255688 1255698 1255706 1255707 1255709 1255722 1255723 1255724 1255812 1255813 1255814 1255816 1255931 1255932 1255934 1255943 1255944 1256238 1256495 1256606 1256794 CVE-2025-38704 CVE-2025-39880 CVE-2025-39977 CVE-2025-40042 CVE-2025-40123 CVE-2025-40130 CVE-2025-40160 CVE-2025-40167 CVE-2025-40170 CVE-2025-40179 CVE-2025-40190 CVE-2025-40209 CVE-2025-40211 CVE-2025-40212 CVE-2025-40213 CVE-2025-40214 CVE-2025-40215 CVE-2025-40218 CVE-2025-40219 CVE-2025-40220 CVE-2025-40221 CVE-2025-40223 CVE-2025-40225 CVE-2025-40226 CVE-2025-40231 CVE-2025-40233 CVE-2025-40235 CVE-2025-40237 CVE-2025-40238 CVE-2025-40239 CVE-2025-40240 CVE-2025-40242 CVE-2025-40246 CVE-2025-40248 CVE-2025-40250 CVE-2025-40251 CVE-2025-40252 CVE-2025-40254 CVE-2025-40255 CVE-2025-40256 CVE-2025-40258 CVE-2025-40262 CVE-2025-40263 CVE-2025-40264 CVE-2025-40266 CVE-2025-40268 CVE-2025-40269 CVE-2025-40271 CVE-2025-40272 CVE-2025-40273 CVE-2025-40274 CVE-2025-40275 CVE-2025-40276 CVE-2025-40277 CVE-2025-40278 CVE-2025-40279 CVE-2025-40280 CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40287 CVE-2025-40288 CVE-2025-40289 CVE-2025-40292 CVE-2025-40293 CVE-2025-40294 CVE-2025-40297 CVE-2025-40301 CVE-2025-40302 CVE-2025-40303 CVE-2025-40304 CVE-2025-40307 CVE-2025-40308 CVE-2025-40309 CVE-2025-40310 CVE-2025-40311 CVE-2025-40314 CVE-2025-40315 CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40319 CVE-2025-40320 CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328 CVE-2025-40329 CVE-2025-40330 CVE-2025-40331 CVE-2025-40332 CVE-2025-40337 CVE-2025-40338 CVE-2025-40339 CVE-2025-40340 CVE-2025-40342 CVE-2025-40343 CVE-2025-40344 CVE-2025-40345 CVE-2025-40346 CVE-2025-40347 CVE-2025-40350 CVE-2025-40353 CVE-2025-40354 CVE-2025-40355 CVE-2025-40357 CVE-2025-40359 CVE-2025-40360 CVE-2025-40362 CVE-2025-68167 CVE-2025-68170 CVE-2025-68171 CVE-2025-68172 CVE-2025-68176 CVE-2025-68180 CVE-2025-68181 CVE-2025-68183 CVE-2025-68184 CVE-2025-68185 CVE-2025-68190 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68197 CVE-2025-68198 CVE-2025-68201 CVE-2025-68202 CVE-2025-68206 CVE-2025-68207 CVE-2025-68208 CVE-2025-68209 CVE-2025-68210 CVE-2025-68213 CVE-2025-68215 CVE-2025-68217 CVE-2025-68222 CVE-2025-68223 CVE-2025-68230 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238 CVE-2025-68239 CVE-2025-68242 CVE-2025-68244 CVE-2025-68249 CVE-2025-68252 CVE-2025-68254 CVE-2025-68255 CVE-2025-68256 CVE-2025-68257 CVE-2025-68258 CVE-2025-68259 CVE-2025-68264 CVE-2025-68283 CVE-2025-68284 CVE-2025-68285 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289 CVE-2025-68290 CVE-2025-68293 CVE-2025-68298 CVE-2025-68301 CVE-2025-68302 CVE-2025-68303 CVE-2025-68305 CVE-2025-68306 CVE-2025-68307 CVE-2025-68308 CVE-2025-68311 CVE-2025-68312 CVE-2025-68313 CVE-2025-68317 CVE-2025-68327 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331 CVE-2025-68332 CVE-2025-68335 CVE-2025-68339 CVE-2025-68340 CVE-2025-68342 CVE-2025-68343 CVE-2025-68344 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68351 CVE-2025-68352 CVE-2025-68353 CVE-2025-68354 CVE-2025-68362 CVE-2025-68363 CVE-2025-68378 CVE-2025-68380 CVE-2025-68724 CVE-2025-68732 CVE-2025-68736 CVE-2025-68740 CVE-2025-68742 CVE-2025-68744 CVE-2025-68746 CVE-2025-68747 CVE-2025-68748 CVE-2025-68749 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758 CVE-2025-68759 CVE-2025-68765 CVE-2025-68766 CVE-2025-71096 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1205462,1214285,1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765,1243112,1245193,1247500,1250388,1252046,1252861,1253155,1253238,1253262,1253365,1253400,1253413,1253414,1253442,1253458,1253623,1253674,1253739,1254126,1254128,1254195,1254244,1254363,1254378,1254408,1254477,1254510,1254518,1254519,1254520,1254615,1254616,1254618,1254621,1254624,1254791,1254793,1254794,1254795,1254796,1254797,1254798,1254808,1254809,1254813,1254815,1254821,1254824,1254825,1254827,1254828,1254829,1254830,1254832,1254835,1254840,1254843,1254846,1254847,1254849,1254850,1254851,1254852,1254854,1254856,1254858,1254860,1254861,1254864,1254868,1254869,1254871,1254894,1254957,1254959,1254961,1254964,1254996,1255026,1255030,1255034,1255035,1255039,1255040,1255041,1255042,1255057,1255058,1255064,1255065,1255068,1255071,1255072,1255075,1255077,1255081,1255082,1255083,1255087,1255092,1255094,1255095,1255097,1255099,1255103,1255116,1255120,1255121,1255122,1255124,1255131,1255134,1 255135,1255136,1255138,1255140,1255142,1255145,1255146,1255149,1255150,1255152,1255154,1255155,1255156,1255161,1255167,1255169,1255171,1255175,1255179,1255181,1255182,1255186,1255187,1255190,1255193,1255196,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255220,1255221,1255223,1255226,1255227,1255228,1255230,1255231,1255233,1255234,1255242,1255243,1255246,1255247,1255251,1255252,1255253,1255255,1255256,1255259,1255260,1255261,1255262,1255272,1255273,1255274,1255276,1255279,1255297,1255312,1255316,1255318,1255325,1255329,1255346,1255349,1255351,1255354,1255357,1255377,1255379,1255380,1255395,1255401,1255415,1255428,1255433,1255434,1255480,1255483,1255488,1255489,1255493,1255495,1255505,1255507,1255508,1255509,1255533,1255541,1255550,1255552,1255553,1255567,1255580,1255601,1255603,1255611,1255614,1255672,1255688,1255698,1255706,1255707,1255709,1255722,1255723,1255724,1255812,1255813,1255814,1255816,1255931,1255932,1255934,1255943,1255944,1256238,1256495,1256606,1256794,CVE-20 25-38704,CVE-2025-39880,CVE-2025-39977,CVE-2025-40042,CVE-2025-40123,CVE-2025-40130,CVE-2025-40160,CVE-2025-40167,CVE-2025-40170,CVE-2025-40179,CVE-2025-40190,CVE-2025-40209,CVE-2025-40211,CVE-2025-40212,CVE-2025-40213,CVE-2025-40214,CVE-2025-40215,CVE-2025-40218,CVE-2025-40219,CVE-2025-40220,CVE-2025-40221,CVE-2025-40223,CVE-2025-40225,CVE-2025-40226,CVE-2025-40231,CVE-2025-40233,CVE-2025-40235,CVE-2025-40237,CVE-2025-40238,CVE-2025-40239,CVE-2025-40240,CVE-2025-40242,CVE-2025-40246,CVE-2025-40248,CVE-2025-40250,CVE-2025-40251,CVE-2025-40252,CVE-2025-40254,CVE-2025-40255,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40264,CVE-2025-40266,CVE-2025-40268,CVE-2025-40269,CVE-2025-40271,CVE-2025-40272,CVE-2025-40273,CVE-2025-40274,CVE-2025-40275,CVE-2025-40276,CVE-2025-40277,CVE-2025-40278,CVE-2025-40279,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40287,CVE-2025-40288,CVE-2025-40289,CVE-2025-40292,CVE-2025-40293,CVE-2025-40294,CVE-2025-4029 7,CVE-2025-40301,CVE-2025-40302,CVE-2025-40303,CVE-2025-40304,CVE-2025-40307,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40319,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40330,CVE-2025-40331,CVE-2025-40332,CVE-2025-40337,CVE-2025-40338,CVE-2025-40339,CVE-2025-40340,CVE-2025-40342,CVE-2025-40343,CVE-2025-40344,CVE-2025-40345,CVE-2025-40346,CVE-2025-40347,CVE-2025-40350,CVE-2025-40353,CVE-2025-40354,CVE-2025-40355,CVE-2025-40357,CVE-2025-40359,CVE-2025-40360,CVE-2025-40362,CVE-2025-68167,CVE-2025-68170,CVE-2025-68171,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68181,CVE-2025-68183,CVE-2025-68184,CVE-2025-68185,CVE-2025-68190,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68197,CVE-2025-68198,CVE-2025-68201,CVE-2025-68202,CVE-2025-68206,CVE-2025-68207,CVE-2025-68208,CVE-2025-68209,CVE-2025-68210,CVE-2 025-68213,CVE-2025-68215,CVE-2025-68217,CVE-2025-68222,CVE-2025-68223,CVE-2025-68230,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68239,CVE-2025-68242,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68254,CVE-2025-68255,CVE-2025-68256,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68264,CVE-2025-68283,CVE-2025-68284,CVE-2025-68285,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68293,CVE-2025-68298,CVE-2025-68301,CVE-2025-68302,CVE-2025-68303,CVE-2025-68305,CVE-2025-68306,CVE-2025-68307,CVE-2025-68308,CVE-2025-68311,CVE-2025-68312,CVE-2025-68313,CVE-2025-68317,CVE-2025-68327,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68340,CVE-2025-68342,CVE-2025-68343,CVE-2025-68344,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68351,CVE-2025-68352,CVE-2025-68353,CVE-2025-68354,CVE-2025-68362,CVE-2025-68363,CVE-2025-68378,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-687 36,CVE-2025-68740,CVE-2025-68742,CVE-2025-68744,CVE-2025-68746,CVE-2025-68747,CVE-2025-68748,CVE-2025-68749,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766,CVE-2025-71096 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. The following package changes have been done: - kernel-rt-6.12.0-160000.9.1 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:26:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:26:17 +0100 (CET) Subject: SUSE-IU-2026:646-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260203082617.7D14DFCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:646-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.36 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.36 Severity : moderate Type : security References : 1232024 1236217 1238572 1256829 1256830 1256831 1256832 1256833 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257049 1257274 1257353 1257354 1257355 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-22870 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 235 Released: Tue Mar 11 12:10:55 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1238572,1257049,1257353,1257354,1257355,CVE-2025-22870,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for go1.24 fixes the following issues: - go1.24.1 (released 2025-03-04) includes security fixes to the net/http, x/net/proxy, and x/net/http/httpproxy packages, as well as bug fixes to the compiler, the runtime, the go command and the crypto, debug, os and reflect packages. ( bsc#1236217 ) CVE-2025-22870 * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js ----------------------------------------------------------------- Advisory ID: 237 Released: Tue Mar 11 15:12:04 2025 Summary: Recommended update for amazon-dracut-config Type: recommended Severity: moderate References: 1232024,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for amazon-dracut-config fixes the following issues: - Initial release for amazon-dracut config on Micro 6.0: Already include the following fixes: - Update to 0.0.4: + Move dracut config files to usr/lib/ dir - Update to 0.0.3: + Add provides and conflicts on generic name dracut-instance-change-config - Update to 0.0.2: + Rename config for nvme for consistency + Add dracut build requirement - Initial release v0.0.1 (PED-11572) The following package changes have been done: - libopenssl3-3.5.0-160000.5.1 updated - libglib-2_0-0-2.84.4-160000.2.1 updated - libgobject-2_0-0-2.84.4-160000.2.1 updated - libgmodule-2_0-0-2.84.4-160000.2.1 updated - libgio-2_0-0-2.84.4-160000.2.1 updated - glib2-tools-2.84.4-160000.2.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-69faa4365b5a36dd35349f6fce2a6b16434f69a2b2177d1dd868d228748a9340-0 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:34:40 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:34:40 +0100 (CET) Subject: SUSE-CU-2026:592-1: Security update of suse/sles/16.0/toolbox Message-ID: <20260203083440.D6064FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:592-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.20 , suse/sles/16.0/toolbox:latest Container Release : 1.20 Severity : moderate Type : security References : 1232024 1236217 1238572 1256829 1256830 1256831 1256832 1256833 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257049 1257274 1257353 1257354 1257355 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-22870 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 235 Released: Tue Mar 11 12:10:55 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1238572,1257049,1257353,1257354,1257355,CVE-2025-22870,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for go1.24 fixes the following issues: - go1.24.1 (released 2025-03-04) includes security fixes to the net/http, x/net/proxy, and x/net/http/httpproxy packages, as well as bug fixes to the compiler, the runtime, the go command and the crypto, debug, os and reflect packages. ( bsc#1236217 ) CVE-2025-22870 * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js ----------------------------------------------------------------- Advisory ID: 237 Released: Tue Mar 11 15:12:04 2025 Summary: Recommended update for amazon-dracut-config Type: recommended Severity: moderate References: 1232024,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for amazon-dracut-config fixes the following issues: - Initial release for amazon-dracut config on Micro 6.0: Already include the following fixes: - Update to 0.0.4: + Move dracut config files to usr/lib/ dir - Update to 0.0.3: + Add provides and conflicts on generic name dracut-instance-change-config - Update to 0.0.2: + Rename config for nvme for consistency + Add dracut build requirement - Initial release v0.0.1 (PED-11572) The following package changes have been done: - SLES-release-16.0-160000.40.1 updated - libglib-2_0-0-2.84.4-160000.2.1 updated - libgmodule-2_0-0-2.84.4-160000.2.1 updated - libopenssl-3-fips-provider-3.5.0-160000.5.1 updated - libopenssl3-3.5.0-160000.5.1 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:36:45 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:36:45 +0100 (CET) Subject: SUSE-CU-2026:594-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20260203083645.DB308FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:594-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.10 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.73.10 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.87.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.87.1 updated - container:sles15-ltss-image-15.4.0-6.4 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:38:09 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:38:09 +0100 (CET) Subject: SUSE-CU-2026:595-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20260203083809.DB523FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:595-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.2 , suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.10 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.63.10 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.87.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.87.1 updated - openssl-1_1-1.1.1l-150400.7.87.1 updated - container:sles15-ltss-image-15.4.0-6.4 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:39:35 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:39:35 +0100 (CET) Subject: SUSE-CU-2026:596-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20260203083935.AEA31FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:596-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.16.2 , suse/manager/4.3/proxy-squid:4.3.16.2.9.72.8 , suse/manager/4.3/proxy-squid:latest Container Release : 9.72.8 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.87.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.87.1 updated - container:sles15-ltss-image-15.4.0-6.4 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:40:58 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:40:58 +0100 (CET) Subject: SUSE-CU-2026:597-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20260203084058.8F2E6FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:597-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16.2 , suse/manager/4.3/proxy-ssh:4.3.16.2.9.63.8 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.63.8 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.87.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.87.1 updated - container:sles15-ltss-image-15.4.0-6.4 updated From sle-container-updates at lists.suse.com Tue Feb 3 08:42:23 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 09:42:23 +0100 (CET) Subject: SUSE-CU-2026:598-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20260203084223.6ADF3FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:598-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16.2 , suse/manager/4.3/proxy-tftpd:4.3.16.2.9.63.9 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.63.9 Severity : moderate Type : security References : 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:360-1 Released: Mon Feb 2 10:55:33 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.87.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.87.1 updated - openssl-1_1-1.1.1l-150400.7.87.1 updated - container:sles15-ltss-image-15.4.0-6.4 updated From sle-container-updates at lists.suse.com Tue Feb 3 15:42:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 3 Feb 2026 16:42:51 +0100 (CET) Subject: SUSE-CU-2026:602-1: Security update of private-registry/harbor-portal Message-ID: <20260203154251.2FCF5FCDB@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:602-1 Container Tags : private-registry/harbor-portal:1.1.1 , private-registry/harbor-portal:1.1.1-1.20 , private-registry/harbor-portal:latest Container Release : 1.20 Severity : moderate Type : security References : 1257364 1257365 CVE-2025-28162 CVE-2025-28164 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:364-1 Released: Tue Feb 3 10:50:53 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1257364,1257365,CVE-2025-28162,CVE-2025-28164 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). The following package changes have been done: - libpng16-16-1.6.40-150600.3.9.1 updated - system-user-harbor-2.14.2-150700.1.8 updated - harbor-portal-2.14.2-150700.1.8 updated From sle-container-updates at lists.suse.com Wed Feb 4 08:10:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Feb 2026 09:10:30 +0100 (CET) Subject: SUSE-IU-2026:652-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20260204081030.C419DFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:652-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.74 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.74 Severity : moderate Type : recommended References : 1236217 1246118 1249435 1257068 CVE-2025-4674 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 384 Released: Tue Feb 3 16:32:23 2026 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1236217,1246118,1249435,1257068,CVE-2025-4674 This update for libzypp fixes the following issues: libzypp was updated to 17.38.2. - Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros. See the ZYPP.CONF(5) man page for details. - Fix runtime check for broken rpm --runposttrans (bsc#1257068) - Avoid libcurl-mini4 when building as it does not support ftp protocol. - Translation: updated .pot file. - zypp.conf: follow the UAPI configuration file specification (PED-14658) In short terms it means we will no longer ship an /etc/zypp/zypp.conf, but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely, or - the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files. See the ZYPP.CONF(5) man page for details. - cmake: correctly detect rpm6 (fixes #689) - Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435) - zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink ( fixes #682 ) The following package changes have been done: - libzypp-17.38.2-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-5.3 updated From sle-container-updates at lists.suse.com Wed Feb 4 08:21:12 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Feb 2026 09:21:12 +0100 (CET) Subject: SUSE-CU-2026:635-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20260204082112.57BC5FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:635-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.191 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.191 Severity : moderate Type : security References : 1254666 CVE-2025-14104 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:366-1 Released: Tue Feb 3 13:53:09 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). The following package changes have been done: - libblkid1-2.33.2-4.48.1 updated - libfdisk1-2.33.2-4.48.1 updated - libmount1-2.33.2-4.48.1 updated - libsmartcols1-2.33.2-4.48.1 updated - libuuid1-2.33.2-4.48.1 updated - util-linux-2.33.2-4.48.1 updated From sle-container-updates at lists.suse.com Wed Feb 4 08:33:04 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 4 Feb 2026 09:33:04 +0100 (CET) Subject: SUSE-CU-2026:666-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20260204083304.8B448FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:666-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.2 , suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.11 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.63.11 Severity : moderate Type : security References : 1255764 1256070 CVE-2025-15444 CVE-2025-69277 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:368-1 Released: Tue Feb 3 14:40:37 2026 Summary: Security update for libsodium Type: security Severity: moderate References: 1255764,1256070,CVE-2025-15444,CVE-2025-69277 This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764). The following package changes have been done: - libsodium23-1.0.18-150000.4.14.1 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:04:52 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:04:52 +0100 (CET) Subject: SUSE-CU-2026:668-1: Security update of private-registry/harbor-core Message-ID: <20260205080452.8245AFD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:668-1 Container Tags : private-registry/harbor-core:1.1.1 , private-registry/harbor-core:1.1.1-1.24 , private-registry/harbor-core:latest Container Release : 1.24 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - system-user-harbor-2.14.2-150700.1.10 updated - harbor-core-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:05:32 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:05:32 +0100 (CET) Subject: SUSE-CU-2026:669-1: Security update of private-registry/harbor-exporter Message-ID: <20260205080532.ED2EBFD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:669-1 Container Tags : private-registry/harbor-exporter:1.1.1 , private-registry/harbor-exporter:1.1.1-1.24 , private-registry/harbor-exporter:latest Container Release : 1.24 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - harbor-exporter-2.14.2-150700.1.10 updated - system-user-harbor-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:06:12 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:06:12 +0100 (CET) Subject: SUSE-CU-2026:670-1: Security update of private-registry/harbor-jobservice Message-ID: <20260205080612.8F84CFD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:670-1 Container Tags : private-registry/harbor-jobservice:1.1.1 , private-registry/harbor-jobservice:1.1.1-1.24 , private-registry/harbor-jobservice:latest Container Release : 1.24 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - system-user-harbor-2.14.2-150700.1.10 updated - harbor-jobservice-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:06:53 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:06:53 +0100 (CET) Subject: SUSE-CU-2026:671-1: Security update of private-registry/harbor-portal Message-ID: <20260205080653.86D94FD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:671-1 Container Tags : private-registry/harbor-portal:1.1.1 , private-registry/harbor-portal:1.1.1-1.25 , private-registry/harbor-portal:latest Container Release : 1.25 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - system-user-harbor-2.14.2-150700.1.10 updated - harbor-portal-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:07:00 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:07:00 +0100 (CET) Subject: SUSE-CU-2026:672-1: Security update of private-registry/harbor-registry Message-ID: <20260205080700.72C30FD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:672-1 Container Tags : private-registry/harbor-registry:1.1.1 , private-registry/harbor-registry:1.1.1-1.24 , private-registry/harbor-registry:latest Container Release : 1.24 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - system-user-harbor-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:07:42 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:07:42 +0100 (CET) Subject: SUSE-CU-2026:673-1: Security update of private-registry/harbor-registryctl Message-ID: <20260205080742.DE1BEFD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:673-1 Container Tags : private-registry/harbor-registryctl:1.1.1 , private-registry/harbor-registryctl:1.1.1-1.24 , private-registry/harbor-registryctl:latest Container Release : 1.24 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - system-user-harbor-2.14.2-150700.1.10 updated - harbor-registryctl-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:08:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:08:30 +0100 (CET) Subject: SUSE-CU-2026:674-1: Security update of private-registry/harbor-trivy-adapter Message-ID: <20260205080830.B7B75FD1A@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:674-1 Container Tags : private-registry/harbor-trivy-adapter:1.1.1 , private-registry/harbor-trivy-adapter:1.1.1-1.27 , private-registry/harbor-trivy-adapter:latest Container Release : 1.27 Severity : important Type : security References : 1256437 1256766 1256822 1257005 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). The following package changes have been done: - glibc-2.38-150600.14.40.1 updated - harbor-scanner-trivy-0.34.2-150700.1.5 updated - system-user-harbor-2.14.2-150700.1.10 updated - container:suse-sle15-15.7-751abdc74b02c2de228c78469b5a1a7a1e75dfd1da6c66743706900a5e586ad3-0 updated - container:registry.suse.com-bci-bci-micro-15.7-d5762a8ef0a7959022445e48916156bbde942f3640ed1f8a2d0cbce053ad0869-0 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:09:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:09:05 +0100 (CET) Subject: SUSE-IU-2026:685-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260205080905.E0F9FFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:685-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.37 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.37 Severity : critical Type : security References : 1244057 1249049 1249128 1253783 1254353 CVE-2025-58060 CVE-2025-58364 CVE-2025-58436 CVE-2025-61915 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 242 Released: Wed Feb 4 12:37:13 2026 Summary: Security update for cups Type: security Severity: critical References: 1244057,1249049,1249128,1253783,1254353,CVE-2025-58060,CVE-2025-58364,CVE-2025-58436,CVE-2025-61915 This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783). - CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057). - CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128). - CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049). Other updates and bugfixes: - Version upgrade to 2.4.16: * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences, potentially reading past the end of the source string (Issue #1438) * The web interface did not support domain usernames fully (Issue #1441) * Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439 boo#1254353) * Fixed stopping scheduler on unknown directive in configuration (Issue #1443) * Fixed packages for Immutable Mode (jsc#PED-14775 from epic jsc#PED-14688) - Version upgrade to 2.4.15: * Fixed potential crash in 'cups-driverd' when there are duplicate PPDs (Issue #1355) * Fixed error recovery when scanning for PPDs in 'cups-driverd' (Issue #1416) - Version upgrade to 2.4.14. - Version upgrade to 2.4.13: * Added 'print-as-raster' printer and job attributes for forcing rasterization (Issue #1282) * Updated documentation (Issue #1086) * Updated IPP backend to try a sanitized user name if the printer/server does not like the value (Issue #1145) * Updated the scheduler to send the 'printer-added' or 'printer-modified' events whenever an IPP Everywhere PPD is installed (Issue #1244) * Updated the scheduler to send the 'printer-modified' event whenever the system default printer is changed (Issue #1246) * Fixed a memory leak in 'httpClose' (Issue #1223) * Fixed missing commas in 'ippCreateRequestedArray' (Issue #1234) * Fixed subscription issues in the scheduler and D-Bus notifier (Issue #1235) * Fixed media-default reporting for custom sizes (Issue #1238) * Fixed support for IPP/PPD options with periods or underscores (Issue #1249) * Fixed parsing of real numbers in PPD compiler source files (Issue #1263) * Fixed scheduler freezing with zombie clients (Issue #1264) * Fixed support for the server name in the ErrorLog filename (Issue #1277) * Fixed job cleanup after daemon restart (Issue #1315) * Fixed handling of buggy DYMO USB printer serial numbers (Issue #1338) * Fixed unreachable block in IPP backend (Issue #1351) * Fixed memory leak in _cupsConvertOptions (Issue #1354) - Version upgrade to 2.4.12: * GnuTLS follows system crypto policies now (Issue #1105) * Added `NoSystem` SSLOptions value (Issue #1130) * Now we raise alert for certificate issues (Issue #1194) * Added Kyocera USB quirk (Issue #1198) * The scheduler now logs a job's debugging history if the backend fails (Issue #1205) * Fixed a potential timing issue with `cupsEnumDests` (Issue #1084) * Fixed a potential 'lost PPD' condition in the scheduler (Issue #1109) * Fixed a compressed file error handling bug (Issue #1070) * Fixed a bug in the make-and-model whitespace trimming code (Issue #1096) * Fixed a removal of IPP Everywhere permanent queue if installation failed (Issue #1102) * Fixed `ServerToken None` in scheduler (Issue #1111) * Fixed invalid IPP keyword values created from PPD option names (Issue #1118) * Fixed handling of 'media' and 'PageSize' in the same print request (Issue #1125) * Fixed client raster printing from macOS (Issue #1143) * Fixed the default User-Agent string. * Fixed a recursion issue in `ippReadIO`. * Fixed handling incorrect radix in `scan_ps()` (Issue #1188) * Fixed validation of dateTime values with time zones more than UTC+11 (Issue #1201) * Fixed attributes returned by the Create-Xxx-Subscriptions requests (Issue #1204) * Fixed `ippDateToTime` when using a non GMT/UTC timezone (Issue #1208) * Fixed `job-completed` event notifications for jobs that are cancelled before started (Issue #1209) * Fixed DNS-SD discovery with `ippfind` (Issue #1211) The following package changes have been done: - cups-config-2.4.16-160000.1.1 updated - libcups2-2.4.16-160000.1.1 updated From sle-container-updates at lists.suse.com Thu Feb 5 08:14:31 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 5 Feb 2026 09:14:31 +0100 (CET) Subject: SUSE-CU-2026:675-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20260205081431.19F80FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:675-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.193 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.193 Severity : important Type : security References : 1255715 1256244 1256389 1256390 CVE-2025-68973 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:378-1 Released: Wed Feb 4 08:38:11 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256244,1256389,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fixed possile memory corruption in the armor parser [T7906] (bsc#1255715) - Fixed GnuPG Accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) - Fixed Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (bsc#1256390) - Fixed error out on unverified output for non-detached signatures [T7903] (bsc#1256244) The following package changes have been done: - gpg2-2.0.24-9.17.1 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:05:13 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:05:13 +0100 (CET) Subject: SUSE-IU-2026:785-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260206080513.6774EFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:785-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.236 , suse/sle-micro/base-5.5:latest Image Release : 5.8.236 Severity : low Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) The following package changes have been done: - libxml2-2-2.10.3-150500.5.35.1 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:06:24 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:06:24 +0100 (CET) Subject: SUSE-IU-2026:786-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260206080624.4DCD8FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:786-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.453 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.453 Severity : low Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) The following package changes have been done: - libxml2-2-2.10.3-150500.5.35.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.236 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:10:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:10:05 +0100 (CET) Subject: SUSE-IU-2026:789-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260206081005.4C18AFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:789-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.39 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.39 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Thu Feb 5 12:26:20 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.13.8-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-f5762fe26bc47554e3e2639ff502e8f33e182123397d61ce9cbe598d192c0d9d-0 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:13:43 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:13:43 +0100 (CET) Subject: SUSE-IU-2026:797-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260206081343.44241FCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:797-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.30 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.30 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Thu Feb 5 12:26:20 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.13.8-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-f5762fe26bc47554e3e2639ff502e8f33e182123397d61ce9cbe598d192c0d9d-0 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:14:32 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:14:32 +0100 (CET) Subject: SUSE-IU-2026:803-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260206081432.DEE4DFCDB@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:803-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.41 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.41 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Thu Feb 5 12:26:20 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.13.8-160000.3.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-e1fb339d05e1b0d81c51338ad214d683e638da5ebd4ea130e6e9fc45ccca3d5a-0 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:21:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:21:38 +0100 (CET) Subject: SUSE-CU-2026:766-1: Security update of suse/sles/16.0/toolbox Message-ID: <20260206082138.5C596FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:766-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.21 , suse/sles/16.0/toolbox:latest Container Release : 1.21 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Thu Feb 5 12:26:20 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.13.8-160000.3.1 updated From sle-container-updates at lists.suse.com Fri Feb 6 08:26:44 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 6 Feb 2026 09:26:44 +0100 (CET) Subject: SUSE-CU-2026:768-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20260206082644.78EE3FCDB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:768-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.237 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.237 Severity : moderate Type : security References : 1257144 1257496 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:386-1 Released: Thu Feb 5 09:30:31 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) The following package changes have been done: - libexpat1-2.7.1-150000.3.42.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:05:47 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:05:47 +0100 (CET) Subject: SUSE-IU-2026:923-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260212080547.2EFB5FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:923-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.237 , suse/sle-micro/base-5.5:latest Image Release : 5.8.237 Severity : moderate Type : security References : 1248586 1254670 CVE-2025-7709 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) The following package changes have been done: - libsqlite3-0-3.51.2-150000.3.36.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:07:16 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:07:16 +0100 (CET) Subject: SUSE-IU-2026:925-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260212080716.29D89FD85@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:925-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.455 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.455 Severity : moderate Type : security References : 1248586 1254670 CVE-2025-7709 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) The following package changes have been done: - libsqlite3-0-3.51.2-150000.3.36.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.237 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:07:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:07:17 +0100 (CET) Subject: SUSE-IU-2026:926-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260212080717.2AC2AFD9A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:926-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.458 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.458 Severity : important Type : security References : 1257049 CVE-2026-0988 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgobject-2_0-0-2.70.5-150400.3.34.1 updated - libgmodule-2_0-0-2.70.5-150400.3.34.1 updated - libgio-2_0-0-2.70.5-150400.3.34.1 updated - glib2-tools-2.70.5-150400.3.34.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.238 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:11:52 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:11:52 +0100 (CET) Subject: SUSE-IU-2026:930-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260212081152.1C5E7FD9A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:930-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.41 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.41 Severity : important Type : recommended References : 1228081 1228659 1228728 1231986 1234765 1244449 1248356 1248501 1251981 1254563 1255326 1256427 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 252 Released: Wed Feb 11 12:13:17 2026 Summary: Recommended update for systemd Type: recommended Severity: important References: 1228081,1228659,1228728,1231986,1234765,1244449,1248356,1248501,1251981,1254563,1255326,1256427 This update for systemd fixes the following issues: - terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) - core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) - systemd-update-helper: clean up the flags immediately after they have been consumed. - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. - Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981) - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - main: switch explicitly to tty1 on soft-reboot (bsc#1231986) - terminal-util: modernize vtnr_from_tty() a bit - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - core/cgroup: Properly handle aborting a pending freeze operation - detect-virt: add bare-metal support for GCE (bsc#1244449) - uki.conf is used by the ukify tool to create an Unified Kernel Image[...] - Make sure that the ordering trick used to update the udev package as close as as possible to the update of the systemd package also works with zypper. - Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659) * We also need to add 'Suggests: udev', which serves the same purpose as 'OrderWithRequires: udev' but is part of the repository metadata. It should therefore hint zypper to install systemd and udev as close together as possible - Fix systemd-network recommending libidn2-devel (bsc#1234765) The following package changes have been done: - libudev1-257.10-160000.1.1 updated - libsystemd0-257.10-160000.1.1 updated - systemd-257.10-160000.1.1 updated - udev-257.10-160000.1.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-ba4b0fb473e718afc63a14a3b975415d2ff5057f105f9fa9267034d861d8bc57-0 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:05:48 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:05:48 +0100 (CET) Subject: SUSE-IU-2026:924-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260212080548.245F1FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:924-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.238 , suse/sle-micro/base-5.5:latest Image Release : 5.8.238 Severity : important Type : security References : 1257049 CVE-2026-0988 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.34.1 updated - libgobject-2_0-0-2.70.5-150400.3.34.1 updated - libgmodule-2_0-0-2.70.5-150400.3.34.1 updated - libgio-2_0-0-2.70.5-150400.3.34.1 updated - glib2-tools-2.70.5-150400.3.34.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:16:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:16:30 +0100 (CET) Subject: SUSE-IU-2026:938-1: Recommended update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260212081630.8F36FFD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:938-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.32 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.32 Severity : important Type : recommended References : 1228081 1228659 1228728 1231986 1234765 1244449 1248356 1248501 1251981 1254563 1255326 1256427 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 252 Released: Wed Feb 11 12:13:17 2026 Summary: Recommended update for systemd Type: recommended Severity: important References: 1228081,1228659,1228728,1231986,1234765,1244449,1248356,1248501,1251981,1254563,1255326,1256427 This update for systemd fixes the following issues: - terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) - core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) - systemd-update-helper: clean up the flags immediately after they have been consumed. - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. - Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981) - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - main: switch explicitly to tty1 on soft-reboot (bsc#1231986) - terminal-util: modernize vtnr_from_tty() a bit - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - core/cgroup: Properly handle aborting a pending freeze operation - detect-virt: add bare-metal support for GCE (bsc#1244449) - uki.conf is used by the ukify tool to create an Unified Kernel Image[...] - Make sure that the ordering trick used to update the udev package as close as as possible to the update of the systemd package also works with zypper. - Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659) * We also need to add 'Suggests: udev', which serves the same purpose as 'OrderWithRequires: udev' but is part of the repository metadata. It should therefore hint zypper to install systemd and udev as close together as possible - Fix systemd-network recommending libidn2-devel (bsc#1234765) The following package changes have been done: - libudev1-257.10-160000.1.1 updated - libsystemd0-257.10-160000.1.1 updated - systemd-257.10-160000.1.1 updated - udev-257.10-160000.1.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-ba4b0fb473e718afc63a14a3b975415d2ff5057f105f9fa9267034d861d8bc57-0 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:17:41 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:17:41 +0100 (CET) Subject: SUSE-IU-2026:944-1: Recommended update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260212081741.3F3BEFD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:944-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.44 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.44 Severity : important Type : recommended References : 1228081 1228659 1228728 1231986 1234765 1244449 1248356 1248501 1251981 1254563 1255326 1256427 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 252 Released: Wed Feb 11 12:13:17 2026 Summary: Recommended update for systemd Type: recommended Severity: important References: 1228081,1228659,1228728,1231986,1234765,1244449,1248356,1248501,1251981,1254563,1255326,1256427 This update for systemd fixes the following issues: - terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) - core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) - systemd-update-helper: clean up the flags immediately after they have been consumed. - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. - Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981) - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - main: switch explicitly to tty1 on soft-reboot (bsc#1231986) - terminal-util: modernize vtnr_from_tty() a bit - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - core/cgroup: Properly handle aborting a pending freeze operation - detect-virt: add bare-metal support for GCE (bsc#1244449) - uki.conf is used by the ukify tool to create an Unified Kernel Image[...] - Make sure that the ordering trick used to update the udev package as close as as possible to the update of the systemd package also works with zypper. - Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659) * We also need to add 'Suggests: udev', which serves the same purpose as 'OrderWithRequires: udev' but is part of the repository metadata. It should therefore hint zypper to install systemd and udev as close together as possible - Fix systemd-network recommending libidn2-devel (bsc#1234765) The following package changes have been done: - libudev1-257.10-160000.1.1 updated - libsystemd0-257.10-160000.1.1 updated - systemd-257.10-160000.1.1 updated - udev-257.10-160000.1.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-7faeeacd7f865c7f990c4d893941749674458f538cb0e83cbf80271fc039de6d-0 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:34:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:34:38 +0100 (CET) Subject: SUSE-CU-2026:862-1: Recommended update of suse/sles/16.0/toolbox Message-ID: <20260212083438.7B373FD07@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:862-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.23 , suse/sles/16.0/toolbox:latest Container Release : 1.23 Severity : important Type : recommended References : 1228081 1228659 1228728 1231986 1234765 1244449 1248356 1248501 1251981 1254563 1255326 1256427 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 252 Released: Wed Feb 11 12:13:17 2026 Summary: Recommended update for systemd Type: recommended Severity: important References: 1228081,1228659,1228728,1231986,1234765,1244449,1248356,1248501,1251981,1254563,1255326,1256427 This update for systemd fixes the following issues: - terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) - core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) - systemd-update-helper: clean up the flags immediately after they have been consumed. - systemd.spec: don't reexecute PID1 on transactional updates. - Drop most of the workarounds contained in the fixlets. - Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros where file-triggers were unreliable but that is no longer the case on the latest SLE distros. - Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981) - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - main: switch explicitly to tty1 on soft-reboot (bsc#1231986) - terminal-util: modernize vtnr_from_tty() a bit - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - core/cgroup: Properly handle aborting a pending freeze operation - detect-virt: add bare-metal support for GCE (bsc#1244449) - uki.conf is used by the ukify tool to create an Unified Kernel Image[...] - Make sure that the ordering trick used to update the udev package as close as as possible to the update of the systemd package also works with zypper. - Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659) * We also need to add 'Suggests: udev', which serves the same purpose as 'OrderWithRequires: udev' but is part of the repository metadata. It should therefore hint zypper to install systemd and udev as close together as possible - Fix systemd-network recommending libidn2-devel (bsc#1234765) The following package changes have been done: - libsystemd0-257.10-160000.1.1 updated - libudev1-257.10-160000.1.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:36:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:36:38 +0100 (CET) Subject: SUSE-CU-2026:863-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20260212083638.82E79FD07@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:863-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.11 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.73.11 Severity : important Type : security References : 1256902 CVE-2026-23490 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:430-1 Released: Wed Feb 11 09:43:42 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1256902,CVE-2026-23490 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) The following package changes have been done: - python3-pyasn1-0.4.2-150000.3.13.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:36:39 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:36:39 +0100 (CET) Subject: SUSE-CU-2026:864-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20260212083639.6B025FD07@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:864-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.12 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.73.12 Severity : important Type : security References : 1257049 CVE-2026-0988 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libgmodule-2_0-0-2.70.5-150400.3.34.1 updated - libgobject-2_0-0-2.70.5-150400.3.34.1 updated - libgio-2_0-0-2.70.5-150400.3.34.1 updated - glib2-tools-2.70.5-150400.3.34.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:39:26 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:39:26 +0100 (CET) Subject: SUSE-CU-2026:866-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20260212083926.4D2A6FD07@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:866-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16.2 , suse/manager/4.3/proxy-tftpd:4.3.16.2.9.63.10 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.63.10 Severity : important Type : security References : 1254866 1254867 1256331 1256902 CVE-2025-66418 CVE-2025-66471 CVE-2026-21441 CVE-2026-23490 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:430-1 Released: Wed Feb 11 09:43:42 2026 Summary: Security update for python-pyasn1 Type: security Severity: important References: 1256902,CVE-2026-23490 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:443-1 Released: Wed Feb 11 10:46:43 2026 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). The following package changes have been done: - python3-pyasn1-0.4.2-150000.3.13.1 updated - python3-urllib3-1.25.10-150300.4.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 08:46:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 09:46:30 +0100 (CET) Subject: SUSE-CU-2026:869-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20260212084630.A7000FD07@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:869-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.239 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.239 Severity : moderate Type : security References : 1248586 1254670 CVE-2025-7709 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:432-1 Released: Wed Feb 11 10:11:56 2026 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1248586,1254670,CVE-2025-7709 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) The following package changes have been done: - libsqlite3-0-3.51.2-150000.3.36.1 updated From sle-container-updates at lists.suse.com Thu Feb 12 14:25:21 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 15:25:21 +0100 (CET) Subject: SUSE-CU-2026:872-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20260212142521.62AE1FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:872-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.2 , suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.14 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.63.14 Severity : important Type : security References : 1257049 CVE-2026-0988 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:458-1 Released: Thu Feb 12 00:28:37 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.34.1 updated - container:sles15-ltss-image-15.4.0-6.5 updated From sle-container-updates at lists.suse.com Thu Feb 12 14:28:54 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 12 Feb 2026 15:28:54 +0100 (CET) Subject: SUSE-CU-2026:874-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20260212142854.197A9FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:874-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.240 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.240 Severity : important Type : recommended References : 1232351 1241284 1244003 1244011 1244937 1245667 1246011 1246025 1249657 1250224 1252318 1254425 1256709 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:463-1 Released: Thu Feb 12 08:40:25 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425,1256709 This update for supportutils fixes the following issues: - scplugin.rc is restored in package 3.2.12.1 for continued compatibility (bsc#1256709) - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates The following package changes have been done: - supportutils-3.2.12.1-150300.7.35.39.1 updated - iproute2-5.3-5.5.1 removed - libmnl0-1.0.4-1.25 removed - libxtables12-1.8.7-1.1 removed From sle-container-updates at lists.suse.com Fri Feb 13 08:05:44 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:05:44 +0100 (CET) Subject: SUSE-IU-2026:949-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260213080544.968E7FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:949-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.239 , suse/sle-micro/base-5.5:latest Image Release : 5.8.239 Severity : important Type : security References : 1220137 1220144 1222323 1223007 1225049 1233038 1235905 1236104 1236208 1237885 1237906 1238414 1238754 1238763 1244758 1244904 1245110 1245210 1245723 1245751 1247177 1247483 1248306 1248377 1249156 1249158 1249827 1252785 1253028 1253087 1253409 1253702 1254447 1254462 1254463 1254464 1254465 1254767 1254842 1255171 1255251 1255377 1255401 1255594 1255908 1256095 1256582 1256612 1256623 1256641 1256726 1256744 1256779 1256792 1257232 1257236 1257296 1257473 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50697 CVE-2023-52433 CVE-2023-52874 CVE-2023-52923 CVE-2023-53178 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53714 CVE-2023-54142 CVE-2023-54243 CVE-2024-26581 CVE-2024-26661 CVE-2024-26832 CVE-2024-50143 CVE-2024-54031 CVE-2025-21658 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-40044 CVE-2025-40139 CVE-2025-40257 CVE-2025-40300 CVE-2025-68183 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68771 CVE-2025-68813 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2026-22999 CVE-2026-23001 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:474-1 Released: Thu Feb 12 12:28:33 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220137,1220144,1222323,1223007,1225049,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1252785,1253028,1253087,1253409,1253702,1254447,1254462,1254463,1254464,1254465,1254767,1254842,1255171,1255251,1255377,1255401,1255594,1255908,1256095,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50697,CVE-2023-52433,CVE-2023-52874,CVE-2023-52923,CVE-2023-53178,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53714,CVE-2023-54142,CVE-2023-54243,CVE-2024-26581,CVE-2024-26661,CVE-2024-26832,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-40044,CVE-2025-40 139,CVE-2025-40257,CVE-2025-40300,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68771,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). The following non security issues were fixed: - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86: make page fault handling disable interrupts properly (git-fixes). The following package changes have been done: - kernel-default-5.14.21-150500.55.136.1 updated From sle-container-updates at lists.suse.com Fri Feb 13 08:07:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:07:17 +0100 (CET) Subject: SUSE-IU-2026:950-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260213080717.3F417FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:950-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.461 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.461 Severity : important Type : security References : 1220137 1220144 1222323 1223007 1225049 1233038 1235905 1236104 1236208 1237885 1237906 1238414 1238754 1238763 1244758 1244904 1245110 1245210 1245723 1245751 1247177 1247483 1248306 1248377 1249156 1249158 1249827 1252785 1253028 1253087 1253409 1253702 1254447 1254462 1254463 1254464 1254465 1254767 1254842 1255171 1255251 1255377 1255401 1255594 1255908 1256095 1256582 1256612 1256623 1256641 1256726 1256744 1256779 1256792 1257232 1257236 1257296 1257473 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50697 CVE-2023-52433 CVE-2023-52874 CVE-2023-52923 CVE-2023-53178 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53714 CVE-2023-54142 CVE-2023-54243 CVE-2024-26581 CVE-2024-26661 CVE-2024-26832 CVE-2024-50143 CVE-2024-54031 CVE-2025-21658 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-40044 CVE-2025-40139 CVE-2025-40257 CVE-2025-40300 CVE-2025-68183 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68771 CVE-2025-68813 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2026-22999 CVE-2026-23001 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:474-1 Released: Thu Feb 12 12:28:33 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220137,1220144,1222323,1223007,1225049,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1252785,1253028,1253087,1253409,1253702,1254447,1254462,1254463,1254464,1254465,1254767,1254842,1255171,1255251,1255377,1255401,1255594,1255908,1256095,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50697,CVE-2023-52433,CVE-2023-52874,CVE-2023-52923,CVE-2023-53178,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53714,CVE-2023-54142,CVE-2023-54243,CVE-2024-26581,CVE-2024-26661,CVE-2024-26832,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-40044,CVE-2025-40 139,CVE-2025-40257,CVE-2025-40300,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68771,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). The following non security issues were fixed: - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86: make page fault handling disable interrupts properly (git-fixes). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.136.1.150500.6.67.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.239 updated From sle-container-updates at lists.suse.com Fri Feb 13 08:10:23 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:10:23 +0100 (CET) Subject: SUSE-IU-2026:951-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260213081023.98E38FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:951-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.122 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.122 Severity : critical Type : security References : 1248988 1254666 1256105 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-14017 CVE-2025-14104 CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 570 Released: Thu Feb 12 14:57:47 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: 569 Released: Thu Feb 12 15:05:28 2026 Summary: Security update for curl Type: security Severity: important References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: 571 Released: Thu Feb 12 15:06:35 2026 Summary: Recommended update for podman Type: recommended Severity: moderate References: 1248988 This update for podman fixes the following issues: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) ----------------------------------------------------------------- Advisory ID: 572 Released: Thu Feb 12 15:47:03 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). The following package changes have been done: - libuuid1-2.39.3-4.1 updated - libsmartcols1-2.39.3-4.1 updated - libblkid1-2.39.3-4.1 updated - libopenssl3-3.1.4-11.1 updated - libfdisk1-2.39.3-4.1 updated - libmount1-2.39.3-4.1 updated - util-linux-2.39.3-4.1 updated - SL-Micro-release-6.0-25.66 updated - util-linux-systemd-2.39.3-4.1 updated - libcurl-mini4-8.14.1-4.1 updated - podman-4.9.5-11.1 updated - container:SL-Micro-base-container-2.1.3-7.90 updated From sle-container-updates at lists.suse.com Fri Feb 13 08:11:32 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:11:32 +0100 (CET) Subject: SUSE-IU-2026:952-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260213081132.61C15FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:952-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.90 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.90 Severity : critical Type : security References : 1254666 1256105 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-14017 CVE-2025-14104 CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 570 Released: Thu Feb 12 14:57:47 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: 569 Released: Thu Feb 12 15:05:28 2026 Summary: Security update for curl Type: security Severity: important References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: 572 Released: Thu Feb 12 15:47:03 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). The following package changes have been done: - libuuid1-2.39.3-4.1 updated - libsmartcols1-2.39.3-4.1 updated - libblkid1-2.39.3-4.1 updated - libopenssl3-3.1.4-11.1 updated - libfdisk1-2.39.3-4.1 updated - libmount1-2.39.3-4.1 updated - util-linux-2.39.3-4.1 updated - SL-Micro-release-6.0-25.66 updated - util-linux-systemd-2.39.3-4.1 updated - libcurl-mini4-8.14.1-4.1 updated - curl-8.14.1-4.1 updated - openssl-3-3.1.4-11.1 updated - container:suse-toolbox-image-1.0.0-9.63 updated From sle-container-updates at lists.suse.com Fri Feb 13 08:12:46 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:12:46 +0100 (CET) Subject: SUSE-IU-2026:953-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260213081246.A5921FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:953-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.109 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.109 Severity : critical Type : security References : 1254666 1256105 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-14017 CVE-2025-14104 CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 570 Released: Thu Feb 12 14:57:47 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: 569 Released: Thu Feb 12 15:05:28 2026 Summary: Security update for curl Type: security Severity: important References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: 572 Released: Thu Feb 12 15:47:03 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). The following package changes have been done: - libuuid1-2.39.3-4.1 updated - libsmartcols1-2.39.3-4.1 updated - libblkid1-2.39.3-4.1 updated - libopenssl3-3.1.4-11.1 updated - libfdisk1-2.39.3-4.1 updated - libmount1-2.39.3-4.1 updated - util-linux-2.39.3-4.1 updated - SL-Micro-release-6.0-25.66 updated - util-linux-systemd-2.39.3-4.1 updated - libcurl-mini4-8.14.1-4.1 updated - container:SL-Micro-base-container-2.1.3-7.90 updated From sle-container-updates at lists.suse.com Fri Feb 13 08:14:15 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:14:15 +0100 (CET) Subject: SUSE-IU-2026:954-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260213081415.9B12BFD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:954-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.123 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.123 Severity : critical Type : security References : 1254666 1256105 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-14017 CVE-2025-14104 CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 570 Released: Thu Feb 12 14:57:47 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: 569 Released: Thu Feb 12 15:05:28 2026 Summary: Security update for curl Type: security Severity: important References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: 572 Released: Thu Feb 12 15:47:03 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). The following package changes have been done: - libuuid1-2.39.3-4.1 updated - libsmartcols1-2.39.3-4.1 updated - libblkid1-2.39.3-4.1 updated - libopenssl3-3.1.4-11.1 updated - libfdisk1-2.39.3-4.1 updated - libmount1-2.39.3-4.1 updated - util-linux-2.39.3-4.1 updated - SL-Micro-release-6.0-25.66 updated - util-linux-systemd-2.39.3-4.1 updated - libcurl-mini4-8.14.1-4.1 updated - container:SL-Micro-container-2.1.3-6.122 updated From sle-container-updates at lists.suse.com Fri Feb 13 08:17:54 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 09:17:54 +0100 (CET) Subject: SUSE-CU-2026:880-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20260213081754.5D2DAFD07@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:880-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.63 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.63 Severity : critical Type : security References : 1254666 1256105 1256830 1256834 1256835 1256836 1256837 1256838 1256839 1256840 CVE-2025-14017 CVE-2025-14104 CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 570 Released: Thu Feb 12 14:57:47 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: 569 Released: Thu Feb 12 15:05:28 2026 Summary: Security update for curl Type: security Severity: important References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: 572 Released: Thu Feb 12 15:47:03 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). The following package changes have been done: - SL-Micro-release-6.0-25.66 updated - curl-8.14.1-4.1 updated - libblkid1-2.39.3-4.1 updated - libcurl-mini4-8.14.1-4.1 updated - libfdisk1-2.39.3-4.1 updated - libmount1-2.39.3-4.1 updated - libopenssl3-3.1.4-11.1 updated - libsmartcols1-2.39.3-4.1 updated - libuuid1-2.39.3-4.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.65 updated - util-linux-2.39.3-4.1 updated From sle-container-updates at lists.suse.com Fri Feb 13 12:45:14 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 13:45:14 +0100 (CET) Subject: SUSE-CU-2026:911-1: Recommended update of suse/sles/16.0/toolbox Message-ID: <20260213124514.260E0FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:911-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.24 , suse/sles/16.0/toolbox:latest Container Release : 1.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 265 Released: Fri Feb 13 10:02:03 2026 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect fixes the following issues: - Update to version 2.5.6: * Change the version logic * Fix FIPS environment variable in CI * Test in fips mode The following package changes have been done: - container-suseconnect-2.5.6-160000.1.1 updated From sle-container-updates at lists.suse.com Fri Feb 13 13:39:01 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 14:39:01 +0100 (CET) Subject: SUSE-CU-2026:915-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20260213133901.2D70AFD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:915-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.241 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.241 Severity : important Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:493-1 Released: Fri Feb 13 10:48:54 2026 Summary: Recommended update for container-suseconnect Type: recommended Severity: important References: This update for container-suseconnect fixes the following issues: Update to version 2.5.6:: * Change the version logic * Fix FIPS environment variable in CI * Test in fips mode The following package changes have been done: - container-suseconnect-2.5.6-150000.4.80.2 updated From sle-container-updates at lists.suse.com Fri Feb 13 16:02:13 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 17:02:13 +0100 (CET) Subject: SUSE-CU-2026:916-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20260213160213.1481CFD85@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:916-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.197 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.197 Severity : moderate Type : security References : 1219273 CVE-2023-27534 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:494-1 Released: Fri Feb 13 10:59:25 2026 Summary: Security update for curl Type: security Severity: moderate References: 1219273,CVE-2023-27534 This update for curl fixes the following issues: - CVE-2023-27534: Regression fix for SFTP path ~ resolving discrepancy (bsc#1219273) The following package changes have been done: - libcurl4-8.0.1-11.117.1 updated - libnghttp2-14-1.39.2-3.20.1 updated From sle-container-updates at lists.suse.com Fri Feb 13 16:10:28 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 17:10:28 +0100 (CET) Subject: SUSE-CU-2026:922-1: Security update of bci/bci-base Message-ID: <20260213161028.2101FFD1A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:922-1 Container Tags : bci/bci-base:16.1 , bci/bci-base:16.1-8.5 Container Release : 8.5 Severity : critical Type : security References : 1247463 1250232 1250233 1250234 1256829 1256830 1256831 1256832 1256833 1256834 1256835 1256836 1256837 1256838 1256839 1256840 1257274 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 CVE-2026-22795 CVE-2026-22796 ----------------------------------------------------------------- The container bci/bci-base was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 1 Released: Thu Feb 12 00:38:47 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1247463,1250232,1250233,1250234,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: Changes in openssl-3: * Missing ASN1_TYPE validation in PKCS#12 parsing [bsc#1256839, CVE-2026-22795] * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function [bsc#1256840, CVE-2026-22796] * Missing ASN1_TYPE validation in TS_RESP_verify_response() function [bsc#1256837, CVE-2025-69420] * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function [bsc#1256838, CVE-2025-69421] * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion [bsc#1256836, CVE-2025-69419] * TLS 1.3 CompressedCertificate excessive memory allocation [bsc#1256833, CVE-2025-66199] * Heap out-of-bounds write in BIO_f_linebuffer on short writes [bsc#1256834, CVE-2025-68160] * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls [bsc#1256835, CVE-2025-69418] * 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB [bsc#1256832, CVE-2025-15469] * Stack buffer overflow in CMS AuthEnvelopedData parsing [bsc#1256830, CVE-2025-15467] * Improper validation of PBMAC1 parameters in PKCS#12 MAC verification [bsc#1256829, CVE-2025-11187] * NULL dereference in SSL_CIPHER_find() function on unknown cipher ID [bsc#1256831, CVE-2025-15468] - Enable livepatching support for ppc64le [bsc#1257274] - Security fix: [bsc#1250232 CVE-2025-9230] * Fix out-of-bounds read & write in RFC 3211 KEK unwrap - Security fix: [bsc#1250233 CVE-2025-9231] * Fix timing side-channel in SM2 algorithm on 64 bit ARM - Security fix: [bsc#1250234 CVE-2025-9232] * Fix out-of-bounds read in HTTP client no_proxy handling - Move ssl configuration files to the libopenssl package [bsc#1247463] - Don't install unneeded NOTES The following package changes have been done: - SLES-release-16.1-160099.11.1 updated - container-suseconnect-2.5.6-160099.1.1 updated - curl-8.18.0-160099.1.3 updated - libgcrypt20-1.12.0-160099.1.4 updated - libnghttp2-14-1.64.0-160099.3.2 updated - libopenssl-3-fips-provider-3.5.0-160099.6.1 updated - libopenssl3-3.5.0-160099.6.1 updated - libp11-kit0-0.26.2-160099.1.1 updated - libudev1-257.10-160099.2.7 updated - libxml2-2-2.13.8-160099.5.1 updated - libzypp-17.37.17-160099.2.4 updated - openssl-3-3.5.0-160099.6.1 updated - p11-kit-tools-0.26.2-160099.1.1 updated - p11-kit-0.26.2-160099.1.1 updated From sle-container-updates at lists.suse.com Fri Feb 13 17:36:21 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 13 Feb 2026 18:36:21 +0100 (CET) Subject: SUSE-IU-2026:977-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20260213173621.C32EEFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:977-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.558 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.558 Severity : important Type : security References : 1220137 1220144 1222323 1223007 1225049 1233038 1235905 1236104 1236208 1237885 1237906 1238414 1238754 1238763 1244758 1244904 1245110 1245210 1245723 1245751 1247177 1247483 1248306 1248377 1249156 1249158 1249827 1252785 1253028 1253087 1253409 1253702 1254447 1254462 1254463 1254464 1254465 1254767 1254842 1255171 1255251 1255377 1255401 1255594 1255908 1256095 1256582 1256612 1256623 1256641 1256726 1256744 1256779 1256792 1257232 1257236 1257296 1257473 CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2022-50697 CVE-2023-52433 CVE-2023-52874 CVE-2023-52923 CVE-2023-53178 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2023-53714 CVE-2023-54142 CVE-2023-54243 CVE-2024-26581 CVE-2024-26661 CVE-2024-26832 CVE-2024-50143 CVE-2024-54031 CVE-2025-21658 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-38068 CVE-2025-38129 CVE-2025-38159 CVE-2025-38375 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-40044 CVE-2025-40139 CVE-2025-40257 CVE-2025-40300 CVE-2025-68183 CVE-2025-68284 CVE-2025-68285 CVE-2025-68312 CVE-2025-68771 CVE-2025-68813 CVE-2025-71085 CVE-2025-71089 CVE-2025-71112 CVE-2025-71116 CVE-2025-71120 CVE-2026-22999 CVE-2026-23001 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:496-1 Released: Fri Feb 13 11:52:17 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1220137,1220144,1222323,1223007,1225049,1233038,1235905,1236104,1236208,1237885,1237906,1238414,1238754,1238763,1244758,1244904,1245110,1245210,1245723,1245751,1247177,1247483,1248306,1248377,1249156,1249158,1249827,1252785,1253028,1253087,1253409,1253702,1254447,1254462,1254463,1254464,1254465,1254767,1254842,1255171,1255251,1255377,1255401,1255594,1255908,1256095,1256582,1256612,1256623,1256641,1256726,1256744,1256779,1256792,1257232,1257236,1257296,1257473,CVE-2022-49604,CVE-2022-49943,CVE-2022-49980,CVE-2022-50232,CVE-2022-50697,CVE-2023-52433,CVE-2023-52874,CVE-2023-52923,CVE-2023-53178,CVE-2023-53407,CVE-2023-53412,CVE-2023-53417,CVE-2023-53418,CVE-2023-53714,CVE-2023-54142,CVE-2023-54243,CVE-2024-26581,CVE-2024-26661,CVE-2024-26832,CVE-2024-50143,CVE-2024-54031,CVE-2025-21658,CVE-2025-21760,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-38068,CVE-2025-38129,CVE-2025-38159,CVE-2025-38375,CVE-2025-38563,CVE-2025-38565,CVE-2025-38684,CVE-2025-40044,CVE-2025-40 139,CVE-2025-40257,CVE-2025-40300,CVE-2025-68183,CVE-2025-68284,CVE-2025-68285,CVE-2025-68312,CVE-2025-68771,CVE-2025-68813,CVE-2025-71085,CVE-2025-71089,CVE-2025-71112,CVE-2025-71116,CVE-2025-71120,CVE-2026-22999,CVE-2026-23001 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483). - CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). The following non security issues were fixed: - Revert 'ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582)'. - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087 bsc#1254447). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86: make page fault handling disable interrupts properly (git-fixes). The following package changes have been done: - kernel-rt-5.14.21-150500.13.121.1 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:06:03 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:06:03 +0100 (CET) Subject: SUSE-IU-2026:978-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260214080603.C83CAFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:978-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.240 , suse/sle-micro/base-5.5:latest Image Release : 5.8.240 Severity : moderate Type : security References : 1255731 1255732 1255733 1255734 1256105 CVE-2025-14017 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). The following package changes have been done: - libcurl4-8.14.1-150400.5.77.1 updated - curl-8.14.1-150400.5.77.1 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:07:51 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:07:51 +0100 (CET) Subject: SUSE-IU-2026:979-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260214080751.87999FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:979-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.463 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.463 Severity : moderate Type : security References : 1255731 1255732 1255733 1255734 1256105 CVE-2025-14017 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:508-1 Released: Fri Feb 13 15:50:21 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,1256105,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). The following package changes have been done: - libcurl4-8.14.1-150400.5.77.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.240 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:13:45 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:13:45 +0100 (CET) Subject: SUSE-IU-2026:981-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260214081345.34297FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:981-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.123 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.123 Severity : moderate Type : security References : 1257144 1257496 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 576 Released: Fri Feb 13 17:46:23 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). The following package changes have been done: - libexpat1-2.7.1-4.1 updated - SL-Micro-release-6.0-25.67 updated - container:SL-Micro-base-container-2.1.3-7.92 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:14:56 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:14:56 +0100 (CET) Subject: SUSE-IU-2026:982-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260214081456.DB944FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:982-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.92 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.92 Severity : moderate Type : security References : 1257144 1257496 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 576 Released: Fri Feb 13 17:46:23 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). The following package changes have been done: - libexpat1-2.7.1-4.1 updated - SL-Micro-release-6.0-25.67 updated - container:suse-toolbox-image-1.0.0-9.65 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:16:13 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:16:13 +0100 (CET) Subject: SUSE-IU-2026:983-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260214081613.BEBC5FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:983-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.110 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.110 Severity : moderate Type : security References : 1257144 1257496 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 576 Released: Fri Feb 13 17:46:23 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). The following package changes have been done: - libexpat1-2.7.1-4.1 updated - SL-Micro-release-6.0-25.67 updated - container:SL-Micro-base-container-2.1.3-7.92 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:17:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:17:33 +0100 (CET) Subject: SUSE-IU-2026:984-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260214081733.E1FE2FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:984-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.124 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.124 Severity : moderate Type : security References : 1257144 1257496 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 576 Released: Fri Feb 13 17:46:23 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). The following package changes have been done: - libexpat1-2.7.1-4.1 updated - SL-Micro-release-6.0-25.67 updated - container:SL-Micro-container-2.1.3-6.123 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:21:18 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:21:18 +0100 (CET) Subject: SUSE-CU-2026:932-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20260214082118.8772AFD07@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:932-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.65 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.65 Severity : moderate Type : security References : 1257144 1257496 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 576 Released: Fri Feb 13 17:46:23 2026 Summary: Security update for expat Type: security Severity: moderate References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). The following package changes have been done: - SL-Micro-release-6.0-25.67 updated - libexpat1-2.7.1-4.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.66 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:22:13 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:22:13 +0100 (CET) Subject: SUSE-IU-2026:985-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20260214082213.B0BD4FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:985-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.54 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.54 Severity : moderate Type : recommended References : 1228081 1243226 1254293 1256427 CVE-2025-6018 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 386 Released: Fri Feb 13 15:09:31 2026 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1228081,1243226,1254293,1256427,CVE-2025-6018 This update for systemd fixes the following issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) The following package changes have been done: - libudev1-254.27-slfo.1.1_3.1 updated - libsystemd0-254.27-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.12.7 updated - systemd-254.27-slfo.1.1_3.1 updated - udev-254.27-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.1-5.75 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:23:15 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:23:15 +0100 (CET) Subject: SUSE-IU-2026:986-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20260214082315.660C3FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:986-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.75 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.75 Severity : moderate Type : recommended References : 1228081 1243226 1254293 1256427 CVE-2025-6018 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 386 Released: Fri Feb 13 15:09:31 2026 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1228081,1243226,1254293,1256427,CVE-2025-6018 This update for systemd fixes the following issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) The following package changes have been done: - libudev1-254.27-slfo.1.1_3.1 updated - libsystemd0-254.27-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.12.7 updated - systemd-254.27-slfo.1.1_3.1 updated - udev-254.27-slfo.1.1_3.1 updated - container:suse-toolbox-image-1.0.0-5.4 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:24:30 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:24:30 +0100 (CET) Subject: SUSE-IU-2026:987-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260214082430.533C4FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:987-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.77 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.77 Severity : moderate Type : recommended References : 1228081 1243226 1254293 1256427 CVE-2025-6018 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 386 Released: Fri Feb 13 15:09:31 2026 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1228081,1243226,1254293,1256427,CVE-2025-6018 This update for systemd fixes the following issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) The following package changes have been done: - libudev1-254.27-slfo.1.1_3.1 updated - libsystemd0-254.27-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.12.7 updated - systemd-254.27-slfo.1.1_3.1 updated - udev-254.27-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.1-5.75 updated From sle-container-updates at lists.suse.com Sat Feb 14 08:25:43 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 14 Feb 2026 09:25:43 +0100 (CET) Subject: SUSE-IU-2026:988-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260214082543.2304DFD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:988-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.68 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.68 Severity : moderate Type : recommended References : 1228081 1243226 1254293 1256427 CVE-2025-6018 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 386 Released: Fri Feb 13 15:09:31 2026 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1228081,1243226,1254293,1256427,CVE-2025-6018 This update for systemd fixes the following issues: - Name libsystemd-{shared,core} based on the major version of systemd and the package release number (bsc#1228081, bsc#1256427) This way, both the old and new versions of the shared libraries will be present during the update. This should prevent issues during package updates when incompatible changes are introduced in the new versions of the shared libraries. - detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293) The following package changes have been done: - libudev1-254.27-slfo.1.1_3.1 updated - libsystemd0-254.27-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.12.7 updated - systemd-254.27-slfo.1.1_3.1 updated - udev-254.27-slfo.1.1_3.1 updated - container:SL-Micro-container-2.2.1-7.54 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:05:16 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:05:16 +0100 (CET) Subject: SUSE-IU-2026:1002-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260217080516.6D00BFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1002-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.124 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.124 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 578 Released: Mon Feb 16 09:28:24 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-11.1 updated - SL-Micro-release-6.0-25.68 updated - container:SL-Micro-base-container-2.1.3-7.93 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:05:17 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:05:17 +0100 (CET) Subject: SUSE-IU-2026:1003-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260217080517.5228FFD9A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1003-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.125 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.125 Severity : important Type : security References : 1256389 1257049 1257353 1257354 1257355 1257396 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24882 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 582 Released: Mon Feb 16 15:21:49 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1256389,1257396,CVE-2026-24882 This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389). ----------------------------------------------------------------- Advisory ID: 579 Released: Mon Feb 16 15:25:53 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,1257353,1257354,1257355,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - SL-Micro-release-6.0-25.69 updated - libglib-2_0-0-2.76.2-12.1 updated - libgobject-2_0-0-2.76.2-12.1 updated - libgmodule-2_0-0-2.76.2-12.1 updated - libgio-2_0-0-2.76.2-12.1 updated - glib2-tools-2.76.2-12.1 updated - gpg2-2.4.4-7.1 updated - container:SL-Micro-base-container-2.1.3-7.94 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:06:28 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:06:28 +0100 (CET) Subject: SUSE-IU-2026:1004-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260217080628.C8849FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1004-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.93 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.93 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 578 Released: Mon Feb 16 09:28:24 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-11.1 updated - SL-Micro-release-6.0-25.68 updated - container:suse-toolbox-image-1.0.0-9.66 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:06:29 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:06:29 +0100 (CET) Subject: SUSE-IU-2026:1005-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20260217080629.C1674FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1005-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.94 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.94 Severity : important Type : security References : 1256389 1257049 1257353 1257354 1257355 1257396 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24882 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 582 Released: Mon Feb 16 15:21:49 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1256389,1257396,CVE-2026-24882 This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389). ----------------------------------------------------------------- Advisory ID: 579 Released: Mon Feb 16 15:25:53 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,1257353,1257354,1257355,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - SL-Micro-release-6.0-25.69 updated - libglib-2_0-0-2.76.2-12.1 updated - libgobject-2_0-0-2.76.2-12.1 updated - libgmodule-2_0-0-2.76.2-12.1 updated - libgio-2_0-0-2.76.2-12.1 updated - glib2-tools-2.76.2-12.1 updated - gpg2-2.4.4-7.1 updated - container:suse-toolbox-image-1.0.0-9.67 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:07:46 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:07:46 +0100 (CET) Subject: SUSE-IU-2026:1006-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260217080746.0654AFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1006-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.111 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.111 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 578 Released: Mon Feb 16 09:28:24 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-11.1 updated - SL-Micro-release-6.0-25.68 updated - container:SL-Micro-base-container-2.1.3-7.93 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:07:47 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:07:47 +0100 (CET) Subject: SUSE-IU-2026:1007-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260217080747.0648EFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1007-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.112 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.112 Severity : important Type : security References : 1257049 1257353 1257354 1257355 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 579 Released: Mon Feb 16 15:25:53 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,1257353,1257354,1257355,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - SL-Micro-release-6.0-25.69 updated - libglib-2_0-0-2.76.2-12.1 updated - libgobject-2_0-0-2.76.2-12.1 updated - libgmodule-2_0-0-2.76.2-12.1 updated - libgio-2_0-0-2.76.2-12.1 updated - glib2-tools-2.76.2-12.1 updated - container:SL-Micro-base-container-2.1.3-7.94 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:09:08 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:09:08 +0100 (CET) Subject: SUSE-IU-2026:1008-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260217080908.2B018FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1008-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.125 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.125 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 578 Released: Mon Feb 16 09:28:24 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-11.1 updated - SL-Micro-release-6.0-25.68 updated - container:SL-Micro-container-2.1.3-6.124 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:09:09 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:09:09 +0100 (CET) Subject: SUSE-IU-2026:1009-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20260217080909.28469FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1009-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.126 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.126 Severity : important Type : security References : 1257049 1257353 1257354 1257355 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 579 Released: Mon Feb 16 15:25:53 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,1257353,1257354,1257355,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - SL-Micro-release-6.0-25.69 updated - libglib-2_0-0-2.76.2-12.1 updated - libgobject-2_0-0-2.76.2-12.1 updated - libgmodule-2_0-0-2.76.2-12.1 updated - libgio-2_0-0-2.76.2-12.1 updated - glib2-tools-2.76.2-12.1 updated - container:SL-Micro-container-2.1.3-6.125 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:12:59 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:12:59 +0100 (CET) Subject: SUSE-CU-2026:1010-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20260217081300.00D51FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:1010-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.66 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.66 Severity : moderate Type : security References : 1256805 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 578 Released: Mon Feb 16 09:28:24 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - SL-Micro-release-6.0-25.68 updated - libxml2-2-2.11.6-11.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.67 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:13:00 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:13:00 +0100 (CET) Subject: SUSE-CU-2026:1011-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20260217081300.EFB54FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:1011-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.67 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.67 Severity : important Type : security References : 1256389 1257049 1257353 1257354 1257355 1257396 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24882 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 582 Released: Mon Feb 16 15:21:49 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1256389,1257396,CVE-2026-24882 This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389). ----------------------------------------------------------------- Advisory ID: 579 Released: Mon Feb 16 15:25:53 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257049,1257353,1257354,1257355,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - SL-Micro-release-6.0-25.69 updated - gpg2-2.4.4-7.1 updated - libglib-2_0-0-2.76.2-12.1 updated - libgmodule-2_0-0-2.76.2-12.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.68 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:13:53 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:13:53 +0100 (CET) Subject: SUSE-IU-2026:1010-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20260217081353.4D66FFD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1010-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.56 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.56 Severity : moderate Type : security References : 1236621 1236877 1238686 1238849 1238929 1240626 1240698 1242174 1243105 1243268 1243274 1243297 1243802 1244561 1244564 1244565 1244566 1244567 1244568 1244570 1244571 1244572 1244574 1244575 1256805 CVE-2024-38822 CVE-2024-38823 CVE-2024-38824 CVE-2024-38825 CVE-2025-22236 CVE-2025-22237 CVE-2025-22238 CVE-2025-22239 CVE-2025-22240 CVE-2025-22241 CVE-2025-22242 CVE-2025-22870 CVE-2025-47287 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 392 Released: Mon Feb 16 09:18:45 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1236621,1236877,1238686,1238849,1238929,1240626,1240698,1242174,1243105,1243268,1243274,1243297,1243802,1244561,1244564,1244565,1244566,1244567,1244568,1244570,1244571,1244572,1244574,1244575,1256805,CVE-2024-38822,CVE-2024-38823,CVE-2024-38824,CVE-2024-38825,CVE-2025-22236,CVE-2025-22237,CVE-2025-22238,CVE-2025-22239,CVE-2025-22240,CVE-2025-22241,CVE-2025-22242,CVE-2025-22870,CVE-2025-47287,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_7.1 updated - libopenssl3-3.1.4-slfo.1.1_8.1 updated - SL-Micro-release-6.1-slfo.1.12.9 updated - python311-base-3.11.14-slfo.1.1_2.1 updated - libpython3_11-1_0-3.11.14-slfo.1.1_2.1 updated - python311-3.11.14-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.1-5.77 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:14:58 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:14:58 +0100 (CET) Subject: SUSE-IU-2026:1011-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20260217081458.C150DFD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1011-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.77 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.77 Severity : moderate Type : security References : 1236621 1236877 1238686 1238849 1238929 1240626 1240698 1242174 1243105 1243268 1243274 1243297 1243802 1244561 1244564 1244565 1244566 1244567 1244568 1244570 1244571 1244572 1244574 1244575 1256805 CVE-2024-38822 CVE-2024-38823 CVE-2024-38824 CVE-2024-38825 CVE-2025-22236 CVE-2025-22237 CVE-2025-22238 CVE-2025-22239 CVE-2025-22240 CVE-2025-22241 CVE-2025-22242 CVE-2025-22870 CVE-2025-47287 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 392 Released: Mon Feb 16 09:18:45 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1236621,1236877,1238686,1238849,1238929,1240626,1240698,1242174,1243105,1243268,1243274,1243297,1243802,1244561,1244564,1244565,1244566,1244567,1244568,1244570,1244571,1244572,1244574,1244575,1256805,CVE-2024-38822,CVE-2024-38823,CVE-2024-38824,CVE-2024-38825,CVE-2025-22236,CVE-2025-22237,CVE-2025-22238,CVE-2025-22239,CVE-2025-22240,CVE-2025-22241,CVE-2025-22242,CVE-2025-22870,CVE-2025-47287,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_7.1 updated - libopenssl3-3.1.4-slfo.1.1_8.1 updated - SL-Micro-release-6.1-slfo.1.12.9 updated - openssl-3-3.1.4-slfo.1.1_8.1 updated - container:suse-toolbox-image-1.0.0-5.6 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:16:05 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:16:05 +0100 (CET) Subject: SUSE-IU-2026:1012-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260217081605.9E865FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1012-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.79 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.79 Severity : moderate Type : security References : 1236621 1236877 1238686 1238849 1238929 1240626 1240698 1242174 1243105 1243268 1243274 1243297 1243802 1244561 1244564 1244565 1244566 1244567 1244568 1244570 1244571 1244572 1244574 1244575 1256805 CVE-2024-38822 CVE-2024-38823 CVE-2024-38824 CVE-2024-38825 CVE-2025-22236 CVE-2025-22237 CVE-2025-22238 CVE-2025-22239 CVE-2025-22240 CVE-2025-22241 CVE-2025-22242 CVE-2025-22870 CVE-2025-47287 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 392 Released: Mon Feb 16 09:18:45 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1236621,1236877,1238686,1238849,1238929,1240626,1240698,1242174,1243105,1243268,1243274,1243297,1243802,1244561,1244564,1244565,1244566,1244567,1244568,1244570,1244571,1244572,1244574,1244575,1256805,CVE-2024-38822,CVE-2024-38823,CVE-2024-38824,CVE-2024-38825,CVE-2025-22236,CVE-2025-22237,CVE-2025-22238,CVE-2025-22239,CVE-2025-22240,CVE-2025-22241,CVE-2025-22242,CVE-2025-22870,CVE-2025-47287,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_7.1 updated - libopenssl3-3.1.4-slfo.1.1_8.1 updated - SL-Micro-release-6.1-slfo.1.12.9 updated - container:SL-Micro-base-container-2.2.1-5.77 updated From sle-container-updates at lists.suse.com Tue Feb 17 08:17:14 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 09:17:14 +0100 (CET) Subject: SUSE-IU-2026:1013-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260217081714.44A03FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1013-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.70 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.70 Severity : moderate Type : security References : 1236621 1236877 1238686 1238849 1238929 1240626 1240698 1242174 1243105 1243268 1243274 1243297 1243802 1244561 1244564 1244565 1244566 1244567 1244568 1244570 1244571 1244572 1244574 1244575 1256805 CVE-2024-38822 CVE-2024-38823 CVE-2024-38824 CVE-2024-38825 CVE-2025-22236 CVE-2025-22237 CVE-2025-22238 CVE-2025-22239 CVE-2025-22240 CVE-2025-22241 CVE-2025-22242 CVE-2025-22870 CVE-2025-47287 CVE-2026-0989 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 392 Released: Mon Feb 16 09:18:45 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1236621,1236877,1238686,1238849,1238929,1240626,1240698,1242174,1243105,1243268,1243274,1243297,1243802,1244561,1244564,1244565,1244566,1244567,1244568,1244570,1244571,1244572,1244574,1244575,1256805,CVE-2024-38822,CVE-2024-38823,CVE-2024-38824,CVE-2024-38825,CVE-2025-22236,CVE-2025-22237,CVE-2025-22238,CVE-2025-22239,CVE-2025-22240,CVE-2025-22241,CVE-2025-22242,CVE-2025-22870,CVE-2025-47287,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_7.1 updated - libopenssl3-3.1.4-slfo.1.1_8.1 updated - SL-Micro-release-6.1-slfo.1.12.9 updated - container:SL-Micro-container-2.2.1-7.56 updated From sle-container-updates at lists.suse.com Tue Feb 17 14:01:15 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 15:01:15 +0100 (CET) Subject: SUSE-IU-2026:1018-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20260217140115.72D13FD85@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1018-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.127 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.127 Severity : important Type : security References : 1237421 1256483 CVE-2025-24965 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 586 Released: Tue Feb 17 09:39:43 2026 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1256483 This update for kernel-firmware fixes the following issues: - Update AMD ucode to 20251203 (bsc#1256483) ----------------------------------------------------------------- Advisory ID: 588 Released: Tue Feb 17 09:51:47 2026 Summary: Security update for crun Type: security Severity: important References: 1237421,CVE-2025-24965 This update for crun fixes the following issues: - CVE-2025-24965: .krun_config.json symlink attack creates or overwrites file on the host (bsc#1237421). The following package changes have been done: - kernel-firmware-amdgpu-20241128-2.1 updated - kernel-firmware-ath10k-20241128-2.1 updated - kernel-firmware-ath11k-20241128-2.1 updated - kernel-firmware-ath12k-20241128-2.1 updated - kernel-firmware-atheros-20241128-2.1 updated - kernel-firmware-bluetooth-20241128-2.1 updated - kernel-firmware-bnx2-20241128-2.1 updated - kernel-firmware-brcm-20241128-2.1 updated - kernel-firmware-chelsio-20241128-2.1 updated - kernel-firmware-dpaa2-20241128-2.1 updated - kernel-firmware-i915-20241128-2.1 updated - kernel-firmware-intel-20241128-2.1 updated - kernel-firmware-iwlwifi-20241128-2.1 updated - kernel-firmware-liquidio-20241128-2.1 updated - kernel-firmware-marvell-20241128-2.1 updated - kernel-firmware-media-20241128-2.1 updated - kernel-firmware-mediatek-20241128-2.1 updated - kernel-firmware-mellanox-20241128-2.1 updated - kernel-firmware-mwifiex-20241128-2.1 updated - kernel-firmware-network-20241128-2.1 updated - kernel-firmware-nfp-20241128-2.1 updated - kernel-firmware-nvidia-20241128-2.1 updated - kernel-firmware-platform-20241128-2.1 updated - kernel-firmware-prestera-20241128-2.1 updated - kernel-firmware-qcom-20241128-2.1 updated - kernel-firmware-qlogic-20241128-2.1 updated - kernel-firmware-radeon-20241128-2.1 updated - kernel-firmware-realtek-20241128-2.1 updated - kernel-firmware-serial-20241128-2.1 updated - kernel-firmware-sound-20241128-2.1 updated - kernel-firmware-ti-20241128-2.1 updated - kernel-firmware-ueagle-20241128-2.1 updated - kernel-firmware-usb-network-20241128-2.1 updated - kernel-firmware-all-20241128-2.1 updated - crun-1.14-2.1 updated From sle-container-updates at lists.suse.com Tue Feb 17 14:07:21 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 15:07:21 +0100 (CET) Subject: SUSE-IU-2026:1020-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20260217140721.C6392FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1020-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.57 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.57 Severity : important Type : security References : 1198146 1219386 1233421 1243767 1248988 1254297 1254662 1254878 1256389 1256483 1257049 1257353 1257354 1257355 1257396 619225 CVE-2022-1210 CVE-2022-31022 CVE-2023-42818 CVE-2023-5992 CVE-2024-10975 CVE-2024-52615 CVE-2025-0913 CVE-2025-1296 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-22874 CVE-2025-25207 CVE-2025-25208 CVE-2025-4128 CVE-2025-4573 CVE-2025-46721 CVE-2025-4673 CVE-2025-47950 CVE-2025-49011 CVE-2025-49136 CVE-2025-49140 CVE-2025-5278 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24882 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 407 Released: Tue Feb 17 10:37:09 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1256389,1257396,CVE-2026-24882 This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389). ----------------------------------------------------------------- Advisory ID: 397 Released: Tue Feb 17 10:42:11 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1198146,1233421,CVE-2022-1210,CVE-2024-52615 This update for avahi fixes the following issues: - CVE-2024-52615: Fixed possible DNS response injection via the use of fixed source ports for wide-area DNS queries (bsc#1233421). ----------------------------------------------------------------- Advisory ID: 406 Released: Tue Feb 17 10:43:04 2026 Summary: Recommended update for podman Type: recommended Severity: moderate References: 1219386,1248988,CVE-2023-5992 This update for podman fixes the following issues: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) ----------------------------------------------------------------- Advisory ID: 405 Released: Tue Feb 17 10:46:35 2026 Summary: Security update for glib2 Type: security Severity: important References: 1243767,1254297,1254662,1254878,1257049,1257353,1257354,1257355,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512,CVE-2025-5278,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in g_escape_uri_string() (bsc#1254297). - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662). - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878). - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: 396 Released: Tue Feb 17 10:52:11 2026 Summary: Security update for kernel-firmware Type: security Severity: important References: 1256483,619225,CVE-2022-31022,CVE-2023-42818,CVE-2024-10975,CVE-2025-0913,CVE-2025-1296,CVE-2025-22874,CVE-2025-25207,CVE-2025-25208,CVE-2025-4128,CVE-2025-4573,CVE-2025-46721,CVE-2025-4673,CVE-2025-47950,CVE-2025-49011,CVE-2025-49136,CVE-2025-49140 This update for kernel-firmware fixes the following issues: - Update AMD ucode to 20251203 (bsc#1256483) The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.12.10 updated - libglib-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_6.1 updated - glib2-tools-2.78.6-slfo.1.1_6.1 updated - gpg2-2.4.4-slfo.1.1_7.1 updated - kernel-firmware-amdgpu-20241128-slfo.1.1_2.1 updated - kernel-firmware-ath10k-20241128-slfo.1.1_2.1 updated - kernel-firmware-ath11k-20241128-slfo.1.1_2.1 updated - kernel-firmware-ath12k-20241128-slfo.1.1_2.1 updated - kernel-firmware-atheros-20241128-slfo.1.1_2.1 updated - kernel-firmware-bluetooth-20241128-slfo.1.1_2.1 updated - kernel-firmware-bnx2-20241128-slfo.1.1_2.1 updated - kernel-firmware-brcm-20241128-slfo.1.1_2.1 updated - kernel-firmware-chelsio-20241128-slfo.1.1_2.1 updated - kernel-firmware-dpaa2-20241128-slfo.1.1_2.1 updated - kernel-firmware-i915-20241128-slfo.1.1_2.1 updated - kernel-firmware-intel-20241128-slfo.1.1_2.1 updated - kernel-firmware-iwlwifi-20241128-slfo.1.1_2.1 updated - kernel-firmware-liquidio-20241128-slfo.1.1_2.1 updated - kernel-firmware-marvell-20241128-slfo.1.1_2.1 updated - kernel-firmware-media-20241128-slfo.1.1_2.1 updated - kernel-firmware-mediatek-20241128-slfo.1.1_2.1 updated - kernel-firmware-mellanox-20241128-slfo.1.1_2.1 updated - kernel-firmware-mwifiex-20241128-slfo.1.1_2.1 updated - kernel-firmware-network-20241128-slfo.1.1_2.1 updated - kernel-firmware-nfp-20241128-slfo.1.1_2.1 updated - kernel-firmware-nvidia-20241128-slfo.1.1_2.1 updated - kernel-firmware-platform-20241128-slfo.1.1_2.1 updated - kernel-firmware-prestera-20241128-slfo.1.1_2.1 updated - kernel-firmware-qcom-20241128-slfo.1.1_2.1 updated - kernel-firmware-qlogic-20241128-slfo.1.1_2.1 updated - kernel-firmware-radeon-20241128-slfo.1.1_2.1 updated - kernel-firmware-realtek-20241128-slfo.1.1_2.1 updated - kernel-firmware-serial-20241128-slfo.1.1_2.1 updated - kernel-firmware-sound-20241128-slfo.1.1_2.1 updated - kernel-firmware-ti-20241128-slfo.1.1_2.1 updated - kernel-firmware-ueagle-20241128-slfo.1.1_2.1 updated - kernel-firmware-usb-network-20241128-slfo.1.1_2.1 updated - libavahi-common3-0.8-slfo.1.1_4.1 updated - kernel-firmware-all-20241128-slfo.1.1_2.1 updated - libavahi-core7-0.8-slfo.1.1_4.1 updated - libavahi-client3-0.8-slfo.1.1_4.1 updated - avahi-0.8-slfo.1.1_4.1 updated - podman-5.4.2-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.1-5.78 updated From sle-container-updates at lists.suse.com Tue Feb 17 14:08:37 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 15:08:37 +0100 (CET) Subject: SUSE-IU-2026:1021-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20260217140837.1F4B9FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1021-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.78 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.78 Severity : important Type : security References : 1240150 1241830 1242114 1243767 1243833 1244035 1245169 1246556 1248516 1254297 1254662 1254878 1256389 1257049 1257144 1257353 1257354 1257355 1257396 1257496 391434 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-22872 CVE-2025-5278 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24515 CVE-2026-24882 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 410 Released: Tue Feb 17 10:33:51 2026 Summary: Security update for expat Type: security Severity: important References: 1245169,1257144,1257496,391434,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). ----------------------------------------------------------------- Advisory ID: 407 Released: Tue Feb 17 10:37:09 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1256389,1257396,CVE-2026-24882 This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389). ----------------------------------------------------------------- Advisory ID: 398 Released: Tue Feb 17 10:40:29 2026 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1240150,1241830,1242114,1243833,1244035,1246556,1248516,CVE-2025-22872 This update for grub2 fixes the following issues: - Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * lib/crypto: Introduce new HMAC functions to reuse buffers * lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle * kern/misc: Implement faster grub_memcpy() for aligned buffers ----------------------------------------------------------------- Advisory ID: 405 Released: Tue Feb 17 10:46:35 2026 Summary: Security update for glib2 Type: security Severity: important References: 1243767,1254297,1254662,1254878,1257049,1257353,1257354,1257355,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512,CVE-2025-5278,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in g_escape_uri_string() (bsc#1254297). - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662). - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878). - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_4.1 updated - grub2-2.12-slfo.1.1_4.1 updated - grub2-i386-pc-2.12-slfo.1.1_4.1 updated - grub2-x86_64-efi-2.12-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.12.10 updated - libglib-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_6.1 updated - glib2-tools-2.78.6-slfo.1.1_6.1 updated - gpg2-2.4.4-slfo.1.1_7.1 updated - container:suse-toolbox-image-1.0.0-5.7 updated From sle-container-updates at lists.suse.com Tue Feb 17 14:09:59 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 15:09:59 +0100 (CET) Subject: SUSE-IU-2026:1022-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260217140959.CAB67FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1022-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.80 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.80 Severity : important Type : security References : 1243767 1245169 1254297 1254662 1254878 1257049 1257144 1257353 1257354 1257355 1257496 391434 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-5278 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 410 Released: Tue Feb 17 10:33:51 2026 Summary: Security update for expat Type: security Severity: important References: 1245169,1257144,1257496,391434,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). ----------------------------------------------------------------- Advisory ID: 405 Released: Tue Feb 17 10:46:35 2026 Summary: Security update for glib2 Type: security Severity: important References: 1243767,1254297,1254662,1254878,1257049,1257353,1257354,1257355,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512,CVE-2025-5278,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in g_escape_uri_string() (bsc#1254297). - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662). - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878). - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.12.10 updated - libglib-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_6.1 updated - glib2-tools-2.78.6-slfo.1.1_6.1 updated - container:SL-Micro-base-container-2.2.1-5.78 updated From sle-container-updates at lists.suse.com Tue Feb 17 14:11:24 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 17 Feb 2026 15:11:24 +0100 (CET) Subject: SUSE-IU-2026:1023-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20260217141124.8DD24FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1023-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.71 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.71 Severity : important Type : security References : 1243767 1245169 1254297 1254662 1254878 1257049 1257144 1257353 1257354 1257355 1257496 391434 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-5278 CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-24515 CVE-2026-25210 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 410 Released: Tue Feb 17 10:33:51 2026 Summary: Security update for expat Type: security Severity: important References: 1245169,1257144,1257496,391434,CVE-2026-24515,CVE-2026-25210 This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL dereference (bsc#1257144). - CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496). ----------------------------------------------------------------- Advisory ID: 405 Released: Tue Feb 17 10:46:35 2026 Summary: Security update for glib2 Type: security Severity: important References: 1243767,1254297,1254662,1254878,1257049,1257353,1257354,1257355,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512,CVE-2025-5278,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in g_escape_uri_string() (bsc#1254297). - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption (bsc#1254662). - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow (bsc#1254878). - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.12.10 updated - libglib-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgobject-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgmodule-2_0-0-2.78.6-slfo.1.1_6.1 updated - libgio-2_0-0-2.78.6-slfo.1.1_6.1 updated - glib2-tools-2.78.6-slfo.1.1_6.1 updated - container:SL-Micro-container-2.2.1-7.57 updated From sle-container-updates at lists.suse.com Sat Feb 7 08:03:20 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Feb 2026 09:03:20 +0100 (CET) Subject: SUSE-IU-2026:880-1: Security update of suse-sles-15-sp6-chost-byos-v20260205-x86_64-gen2 Message-ID: <20260207080320.D03D3FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20260205-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:880-1 Image Tags : suse-sles-15-sp6-chost-byos-v20260205-x86_64-gen2:20260205 Image Release : Severity : critical Type : security References : 1012628 1027519 1065729 1194869 1214635 1214847 1215146 1215211 1215344 1216062 1216436 1219165 1220419 1223731 1232223 1232351 1233655 1234163 1237888 1241284 1243474 1244003 1244011 1244937 1245193 1245193 1245449 1245667 1246011 1246025 1246328 1247076 1247079 1247500 1247500 1247509 1248807 1248886 1249256 1249547 1249657 1249912 1249982 1250176 1250224 1250237 1250252 1250334 1250655 1250664 1250705 1251120 1251271 1251786 1252046 1252063 1252267 1252303 1252318 1252338 1252342 1252353 1252681 1252686 1252692 1252763 1252773 1252776 1252780 1252794 1252795 1252808 1252809 1252817 1252821 1252824 1252836 1252845 1252861 1252862 1252912 1252917 1252919 1252928 1252973 1253018 1253155 1253176 1253262 1253275 1253318 1253324 1253342 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253386 1253393 1253395 1253402 1253403 1253407 1253408 1253409 1253412 1253413 1253416 1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436 1253438 1253440 1253441 1253442 1253445 1253448 1253449 1253453 1253456 1253458 1253463 1253472 1253647 1253779 1254119 1254126 1254157 1254158 1254159 1254160 1254180 1254297 1254373 1254400 1254401 1254425 1254480 1254518 1254520 1254599 1254606 1254611 1254613 1254615 1254621 1254623 1254624 1254626 1254648 1254649 1254653 1254655 1254657 1254660 1254661 1254662 1254663 1254666 1254669 1254677 1254678 1254688 1254690 1254691 1254693 1254695 1254698 1254701 1254704 1254705 1254707 1254712 1254715 1254717 1254723 1254724 1254732 1254733 1254737 1254739 1254742 1254743 1254749 1254750 1254753 1254754 1254758 1254761 1254762 1254765 1254782 1254791 1254793 1254795 1254796 1254797 1254798 1254813 1254828 1254829 1254832 1254840 1254843 1254847 1254850 1254851 1254858 1254860 1254878 1254894 1254918 1254957 1254959 1254983 1254997 1255005 1255009 1255026 1255033 1255034 1255035 1255041 1255046 1255057 1255062 1255064 1255065 1255068 1255072 1255075 1255077 1255083 1255092 1255094 1255100 1255122 1255135 1255146 1255149 1255152 1255154 1255155 1255163 1255167 1255169 1255171 1255182 1255187 1255190 1255193 1255197 1255199 1255202 1255203 1255206 1255209 1255218 1255221 1255233 1255245 1255246 1255251 1255252 1255253 1255259 1255274 1255276 1255279 1255280 1255281 1255325 1255329 1255351 1255415 1255480 1255483 1255489 1255493 1255495 1255505 1255538 1255540 1255545 1255549 1255550 1255553 1255557 1255558 1255563 1255564 1255570 1255578 1255579 1255580 1255583 1255591 1255601 1255603 1255605 1255611 1255616 1255617 1255618 1255621 1255628 1255629 1255630 1255632 1255636 1255688 1255691 1255702 1255704 1255706 1255715 1255722 1255731 1255732 1255733 1255734 1255758 1255759 1255760 1255763 1255765 1255769 1255770 1255772 1255774 1255775 1255776 1255780 1255785 1255786 1255789 1255790 1255792 1255793 1255795 1255798 1255800 1255801 1255806 1255807 1255809 1255810 1255812 1255814 1255820 1255838 1255842 1255843 1255872 1255875 1255879 1255883 1255884 1255886 1255888 1255890 1255891 1255892 1255899 1255902 1255907 1255911 1255915 1255918 1255921 1255924 1255925 1255931 1255932 1255934 1255943 1255944 1255949 1255951 1255952 1255955 1255957 1255961 1255963 1255964 1255967 1255974 1255978 1255984 1255988 1255990 1255992 1255993 1255994 1255996 1256033 1256034 1256045 1256050 1256058 1256071 1256074 1256081 1256082 1256083 1256084 1256085 1256090 1256093 1256094 1256095 1256096 1256099 1256100 1256104 1256105 1256106 1256107 1256117 1256119 1256121 1256145 1256153 1256178 1256197 1256231 1256233 1256234 1256238 1256243 1256244 1256246 1256263 1256267 1256268 1256271 1256273 1256274 1256279 1256285 1256291 1256292 1256300 1256301 1256302 1256335 1256341 1256348 1256351 1256354 1256358 1256361 1256364 1256367 1256368 1256369 1256370 1256371 1256373 1256375 1256379 1256387 1256390 1256394 1256395 1256396 1256437 1256498 1256499 1256500 1256525 1256526 1256528 1256745 1256747 1256766 1256805 1256822 1256830 1256834 1256834 1256835 1256835 1256836 1256836 1256837 1256837 1256838 1256838 1256839 1256839 1256840 1256840 1257005 1257049 1257353 1257354 1257355 1257364 1257365 510058 CVE-2022-50253 CVE-2023-42752 CVE-2023-53676 CVE-2023-53743 CVE-2023-53750 CVE-2023-53752 CVE-2023-53759 CVE-2023-53762 CVE-2023-53766 CVE-2023-53768 CVE-2023-53777 CVE-2023-53778 CVE-2023-53782 CVE-2023-53784 CVE-2023-53785 CVE-2023-53787 CVE-2023-53791 CVE-2023-53792 CVE-2023-53793 CVE-2023-53794 CVE-2023-53795 CVE-2023-53797 CVE-2023-53799 CVE-2023-53807 CVE-2023-53808 CVE-2023-53813 CVE-2023-53815 CVE-2023-53819 CVE-2023-53821 CVE-2023-53823 CVE-2023-53825 CVE-2023-53828 CVE-2023-53831 CVE-2023-53834 CVE-2023-53836 CVE-2023-53839 CVE-2023-53841 CVE-2023-53842 CVE-2023-53843 CVE-2023-53844 CVE-2023-53846 CVE-2023-53847 CVE-2023-53848 CVE-2023-53850 CVE-2023-53851 CVE-2023-53852 CVE-2023-53855 CVE-2023-53856 CVE-2023-53857 CVE-2023-53858 CVE-2023-53860 CVE-2023-53861 CVE-2023-53863 CVE-2023-53864 CVE-2023-53865 CVE-2023-53989 CVE-2023-53992 CVE-2023-53994 CVE-2023-53995 CVE-2023-53996 CVE-2023-53997 CVE-2023-53998 CVE-2023-53999 CVE-2023-54000 CVE-2023-54001 CVE-2023-54005 CVE-2023-54006 CVE-2023-54008 CVE-2023-54014 CVE-2023-54016 CVE-2023-54017 CVE-2023-54019 CVE-2023-54022 CVE-2023-54023 CVE-2023-54025 CVE-2023-54026 CVE-2023-54027 CVE-2023-54030 CVE-2023-54031 CVE-2023-54032 CVE-2023-54035 CVE-2023-54037 CVE-2023-54038 CVE-2023-54042 CVE-2023-54045 CVE-2023-54048 CVE-2023-54049 CVE-2023-54051 CVE-2023-54052 CVE-2023-54060 CVE-2023-54064 CVE-2023-54066 CVE-2023-54067 CVE-2023-54069 CVE-2023-54070 CVE-2023-54072 CVE-2023-54076 CVE-2023-54080 CVE-2023-54081 CVE-2023-54083 CVE-2023-54088 CVE-2023-54089 CVE-2023-54091 CVE-2023-54092 CVE-2023-54093 CVE-2023-54094 CVE-2023-54095 CVE-2023-54096 CVE-2023-54099 CVE-2023-54101 CVE-2023-54104 CVE-2023-54106 CVE-2023-54112 CVE-2023-54113 CVE-2023-54115 CVE-2023-54117 CVE-2023-54121 CVE-2023-54125 CVE-2023-54127 CVE-2023-54133 CVE-2023-54134 CVE-2023-54135 CVE-2023-54136 CVE-2023-54137 CVE-2023-54140 CVE-2023-54141 CVE-2023-54142 CVE-2023-54143 CVE-2023-54145 CVE-2023-54148 CVE-2023-54149 CVE-2023-54153 CVE-2023-54154 CVE-2023-54155 CVE-2023-54156 CVE-2023-54164 CVE-2023-54166 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54172 CVE-2023-54173 CVE-2023-54177 CVE-2023-54178 CVE-2023-54179 CVE-2023-54181 CVE-2023-54183 CVE-2023-54185 CVE-2023-54189 CVE-2023-54194 CVE-2023-54201 CVE-2023-54204 CVE-2023-54207 CVE-2023-54209 CVE-2023-54210 CVE-2023-54211 CVE-2023-54215 CVE-2023-54219 CVE-2023-54220 CVE-2023-54221 CVE-2023-54223 CVE-2023-54224 CVE-2023-54225 CVE-2023-54227 CVE-2023-54229 CVE-2023-54230 CVE-2023-54235 CVE-2023-54240 CVE-2023-54241 CVE-2023-54246 CVE-2023-54247 CVE-2023-54251 CVE-2023-54253 CVE-2023-54254 CVE-2023-54255 CVE-2023-54258 CVE-2023-54261 CVE-2023-54263 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267 CVE-2023-54271 CVE-2023-54276 CVE-2023-54278 CVE-2023-54281 CVE-2023-54282 CVE-2023-54283 CVE-2023-54285 CVE-2023-54289 CVE-2023-54291 CVE-2023-54292 CVE-2023-54293 CVE-2023-54296 CVE-2023-54297 CVE-2023-54299 CVE-2023-54300 CVE-2023-54302 CVE-2023-54303 CVE-2023-54304 CVE-2023-54309 CVE-2023-54312 CVE-2023-54313 CVE-2023-54314 CVE-2023-54315 CVE-2023-54316 CVE-2023-54318 CVE-2023-54319 CVE-2023-54322 CVE-2023-54324 CVE-2023-54326 CVE-2024-26944 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13601 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15467 CVE-2025-21710 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-37916 CVE-2025-38321 CVE-2025-38359 CVE-2025-38361 CVE-2025-38728 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39859 CVE-2025-39890 CVE-2025-39944 CVE-2025-39977 CVE-2025-39980 CVE-2025-40001 CVE-2025-40006 CVE-2025-40021 CVE-2025-40024 CVE-2025-40027 CVE-2025-40030 CVE-2025-40033 CVE-2025-40038 CVE-2025-40040 CVE-2025-40042 CVE-2025-40048 CVE-2025-40053 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40081 CVE-2025-40083 CVE-2025-40098 CVE-2025-40102 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40164 CVE-2025-40167 CVE-2025-40168 CVE-2025-40169 CVE-2025-40170 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40178 CVE-2025-40179 CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40187 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 CVE-2025-40211 CVE-2025-40215 CVE-2025-40219 CVE-2025-40220 CVE-2025-40223 CVE-2025-40233 CVE-2025-40242 CVE-2025-40244 CVE-2025-40256 CVE-2025-40258 CVE-2025-40262 CVE-2025-40263 CVE-2025-40269 CVE-2025-40272 CVE-2025-40273 CVE-2025-40275 CVE-2025-40277 CVE-2025-40280 CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40288 CVE-2025-40297 CVE-2025-40301 CVE-2025-40304 CVE-2025-40306 CVE-2025-40308 CVE-2025-40309 CVE-2025-40310 CVE-2025-40311 CVE-2025-40312 CVE-2025-40314 CVE-2025-40315 CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40320 CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328 CVE-2025-40329 CVE-2025-40331 CVE-2025-40342 CVE-2025-40343 CVE-2025-40345 CVE-2025-40349 CVE-2025-40351 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68160 CVE-2025-68168 CVE-2025-68172 CVE-2025-68176 CVE-2025-68180 CVE-2025-68183 CVE-2025-68185 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68217 CVE-2025-68218 CVE-2025-68222 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238 CVE-2025-68244 CVE-2025-68249 CVE-2025-68252 CVE-2025-68257 CVE-2025-68258 CVE-2025-68259 CVE-2025-68276 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289 CVE-2025-68290 CVE-2025-68303 CVE-2025-68305 CVE-2025-68307 CVE-2025-68308 CVE-2025-68312 CVE-2025-68313 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331 CVE-2025-68332 CVE-2025-68335 CVE-2025-68339 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68354 CVE-2025-68362 CVE-2025-68380 CVE-2025-68468 CVE-2025-68471 CVE-2025-68724 CVE-2025-68732 CVE-2025-68734 CVE-2025-68740 CVE-2025-68746 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758 CVE-2025-68759 CVE-2025-68765 CVE-2025-68766 CVE-2025-68973 CVE-2025-69418 CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420 CVE-2025-69421 CVE-2025-69421 CVE-2026-0861 CVE-2026-0915 CVE-2026-0988 CVE-2026-0989 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22695 CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796 CVE-2026-22801 CVE-2026-23553 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20260205-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4375-1 Released: Fri Dec 12 10:19:46 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.6.13 - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4378-1 Released: Fri Dec 12 10:37:36 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4422-1 Released: Wed Dec 17 11:52:45 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE -2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: don't preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:12-1 Released: Mon Jan 5 11:31:26 2026 Summary: Security update for xen Type: security Severity: important References: 1027519,1248807,1251271,1252692,1254180,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148,CVE-2025-58149 This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). - CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to out-of-bounds write through `vpmask_set()` (bsc#1251271). - CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds read through `send_ipi()` (bsc#1251271). - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:18-1 Released: Mon Jan 5 11:52:25 2026 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:36-1 Released: Tue Jan 6 11:22:39 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:50-1 Released: Wed Jan 7 10:28:14 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:77-1 Released: Thu Jan 8 20:03:59 2026 Summary: Security update for curl Type: security Severity: moderate References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:115-1 Released: Mon Jan 12 16:03:42 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:215-1 Released: Thu Jan 22 13:10:16 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix a memory leak in gpg2 agent (bsc#1256243). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:234-1 Released: Thu Jan 22 13:24:43 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1256525,1256526,CVE-2026-22695,CVE-2026-22801 This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525) - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:259-1 Released: Thu Jan 22 17:10:44 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:286-1 Released: Sat Jan 24 00:35:35 2026 Summary: Security update for glib2 Type: security Severity: low References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:293-1 Released: Mon Jan 26 12:36:40 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1194869,1214635,1214847,1215146,1215211,1215344,1216062,1216436,1219165,1220419,1223731,1234163,1245193,1245449,1246328,1247500,1248886,1249256,1250334,1252046,1252342,1252686,1252776,1252808,1252824,1252861,1252919,1252973,1253155,1253262,1253342,1253386,1253402,1253408,1253413,1253442,1253458,1253463,1253647,1254119,1254126,1254373,1254518,1254520,1254599,1254606,1254611,1254613,1254615,1254621,1254623,1254624,1254626,1254648,1254649,1254653,1254655,1254657,1254660,1254661,1254663,1254669,1254677,1254678,1254688,1254690,1254691,1254693,1254695,1254698,1254701,1254704,1254705,1254707,1254712,1254715,1254717,1254723,1254724,1254732,1254733,1254737,1254739,1254742,1254743,1254749,1254750,1254753,1254754,1254758,1254761,1254762,1254765,1254782,1254791,1254793,1254795,1254796,1254797,1254798,1254813,1254828,1254829,1254832,1254840,1254843,1254847,1254850,1254851,1254858,1254860,1254894,1254918,1254957,1254959,1254983,1255005,1255009,1255026,1255033,1255034,1 255035,1255041,1255046,1255057,1255062,1255064,1255065,1255068,1255072,1255075,1255077,1255083,1255092,1255094,1255100,1255122,1255135,1255146,1255149,1255152,1255154,1255155,1255163,1255167,1255169,1255171,1255182,1255187,1255190,1255193,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255221,1255233,1255245,1255246,1255251,1255252,1255253,1255259,1255274,1255276,1255279,1255280,1255281,1255325,1255329,1255351,1255415,1255480,1255483,1255489,1255493,1255495,1255505,1255538,1255540,1255545,1255549,1255550,1255553,1255557,1255558,1255563,1255564,1255570,1255578,1255579,1255580,1255583,1255591,1255601,1255603,1255605,1255611,1255616,1255617,1255618,1255621,1255628,1255629,1255630,1255632,1255636,1255688,1255691,1255702,1255704,1255706,1255722,1255758,1255759,1255760,1255763,1255769,1255770,1255772,1255774,1255775,1255776,1255780,1255785,1255786,1255789,1255790,1255792,1255793,1255795,1255798,1255800,1255801,1255806,1255807,1255809,1255810,1255812,1255814,1255820,1255838,125584 2,1255843,1255872,1255875,1255879,1255883,1255884,1255886,1255888,1255890,1255891,1255892,1255899,1255902,1255907,1255911,1255915,1255918,1255921,1255924,1255925,1255931,1255932,1255934,1255943,1255944,1255949,1255951,1255952,1255955,1255957,1255961,1255963,1255964,1255967,1255974,1255978,1255984,1255988,1255990,1255992,1255993,1255994,1255996,1256033,1256034,1256045,1256050,1256058,1256071,1256074,1256081,1256082,1256083,1256084,1256085,1256090,1256093,1256094,1256095,1256096,1256099,1256100,1256104,1256106,1256107,1256117,1256119,1256121,1256145,1256153,1256178,1256197,1256231,1256233,1256234,1256238,1256263,1256267,1256268,1256271,1256273,1256274,1256279,1256285,1256291,1256292,1256300,1256301,1256302,1256335,1256348,1256351,1256354,1256358,1256361,1256364,1256367,1256368,1256369,1256370,1256371,1256373,1256375,1256379,1256387,1256394,1256395,1256396,1256528,CVE-2023-42752,CVE-2023-53743,CVE-2023-53750,CVE-2023-53752,CVE-2023-53759,CVE-2023-53762,CVE-2023-53766,CVE-2023-53768,CVE -2023-53777,CVE-2023-53778,CVE-2023-53782,CVE-2023-53784,CVE-2023-53785,CVE-2023-53787,CVE-2023-53791,CVE-2023-53792,CVE-2023-53793,CVE-2023-53794,CVE-2023-53795,CVE-2023-53797,CVE-2023-53799,CVE-2023-53807,CVE-2023-53808,CVE-2023-53813,CVE-2023-53815,CVE-2023-53819,CVE-2023-53821,CVE-2023-53823,CVE-2023-53825,CVE-2023-53828,CVE-2023-53831,CVE-2023-53834,CVE-2023-53836,CVE-2023-53839,CVE-2023-53841,CVE-2023-53842,CVE-2023-53843,CVE-2023-53844,CVE-2023-53846,CVE-2023-53847,CVE-2023-53848,CVE-2023-53850,CVE-2023-53851,CVE-2023-53852,CVE-2023-53855,CVE-2023-53856,CVE-2023-53857,CVE-2023-53858,CVE-2023-53860,CVE-2023-53861,CVE-2023-53863,CVE-2023-53864,CVE-2023-53865,CVE-2023-53989,CVE-2023-53992,CVE-2023-53994,CVE-2023-53995,CVE-2023-53996,CVE-2023-53997,CVE-2023-53998,CVE-2023-53999,CVE-2023-54000,CVE-2023-54001,CVE-2023-54005,CVE-2023-54006,CVE-2023-54008,CVE-2023-54014,CVE-2023-54016,CVE-2023-54017,CVE-2023-54019,CVE-2023-54022,CVE-2023-54023,CVE-2023-54025,CVE-2023-54026,CVE-2023-5 4027,CVE-2023-54030,CVE-2023-54031,CVE-2023-54032,CVE-2023-54035,CVE-2023-54037,CVE-2023-54038,CVE-2023-54042,CVE-2023-54045,CVE-2023-54048,CVE-2023-54049,CVE-2023-54051,CVE-2023-54052,CVE-2023-54060,CVE-2023-54064,CVE-2023-54066,CVE-2023-54067,CVE-2023-54069,CVE-2023-54070,CVE-2023-54072,CVE-2023-54076,CVE-2023-54080,CVE-2023-54081,CVE-2023-54083,CVE-2023-54088,CVE-2023-54089,CVE-2023-54091,CVE-2023-54092,CVE-2023-54093,CVE-2023-54094,CVE-2023-54095,CVE-2023-54096,CVE-2023-54099,CVE-2023-54101,CVE-2023-54104,CVE-2023-54106,CVE-2023-54112,CVE-2023-54113,CVE-2023-54115,CVE-2023-54117,CVE-2023-54121,CVE-2023-54125,CVE-2023-54127,CVE-2023-54133,CVE-2023-54134,CVE-2023-54135,CVE-2023-54136,CVE-2023-54137,CVE-2023-54140,CVE-2023-54141,CVE-2023-54142,CVE-2023-54143,CVE-2023-54145,CVE-2023-54148,CVE-2023-54149,CVE-2023-54153,CVE-2023-54154,CVE-2023-54155,CVE-2023-54156,CVE-2023-54164,CVE-2023-54166,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54172,CVE-2023-54173,CVE-2023-54177,CV E-2023-54178,CVE-2023-54179,CVE-2023-54181,CVE-2023-54183,CVE-2023-54185,CVE-2023-54189,CVE-2023-54194,CVE-2023-54201,CVE-2023-54204,CVE-2023-54207,CVE-2023-54209,CVE-2023-54210,CVE-2023-54211,CVE-2023-54215,CVE-2023-54219,CVE-2023-54220,CVE-2023-54221,CVE-2023-54223,CVE-2023-54224,CVE-2023-54225,CVE-2023-54227,CVE-2023-54229,CVE-2023-54230,CVE-2023-54235,CVE-2023-54240,CVE-2023-54241,CVE-2023-54246,CVE-2023-54247,CVE-2023-54251,CVE-2023-54253,CVE-2023-54254,CVE-2023-54255,CVE-2023-54258,CVE-2023-54261,CVE-2023-54263,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54271,CVE-2023-54276,CVE-2023-54278,CVE-2023-54281,CVE-2023-54282,CVE-2023-54283,CVE-2023-54285,CVE-2023-54289,CVE-2023-54291,CVE-2023-54292,CVE-2023-54293,CVE-2023-54296,CVE-2023-54297,CVE-2023-54299,CVE-2023-54300,CVE-2023-54302,CVE-2023-54303,CVE-2023-54304,CVE-2023-54309,CVE-2023-54312,CVE-2023-54313,CVE-2023-54314,CVE-2023-54315,CVE-2023-54316,CVE-2023-54318,CVE-2023-54319,CVE-2023-54322,CVE-2023-54324,CVE-2023- 54326,CVE-2024-26944,CVE-2025-38321,CVE-2025-38728,CVE-2025-39890,CVE-2025-39977,CVE-2025-40006,CVE-2025-40024,CVE-2025-40033,CVE-2025-40042,CVE-2025-40053,CVE-2025-40081,CVE-2025-40102,CVE-2025-40134,CVE-2025-40135,CVE-2025-40153,CVE-2025-40158,CVE-2025-40167,CVE-2025-40170,CVE-2025-40178,CVE-2025-40179,CVE-2025-40187,CVE-2025-40211,CVE-2025-40215,CVE-2025-40219,CVE-2025-40220,CVE-2025-40223,CVE-2025-40233,CVE-2025-40242,CVE-2025-40244,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40269,CVE-2025-40272,CVE-2025-40273,CVE-2025-40275,CVE-2025-40277,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40288,CVE-2025-40297,CVE-2025-40301,CVE-2025-40304,CVE-2025-40306,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40312,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40331,CVE-2025-40342,C VE-2025-40343,CVE-2025-40345,CVE-2025-40349,CVE-2025-40351,CVE-2025-68168,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68183,CVE-2025-68185,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68217,CVE-2025-68218,CVE-2025-68222,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68303,CVE-2025-68305,CVE-2025-68307,CVE-2025-68308,CVE-2025-68312,CVE-2025-68313,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68354,CVE-2025-68362,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-68734,CVE-2025-68740,CVE-2025-68746,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). The following non security issues were fixed: - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes). - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes). - ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes). - ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes). - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes). - ALSA: uapi: Fix typo in asound.h comment (git-fixes). - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes). - ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes). - ASoC: ak4458: Disable regulator when error happens (git-fixes). - ASoC: ak5558: Disable regulator when error happens (git-fixes). - ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes). - ASoC: fsl_xcvr: clear the channel status control memory (git-fixes). - ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes). - ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes). - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: stm32: sai: fix OF node leak on probe (git-fixes). - ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes). - ASoC: stm32: sai: fix device leak on probe (git-fixes). - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes). - Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes). - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes). - Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes). - Documentation: hid-alps: Fix packet format section headings (git-fixes). - Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes). - HID: logitech-dj: Remove duplicate error logging (git-fixes). - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes). - Input: cros_ec_keyb - fix an invalid memory access (stable-fixes). - Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes). - Input: goodix - add support for ACPI ID GDX9110 (stable-fixes). - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes). - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes). - PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes). - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes). - Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes). - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes). - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: option: add Quectel RG255C (stable-fixes). - USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes). - USB: serial: option: add UNISOC UIS7720 (stable-fixes). - USB: serial: option: add support for Rolling RW101R-GL (stable-fixes). - USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes). - arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes). - arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes). - atm/fore200e: Fix possible data race in fore200e_open() (git-fixes). - atm: idt77252: Add missing `dma_map_error()` (stable-fixes). - backlight: led-bl: Add devlink to supplier LEDs (git-fixes). - backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes). - bs-upload-kernel: Fix cve branch uploads. - btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes). - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes). - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes). - can: sja1000: fix max irq loop handling (git-fixes). - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes). - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - cifs: after disabling multichannel, mark tcon for reconnect (git-fixes). - cifs: avoid redundant calls to disable multichannel (git-fixes). - cifs: cifs_pick_channel should try selecting active channels (git-fixes). - cifs: deal with the channel loading lag while picking channels (git-fixes). - cifs: dns resolution is needed only for primary channel (git-fixes). - cifs: do not disable interface polling on failure (git-fixes). - cifs: do not search for channel if server is terminating (git-fixes). - cifs: fix a pending undercount of srv_count (git-fixes). - cifs: fix lock ordering while disabling multichannel (git-fixes). - cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes). - cifs: fix use after free for iface while disabling secondary channels (git-fixes). - cifs: handle servers that still advertise multichannel after disabling (git-fixes). - cifs: handle when server starts supporting multichannel (git-fixes). - cifs: handle when server stops supporting multichannel (git-fixes). - cifs: make cifs_chan_update_iface() a void function (git-fixes). - cifs: make sure server interfaces are requested only for SMB3+ (git-fixes). - cifs: make sure that channel scaling is done only once (git-fixes). - cifs: reconnect worker should take reference on server struct unconditionally (git-fixes). - cifs: reset connections for all channels when reconnect requested (git-fixes). - cifs: reset iface weights when we cannot find a candidate (git-fixes). - cifs: serialize other channels when query server interfaces is pending (git-fixes). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes). - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes). - clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes). - comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes). - comedi: check device's attached status in compat ioctls (git-fixes). - comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes). - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes). - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes). - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes). - crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes). - crypto: hisilicon/qm - restore original qos values (git-fixes). - crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes). - crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes). - dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes). - dm-verity: fix unreliable memory allocation (git-fixes). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386). - drivers/usb/dwc3: fix PCI parent check (git-fixes). - drm/amd/display: Check NULL before accessing (stable-fixes). - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes). - drm/amd/display: Increase DPCD read retries (stable-fixes). - drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes). - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes). - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes). - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes). - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes). - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes). - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes). - drm/mgag200: Fix big-endian support (git-fixes). - drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes). - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes). - drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes). - drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes). - drm/nouveau: restrict the flush page to a 32-bit address (git-fixes). - drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes). - drm/vgem-fence: Fix potential deadlock on release (git-fixes). - drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes). - drm: sti: fix device leaks at component probe (git-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes). - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes). - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes). - fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes). - firmware: imx: scu-irq: fix OF node leak in (git-fixes). - firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes). - firmware: stratix10-svc: fix bug in saving controller data (git-fixes). - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes). - gpu: host1x: Fix race in syncpt alloc/free (git-fixes). - hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes). - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes). - i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes). - i2c: i2c.h: fix a bad kernel-doc line (git-fixes). - i3c: master: svc: Prevent incomplete IBI transaction (git-fixes). - iio: accel: bmc150: Fix irq assumption regression (stable-fixes). - iio: accel: fix ADXL355 startup race condition (git-fixes). - iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes). - iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes). - iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes). - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes). - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes). - iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes). - ima: Handle error code returned by ima_filter_rule_match() (git-fixes). - intel_th: Fix error handling in intel_th_output_open (git-fixes). - ipmi: Fix handling of messages with provided receive message pointer (git-fixes). - ipmi: Rework user message limit handling (git-fixes). - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes). - kconfig/mconf: Initialize the default locale at startup (stable-fixes). - kconfig/nconf: Initialize the default locale at startup (stable-fixes). - leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes). - leds: leds-lp50xx: Enable chip before any communication (git-fixes). - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes). - leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes). - lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes). - mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes). - media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes). - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes). - media: amphion: Cancel message work before releasing the VPU core (git-fixes). - media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - media: cec: Fix debugfs leak on bus_register() failure (git-fixes). - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes). - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes). - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes). - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes). - media: pvrusb2: Fix incorrect variable used in trace message (git-fixes). - media: rc: st_rc: Fix reset control resource leak (git-fixes). - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes). - media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes). - media: v4l2-mem2mem: Fix outdated documentation (git-fixes). - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes). - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes). - media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes). - media: vpif_capture: fix section mismatch (git-fixes). - media: vpif_display: fix section mismatch (git-fixes). - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes). - mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes). - mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes). - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes). - most: usb: fix double free on late probe failure (git-fixes). - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes). - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes). - mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes). - mtd: nand: relax ECC parameter validation check (git-fixes). - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes). - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes). - net: phy: adin1100: Fix software power-down ready condition (git-fixes). - net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes). - net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes). - nvme: Use non zero KATO for persistent discovery connections (git-fixes). - orangefs: fix xattr related buffer overflow.. (git-fixes). - phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes). - pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes). - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes). - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes). - platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes). - platform/x86: intel: punit_ipc: fix memory corruption (git-fixes). - power: supply: apm_power: only unset own apm_get_power_status (git-fixes). - power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes). - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes). - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes). - power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes). - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes). - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes). - regulator: core: disable supply if enabling main regulator fails (git-fixes). - rpmsg: glink: fix rpmsg device leak (git-fixes). - rtc: gamecube: Check the return value of ioremap() (git-fixes). - scripts: teaapi: Add paging. - scrits: teaapi: Add list_repos. - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes). - slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes). - smb3: add missing null server pointer check (git-fixes). - smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes). - smb: client: fix warning when reconnecting channel (git-fixes). - smb: client: introduce close_cached_dir_locked() (git-fixes). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - soc: amlogic: canvas: fix device leak on lookup (git-fixes). - soc: qcom: ocmem: fix device leak on lookup (git-fixes). - soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes). - spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes). - spi: bcm63xx: drop wrong casts in probe() (git-fixes). - spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes). - spi: tegra210-qspi: Remove cache operations (git-fixes). - spi: tegra210-quad: Add support for internal DMA (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (git-fixes). - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155). - spi: tegra210-quad: Update dummy sequence configuration (git-fixes). - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes). - thunderbolt: Add support for Intel Wildcat Lake (stable-fixes). - tracing: Fix access to trace_event_file (bsc#1254373). - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes). - usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes). - usb: chaoskey: fix locking for O_NONBLOCK (git-fixes). - usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes). - usb: dwc2: fix hang during suspend if set as peripheral (git-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes). - usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes). - usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes). - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes). - usb: phy: Initialize struct usb_phy list_head (git-fixes). - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes). - usb: raw-gadget: do not limit transfer length (git-fixes). - usb: storage: Fix memory leak in USB bulk transport (git-fixes). - usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes). - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes). - usb: udc: Add trace event for usb_gadget_set_state (stable-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes). - wifi: ath11k: fix peer HE MCS assignment (git-fixes). - wifi: ath11k: restore register window after global reset (git-fixes). - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes). - wifi: ieee80211: correct FILS status codes (git-fixes). - wifi: mac80211: fix CMAC functions not handling errors (git-fixes). - wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes). - wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes). - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes). - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - xhci: dbgtty: fix device unregister (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:306-1 Released: Tue Jan 27 17:15:18 2026 Summary: Security update for xen Type: security Severity: moderate References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:312-1 Released: Wed Jan 28 10:37:55 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:324-1 Released: Wed Jan 28 15:53:56 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425 This update for supportutils fixes the following issues: - Changes to version 3.2.12 * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11 * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:346-1 Released: Fri Jan 30 10:01:27 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:364-1 Released: Tue Feb 3 10:50:53 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1257364,1257365,CVE-2025-28162,CVE-2025-28164 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:373-1 Released: Wed Feb 4 03:50:41 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) The following package changes have been done: - curl-8.14.1-150600.4.37.1 updated - glib2-tools-2.78.6-150600.4.35.1 updated - glibc-locale-base-2.38-150600.14.40.1 updated - glibc-locale-2.38-150600.14.40.1 updated - glibc-2.38-150600.14.40.1 updated - gpg2-2.4.4-150600.3.12.1 updated - kernel-default-6.4.0-150600.23.84.1 updated - libavahi-client3-0.8-150600.15.12.1 updated - libavahi-common3-0.8-150600.15.12.1 updated - libblkid1-2.39.3-150600.4.15.1 updated - libcurl4-8.14.1-150600.4.37.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.9.3 updated - libfdisk1-2.39.3-150600.4.15.1 updated - libgio-2_0-0-2.78.6-150600.4.35.1 updated - libglib-2_0-0-2.78.6-150600.4.35.1 updated - libgmodule-2_0-0-2.78.6-150600.4.35.1 updated - libgobject-2_0-0-2.78.6-150600.4.35.1 updated - libmount1-2.39.3-150600.4.15.1 updated - libopenssl1_1-1.1.1w-150600.5.21.1 updated - libopenssl3-3.1.4-150600.5.42.1 updated - libpcap1-1.10.4-150600.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.40-150600.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.103.1 updated - libsmartcols1-2.39.3-150600.4.15.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libuuid1-2.39.3-150600.4.15.1 updated - libxml2-2-2.10.3-150500.5.35.1 updated - openssl-3-3.1.4-150600.5.42.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python3-base-3.6.15-150300.10.103.1 updated - python3-3.6.15-150300.10.103.1 updated - sles-release-15.6-150600.64.12.1 updated - supportutils-3.2.12.2-150600.3.9.1 updated - suse-module-tools-15.6.13-150600.3.14.2 updated - util-linux-systemd-2.39.3-150600.4.15.1 updated - util-linux-2.39.3-150600.4.15.1 updated - xen-libs-4.18.5_10-150600.3.37.1 updated From sle-container-updates at lists.suse.com Sat Feb 7 08:03:38 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Feb 2026 09:03:38 +0100 (CET) Subject: SUSE-IU-2026:881-1: Security update of suse-sles-15-sp6-chost-byos-v20260205-hvm-ssd-x86_64 Message-ID: <20260207080338.C29DCFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20260205-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:881-1 Image Tags : suse-sles-15-sp6-chost-byos-v20260205-hvm-ssd-x86_64:20260205 Image Release : Severity : critical Type : security References : 1012628 1027519 1065729 1194869 1214635 1214847 1215146 1215211 1215344 1216062 1216436 1219165 1220419 1223731 1232223 1232351 1233655 1234163 1237888 1241284 1243474 1244003 1244011 1244937 1245193 1245193 1245449 1245667 1246011 1246025 1246328 1247076 1247079 1247500 1247500 1247509 1248807 1248886 1249256 1249547 1249657 1249912 1249982 1250176 1250224 1250237 1250252 1250334 1250655 1250664 1250705 1251120 1251271 1251786 1252046 1252063 1252267 1252303 1252318 1252338 1252342 1252353 1252681 1252686 1252692 1252763 1252773 1252776 1252780 1252794 1252795 1252808 1252809 1252817 1252821 1252824 1252836 1252845 1252861 1252862 1252912 1252917 1252919 1252928 1252973 1253018 1253155 1253176 1253262 1253275 1253318 1253324 1253342 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253386 1253393 1253395 1253402 1253403 1253407 1253408 1253409 1253412 1253413 1253416 1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436 1253438 1253440 1253441 1253442 1253445 1253448 1253449 1253453 1253456 1253458 1253463 1253472 1253647 1253779 1254119 1254126 1254157 1254158 1254159 1254160 1254180 1254297 1254373 1254400 1254401 1254425 1254480 1254518 1254520 1254599 1254606 1254611 1254613 1254615 1254621 1254623 1254624 1254626 1254648 1254649 1254653 1254655 1254657 1254660 1254661 1254662 1254663 1254666 1254669 1254677 1254678 1254688 1254690 1254691 1254693 1254695 1254698 1254701 1254704 1254705 1254707 1254712 1254715 1254717 1254723 1254724 1254732 1254733 1254737 1254739 1254742 1254743 1254749 1254750 1254753 1254754 1254758 1254761 1254762 1254765 1254782 1254791 1254793 1254795 1254796 1254797 1254798 1254813 1254828 1254829 1254832 1254840 1254843 1254847 1254850 1254851 1254858 1254860 1254878 1254894 1254918 1254957 1254959 1254983 1254997 1255005 1255009 1255026 1255033 1255034 1255035 1255041 1255046 1255057 1255062 1255064 1255065 1255068 1255072 1255075 1255077 1255083 1255092 1255094 1255100 1255122 1255135 1255146 1255149 1255152 1255154 1255155 1255163 1255167 1255169 1255171 1255182 1255187 1255190 1255193 1255197 1255199 1255202 1255203 1255206 1255209 1255218 1255221 1255233 1255245 1255246 1255251 1255252 1255253 1255259 1255274 1255276 1255279 1255280 1255281 1255325 1255329 1255351 1255415 1255480 1255483 1255489 1255493 1255495 1255505 1255538 1255540 1255545 1255549 1255550 1255553 1255557 1255558 1255563 1255564 1255570 1255578 1255579 1255580 1255583 1255591 1255601 1255603 1255605 1255611 1255616 1255617 1255618 1255621 1255628 1255629 1255630 1255632 1255636 1255688 1255691 1255702 1255704 1255706 1255715 1255722 1255731 1255732 1255733 1255734 1255758 1255759 1255760 1255763 1255765 1255769 1255770 1255772 1255774 1255775 1255776 1255780 1255785 1255786 1255789 1255790 1255792 1255793 1255795 1255798 1255800 1255801 1255806 1255807 1255809 1255810 1255812 1255814 1255820 1255838 1255842 1255843 1255872 1255875 1255879 1255883 1255884 1255886 1255888 1255890 1255891 1255892 1255899 1255902 1255907 1255911 1255915 1255918 1255921 1255924 1255925 1255931 1255932 1255934 1255943 1255944 1255949 1255951 1255952 1255955 1255957 1255961 1255963 1255964 1255967 1255974 1255978 1255984 1255988 1255990 1255992 1255993 1255994 1255996 1256033 1256034 1256045 1256050 1256058 1256071 1256074 1256081 1256082 1256083 1256084 1256085 1256090 1256093 1256094 1256095 1256096 1256099 1256100 1256104 1256105 1256106 1256107 1256117 1256119 1256121 1256145 1256153 1256178 1256197 1256231 1256233 1256234 1256238 1256243 1256244 1256246 1256263 1256267 1256268 1256271 1256273 1256274 1256279 1256285 1256291 1256292 1256300 1256301 1256302 1256335 1256341 1256348 1256351 1256354 1256358 1256361 1256364 1256367 1256368 1256369 1256370 1256371 1256373 1256375 1256379 1256387 1256390 1256394 1256395 1256396 1256437 1256498 1256499 1256500 1256525 1256526 1256528 1256745 1256747 1256766 1256805 1256822 1256830 1256834 1256834 1256835 1256835 1256836 1256836 1256837 1256837 1256838 1256838 1256839 1256839 1256840 1256840 1257005 1257049 1257353 1257354 1257355 1257364 1257365 510058 CVE-2022-50253 CVE-2023-42752 CVE-2023-53676 CVE-2023-53743 CVE-2023-53750 CVE-2023-53752 CVE-2023-53759 CVE-2023-53762 CVE-2023-53766 CVE-2023-53768 CVE-2023-53777 CVE-2023-53778 CVE-2023-53782 CVE-2023-53784 CVE-2023-53785 CVE-2023-53787 CVE-2023-53791 CVE-2023-53792 CVE-2023-53793 CVE-2023-53794 CVE-2023-53795 CVE-2023-53797 CVE-2023-53799 CVE-2023-53807 CVE-2023-53808 CVE-2023-53813 CVE-2023-53815 CVE-2023-53819 CVE-2023-53821 CVE-2023-53823 CVE-2023-53825 CVE-2023-53828 CVE-2023-53831 CVE-2023-53834 CVE-2023-53836 CVE-2023-53839 CVE-2023-53841 CVE-2023-53842 CVE-2023-53843 CVE-2023-53844 CVE-2023-53846 CVE-2023-53847 CVE-2023-53848 CVE-2023-53850 CVE-2023-53851 CVE-2023-53852 CVE-2023-53855 CVE-2023-53856 CVE-2023-53857 CVE-2023-53858 CVE-2023-53860 CVE-2023-53861 CVE-2023-53863 CVE-2023-53864 CVE-2023-53865 CVE-2023-53989 CVE-2023-53992 CVE-2023-53994 CVE-2023-53995 CVE-2023-53996 CVE-2023-53997 CVE-2023-53998 CVE-2023-53999 CVE-2023-54000 CVE-2023-54001 CVE-2023-54005 CVE-2023-54006 CVE-2023-54008 CVE-2023-54014 CVE-2023-54016 CVE-2023-54017 CVE-2023-54019 CVE-2023-54022 CVE-2023-54023 CVE-2023-54025 CVE-2023-54026 CVE-2023-54027 CVE-2023-54030 CVE-2023-54031 CVE-2023-54032 CVE-2023-54035 CVE-2023-54037 CVE-2023-54038 CVE-2023-54042 CVE-2023-54045 CVE-2023-54048 CVE-2023-54049 CVE-2023-54051 CVE-2023-54052 CVE-2023-54060 CVE-2023-54064 CVE-2023-54066 CVE-2023-54067 CVE-2023-54069 CVE-2023-54070 CVE-2023-54072 CVE-2023-54076 CVE-2023-54080 CVE-2023-54081 CVE-2023-54083 CVE-2023-54088 CVE-2023-54089 CVE-2023-54091 CVE-2023-54092 CVE-2023-54093 CVE-2023-54094 CVE-2023-54095 CVE-2023-54096 CVE-2023-54099 CVE-2023-54101 CVE-2023-54104 CVE-2023-54106 CVE-2023-54112 CVE-2023-54113 CVE-2023-54115 CVE-2023-54117 CVE-2023-54121 CVE-2023-54125 CVE-2023-54127 CVE-2023-54133 CVE-2023-54134 CVE-2023-54135 CVE-2023-54136 CVE-2023-54137 CVE-2023-54140 CVE-2023-54141 CVE-2023-54142 CVE-2023-54143 CVE-2023-54145 CVE-2023-54148 CVE-2023-54149 CVE-2023-54153 CVE-2023-54154 CVE-2023-54155 CVE-2023-54156 CVE-2023-54164 CVE-2023-54166 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54172 CVE-2023-54173 CVE-2023-54177 CVE-2023-54178 CVE-2023-54179 CVE-2023-54181 CVE-2023-54183 CVE-2023-54185 CVE-2023-54189 CVE-2023-54194 CVE-2023-54201 CVE-2023-54204 CVE-2023-54207 CVE-2023-54209 CVE-2023-54210 CVE-2023-54211 CVE-2023-54215 CVE-2023-54219 CVE-2023-54220 CVE-2023-54221 CVE-2023-54223 CVE-2023-54224 CVE-2023-54225 CVE-2023-54227 CVE-2023-54229 CVE-2023-54230 CVE-2023-54235 CVE-2023-54240 CVE-2023-54241 CVE-2023-54246 CVE-2023-54247 CVE-2023-54251 CVE-2023-54253 CVE-2023-54254 CVE-2023-54255 CVE-2023-54258 CVE-2023-54261 CVE-2023-54263 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267 CVE-2023-54271 CVE-2023-54276 CVE-2023-54278 CVE-2023-54281 CVE-2023-54282 CVE-2023-54283 CVE-2023-54285 CVE-2023-54289 CVE-2023-54291 CVE-2023-54292 CVE-2023-54293 CVE-2023-54296 CVE-2023-54297 CVE-2023-54299 CVE-2023-54300 CVE-2023-54302 CVE-2023-54303 CVE-2023-54304 CVE-2023-54309 CVE-2023-54312 CVE-2023-54313 CVE-2023-54314 CVE-2023-54315 CVE-2023-54316 CVE-2023-54318 CVE-2023-54319 CVE-2023-54322 CVE-2023-54324 CVE-2023-54326 CVE-2024-26944 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13601 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15467 CVE-2025-21710 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-37916 CVE-2025-38321 CVE-2025-38359 CVE-2025-38361 CVE-2025-38728 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39859 CVE-2025-39890 CVE-2025-39944 CVE-2025-39977 CVE-2025-39980 CVE-2025-40001 CVE-2025-40006 CVE-2025-40021 CVE-2025-40024 CVE-2025-40027 CVE-2025-40030 CVE-2025-40033 CVE-2025-40038 CVE-2025-40040 CVE-2025-40042 CVE-2025-40048 CVE-2025-40053 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40081 CVE-2025-40083 CVE-2025-40098 CVE-2025-40102 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40164 CVE-2025-40167 CVE-2025-40168 CVE-2025-40169 CVE-2025-40170 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40178 CVE-2025-40179 CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40187 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 CVE-2025-40211 CVE-2025-40215 CVE-2025-40219 CVE-2025-40220 CVE-2025-40223 CVE-2025-40233 CVE-2025-40242 CVE-2025-40244 CVE-2025-40256 CVE-2025-40258 CVE-2025-40262 CVE-2025-40263 CVE-2025-40269 CVE-2025-40272 CVE-2025-40273 CVE-2025-40275 CVE-2025-40277 CVE-2025-40280 CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40288 CVE-2025-40297 CVE-2025-40301 CVE-2025-40304 CVE-2025-40306 CVE-2025-40308 CVE-2025-40309 CVE-2025-40310 CVE-2025-40311 CVE-2025-40312 CVE-2025-40314 CVE-2025-40315 CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40320 CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328 CVE-2025-40329 CVE-2025-40331 CVE-2025-40342 CVE-2025-40343 CVE-2025-40345 CVE-2025-40349 CVE-2025-40351 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68160 CVE-2025-68168 CVE-2025-68172 CVE-2025-68176 CVE-2025-68180 CVE-2025-68183 CVE-2025-68185 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68217 CVE-2025-68218 CVE-2025-68222 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238 CVE-2025-68244 CVE-2025-68249 CVE-2025-68252 CVE-2025-68257 CVE-2025-68258 CVE-2025-68259 CVE-2025-68276 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289 CVE-2025-68290 CVE-2025-68303 CVE-2025-68305 CVE-2025-68307 CVE-2025-68308 CVE-2025-68312 CVE-2025-68313 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331 CVE-2025-68332 CVE-2025-68335 CVE-2025-68339 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68354 CVE-2025-68362 CVE-2025-68380 CVE-2025-68468 CVE-2025-68471 CVE-2025-68724 CVE-2025-68732 CVE-2025-68734 CVE-2025-68740 CVE-2025-68746 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758 CVE-2025-68759 CVE-2025-68765 CVE-2025-68766 CVE-2025-68973 CVE-2025-69418 CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420 CVE-2025-69421 CVE-2025-69421 CVE-2026-0861 CVE-2026-0915 CVE-2026-0988 CVE-2026-0989 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22695 CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796 CVE-2026-22801 CVE-2026-23553 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20260205-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4375-1 Released: Fri Dec 12 10:19:46 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.6.13 - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4378-1 Released: Fri Dec 12 10:37:36 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4422-1 Released: Wed Dec 17 11:52:45 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE -2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: don't preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:12-1 Released: Mon Jan 5 11:31:26 2026 Summary: Security update for xen Type: security Severity: important References: 1027519,1248807,1251271,1252692,1254180,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148,CVE-2025-58149 This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). - CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to out-of-bounds write through `vpmask_set()` (bsc#1251271). - CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds read through `send_ipi()` (bsc#1251271). - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:18-1 Released: Mon Jan 5 11:52:25 2026 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:36-1 Released: Tue Jan 6 11:22:39 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:50-1 Released: Wed Jan 7 10:28:14 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:77-1 Released: Thu Jan 8 20:03:59 2026 Summary: Security update for curl Type: security Severity: moderate References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:115-1 Released: Mon Jan 12 16:03:42 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:215-1 Released: Thu Jan 22 13:10:16 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix a memory leak in gpg2 agent (bsc#1256243). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:234-1 Released: Thu Jan 22 13:24:43 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1256525,1256526,CVE-2026-22695,CVE-2026-22801 This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525) - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:259-1 Released: Thu Jan 22 17:10:44 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:286-1 Released: Sat Jan 24 00:35:35 2026 Summary: Security update for glib2 Type: security Severity: low References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:293-1 Released: Mon Jan 26 12:36:40 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1194869,1214635,1214847,1215146,1215211,1215344,1216062,1216436,1219165,1220419,1223731,1234163,1245193,1245449,1246328,1247500,1248886,1249256,1250334,1252046,1252342,1252686,1252776,1252808,1252824,1252861,1252919,1252973,1253155,1253262,1253342,1253386,1253402,1253408,1253413,1253442,1253458,1253463,1253647,1254119,1254126,1254373,1254518,1254520,1254599,1254606,1254611,1254613,1254615,1254621,1254623,1254624,1254626,1254648,1254649,1254653,1254655,1254657,1254660,1254661,1254663,1254669,1254677,1254678,1254688,1254690,1254691,1254693,1254695,1254698,1254701,1254704,1254705,1254707,1254712,1254715,1254717,1254723,1254724,1254732,1254733,1254737,1254739,1254742,1254743,1254749,1254750,1254753,1254754,1254758,1254761,1254762,1254765,1254782,1254791,1254793,1254795,1254796,1254797,1254798,1254813,1254828,1254829,1254832,1254840,1254843,1254847,1254850,1254851,1254858,1254860,1254894,1254918,1254957,1254959,1254983,1255005,1255009,1255026,1255033,1255034,1 255035,1255041,1255046,1255057,1255062,1255064,1255065,1255068,1255072,1255075,1255077,1255083,1255092,1255094,1255100,1255122,1255135,1255146,1255149,1255152,1255154,1255155,1255163,1255167,1255169,1255171,1255182,1255187,1255190,1255193,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255221,1255233,1255245,1255246,1255251,1255252,1255253,1255259,1255274,1255276,1255279,1255280,1255281,1255325,1255329,1255351,1255415,1255480,1255483,1255489,1255493,1255495,1255505,1255538,1255540,1255545,1255549,1255550,1255553,1255557,1255558,1255563,1255564,1255570,1255578,1255579,1255580,1255583,1255591,1255601,1255603,1255605,1255611,1255616,1255617,1255618,1255621,1255628,1255629,1255630,1255632,1255636,1255688,1255691,1255702,1255704,1255706,1255722,1255758,1255759,1255760,1255763,1255769,1255770,1255772,1255774,1255775,1255776,1255780,1255785,1255786,1255789,1255790,1255792,1255793,1255795,1255798,1255800,1255801,1255806,1255807,1255809,1255810,1255812,1255814,1255820,1255838,125584 2,1255843,1255872,1255875,1255879,1255883,1255884,1255886,1255888,1255890,1255891,1255892,1255899,1255902,1255907,1255911,1255915,1255918,1255921,1255924,1255925,1255931,1255932,1255934,1255943,1255944,1255949,1255951,1255952,1255955,1255957,1255961,1255963,1255964,1255967,1255974,1255978,1255984,1255988,1255990,1255992,1255993,1255994,1255996,1256033,1256034,1256045,1256050,1256058,1256071,1256074,1256081,1256082,1256083,1256084,1256085,1256090,1256093,1256094,1256095,1256096,1256099,1256100,1256104,1256106,1256107,1256117,1256119,1256121,1256145,1256153,1256178,1256197,1256231,1256233,1256234,1256238,1256263,1256267,1256268,1256271,1256273,1256274,1256279,1256285,1256291,1256292,1256300,1256301,1256302,1256335,1256348,1256351,1256354,1256358,1256361,1256364,1256367,1256368,1256369,1256370,1256371,1256373,1256375,1256379,1256387,1256394,1256395,1256396,1256528,CVE-2023-42752,CVE-2023-53743,CVE-2023-53750,CVE-2023-53752,CVE-2023-53759,CVE-2023-53762,CVE-2023-53766,CVE-2023-53768,CVE -2023-53777,CVE-2023-53778,CVE-2023-53782,CVE-2023-53784,CVE-2023-53785,CVE-2023-53787,CVE-2023-53791,CVE-2023-53792,CVE-2023-53793,CVE-2023-53794,CVE-2023-53795,CVE-2023-53797,CVE-2023-53799,CVE-2023-53807,CVE-2023-53808,CVE-2023-53813,CVE-2023-53815,CVE-2023-53819,CVE-2023-53821,CVE-2023-53823,CVE-2023-53825,CVE-2023-53828,CVE-2023-53831,CVE-2023-53834,CVE-2023-53836,CVE-2023-53839,CVE-2023-53841,CVE-2023-53842,CVE-2023-53843,CVE-2023-53844,CVE-2023-53846,CVE-2023-53847,CVE-2023-53848,CVE-2023-53850,CVE-2023-53851,CVE-2023-53852,CVE-2023-53855,CVE-2023-53856,CVE-2023-53857,CVE-2023-53858,CVE-2023-53860,CVE-2023-53861,CVE-2023-53863,CVE-2023-53864,CVE-2023-53865,CVE-2023-53989,CVE-2023-53992,CVE-2023-53994,CVE-2023-53995,CVE-2023-53996,CVE-2023-53997,CVE-2023-53998,CVE-2023-53999,CVE-2023-54000,CVE-2023-54001,CVE-2023-54005,CVE-2023-54006,CVE-2023-54008,CVE-2023-54014,CVE-2023-54016,CVE-2023-54017,CVE-2023-54019,CVE-2023-54022,CVE-2023-54023,CVE-2023-54025,CVE-2023-54026,CVE-2023-5 4027,CVE-2023-54030,CVE-2023-54031,CVE-2023-54032,CVE-2023-54035,CVE-2023-54037,CVE-2023-54038,CVE-2023-54042,CVE-2023-54045,CVE-2023-54048,CVE-2023-54049,CVE-2023-54051,CVE-2023-54052,CVE-2023-54060,CVE-2023-54064,CVE-2023-54066,CVE-2023-54067,CVE-2023-54069,CVE-2023-54070,CVE-2023-54072,CVE-2023-54076,CVE-2023-54080,CVE-2023-54081,CVE-2023-54083,CVE-2023-54088,CVE-2023-54089,CVE-2023-54091,CVE-2023-54092,CVE-2023-54093,CVE-2023-54094,CVE-2023-54095,CVE-2023-54096,CVE-2023-54099,CVE-2023-54101,CVE-2023-54104,CVE-2023-54106,CVE-2023-54112,CVE-2023-54113,CVE-2023-54115,CVE-2023-54117,CVE-2023-54121,CVE-2023-54125,CVE-2023-54127,CVE-2023-54133,CVE-2023-54134,CVE-2023-54135,CVE-2023-54136,CVE-2023-54137,CVE-2023-54140,CVE-2023-54141,CVE-2023-54142,CVE-2023-54143,CVE-2023-54145,CVE-2023-54148,CVE-2023-54149,CVE-2023-54153,CVE-2023-54154,CVE-2023-54155,CVE-2023-54156,CVE-2023-54164,CVE-2023-54166,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54172,CVE-2023-54173,CVE-2023-54177,CV E-2023-54178,CVE-2023-54179,CVE-2023-54181,CVE-2023-54183,CVE-2023-54185,CVE-2023-54189,CVE-2023-54194,CVE-2023-54201,CVE-2023-54204,CVE-2023-54207,CVE-2023-54209,CVE-2023-54210,CVE-2023-54211,CVE-2023-54215,CVE-2023-54219,CVE-2023-54220,CVE-2023-54221,CVE-2023-54223,CVE-2023-54224,CVE-2023-54225,CVE-2023-54227,CVE-2023-54229,CVE-2023-54230,CVE-2023-54235,CVE-2023-54240,CVE-2023-54241,CVE-2023-54246,CVE-2023-54247,CVE-2023-54251,CVE-2023-54253,CVE-2023-54254,CVE-2023-54255,CVE-2023-54258,CVE-2023-54261,CVE-2023-54263,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54271,CVE-2023-54276,CVE-2023-54278,CVE-2023-54281,CVE-2023-54282,CVE-2023-54283,CVE-2023-54285,CVE-2023-54289,CVE-2023-54291,CVE-2023-54292,CVE-2023-54293,CVE-2023-54296,CVE-2023-54297,CVE-2023-54299,CVE-2023-54300,CVE-2023-54302,CVE-2023-54303,CVE-2023-54304,CVE-2023-54309,CVE-2023-54312,CVE-2023-54313,CVE-2023-54314,CVE-2023-54315,CVE-2023-54316,CVE-2023-54318,CVE-2023-54319,CVE-2023-54322,CVE-2023-54324,CVE-2023- 54326,CVE-2024-26944,CVE-2025-38321,CVE-2025-38728,CVE-2025-39890,CVE-2025-39977,CVE-2025-40006,CVE-2025-40024,CVE-2025-40033,CVE-2025-40042,CVE-2025-40053,CVE-2025-40081,CVE-2025-40102,CVE-2025-40134,CVE-2025-40135,CVE-2025-40153,CVE-2025-40158,CVE-2025-40167,CVE-2025-40170,CVE-2025-40178,CVE-2025-40179,CVE-2025-40187,CVE-2025-40211,CVE-2025-40215,CVE-2025-40219,CVE-2025-40220,CVE-2025-40223,CVE-2025-40233,CVE-2025-40242,CVE-2025-40244,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40269,CVE-2025-40272,CVE-2025-40273,CVE-2025-40275,CVE-2025-40277,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40288,CVE-2025-40297,CVE-2025-40301,CVE-2025-40304,CVE-2025-40306,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40312,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40331,CVE-2025-40342,C VE-2025-40343,CVE-2025-40345,CVE-2025-40349,CVE-2025-40351,CVE-2025-68168,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68183,CVE-2025-68185,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68217,CVE-2025-68218,CVE-2025-68222,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68303,CVE-2025-68305,CVE-2025-68307,CVE-2025-68308,CVE-2025-68312,CVE-2025-68313,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68354,CVE-2025-68362,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-68734,CVE-2025-68740,CVE-2025-68746,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). The following non security issues were fixed: - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes). - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes). - ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes). - ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes). - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes). - ALSA: uapi: Fix typo in asound.h comment (git-fixes). - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes). - ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes). - ASoC: ak4458: Disable regulator when error happens (git-fixes). - ASoC: ak5558: Disable regulator when error happens (git-fixes). - ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes). - ASoC: fsl_xcvr: clear the channel status control memory (git-fixes). - ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes). - ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes). - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: stm32: sai: fix OF node leak on probe (git-fixes). - ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes). - ASoC: stm32: sai: fix device leak on probe (git-fixes). - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes). - Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes). - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes). - Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes). - Documentation: hid-alps: Fix packet format section headings (git-fixes). - Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes). - HID: logitech-dj: Remove duplicate error logging (git-fixes). - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes). - Input: cros_ec_keyb - fix an invalid memory access (stable-fixes). - Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes). - Input: goodix - add support for ACPI ID GDX9110 (stable-fixes). - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes). - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes). - PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes). - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes). - Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes). - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes). - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: option: add Quectel RG255C (stable-fixes). - USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes). - USB: serial: option: add UNISOC UIS7720 (stable-fixes). - USB: serial: option: add support for Rolling RW101R-GL (stable-fixes). - USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes). - arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes). - arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes). - atm/fore200e: Fix possible data race in fore200e_open() (git-fixes). - atm: idt77252: Add missing `dma_map_error()` (stable-fixes). - backlight: led-bl: Add devlink to supplier LEDs (git-fixes). - backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes). - bs-upload-kernel: Fix cve branch uploads. - btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes). - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes). - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes). - can: sja1000: fix max irq loop handling (git-fixes). - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes). - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - cifs: after disabling multichannel, mark tcon for reconnect (git-fixes). - cifs: avoid redundant calls to disable multichannel (git-fixes). - cifs: cifs_pick_channel should try selecting active channels (git-fixes). - cifs: deal with the channel loading lag while picking channels (git-fixes). - cifs: dns resolution is needed only for primary channel (git-fixes). - cifs: do not disable interface polling on failure (git-fixes). - cifs: do not search for channel if server is terminating (git-fixes). - cifs: fix a pending undercount of srv_count (git-fixes). - cifs: fix lock ordering while disabling multichannel (git-fixes). - cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes). - cifs: fix use after free for iface while disabling secondary channels (git-fixes). - cifs: handle servers that still advertise multichannel after disabling (git-fixes). - cifs: handle when server starts supporting multichannel (git-fixes). - cifs: handle when server stops supporting multichannel (git-fixes). - cifs: make cifs_chan_update_iface() a void function (git-fixes). - cifs: make sure server interfaces are requested only for SMB3+ (git-fixes). - cifs: make sure that channel scaling is done only once (git-fixes). - cifs: reconnect worker should take reference on server struct unconditionally (git-fixes). - cifs: reset connections for all channels when reconnect requested (git-fixes). - cifs: reset iface weights when we cannot find a candidate (git-fixes). - cifs: serialize other channels when query server interfaces is pending (git-fixes). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes). - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes). - clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes). - comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes). - comedi: check device's attached status in compat ioctls (git-fixes). - comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes). - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes). - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes). - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes). - crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes). - crypto: hisilicon/qm - restore original qos values (git-fixes). - crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes). - crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes). - dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes). - dm-verity: fix unreliable memory allocation (git-fixes). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386). - drivers/usb/dwc3: fix PCI parent check (git-fixes). - drm/amd/display: Check NULL before accessing (stable-fixes). - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes). - drm/amd/display: Increase DPCD read retries (stable-fixes). - drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes). - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes). - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes). - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes). - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes). - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes). - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes). - drm/mgag200: Fix big-endian support (git-fixes). - drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes). - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes). - drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes). - drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes). - drm/nouveau: restrict the flush page to a 32-bit address (git-fixes). - drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes). - drm/vgem-fence: Fix potential deadlock on release (git-fixes). - drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes). - drm: sti: fix device leaks at component probe (git-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes). - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes). - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes). - fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes). - firmware: imx: scu-irq: fix OF node leak in (git-fixes). - firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes). - firmware: stratix10-svc: fix bug in saving controller data (git-fixes). - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes). - gpu: host1x: Fix race in syncpt alloc/free (git-fixes). - hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes). - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes). - i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes). - i2c: i2c.h: fix a bad kernel-doc line (git-fixes). - i3c: master: svc: Prevent incomplete IBI transaction (git-fixes). - iio: accel: bmc150: Fix irq assumption regression (stable-fixes). - iio: accel: fix ADXL355 startup race condition (git-fixes). - iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes). - iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes). - iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes). - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes). - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes). - iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes). - ima: Handle error code returned by ima_filter_rule_match() (git-fixes). - intel_th: Fix error handling in intel_th_output_open (git-fixes). - ipmi: Fix handling of messages with provided receive message pointer (git-fixes). - ipmi: Rework user message limit handling (git-fixes). - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes). - kconfig/mconf: Initialize the default locale at startup (stable-fixes). - kconfig/nconf: Initialize the default locale at startup (stable-fixes). - leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes). - leds: leds-lp50xx: Enable chip before any communication (git-fixes). - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes). - leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes). - lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes). - mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes). - media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes). - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes). - media: amphion: Cancel message work before releasing the VPU core (git-fixes). - media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - media: cec: Fix debugfs leak on bus_register() failure (git-fixes). - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes). - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes). - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes). - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes). - media: pvrusb2: Fix incorrect variable used in trace message (git-fixes). - media: rc: st_rc: Fix reset control resource leak (git-fixes). - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes). - media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes). - media: v4l2-mem2mem: Fix outdated documentation (git-fixes). - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes). - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes). - media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes). - media: vpif_capture: fix section mismatch (git-fixes). - media: vpif_display: fix section mismatch (git-fixes). - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes). - mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes). - mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes). - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes). - most: usb: fix double free on late probe failure (git-fixes). - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes). - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes). - mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes). - mtd: nand: relax ECC parameter validation check (git-fixes). - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes). - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes). - net: phy: adin1100: Fix software power-down ready condition (git-fixes). - net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes). - net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes). - nvme: Use non zero KATO for persistent discovery connections (git-fixes). - orangefs: fix xattr related buffer overflow.. (git-fixes). - phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes). - pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes). - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes). - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes). - platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes). - platform/x86: intel: punit_ipc: fix memory corruption (git-fixes). - power: supply: apm_power: only unset own apm_get_power_status (git-fixes). - power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes). - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes). - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes). - power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes). - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes). - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes). - regulator: core: disable supply if enabling main regulator fails (git-fixes). - rpmsg: glink: fix rpmsg device leak (git-fixes). - rtc: gamecube: Check the return value of ioremap() (git-fixes). - scripts: teaapi: Add paging. - scrits: teaapi: Add list_repos. - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes). - slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes). - smb3: add missing null server pointer check (git-fixes). - smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes). - smb: client: fix warning when reconnecting channel (git-fixes). - smb: client: introduce close_cached_dir_locked() (git-fixes). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - soc: amlogic: canvas: fix device leak on lookup (git-fixes). - soc: qcom: ocmem: fix device leak on lookup (git-fixes). - soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes). - spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes). - spi: bcm63xx: drop wrong casts in probe() (git-fixes). - spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes). - spi: tegra210-qspi: Remove cache operations (git-fixes). - spi: tegra210-quad: Add support for internal DMA (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (git-fixes). - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155). - spi: tegra210-quad: Update dummy sequence configuration (git-fixes). - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes). - thunderbolt: Add support for Intel Wildcat Lake (stable-fixes). - tracing: Fix access to trace_event_file (bsc#1254373). - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes). - usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes). - usb: chaoskey: fix locking for O_NONBLOCK (git-fixes). - usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes). - usb: dwc2: fix hang during suspend if set as peripheral (git-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes). - usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes). - usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes). - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes). - usb: phy: Initialize struct usb_phy list_head (git-fixes). - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes). - usb: raw-gadget: do not limit transfer length (git-fixes). - usb: storage: Fix memory leak in USB bulk transport (git-fixes). - usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes). - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes). - usb: udc: Add trace event for usb_gadget_set_state (stable-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes). - wifi: ath11k: fix peer HE MCS assignment (git-fixes). - wifi: ath11k: restore register window after global reset (git-fixes). - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes). - wifi: ieee80211: correct FILS status codes (git-fixes). - wifi: mac80211: fix CMAC functions not handling errors (git-fixes). - wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes). - wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes). - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes). - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - xhci: dbgtty: fix device unregister (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:306-1 Released: Tue Jan 27 17:15:18 2026 Summary: Security update for xen Type: security Severity: moderate References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:312-1 Released: Wed Jan 28 10:37:55 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:324-1 Released: Wed Jan 28 15:53:56 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425 This update for supportutils fixes the following issues: - Changes to version 3.2.12 * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11 * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:346-1 Released: Fri Jan 30 10:01:27 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:364-1 Released: Tue Feb 3 10:50:53 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1257364,1257365,CVE-2025-28162,CVE-2025-28164 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:373-1 Released: Wed Feb 4 03:50:41 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) The following package changes have been done: - curl-8.14.1-150600.4.37.1 updated - glib2-tools-2.78.6-150600.4.35.1 updated - glibc-locale-base-2.38-150600.14.40.1 updated - glibc-locale-2.38-150600.14.40.1 updated - glibc-2.38-150600.14.40.1 updated - gpg2-2.4.4-150600.3.12.1 updated - iptables-1.8.7-1.1 added - kernel-default-6.4.0-150600.23.84.1 updated - libavahi-client3-0.8-150600.15.12.1 updated - libavahi-common3-0.8-150600.15.12.1 updated - libblkid1-2.39.3-150600.4.15.1 updated - libcurl4-8.14.1-150600.4.37.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.9.3 updated - libfdisk1-2.39.3-150600.4.15.1 updated - libgio-2_0-0-2.78.6-150600.4.35.1 updated - libglib-2_0-0-2.78.6-150600.4.35.1 updated - libgmodule-2_0-0-2.78.6-150600.4.35.1 updated - libgobject-2_0-0-2.78.6-150600.4.35.1 updated - libip6tc2-1.8.7-1.1 added - libmount1-2.39.3-150600.4.15.1 updated - libnftnl11-1.2.0-150400.1.6 added - libopenssl1_1-1.1.1w-150600.5.21.1 updated - libopenssl3-3.1.4-150600.5.42.1 updated - libpcap1-1.10.4-150600.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.40-150600.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.103.1 updated - libsmartcols1-2.39.3-150600.4.15.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libuuid1-2.39.3-150600.4.15.1 updated - libxml2-2-2.10.3-150500.5.35.1 updated - openssl-3-3.1.4-150600.5.42.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python3-base-3.6.15-150300.10.103.1 updated - python3-3.6.15-150300.10.103.1 updated - sles-release-15.6-150600.64.12.1 updated - supportutils-3.2.12.2-150600.3.9.1 updated - suse-module-tools-15.6.13-150600.3.14.2 updated - util-linux-systemd-2.39.3-150600.4.15.1 updated - util-linux-2.39.3-150600.4.15.1 updated - xen-libs-4.18.5_10-150600.3.37.1 updated - xen-tools-domU-4.18.5_10-150600.3.37.1 updated - xtables-plugins-1.8.7-1.1 added From sle-container-updates at lists.suse.com Sat Feb 7 08:04:04 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 7 Feb 2026 09:04:04 +0100 (CET) Subject: SUSE-IU-2026:882-1: Security update of sles-15-sp6-chost-byos-v20260205-arm64 Message-ID: <20260207080404.0A1E8FD1A@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20260205-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:882-1 Image Tags : sles-15-sp6-chost-byos-v20260205-arm64:20260205 Image Release : Severity : critical Type : security References : 1012628 1027519 1065729 1194869 1214635 1214847 1215146 1215211 1215344 1216062 1216436 1219165 1220419 1223731 1232223 1232351 1233655 1234163 1237888 1241284 1243474 1244003 1244011 1244937 1245193 1245193 1245449 1245667 1246011 1246025 1246328 1247076 1247079 1247500 1247500 1247509 1248807 1248886 1249256 1249547 1249657 1249912 1249982 1250176 1250224 1250237 1250252 1250334 1250655 1250664 1250705 1251120 1251271 1251786 1252046 1252063 1252267 1252303 1252318 1252338 1252342 1252353 1252681 1252686 1252692 1252763 1252773 1252776 1252780 1252794 1252795 1252808 1252809 1252817 1252821 1252824 1252836 1252845 1252861 1252862 1252912 1252917 1252919 1252928 1252973 1253018 1253155 1253176 1253262 1253275 1253318 1253324 1253342 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253386 1253393 1253395 1253402 1253403 1253407 1253408 1253409 1253412 1253413 1253416 1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436 1253438 1253440 1253441 1253442 1253445 1253448 1253449 1253453 1253456 1253458 1253463 1253472 1253647 1253779 1254119 1254126 1254157 1254158 1254159 1254160 1254180 1254297 1254373 1254400 1254401 1254425 1254480 1254518 1254520 1254599 1254606 1254611 1254613 1254615 1254621 1254623 1254624 1254626 1254648 1254649 1254653 1254655 1254657 1254660 1254661 1254662 1254663 1254666 1254669 1254677 1254678 1254688 1254690 1254691 1254693 1254695 1254698 1254701 1254704 1254705 1254707 1254712 1254715 1254717 1254723 1254724 1254732 1254733 1254737 1254739 1254742 1254743 1254749 1254750 1254753 1254754 1254758 1254761 1254762 1254765 1254782 1254791 1254793 1254795 1254796 1254797 1254798 1254813 1254828 1254829 1254832 1254840 1254843 1254847 1254850 1254851 1254858 1254860 1254878 1254894 1254918 1254957 1254959 1254983 1254997 1255005 1255009 1255026 1255033 1255034 1255035 1255041 1255046 1255057 1255062 1255064 1255065 1255068 1255072 1255075 1255077 1255083 1255092 1255094 1255100 1255122 1255135 1255146 1255149 1255152 1255154 1255155 1255163 1255167 1255169 1255171 1255182 1255187 1255190 1255193 1255197 1255199 1255202 1255203 1255206 1255209 1255218 1255221 1255233 1255245 1255246 1255251 1255252 1255253 1255259 1255274 1255276 1255279 1255280 1255281 1255325 1255329 1255351 1255415 1255480 1255483 1255489 1255493 1255495 1255505 1255538 1255540 1255545 1255549 1255550 1255553 1255557 1255558 1255563 1255564 1255570 1255578 1255579 1255580 1255583 1255591 1255601 1255603 1255605 1255611 1255616 1255617 1255618 1255621 1255628 1255629 1255630 1255632 1255636 1255688 1255691 1255702 1255704 1255706 1255715 1255722 1255731 1255732 1255733 1255734 1255758 1255759 1255760 1255763 1255765 1255769 1255770 1255772 1255774 1255775 1255776 1255780 1255785 1255786 1255789 1255790 1255792 1255793 1255795 1255798 1255800 1255801 1255806 1255807 1255809 1255810 1255812 1255814 1255820 1255838 1255842 1255843 1255872 1255875 1255879 1255883 1255884 1255886 1255888 1255890 1255891 1255892 1255899 1255902 1255907 1255911 1255915 1255918 1255921 1255924 1255925 1255931 1255932 1255934 1255943 1255944 1255949 1255951 1255952 1255955 1255957 1255961 1255963 1255964 1255967 1255974 1255978 1255984 1255988 1255990 1255992 1255993 1255994 1255996 1256033 1256034 1256045 1256050 1256058 1256071 1256074 1256081 1256082 1256083 1256084 1256085 1256090 1256093 1256094 1256095 1256096 1256099 1256100 1256104 1256105 1256106 1256107 1256117 1256119 1256121 1256145 1256153 1256178 1256197 1256231 1256233 1256234 1256238 1256243 1256244 1256246 1256263 1256267 1256268 1256271 1256273 1256274 1256279 1256285 1256291 1256292 1256300 1256301 1256302 1256335 1256341 1256348 1256351 1256354 1256358 1256361 1256364 1256367 1256368 1256369 1256370 1256371 1256373 1256375 1256379 1256387 1256390 1256394 1256395 1256396 1256437 1256498 1256499 1256500 1256525 1256526 1256528 1256745 1256747 1256766 1256805 1256822 1256830 1256834 1256834 1256835 1256835 1256836 1256836 1256837 1256837 1256838 1256838 1256839 1256839 1256840 1256840 1257005 1257049 1257353 1257354 1257355 1257364 1257365 510058 CVE-2022-50253 CVE-2023-42752 CVE-2023-53676 CVE-2023-53743 CVE-2023-53750 CVE-2023-53752 CVE-2023-53759 CVE-2023-53762 CVE-2023-53766 CVE-2023-53768 CVE-2023-53777 CVE-2023-53778 CVE-2023-53782 CVE-2023-53784 CVE-2023-53785 CVE-2023-53787 CVE-2023-53791 CVE-2023-53792 CVE-2023-53793 CVE-2023-53794 CVE-2023-53795 CVE-2023-53797 CVE-2023-53799 CVE-2023-53807 CVE-2023-53808 CVE-2023-53813 CVE-2023-53815 CVE-2023-53819 CVE-2023-53821 CVE-2023-53823 CVE-2023-53825 CVE-2023-53828 CVE-2023-53831 CVE-2023-53834 CVE-2023-53836 CVE-2023-53839 CVE-2023-53841 CVE-2023-53842 CVE-2023-53843 CVE-2023-53844 CVE-2023-53846 CVE-2023-53847 CVE-2023-53848 CVE-2023-53850 CVE-2023-53851 CVE-2023-53852 CVE-2023-53855 CVE-2023-53856 CVE-2023-53857 CVE-2023-53858 CVE-2023-53860 CVE-2023-53861 CVE-2023-53863 CVE-2023-53864 CVE-2023-53865 CVE-2023-53989 CVE-2023-53992 CVE-2023-53994 CVE-2023-53995 CVE-2023-53996 CVE-2023-53997 CVE-2023-53998 CVE-2023-53999 CVE-2023-54000 CVE-2023-54001 CVE-2023-54005 CVE-2023-54006 CVE-2023-54008 CVE-2023-54014 CVE-2023-54016 CVE-2023-54017 CVE-2023-54019 CVE-2023-54022 CVE-2023-54023 CVE-2023-54025 CVE-2023-54026 CVE-2023-54027 CVE-2023-54030 CVE-2023-54031 CVE-2023-54032 CVE-2023-54035 CVE-2023-54037 CVE-2023-54038 CVE-2023-54042 CVE-2023-54045 CVE-2023-54048 CVE-2023-54049 CVE-2023-54051 CVE-2023-54052 CVE-2023-54060 CVE-2023-54064 CVE-2023-54066 CVE-2023-54067 CVE-2023-54069 CVE-2023-54070 CVE-2023-54072 CVE-2023-54076 CVE-2023-54080 CVE-2023-54081 CVE-2023-54083 CVE-2023-54088 CVE-2023-54089 CVE-2023-54091 CVE-2023-54092 CVE-2023-54093 CVE-2023-54094 CVE-2023-54095 CVE-2023-54096 CVE-2023-54099 CVE-2023-54101 CVE-2023-54104 CVE-2023-54106 CVE-2023-54112 CVE-2023-54113 CVE-2023-54115 CVE-2023-54117 CVE-2023-54121 CVE-2023-54125 CVE-2023-54127 CVE-2023-54133 CVE-2023-54134 CVE-2023-54135 CVE-2023-54136 CVE-2023-54137 CVE-2023-54140 CVE-2023-54141 CVE-2023-54142 CVE-2023-54143 CVE-2023-54145 CVE-2023-54148 CVE-2023-54149 CVE-2023-54153 CVE-2023-54154 CVE-2023-54155 CVE-2023-54156 CVE-2023-54164 CVE-2023-54166 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54172 CVE-2023-54173 CVE-2023-54177 CVE-2023-54178 CVE-2023-54179 CVE-2023-54181 CVE-2023-54183 CVE-2023-54185 CVE-2023-54189 CVE-2023-54194 CVE-2023-54201 CVE-2023-54204 CVE-2023-54207 CVE-2023-54209 CVE-2023-54210 CVE-2023-54211 CVE-2023-54215 CVE-2023-54219 CVE-2023-54220 CVE-2023-54221 CVE-2023-54223 CVE-2023-54224 CVE-2023-54225 CVE-2023-54227 CVE-2023-54229 CVE-2023-54230 CVE-2023-54235 CVE-2023-54240 CVE-2023-54241 CVE-2023-54246 CVE-2023-54247 CVE-2023-54251 CVE-2023-54253 CVE-2023-54254 CVE-2023-54255 CVE-2023-54258 CVE-2023-54261 CVE-2023-54263 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267 CVE-2023-54271 CVE-2023-54276 CVE-2023-54278 CVE-2023-54281 CVE-2023-54282 CVE-2023-54283 CVE-2023-54285 CVE-2023-54289 CVE-2023-54291 CVE-2023-54292 CVE-2023-54293 CVE-2023-54296 CVE-2023-54297 CVE-2023-54299 CVE-2023-54300 CVE-2023-54302 CVE-2023-54303 CVE-2023-54304 CVE-2023-54309 CVE-2023-54312 CVE-2023-54313 CVE-2023-54314 CVE-2023-54315 CVE-2023-54316 CVE-2023-54318 CVE-2023-54319 CVE-2023-54322 CVE-2023-54324 CVE-2023-54326 CVE-2024-26944 CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13601 CVE-2025-13836 CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281 CVE-2025-15467 CVE-2025-21710 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164 CVE-2025-37916 CVE-2025-38321 CVE-2025-38359 CVE-2025-38361 CVE-2025-38728 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39859 CVE-2025-39890 CVE-2025-39944 CVE-2025-39977 CVE-2025-39980 CVE-2025-40001 CVE-2025-40006 CVE-2025-40021 CVE-2025-40024 CVE-2025-40027 CVE-2025-40030 CVE-2025-40033 CVE-2025-40038 CVE-2025-40040 CVE-2025-40042 CVE-2025-40048 CVE-2025-40053 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40081 CVE-2025-40083 CVE-2025-40098 CVE-2025-40102 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40164 CVE-2025-40167 CVE-2025-40168 CVE-2025-40169 CVE-2025-40170 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40178 CVE-2025-40179 CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40187 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 CVE-2025-40211 CVE-2025-40215 CVE-2025-40219 CVE-2025-40220 CVE-2025-40223 CVE-2025-40233 CVE-2025-40242 CVE-2025-40244 CVE-2025-40256 CVE-2025-40258 CVE-2025-40262 CVE-2025-40263 CVE-2025-40269 CVE-2025-40272 CVE-2025-40273 CVE-2025-40275 CVE-2025-40277 CVE-2025-40280 CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40288 CVE-2025-40297 CVE-2025-40301 CVE-2025-40304 CVE-2025-40306 CVE-2025-40308 CVE-2025-40309 CVE-2025-40310 CVE-2025-40311 CVE-2025-40312 CVE-2025-40314 CVE-2025-40315 CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40320 CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328 CVE-2025-40329 CVE-2025-40331 CVE-2025-40342 CVE-2025-40343 CVE-2025-40345 CVE-2025-40349 CVE-2025-40351 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-58149 CVE-2025-58150 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68160 CVE-2025-68168 CVE-2025-68172 CVE-2025-68176 CVE-2025-68180 CVE-2025-68183 CVE-2025-68185 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68217 CVE-2025-68218 CVE-2025-68222 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238 CVE-2025-68244 CVE-2025-68249 CVE-2025-68252 CVE-2025-68257 CVE-2025-68258 CVE-2025-68259 CVE-2025-68276 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289 CVE-2025-68290 CVE-2025-68303 CVE-2025-68305 CVE-2025-68307 CVE-2025-68308 CVE-2025-68312 CVE-2025-68313 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331 CVE-2025-68332 CVE-2025-68335 CVE-2025-68339 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68354 CVE-2025-68362 CVE-2025-68380 CVE-2025-68468 CVE-2025-68471 CVE-2025-68724 CVE-2025-68732 CVE-2025-68734 CVE-2025-68740 CVE-2025-68746 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758 CVE-2025-68759 CVE-2025-68765 CVE-2025-68766 CVE-2025-68973 CVE-2025-69418 CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420 CVE-2025-69421 CVE-2025-69421 CVE-2026-0861 CVE-2026-0915 CVE-2026-0988 CVE-2026-0989 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22695 CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796 CVE-2026-22801 CVE-2026-23553 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20260205-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4375-1 Released: Fri Dec 12 10:19:46 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.6.13 - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4378-1 Released: Fri Dec 12 10:37:36 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4422-1 Released: Wed Dec 17 11:52:45 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE -2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: don't preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:12-1 Released: Mon Jan 5 11:31:26 2026 Summary: Security update for xen Type: security Severity: important References: 1027519,1248807,1251271,1252692,1254180,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148,CVE-2025-58149 This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). - CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to out-of-bounds write through `vpmask_set()` (bsc#1251271). - CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds read through `send_ipi()` (bsc#1251271). - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:18-1 Released: Mon Jan 5 11:52:25 2026 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:27-1 Released: Mon Jan 5 13:45:08 2026 Summary: Security update for python3 Type: security Severity: moderate References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:36-1 Released: Tue Jan 6 11:22:39 2026 Summary: Security update for libpcap Type: security Severity: low References: 1255765,CVE-2025-11961 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:48-1 Released: Wed Jan 7 09:08:18 2026 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1252338 This update for pciutils fixes the following issues: - Add a strict dependency to libpci to prevent possible segfault (bsc#1252338) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:50-1 Released: Wed Jan 7 10:28:14 2026 Summary: Security update for curl Type: security Severity: moderate References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224 This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:77-1 Released: Thu Jan 8 20:03:59 2026 Summary: Security update for curl Type: security Severity: moderate References: 1256105,CVE-2025-14017 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:115-1 Released: Mon Jan 12 16:03:42 2026 Summary: Security update for util-linux Type: security Severity: moderate References: 1254666,CVE-2025-14104 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:215-1 Released: Thu Jan 22 13:10:16 2026 Summary: Security update for gpg2 Type: security Severity: important References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix a memory leak in gpg2 agent (bsc#1256243). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:224-1 Released: Thu Jan 22 13:18:20 2026 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1256341,CVE-2025-13151 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:234-1 Released: Thu Jan 22 13:24:43 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1256525,1256526,CVE-2026-22695,CVE-2026-22801 This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525) - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:259-1 Released: Thu Jan 22 17:10:44 2026 Summary: Security update for avahi Type: security Severity: moderate References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:286-1 Released: Sat Jan 24 00:35:35 2026 Summary: Security update for glib2 Type: security Severity: low References: 1257049,CVE-2026-0988 This update for glib2 fixes the following issues: - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:293-1 Released: Mon Jan 26 12:36:40 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1194869,1214635,1214847,1215146,1215211,1215344,1216062,1216436,1219165,1220419,1223731,1234163,1245193,1245449,1246328,1247500,1248886,1249256,1250334,1252046,1252342,1252686,1252776,1252808,1252824,1252861,1252919,1252973,1253155,1253262,1253342,1253386,1253402,1253408,1253413,1253442,1253458,1253463,1253647,1254119,1254126,1254373,1254518,1254520,1254599,1254606,1254611,1254613,1254615,1254621,1254623,1254624,1254626,1254648,1254649,1254653,1254655,1254657,1254660,1254661,1254663,1254669,1254677,1254678,1254688,1254690,1254691,1254693,1254695,1254698,1254701,1254704,1254705,1254707,1254712,1254715,1254717,1254723,1254724,1254732,1254733,1254737,1254739,1254742,1254743,1254749,1254750,1254753,1254754,1254758,1254761,1254762,1254765,1254782,1254791,1254793,1254795,1254796,1254797,1254798,1254813,1254828,1254829,1254832,1254840,1254843,1254847,1254850,1254851,1254858,1254860,1254894,1254918,1254957,1254959,1254983,1255005,1255009,1255026,1255033,1255034,1 255035,1255041,1255046,1255057,1255062,1255064,1255065,1255068,1255072,1255075,1255077,1255083,1255092,1255094,1255100,1255122,1255135,1255146,1255149,1255152,1255154,1255155,1255163,1255167,1255169,1255171,1255182,1255187,1255190,1255193,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255221,1255233,1255245,1255246,1255251,1255252,1255253,1255259,1255274,1255276,1255279,1255280,1255281,1255325,1255329,1255351,1255415,1255480,1255483,1255489,1255493,1255495,1255505,1255538,1255540,1255545,1255549,1255550,1255553,1255557,1255558,1255563,1255564,1255570,1255578,1255579,1255580,1255583,1255591,1255601,1255603,1255605,1255611,1255616,1255617,1255618,1255621,1255628,1255629,1255630,1255632,1255636,1255688,1255691,1255702,1255704,1255706,1255722,1255758,1255759,1255760,1255763,1255769,1255770,1255772,1255774,1255775,1255776,1255780,1255785,1255786,1255789,1255790,1255792,1255793,1255795,1255798,1255800,1255801,1255806,1255807,1255809,1255810,1255812,1255814,1255820,1255838,125584 2,1255843,1255872,1255875,1255879,1255883,1255884,1255886,1255888,1255890,1255891,1255892,1255899,1255902,1255907,1255911,1255915,1255918,1255921,1255924,1255925,1255931,1255932,1255934,1255943,1255944,1255949,1255951,1255952,1255955,1255957,1255961,1255963,1255964,1255967,1255974,1255978,1255984,1255988,1255990,1255992,1255993,1255994,1255996,1256033,1256034,1256045,1256050,1256058,1256071,1256074,1256081,1256082,1256083,1256084,1256085,1256090,1256093,1256094,1256095,1256096,1256099,1256100,1256104,1256106,1256107,1256117,1256119,1256121,1256145,1256153,1256178,1256197,1256231,1256233,1256234,1256238,1256263,1256267,1256268,1256271,1256273,1256274,1256279,1256285,1256291,1256292,1256300,1256301,1256302,1256335,1256348,1256351,1256354,1256358,1256361,1256364,1256367,1256368,1256369,1256370,1256371,1256373,1256375,1256379,1256387,1256394,1256395,1256396,1256528,CVE-2023-42752,CVE-2023-53743,CVE-2023-53750,CVE-2023-53752,CVE-2023-53759,CVE-2023-53762,CVE-2023-53766,CVE-2023-53768,CVE -2023-53777,CVE-2023-53778,CVE-2023-53782,CVE-2023-53784,CVE-2023-53785,CVE-2023-53787,CVE-2023-53791,CVE-2023-53792,CVE-2023-53793,CVE-2023-53794,CVE-2023-53795,CVE-2023-53797,CVE-2023-53799,CVE-2023-53807,CVE-2023-53808,CVE-2023-53813,CVE-2023-53815,CVE-2023-53819,CVE-2023-53821,CVE-2023-53823,CVE-2023-53825,CVE-2023-53828,CVE-2023-53831,CVE-2023-53834,CVE-2023-53836,CVE-2023-53839,CVE-2023-53841,CVE-2023-53842,CVE-2023-53843,CVE-2023-53844,CVE-2023-53846,CVE-2023-53847,CVE-2023-53848,CVE-2023-53850,CVE-2023-53851,CVE-2023-53852,CVE-2023-53855,CVE-2023-53856,CVE-2023-53857,CVE-2023-53858,CVE-2023-53860,CVE-2023-53861,CVE-2023-53863,CVE-2023-53864,CVE-2023-53865,CVE-2023-53989,CVE-2023-53992,CVE-2023-53994,CVE-2023-53995,CVE-2023-53996,CVE-2023-53997,CVE-2023-53998,CVE-2023-53999,CVE-2023-54000,CVE-2023-54001,CVE-2023-54005,CVE-2023-54006,CVE-2023-54008,CVE-2023-54014,CVE-2023-54016,CVE-2023-54017,CVE-2023-54019,CVE-2023-54022,CVE-2023-54023,CVE-2023-54025,CVE-2023-54026,CVE-2023-5 4027,CVE-2023-54030,CVE-2023-54031,CVE-2023-54032,CVE-2023-54035,CVE-2023-54037,CVE-2023-54038,CVE-2023-54042,CVE-2023-54045,CVE-2023-54048,CVE-2023-54049,CVE-2023-54051,CVE-2023-54052,CVE-2023-54060,CVE-2023-54064,CVE-2023-54066,CVE-2023-54067,CVE-2023-54069,CVE-2023-54070,CVE-2023-54072,CVE-2023-54076,CVE-2023-54080,CVE-2023-54081,CVE-2023-54083,CVE-2023-54088,CVE-2023-54089,CVE-2023-54091,CVE-2023-54092,CVE-2023-54093,CVE-2023-54094,CVE-2023-54095,CVE-2023-54096,CVE-2023-54099,CVE-2023-54101,CVE-2023-54104,CVE-2023-54106,CVE-2023-54112,CVE-2023-54113,CVE-2023-54115,CVE-2023-54117,CVE-2023-54121,CVE-2023-54125,CVE-2023-54127,CVE-2023-54133,CVE-2023-54134,CVE-2023-54135,CVE-2023-54136,CVE-2023-54137,CVE-2023-54140,CVE-2023-54141,CVE-2023-54142,CVE-2023-54143,CVE-2023-54145,CVE-2023-54148,CVE-2023-54149,CVE-2023-54153,CVE-2023-54154,CVE-2023-54155,CVE-2023-54156,CVE-2023-54164,CVE-2023-54166,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54172,CVE-2023-54173,CVE-2023-54177,CV E-2023-54178,CVE-2023-54179,CVE-2023-54181,CVE-2023-54183,CVE-2023-54185,CVE-2023-54189,CVE-2023-54194,CVE-2023-54201,CVE-2023-54204,CVE-2023-54207,CVE-2023-54209,CVE-2023-54210,CVE-2023-54211,CVE-2023-54215,CVE-2023-54219,CVE-2023-54220,CVE-2023-54221,CVE-2023-54223,CVE-2023-54224,CVE-2023-54225,CVE-2023-54227,CVE-2023-54229,CVE-2023-54230,CVE-2023-54235,CVE-2023-54240,CVE-2023-54241,CVE-2023-54246,CVE-2023-54247,CVE-2023-54251,CVE-2023-54253,CVE-2023-54254,CVE-2023-54255,CVE-2023-54258,CVE-2023-54261,CVE-2023-54263,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54271,CVE-2023-54276,CVE-2023-54278,CVE-2023-54281,CVE-2023-54282,CVE-2023-54283,CVE-2023-54285,CVE-2023-54289,CVE-2023-54291,CVE-2023-54292,CVE-2023-54293,CVE-2023-54296,CVE-2023-54297,CVE-2023-54299,CVE-2023-54300,CVE-2023-54302,CVE-2023-54303,CVE-2023-54304,CVE-2023-54309,CVE-2023-54312,CVE-2023-54313,CVE-2023-54314,CVE-2023-54315,CVE-2023-54316,CVE-2023-54318,CVE-2023-54319,CVE-2023-54322,CVE-2023-54324,CVE-2023- 54326,CVE-2024-26944,CVE-2025-38321,CVE-2025-38728,CVE-2025-39890,CVE-2025-39977,CVE-2025-40006,CVE-2025-40024,CVE-2025-40033,CVE-2025-40042,CVE-2025-40053,CVE-2025-40081,CVE-2025-40102,CVE-2025-40134,CVE-2025-40135,CVE-2025-40153,CVE-2025-40158,CVE-2025-40167,CVE-2025-40170,CVE-2025-40178,CVE-2025-40179,CVE-2025-40187,CVE-2025-40211,CVE-2025-40215,CVE-2025-40219,CVE-2025-40220,CVE-2025-40223,CVE-2025-40233,CVE-2025-40242,CVE-2025-40244,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40269,CVE-2025-40272,CVE-2025-40273,CVE-2025-40275,CVE-2025-40277,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40288,CVE-2025-40297,CVE-2025-40301,CVE-2025-40304,CVE-2025-40306,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40312,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40331,CVE-2025-40342,C VE-2025-40343,CVE-2025-40345,CVE-2025-40349,CVE-2025-40351,CVE-2025-68168,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68183,CVE-2025-68185,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68217,CVE-2025-68218,CVE-2025-68222,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68303,CVE-2025-68305,CVE-2025-68307,CVE-2025-68308,CVE-2025-68312,CVE-2025-68313,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68354,CVE-2025-68362,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-68734,CVE-2025-68740,CVE-2025-68746,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). The following non security issues were fixed: - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes). - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes). - ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes). - ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes). - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes). - ALSA: uapi: Fix typo in asound.h comment (git-fixes). - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes). - ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes). - ASoC: ak4458: Disable regulator when error happens (git-fixes). - ASoC: ak5558: Disable regulator when error happens (git-fixes). - ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes). - ASoC: fsl_xcvr: clear the channel status control memory (git-fixes). - ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes). - ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes). - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: stm32: sai: fix OF node leak on probe (git-fixes). - ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes). - ASoC: stm32: sai: fix device leak on probe (git-fixes). - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes). - Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes). - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes). - Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes). - Documentation: hid-alps: Fix packet format section headings (git-fixes). - Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes). - HID: logitech-dj: Remove duplicate error logging (git-fixes). - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes). - Input: cros_ec_keyb - fix an invalid memory access (stable-fixes). - Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes). - Input: goodix - add support for ACPI ID GDX9110 (stable-fixes). - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes). - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes). - PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes). - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes). - Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes). - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes). - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: option: add Quectel RG255C (stable-fixes). - USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes). - USB: serial: option: add UNISOC UIS7720 (stable-fixes). - USB: serial: option: add support for Rolling RW101R-GL (stable-fixes). - USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes). - arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes). - arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes). - atm/fore200e: Fix possible data race in fore200e_open() (git-fixes). - atm: idt77252: Add missing `dma_map_error()` (stable-fixes). - backlight: led-bl: Add devlink to supplier LEDs (git-fixes). - backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes). - bs-upload-kernel: Fix cve branch uploads. - btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes). - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes). - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes). - can: sja1000: fix max irq loop handling (git-fixes). - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes). - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - cifs: after disabling multichannel, mark tcon for reconnect (git-fixes). - cifs: avoid redundant calls to disable multichannel (git-fixes). - cifs: cifs_pick_channel should try selecting active channels (git-fixes). - cifs: deal with the channel loading lag while picking channels (git-fixes). - cifs: dns resolution is needed only for primary channel (git-fixes). - cifs: do not disable interface polling on failure (git-fixes). - cifs: do not search for channel if server is terminating (git-fixes). - cifs: fix a pending undercount of srv_count (git-fixes). - cifs: fix lock ordering while disabling multichannel (git-fixes). - cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes). - cifs: fix use after free for iface while disabling secondary channels (git-fixes). - cifs: handle servers that still advertise multichannel after disabling (git-fixes). - cifs: handle when server starts supporting multichannel (git-fixes). - cifs: handle when server stops supporting multichannel (git-fixes). - cifs: make cifs_chan_update_iface() a void function (git-fixes). - cifs: make sure server interfaces are requested only for SMB3+ (git-fixes). - cifs: make sure that channel scaling is done only once (git-fixes). - cifs: reconnect worker should take reference on server struct unconditionally (git-fixes). - cifs: reset connections for all channels when reconnect requested (git-fixes). - cifs: reset iface weights when we cannot find a candidate (git-fixes). - cifs: serialize other channels when query server interfaces is pending (git-fixes). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes). - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes). - clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes). - comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes). - comedi: check device's attached status in compat ioctls (git-fixes). - comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes). - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes). - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes). - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes). - crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes). - crypto: hisilicon/qm - restore original qos values (git-fixes). - crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes). - crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes). - dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes). - dm-verity: fix unreliable memory allocation (git-fixes). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386). - drivers/usb/dwc3: fix PCI parent check (git-fixes). - drm/amd/display: Check NULL before accessing (stable-fixes). - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes). - drm/amd/display: Increase DPCD read retries (stable-fixes). - drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes). - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes). - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes). - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes). - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes). - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes). - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes). - drm/mgag200: Fix big-endian support (git-fixes). - drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes). - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes). - drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes). - drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes). - drm/nouveau: restrict the flush page to a 32-bit address (git-fixes). - drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes). - drm/vgem-fence: Fix potential deadlock on release (git-fixes). - drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes). - drm: sti: fix device leaks at component probe (git-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes). - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes). - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes). - fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes). - firmware: imx: scu-irq: fix OF node leak in (git-fixes). - firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes). - firmware: stratix10-svc: fix bug in saving controller data (git-fixes). - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes). - gpu: host1x: Fix race in syncpt alloc/free (git-fixes). - hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes). - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes). - i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes). - i2c: i2c.h: fix a bad kernel-doc line (git-fixes). - i3c: master: svc: Prevent incomplete IBI transaction (git-fixes). - iio: accel: bmc150: Fix irq assumption regression (stable-fixes). - iio: accel: fix ADXL355 startup race condition (git-fixes). - iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes). - iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes). - iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes). - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes). - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes). - iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes). - ima: Handle error code returned by ima_filter_rule_match() (git-fixes). - intel_th: Fix error handling in intel_th_output_open (git-fixes). - ipmi: Fix handling of messages with provided receive message pointer (git-fixes). - ipmi: Rework user message limit handling (git-fixes). - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes). - kconfig/mconf: Initialize the default locale at startup (stable-fixes). - kconfig/nconf: Initialize the default locale at startup (stable-fixes). - leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes). - leds: leds-lp50xx: Enable chip before any communication (git-fixes). - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes). - leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes). - lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes). - mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes). - media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes). - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes). - media: amphion: Cancel message work before releasing the VPU core (git-fixes). - media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - media: cec: Fix debugfs leak on bus_register() failure (git-fixes). - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes). - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes). - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes). - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes). - media: pvrusb2: Fix incorrect variable used in trace message (git-fixes). - media: rc: st_rc: Fix reset control resource leak (git-fixes). - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes). - media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes). - media: v4l2-mem2mem: Fix outdated documentation (git-fixes). - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes). - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes). - media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes). - media: vpif_capture: fix section mismatch (git-fixes). - media: vpif_display: fix section mismatch (git-fixes). - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes). - mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes). - mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes). - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes). - most: usb: fix double free on late probe failure (git-fixes). - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes). - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes). - mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes). - mtd: nand: relax ECC parameter validation check (git-fixes). - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes). - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes). - net: phy: adin1100: Fix software power-down ready condition (git-fixes). - net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes). - net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes). - nvme: Use non zero KATO for persistent discovery connections (git-fixes). - orangefs: fix xattr related buffer overflow.. (git-fixes). - phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes). - pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes). - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes). - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes). - platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes). - platform/x86: intel: punit_ipc: fix memory corruption (git-fixes). - power: supply: apm_power: only unset own apm_get_power_status (git-fixes). - power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes). - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes). - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes). - power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes). - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes). - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes). - regulator: core: disable supply if enabling main regulator fails (git-fixes). - rpmsg: glink: fix rpmsg device leak (git-fixes). - rtc: gamecube: Check the return value of ioremap() (git-fixes). - scripts: teaapi: Add paging. - scrits: teaapi: Add list_repos. - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes). - slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes). - smb3: add missing null server pointer check (git-fixes). - smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes). - smb: client: fix warning when reconnecting channel (git-fixes). - smb: client: introduce close_cached_dir_locked() (git-fixes). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - soc: amlogic: canvas: fix device leak on lookup (git-fixes). - soc: qcom: ocmem: fix device leak on lookup (git-fixes). - soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes). - spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes). - spi: bcm63xx: drop wrong casts in probe() (git-fixes). - spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes). - spi: tegra210-qspi: Remove cache operations (git-fixes). - spi: tegra210-quad: Add support for internal DMA (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (git-fixes). - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155). - spi: tegra210-quad: Update dummy sequence configuration (git-fixes). - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes). - thunderbolt: Add support for Intel Wildcat Lake (stable-fixes). - tracing: Fix access to trace_event_file (bsc#1254373). - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes). - usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes). - usb: chaoskey: fix locking for O_NONBLOCK (git-fixes). - usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes). - usb: dwc2: fix hang during suspend if set as peripheral (git-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes). - usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes). - usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes). - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes). - usb: phy: Initialize struct usb_phy list_head (git-fixes). - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes). - usb: raw-gadget: do not limit transfer length (git-fixes). - usb: storage: Fix memory leak in USB bulk transport (git-fixes). - usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes). - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes). - usb: udc: Add trace event for usb_gadget_set_state (stable-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes). - wifi: ath11k: fix peer HE MCS assignment (git-fixes). - wifi: ath11k: restore register window after global reset (git-fixes). - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes). - wifi: ieee80211: correct FILS status codes (git-fixes). - wifi: mac80211: fix CMAC functions not handling errors (git-fixes). - wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes). - wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes). - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes). - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - xhci: dbgtty: fix device unregister (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:306-1 Released: Tue Jan 27 17:15:18 2026 Summary: Security update for xen Type: security Severity: moderate References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:312-1 Released: Wed Jan 28 10:37:55 2026 Summary: Security update for openssl-3 Type: security Severity: critical References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2026:324-1 Released: Wed Jan 28 15:53:56 2026 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425 This update for supportutils fixes the following issues: - Changes to version 3.2.12 * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11 * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:346-1 Released: Fri Jan 30 10:01:27 2026 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:364-1 Released: Tue Feb 3 10:50:53 2026 Summary: Security update for libpng16 Type: security Severity: moderate References: 1257364,1257365,CVE-2025-28162,CVE-2025-28164 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:371-1 Released: Tue Feb 3 19:08:49 2026 Summary: Security update for glibc Type: security Severity: important References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:373-1 Released: Wed Feb 4 03:50:41 2026 Summary: Security update for glib2 Type: security Severity: important References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:391-1 Released: Thu Feb 5 15:23:42 2026 Summary: Security update for libxml2 Type: security Severity: low References: 1256805,CVE-2026-0989 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `` directives (bsc#1256805) The following package changes have been done: - curl-8.14.1-150600.4.37.1 updated - glib2-tools-2.78.6-150600.4.35.1 updated - glibc-locale-base-2.38-150600.14.40.1 updated - glibc-locale-2.38-150600.14.40.1 updated - glibc-2.38-150600.14.40.1 updated - gpg2-2.4.4-150600.3.12.1 updated - iptables-1.8.7-1.1 added - kernel-default-6.4.0-150600.23.84.1 updated - libavahi-client3-0.8-150600.15.12.1 updated - libavahi-common3-0.8-150600.15.12.1 updated - libblkid1-2.39.3-150600.4.15.1 updated - libcurl4-8.14.1-150600.4.37.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.9.3 updated - libfdisk1-2.39.3-150600.4.15.1 updated - libgio-2_0-0-2.78.6-150600.4.35.1 updated - libglib-2_0-0-2.78.6-150600.4.35.1 updated - libgmodule-2_0-0-2.78.6-150600.4.35.1 updated - libgobject-2_0-0-2.78.6-150600.4.35.1 updated - libip6tc2-1.8.7-1.1 added - libmount1-2.39.3-150600.4.15.1 updated - libnftnl11-1.2.0-150400.1.6 added - libopenssl1_1-1.1.1w-150600.5.21.1 updated - libopenssl3-3.1.4-150600.5.42.1 updated - libpcap1-1.10.4-150600.3.9.1 updated - libpci3-3.13.0-150300.13.12.1 updated - libpng16-16-1.6.40-150600.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.103.1 updated - libsmartcols1-2.39.3-150600.4.15.1 updated - libtasn1-6-4.13-150000.4.14.1 updated - libtasn1-4.13-150000.4.14.1 updated - libuuid1-2.39.3-150600.4.15.1 updated - libxml2-2-2.10.3-150500.5.35.1 updated - openssl-3-3.1.4-150600.5.42.1 updated - pciutils-3.13.0-150300.13.12.1 updated - python3-base-3.6.15-150300.10.103.1 updated - sles-release-15.6-150600.64.12.1 updated - supportutils-3.2.12.2-150600.3.9.1 updated - suse-module-tools-15.6.13-150600.3.14.2 updated - util-linux-systemd-2.39.3-150600.4.15.1 updated - util-linux-2.39.3-150600.4.15.1 updated - xen-libs-4.18.5_10-150600.3.37.1 updated - xtables-plugins-1.8.7-1.1 added - iproute2-6.4-150600.7.9.1 removed - libbpf1-1.2.2-150600.3.6.2 removed From sle-container-updates at lists.suse.com Wed Feb 18 08:05:21 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Feb 2026 09:05:21 +0100 (CET) Subject: SUSE-IU-2026:1025-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20260218080521.22BABFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1025-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.241 , suse/sle-micro/base-5.5:latest Image Release : 5.8.241 Severity : moderate Type : security References : 1247850 1247858 1250553 1256807 1256808 1256809 1256811 1256812 1257593 1257594 1257595 CVE-2025-10911 CVE-2025-8732 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) The following package changes have been done: - libxml2-2-2.10.3-150500.5.38.1 updated From sle-container-updates at lists.suse.com Wed Feb 18 08:06:46 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 18 Feb 2026 09:06:46 +0100 (CET) Subject: SUSE-IU-2026:1026-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20260218080646.A63C2FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1026-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.465 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.465 Severity : moderate Type : security References : 1247850 1247858 1250553 1256807 1256808 1256809 1256811 1256812 1257593 1257594 1257595 CVE-2025-10911 CVE-2025-8732 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:570-1 Released: Tue Feb 17 17:38:47 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) The following package changes have been done: - libxml2-2-2.10.3-150500.5.38.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.241 updated From sle-container-updates at lists.suse.com Thu Feb 19 08:24:13 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 19 Feb 2026 09:24:13 +0100 (CET) Subject: SUSE-CU-2026:1073-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20260219082413.AB58AFD07@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2026:1073-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.242 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.242 Severity : moderate Type : security References : 1250553 1256807 1256808 1256809 1256811 1256812 1257593 1257594 1257595 1258045 1258049 1258054 1258080 1258081 CVE-2025-10911 CVE-2026-0964 CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:567-1 Released: Tue Feb 17 13:26:08 2026 Summary: Security update for libssh Type: security Severity: moderate References: 1258045,1258049,1258054,1258080,1258081,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2026:568-1 Released: Tue Feb 17 13:26:23 2026 Summary: Security update for libxml2 Type: security Severity: moderate References: 1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) The following package changes have been done: - libssh-config-0.9.8-150200.13.15.1 updated - libssh4-0.9.8-150200.13.15.1 updated - libxml2-2-2.9.7-150000.3.94.1 updated From sle-container-updates at lists.suse.com Fri Feb 20 08:05:36 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Feb 2026 09:05:36 +0100 (CET) Subject: SUSE-IU-2026:1065-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20260220080536.A21DDFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1065-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.114 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.114 Severity : important Type : security References : 1232223 1237888 1243474 1245193 1247076 1247079 1247500 1247509 1249547 1249912 1249982 1250176 1250237 1250252 1250705 1251120 1251786 1252063 1252267 1252303 1252353 1252681 1252763 1252773 1252780 1252794 1252795 1252809 1252817 1252821 1252836 1252845 1252862 1252912 1252917 1252928 1253018 1253176 1253275 1253318 1253324 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253393 1253395 1253403 1253407 1253409 1253412 1253416 1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436 1253438 1253440 1253441 1253445 1253448 1253449 1253453 1253456 1253472 1253779 CVE-2022-50253 CVE-2023-53676 CVE-2025-21710 CVE-2025-37916 CVE-2025-38359 CVE-2025-38361 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39859 CVE-2025-39944 CVE-2025-39980 CVE-2025-40001 CVE-2025-40021 CVE-2025-40027 CVE-2025-40030 CVE-2025-40038 CVE-2025-40040 CVE-2025-40048 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40083 CVE-2025-40098 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40159 CVE-2025-40164 CVE-2025-40168 CVE-2025-40169 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-260 Released: Thu Feb 19 17:55:02 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE -2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Do not leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). - CVE-2025-40206: Add missing bugzilla reference to net fix (bsc#1253393). The following non-security bugs were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes) (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes) - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes) - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix the modification of max_send_sge (git-fixes) - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes) - RDMA/irdma: Fix SD index calculation (git-fixes) - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes) - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Do not fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Do not use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: do not preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). The following package changes have been done: - kernel-default-base-6.4.0-38.1.21.15 updated From sle-container-updates at lists.suse.com Fri Feb 20 08:07:33 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Feb 2026 09:07:33 +0100 (CET) Subject: SUSE-IU-2026:1066-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20260220080733.26262FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1066-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.82 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.82 Severity : important Type : security References : 1232223 1237888 1243474 1245193 1247076 1247079 1247500 1247509 1249547 1249912 1249982 1250176 1250237 1250252 1250705 1251120 1251786 1252063 1252267 1252303 1252353 1252681 1252763 1252773 1252780 1252794 1252795 1252809 1252817 1252821 1252836 1252845 1252862 1252912 1252917 1252928 1253018 1253176 1253275 1253318 1253324 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253393 1253395 1253403 1253407 1253409 1253412 1253416 1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436 1253438 1253440 1253441 1253445 1253448 1253449 1253453 1253456 1253472 1253779 CVE-2022-50253 CVE-2023-53676 CVE-2025-21710 CVE-2025-37916 CVE-2025-38359 CVE-2025-38361 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39859 CVE-2025-39944 CVE-2025-39980 CVE-2025-40001 CVE-2025-40021 CVE-2025-40027 CVE-2025-40030 CVE-2025-40038 CVE-2025-40040 CVE-2025-40048 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40083 CVE-2025-40098 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40159 CVE-2025-40164 CVE-2025-40168 CVE-2025-40169 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-260 Released: Thu Feb 19 17:55:02 2026 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE -2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Do not leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). - CVE-2025-40206: Add missing bugzilla reference to net fix (bsc#1253393). The following non-security bugs were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes) (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes) - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes) - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix the modification of max_send_sge (git-fixes) - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes) - RDMA/irdma: Fix SD index calculation (git-fixes) - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes) - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Do not fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Do not use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: do not preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). The following package changes have been done: - kernel-default-base-6.4.0-38.1.21.15 updated From sle-container-updates at lists.suse.com Fri Feb 20 08:08:44 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Feb 2026 09:08:44 +0100 (CET) Subject: SUSE-IU-2026:1067-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20260220080844.B49CDFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1067-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-7.48 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 7.48 Severity : moderate Type : security References : 1035807 1036457 1079600 1198823 1198830 1198832 1229952 1230029 1242623 1243861 1247193 1248006 1257029 1257031 1257042 1257046 1257181 867620 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105 CVE-2017-8287 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2024-12224 CVE-2024-43806 CVE-2024-58266 CVE-2025-11468 CVE-2025-15282 CVE-2025-3416 CVE-2025-55159 CVE-2026-0672 CVE-2026-0865 CVE-2026-1299 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 300 Released: Tue Oct 14 15:21:02 2025 Summary: Security update for rust-keylime Type: security Severity: moderate References: 1035807,1036457,1079600,1198823,1198830,1198832,1229952,1230029,1242623,1243861,1247193,1248006,1257029,1257031,1257042,1257046,1257181,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406,CVE-2024-12224,CVE-2024-43806,CVE-2024-58266,CVE-2025-11468,CVE-2025-15282,CVE-2025-3416,CVE-2025-55159,CVE-2026-0672,CVE-2026-0865,CVE-2026-1299 This update for rust-keylime fixes the following issues: - CVE-2025-55159: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006) - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623) - CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193) - CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952) - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861) - RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029) The following package changes have been done: - libpython3_13-1_0-3.13.12-160000.1.1 updated - python313-base-3.13.12-160000.1.1 updated - python313-3.13.12-160000.1.1 updated From sle-container-updates at lists.suse.com Fri Feb 20 08:13:09 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Feb 2026 09:13:09 +0100 (CET) Subject: SUSE-IU-2026:1076-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20260220081309.31903FD9A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1076-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-7.40 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 7.40 Severity : moderate Type : security References : 1035807 1036457 1079600 1198823 1198830 1198832 1229952 1230029 1242623 1243861 1247193 1248006 1257029 1257031 1257042 1257046 1257181 867620 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105 CVE-2017-8287 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2024-12224 CVE-2024-43806 CVE-2024-58266 CVE-2025-11468 CVE-2025-15282 CVE-2025-3416 CVE-2025-55159 CVE-2026-0672 CVE-2026-0865 CVE-2026-1299 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 300 Released: Tue Oct 14 15:21:02 2025 Summary: Security update for rust-keylime Type: security Severity: moderate References: 1035807,1036457,1079600,1198823,1198830,1198832,1229952,1230029,1242623,1243861,1247193,1248006,1257029,1257031,1257042,1257046,1257181,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406,CVE-2024-12224,CVE-2024-43806,CVE-2024-58266,CVE-2025-11468,CVE-2025-15282,CVE-2025-3416,CVE-2025-55159,CVE-2026-0672,CVE-2026-0865,CVE-2026-1299 This update for rust-keylime fixes the following issues: - CVE-2025-55159: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006) - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623) - CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193) - CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952) - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861) - RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029) The following package changes have been done: - python313-base-3.13.12-160000.1.1 updated - libpython3_13-1_0-3.13.12-160000.1.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-3063a8cdf424b3beb7decd31d39243799a8bceeee71a160c818b4572ceee85a3-0 updated From sle-container-updates at lists.suse.com Fri Feb 20 08:14:15 2026 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 20 Feb 2026 09:14:15 +0100 (CET) Subject: SUSE-IU-2026:1080-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20260220081415.67201FD07@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2026:1080-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-6.54 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 6.54 Severity : moderate Type : security References : 1035807 1036457 1079600 1198823 1198830 1198832 1229952 1230029 1242623 1243861 1247193 1248006 1257029 1257031 1257042 1257046 1257181 867620 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105 CVE-2017-8287 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2024-12224 CVE-2024-43806 CVE-2024-58266 CVE-2025-11468 CVE-2025-15282 CVE-2025-3416 CVE-2025-55159 CVE-2026-0672 CVE-2026-0865 CVE-2026-1299 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 300 Released: Tue Oct 14 15:21:02 2025 Summary: Security update for rust-keylime Type: security Severity: moderate References: 1035807,1036457,1079600,1198823,1198830,1198832,1229952,1230029,1242623,1243861,1247193,1248006,1257029,1257031,1257042,1257046,1257181,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406,CVE-2024-12224,CVE-2024-43806,CVE-2024-58266,CVE-2025-11468,CVE-2025-15282,CVE-2025-3416,CVE-2025-55159,CVE-2026-0672,CVE-2026-0865,CVE-2026-1299 This update for rust-keylime fixes the following issues: - CVE-2025-55159: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006) - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623) - CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193) - CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952) - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861) - RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029) The following package changes have been done: - libpython3_13-1_0-3.13.12-160000.1.1 updated - python313-base-3.13.12-160000.1.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-e7207ab18a3bdd65039843cdd77d128e05b25e6053a7be52f5081aa3d7ed8cf5-0 updated