SUSE-IU-2026:4466-1: Security update of suse/sl-micro/6.2/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jun 9 07:40:39 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.2/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4466-1
Image Tags        : suse/sl-micro/6.2/base-os-container:2.3.0 , suse/sl-micro/6.2/base-os-container:2.3.0-7.100 , suse/sl-micro/6.2/base-os-container:latest
Image Release     : 7.100
Severity          : critical
Type              : security
References        : 1007273 1010996 1012628 1012628 1012628 1027519 1035807 1036457
                        1065729 1079600 1081723 1084929 1141539 1158038 1158038 1159103
                        1175678 1181674 1183045 1186716 1187716 1188441 1189788 1191256
                        1191270 1193454 1193599 1194778 1194818 1194869 1194869 1195775
                        1198823 1198830 1198832 1199079 1199079 1200723 1201840 1202970
                        1204538 1204562 1204562 1204968 1205462 1205462 1205462 1205588
                        1205588 1207184 1207266 1207377 1207948 1208593 1208690 1208783
                        1209657 1209834 1211721 1213123 1213573 1213873 1214285 1214285
                        1214285 1214718 1214852 1214980 1215098 1215099 1215100 1215101
                        1215102 1215103 1215199 1215199 1215199 1215199 1215199 1215199
                        1215377 1215377 1215587 1216002 1216091 1216091 1216196 1216198
                        1216223 1216320 1216358 1216378 1216378 1216702 1216776 1217169
                        1217384 1217408 1217481 1217489 1217750 1217845 1217877 1217885
                        1217912 1217959 1218110 1218171 1218205 1218336 1218442 1218447
                        1218459 1218459 1218474 1218562 1218609 1218644 1218644 1218730
                        1218779 1218820 1218851 1218879 1218880 1218917 1219004 1219038
                        1219080 1219104 1219170 1219224 1219276 1219451 1219458 1219465
                        1219478 1219485 1219559 1219561 1219596 1219623 1219633 1219724
                        1219832 1219834 1219847 1219885 1219953 1219975 1220021 1220045
                        1220066 1220117 1220120 1220138 1220148 1220252 1220262 1220328
                        1220338 1220342 1220356 1220382 1220427 1220428 1220430 1220523
                        1220569 1220587 1220690 1220693 1220696 1220724 1220738 1220763
                        1220770 1220771 1220772 1220783 1220877 1220915 1220942 1221044
                        1221057 1221086 1221107 1221126 1221239 1221289 1221289 1221293
                        1221303 1221326 1221332 1221334 1221365 1221399 1221482 1221504
                        1221525 1221527 1221610 1221612 1221615 1221630 1221635 1221645
                        1221645 1221647 1221649 1221650 1221652 1221654 1221656 1221659
                        1221751 1221752 1221753 1221760 1221763 1221763 1221765 1221777
                        1221783 1221786 1221787 1221812 1221816 1221821 1221822 1221824
                        1221827 1221829 1221830 1221831 1221857 1221858 1221906 1221940
                        1221958 1221963 1221984 1222011 1222015 1222044 1222080 1222086
                        1222173 1222241 1222254 1222264 1222273 1222294 1222301 1222302
                        1222303 1222304 1222307 1222326 1222328 1222335 1222350 1222357
                        1222364 1222366 1222368 1222371 1222372 1222378 1222380 1222385
                        1222387 1222398 1222422 1222426 1222428 1222433 1222434 1222437
                        1222438 1222445 1222453 1222459 1222463 1222464 1222465 1222465
                        1222489 1222522 1222525 1222532 1222548 1222557 1222559 1222563
                        1222585 1222588 1222596 1222606 1222608 1222613 1222615 1222617
                        1222618 1222619 1222622 1222624 1222625 1222627 1222629 1222630
                        1222633 1222634 1222635 1222654 1222721 1222727 1222768 1222768
                        1222769 1222771 1222775 1222777 1222779 1222780 1222782 1222793
                        1222799 1222801 1222804 1222807 1222808 1222809 1222810 1222811
                        1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833
                        1222834 1222834 1222893 1222899 1222967 1222968 1222973 1222992
                        1223007 1223010 1223011 1223015 1223016 1223018 1223020 1223021
                        1223023 1223024 1223033 1223034 1223035 1223038 1223039 1223041
                        1223045 1223046 1223051 1223052 1223053 1223058 1223060 1223061
                        1223062 1223074 1223076 1223077 1223084 1223094 1223107 1223111
                        1223113 1223138 1223143 1223187 1223189 1223190 1223191 1223191
                        1223198 1223202 1223265 1223285 1223306 1223315 1223336 1223338
                        1223369 1223380 1223384 1223390 1223395 1223423 1223424 1223425
                        1223428 1223430 1223439 1223462 1223532 1223539 1223570 1223575
                        1223590 1223591 1223592 1223593 1223596 1223600 1223605 1223625
                        1223626 1223627 1223629 1223631 1223632 1223633 1223634 1223635
                        1223637 1223638 1223641 1223642 1223643 1223644 1223645 1223646
                        1223648 1223649 1223650 1223651 1223652 1223653 1223654 1223655
                        1223657 1223660 1223661 1223663 1223664 1223665 1223666 1223667
                        1223668 1223669 1223670 1223671 1223675 1223677 1223678 1223679
                        1223686 1223687 1223689 1223690 1223692 1223693 1223695 1223696
                        1223698 1223699 1223705 1223709 1223711 1223712 1223714 1223715
                        1223717 1223718 1223720 1223723 1223724 1223725 1223728 1223731
                        1223731 1223732 1223734 1223735 1223737 1223738 1223739 1223740
                        1223741 1223742 1223744 1223745 1223747 1223748 1223749 1223750
                        1223752 1223754 1223756 1223757 1223759 1223760 1223761 1223762
                        1223763 1223764 1223765 1223766 1223767 1223768 1223769 1223770
                        1223774 1223776 1223777 1223778 1223779 1223780 1223781 1223782
                        1223787 1223788 1223789 1223790 1223802 1223803 1223804 1223805
                        1223806 1223807 1223808 1223810 1223813 1223815 1223816 1223819
                        1223821 1223822 1223823 1223824 1223826 1223827 1223828 1223829
                        1223831 1223834 1223836 1223837 1223838 1223842 1223843 1223844
                        1223847 1223848 1223863 1223869 1223870 1223871 1223872 1223874
                        1223903 1223944 1223945 1223946 1223979 1223991 1224044 1224049
                        1224076 1224096 1224098 1224099 1224105 1224113 1224113 1224113
                        1224115 1224116 1224118 1224137 1224166 1224174 1224177 1224180
                        1224181 1224187 1224282 1224331 1224348 1224386 1224388 1224414
                        1224415 1224422 1224423 1224429 1224430 1224432 1224433 1224437
                        1224438 1224439 1224442 1224443 1224445 1224449 1224477 1224479
                        1224480 1224481 1224482 1224485 1224486 1224487 1224488 1224490
                        1224491 1224492 1224493 1224494 1224495 1224496 1224497 1224498
                        1224499 1224500 1224501 1224502 1224504 1224505 1224506 1224507
                        1224508 1224509 1224510 1224511 1224512 1224513 1224515 1224516
                        1224517 1224519 1224520 1224521 1224523 1224524 1224525 1224526
                        1224530 1224531 1224534 1224535 1224537 1224539 1224540 1224541
                        1224542 1224543 1224544 1224545 1224546 1224549 1224550 1224552
                        1224553 1224555 1224557 1224558 1224559 1224562 1224565 1224566
                        1224567 1224568 1224569 1224571 1224572 1224573 1224575 1224576
                        1224577 1224578 1224579 1224580 1224581 1224582 1224583 1224584
                        1224585 1224586 1224587 1224588 1224589 1224592 1224596 1224598
                        1224600 1224601 1224602 1224603 1224604 1224605 1224606 1224607
                        1224608 1224609 1224611 1224612 1224613 1224614 1224615 1224617
                        1224618 1224619 1224620 1224621 1224622 1224623 1224624 1224626
                        1224627 1224628 1224629 1224630 1224631 1224632 1224633 1224634
                        1224636 1224636 1224637 1224638 1224639 1224640 1224641 1224643
                        1224644 1224645 1224646 1224647 1224648 1224649 1224650 1224651
                        1224652 1224653 1224654 1224655 1224657 1224659 1224660 1224661
                        1224662 1224663 1224664 1224665 1224666 1224667 1224668 1224670
                        1224671 1224672 1224673 1224674 1224675 1224676 1224677 1224678
                        1224679 1224680 1224681 1224682 1224683 1224685 1224686 1224687
                        1224688 1224690 1224692 1224694 1224696 1224697 1224698 1224699
                        1224700 1224701 1224703 1224704 1224705 1224706 1224707 1224709
                        1224710 1224711 1224712 1224714 1224716 1224717 1224718 1224719
                        1224720 1224721 1224722 1224723 1224725 1224727 1224729 1224730
                        1224731 1224732 1224733 1224735 1224736 1224738 1224739 1224740
                        1224741 1224742 1224743 1224747 1224749 1224751 1224759 1224763
                        1224764 1224765 1224766 1224767 1224771 1224790 1224792 1224793
                        1224803 1224804 1224866 1224868 1224928 1224930 1224932 1224933
                        1224935 1224936 1224937 1224939 1224941 1224944 1224946 1224947
                        1224949 1224951 1224988 1224989 1224992 1224998 1225000 1225001
                        1225004 1225006 1225007 1225008 1225009 1225014 1225015 1225022
                        1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049
                        1225050 1225053 1225076 1225077 1225078 1225081 1225085 1225086
                        1225088 1225090 1225092 1225096 1225097 1225098 1225101 1225103
                        1225104 1225105 1225106 1225108 1225120 1225132 1225133 1225134
                        1225136 1225172 1225180 1225267 1225272 1225291 1225300 1225391
                        1225451 1225451 1225472 1225475 1225475 1225476 1225477 1225478
                        1225485 1225487 1225489 1225490 1225502 1225527 1225529 1225530
                        1225532 1225534 1225548 1225550 1225551 1225553 1225554 1225555
                        1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568
                        1225569 1225570 1225571 1225572 1225573 1225577 1225578 1225579
                        1225580 1225581 1225582 1225583 1225584 1225585 1225586 1225587
                        1225588 1225589 1225590 1225591 1225592 1225593 1225594 1225595
                        1225598 1225599 1225600 1225601 1225602 1225605 1225607 1225607
                        1225609 1225610 1225611 1225616 1225618 1225640 1225642 1225681
                        1225692 1225694 1225695 1225696 1225698 1225699 1225702 1225704
                        1225705 1225708 1225710 1225711 1225712 1225714 1225715 1225717
                        1225718 1225719 1225720 1225722 1225723 1225726 1225728 1225731
                        1225732 1225734 1225735 1225736 1225737 1225741 1225744 1225745
                        1225746 1225747 1225748 1225749 1225750 1225751 1225752 1225753
                        1225756 1225757 1225758 1225759 1225760 1225761 1225762 1225763
                        1225765 1225766 1225767 1225769 1225770 1225771 1225773 1225775
                        1225805 1225810 1225812 1225814 1225815 1225820 1225823 1225827
                        1225829 1225830 1225832 1225834 1225835 1225838 1225839 1225840
                        1225842 1225843 1225847 1225851 1225856 1225866 1225872 1225894
                        1225895 1225896 1225898 1225903 1225903 1225903 1225945 1225953
                        1226003 1226014 1226022 1226030 1226031 1226127 1226128 1226131
                        1226145 1226149 1226155 1226158 1226163 1226202 1226211 1226212
                        1226213 1226226 1226412 1226414 1226415 1226457 1226463 1226493
                        1226502 1226502 1226503 1226507 1226513 1226514 1226519 1226520
                        1226529 1226530 1226582 1226587 1226588 1226588 1226592 1226593
                        1226594 1226595 1226597 1226604 1226606 1226607 1226608 1226610
                        1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657
                        1226658 1226666 1226734 1226735 1226737 1226738 1226739 1226740
                        1226741 1226742 1226743 1226744 1226746 1226747 1226749 1226750
                        1226751 1226754 1226757 1226758 1226760 1226761 1226764 1226765
                        1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776
                        1226777 1226780 1226781 1226783 1226785 1226786 1226788 1226789
                        1226790 1226791 1226796 1226798 1226799 1226801 1226834 1226837
                        1226839 1226840 1226841 1226842 1226844 1226846 1226848 1226852
                        1226856 1226857 1226859 1226860 1226861 1226863 1226864 1226866
                        1226867 1226868 1226874 1226875 1226876 1226878 1226879 1226883
                        1226885 1226886 1226890 1226891 1226894 1226895 1226905 1226908
                        1226909 1226911 1226915 1226920 1226928 1226934 1226938 1226939
                        1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990
                        1226992 1226993 1226994 1226995 1226996 1227066 1227072 1227085
                        1227089 1227090 1227096 1227101 1227103 1227117 1227138 1227149
                        1227149 1227182 1227186 1227187 1227190 1227205 1227282 1227316
                        1227322 1227355 1227362 1227363 1227383 1227383 1227432 1227434
                        1227435 1227437 1227443 1227446 1227447 1227487 1227487 1227492
                        1227493 1227494 1227525 1227573 1227618 1227620 1227623 1227625
                        1227626 1227627 1227634 1227694 1227706 1227716 1227719 1227722
                        1227723 1227724 1227725 1227726 1227728 1227729 1227730 1227732
                        1227733 1227734 1227736 1227747 1227750 1227754 1227755 1227757
                        1227758 1227760 1227761 1227762 1227763 1227764 1227766 1227770
                        1227771 1227772 1227774 1227779 1227780 1227781 1227783 1227784
                        1227785 1227786 1227787 1227788 1227789 1227790 1227791 1227792
                        1227793 1227796 1227797 1227798 1227799 1227800 1227801 1227802
                        1227803 1227806 1227808 1227810 1227811 1227812 1227813 1227814
                        1227815 1227816 1227818 1227819 1227820 1227823 1227824 1227826
                        1227828 1227829 1227830 1227832 1227833 1227834 1227836 1227839
                        1227840 1227846 1227849 1227851 1227853 1227855 1227862 1227863
                        1227864 1227865 1227866 1227867 1227869 1227870 1227883 1227884
                        1227885 1227886 1227890 1227891 1227893 1227899 1227910 1227913
                        1227918 1227926 1227929 1227950 1227957 1227962 1227981 1228020
                        1228021 1228041 1228081 1228081 1228086 1228090 1228090 1228091
                        1228138 1228140 1228142 1228184 1228192 1228192 1228193 1228206
                        1228208 1228211 1228223 1228235 1228236 1228244 1228247 1228269
                        1228289 1228321 1228327 1228328 1228403 1228405 1228408 1228409
                        1228410 1228417 1228420 1228426 1228427 1228429 1228434 1228446
                        1228447 1228449 1228450 1228452 1228456 1228457 1228458 1228459
                        1228460 1228462 1228463 1228466 1228467 1228468 1228469 1228470
                        1228472 1228479 1228480 1228481 1228482 1228483 1228484 1228485
                        1228486 1228487 1228489 1228491 1228492 1228493 1228494 1228495
                        1228496 1228499 1228500 1228501 1228502 1228503 1228505 1228507
                        1228508 1228509 1228510 1228511 1228513 1228515 1228516 1228518
                        1228520 1228525 1228527 1228530 1228531 1228539 1228561 1228563
                        1228564 1228565 1228567 1228568 1228572 1228574 1228575 1228576
                        1228579 1228580 1228581 1228582 1228584 1228586 1228588 1228590
                        1228591 1228599 1228615 1228616 1228617 1228625 1228626 1228633
                        1228635 1228636 1228640 1228643 1228644 1228646 1228647 1228649
                        1228650 1228654 1228655 1228656 1228658 1228659 1228660 1228662
                        1228665 1228666 1228667 1228672 1228673 1228674 1228677 1228680
                        1228687 1228705 1228706 1228707 1228708 1228709 1228710 1228718
                        1228720 1228721 1228722 1228723 1228724 1228726 1228727 1228728
                        1228733 1228737 1228743 1228748 1228754 1228756 1228757 1228758
                        1228764 1228766 1228771 1228779 1228787 1228801 1228809 1228849
                        1228850 1228857 1228879 1228959 1228964 1228966 1228967 1228971
                        1228973 1228977 1228978 1228979 1228986 1228988 1228989 1228991
                        1228992 1229001 1229003 1229004 1229005 1229007 1229014 1229019
                        1229024 1229042 1229045 1229046 1229054 1229056 1229069 1229086
                        1229086 1229106 1229122 1229122 1229134 1229136 1229154 1229156
                        1229160 1229167 1229167 1229168 1229169 1229169 1229170 1229171
                        1229172 1229173 1229174 1229228 1229238 1229239 1229240 1229241
                        1229243 1229244 1229245 1229246 1229247 1229248 1229249 1229250
                        1229251 1229252 1229253 1229254 1229255 1229256 1229272 1229287
                        1229289 1229290 1229291 1229292 1229294 1229296 1229297 1229298
                        1229299 1229301 1229303 1229304 1229305 1229307 1229309 1229312
                        1229313 1229314 1229315 1229316 1229317 1229318 1229319 1229320
                        1229327 1229334 1229339 1229341 1229342 1229344 1229345 1229346
                        1229347 1229349 1229350 1229351 1229353 1229354 1229355 1229356
                        1229357 1229358 1229359 1229360 1229362 1229363 1229364 1229365
                        1229366 1229369 1229370 1229371 1229373 1229374 1229379 1229380
                        1229381 1229382 1229383 1229386 1229388 1229389 1229390 1229391
                        1229392 1229394 1229395 1229398 1229399 1229400 1229402 1229403
                        1229404 1229407 1229409 1229410 1229411 1229413 1229414 1229417
                        1229429 1229443 1229444 1229451 1229452 1229452 1229455 1229455
                        1229456 1229456 1229465 1229480 1229481 1229482 1229484 1229485
                        1229486 1229487 1229488 1229489 1229490 1229493 1229494 1229495
                        1229496 1229497 1229500 1229503 1229518 1229585 1229685 1229707
                        1229739 1229743 1229746 1229747 1229752 1229753 1229754 1229755
                        1229756 1229759 1229761 1229764 1229767 1229768 1229781 1229784
                        1229785 1229787 1229788 1229789 1229790 1229792 1229810 1229820
                        1229822 1229827 1229830 1229837 1229899 1229928 1229930 1229930
                        1229931 1229931 1229932 1229932 1229940 1229997 1230007 1230015
                        1230020 1230034 1230056 1230062 1230078 1230093 1230119 1230123
                        1230124 1230125 1230145 1230169 1230170 1230171 1230173 1230174
                        1230175 1230176 1230178 1230180 1230181 1230185 1230191 1230192
                        1230193 1230194 1230195 1230200 1230204 1230206 1230207 1230209
                        1230211 1230213 1230217 1230221 1230224 1230229 1230230 1230232
                        1230233 1230240 1230244 1230245 1230247 1230248 1230267 1230267
                        1230267 1230267 1230269 1230270 1230295 1230316 1230340 1230413
                        1230426 1230430 1230431 1230432 1230433 1230434 1230435 1230440
                        1230441 1230442 1230444 1230450 1230451 1230454 1230455 1230457
                        1230459 1230468 1230506 1230507 1230511 1230515 1230516 1230517
                        1230518 1230519 1230520 1230521 1230524 1230526 1230533 1230535
                        1230537 1230539 1230540 1230549 1230556 1230562 1230563 1230564
                        1230580 1230582 1230589 1230596 1230602 1230679 1230698 1230699
                        1230700 1230701 1230702 1230703 1230704 1230705 1230706 1230709
                        1230711 1230712 1230715 1230719 1230722 1230724 1230725 1230726
                        1230727 1230730 1230731 1230732 1230747 1230748 1230749 1230751
                        1230752 1230753 1230756 1230761 1230766 1230767 1230768 1230771
                        1230772 1230775 1230776 1230780 1230783 1230786 1230787 1230791
                        1230794 1230796 1230802 1230806 1230808 1230809 1230810 1230812
                        1230813 1230814 1230815 1230821 1230825 1230830 1230831 1230854
                        1230861 1230901 1230904 1230912 1230948 1231008 1231035 1231043
                        1231048 1231055 1231055 1231120 1231146 1231182 1231183 1231185
                        1231328 1231373 1231472 1231494 1231565 1231714 1231792 1231833
                        1231986 1232024 1232063 1232211 1232227 1232234 1232276 1232458
                        1232528 1232579 1232579 1232601 1232844 1233078 1233282 1233289
                        1233322 1233393 1233517 1233529 1233593 1233594 1233699 1233752
                        1234015 1234015 1234027 1234068 1234100 1234100 1234101 1234101
                        1234102 1234102 1234103 1234103 1234104 1234104 1234128 1234304
                        1234313 1234383 1234449 1234563 1234634 1234634 1234634 1234665
                        1234693 1234736 1234752 1234765 1234765 1234798 1234812 1234863
                        1234959 1234996 1235088 1235151 1235463 1235475 1235475 1235598
                        1235636 1235695 1235824 1235905 1235953 1236136 1236136 1236151
                        1236177 1236217 1236217 1236217 1236217 1236282 1236282 1236353
                        1236384 1236481 1236533 1236588 1236590 1236619 1236820 1236842
                        1236878 1236886 1236897 1236931 1236931 1236939 1236982 1236983
                        1237044 1237108 1237131 1237137 1237172 1237363 1237370 1237375
                        1237418 1237496 1237498 1237542 1237587 1237695 1237776 1237949
                        1238315 1238472 1238572 1238700 1238700 1238724 1238848 1238972
                        1239012 1239119 1239119 1239119 1239206 1239206 1239335 1239335
                        1239439 1239533 1239543 1239618 1239623 1239763 1239809 1239866
                        1239883 1239909 1239941 1240009 1240132 1240324 1240343 1240366
                        1240414 1240513 1240529 1240623 1240696 1240755 1240897 1240919
                        1240966 1240998 1241002 1241020 1241052 1241078 1241083 1241114
                        1241166 1241166 1241190 1241219 1241259 1241316 1241353 1241403
                        1241435 1241453 1241463 1241474 1241551 1241612 1241637 1241680
                        1241826 1241826 1241857 1241857 1241872 1241957 1242034 1242086
                        1242170 1242300 1242414 1242505 1242782 1242827 1242844 1242864
                        1242901 1242938 1242965 1242974 1242986 1242987 1242995 1243000
                        1243005 1243055 1243068 1243069 1243100 1243112 1243112 1243208
                        1243226 1243254 1243279 1243313 1243317 1243443 1243452 1243457
                        1243474 1243505 1243507 1243603 1243662 1243767 1243772 1243774
                        1243795 1243887 1243901 1243935 1244042 1244057 1244079 1244105
                        1244156 1244157 1244309 1244325 1244449 1244449 1244485 1244485
                        1244485 1244509 1244528 1244550 1244554 1244555 1244557 1244580
                        1244596 1244680 1244700 1244705 1244710 1244723 1244734 1244749
                        1244792 1244812 1244930 1244939 1245000 1245151 1245193 1245193
                        1245193 1245206 1245216 1245220 1245220 1245260 1245292 1245309
                        1245310 1245311 1245312 1245314 1245317 1245410 1245431 1245452
                        1245457 1245496 1245498 1245499 1245504 1245506 1245508 1245510
                        1245551 1245596 1245621 1245630 1245636 1245654 1245657 1245658
                        1245659 1245663 1245664 1245665 1245666 1245668 1245669 1245670
                        1245671 1245672 1245675 1245676 1245678 1245683 1245684 1245686
                        1245688 1245690 1245691 1245695 1245700 1245703 1245705 1245710
                        1245711 1245713 1245714 1245715 1245717 1245719 1245721 1245723
                        1245726 1245728 1245729 1245730 1245731 1245735 1245737 1245738
                        1245744 1245745 1245746 1245747 1245748 1245749 1245751 1245757
                        1245763 1245765 1245767 1245769 1245777 1245780 1245781 1245784
                        1245785 1245787 1245812 1245814 1245815 1245878 1245878 1245914
                        1245931 1245937 1245945 1245952 1245953 1245955 1245956 1245963
                        1245966 1245969 1245970 1245973 1245976 1245977 1245985 1245986
                        1246000 1246002 1246005 1246008 1246012 1246013 1246019 1246022
                        1246023 1246031 1246034 1246037 1246038 1246041 1246042 1246047
                        1246049 1246050 1246053 1246054 1246055 1246057 1246098 1246109
                        1246118 1246125 1246149 1246166 1246171 1246176 1246181 1246183
                        1246184 1246185 1246186 1246188 1246190 1246192 1246193 1246195
                        1246197 1246220 1246231 1246234 1246236 1246240 1246243 1246244
                        1246245 1246246 1246248 1246250 1246252 1246253 1246255 1246258
                        1246259 1246260 1246262 1246266 1246268 1246282 1246283 1246285
                        1246286 1246287 1246290 1246292 1246293 1246295 1246296 1246297
                        1246328 1246333 1246334 1246337 1246342 1246349 1246351 1246353
                        1246354 1246358 1246360 1246364 1246366 1246370 1246375 1246376
                        1246385 1246386 1246387 1246399 1246399 1246438 1246443 1246444
                        1246447 1246450 1246453 1246466 1246466 1246473 1246490 1246509
                        1246547 1246597 1246607 1246607 1246622 1246631 1246651 1246688
                        1246777 1246781 1246782 1246806 1246806 1246843 1246868 1246896
                        1246911 1246912 1246912 1246912 1246934 1246965 1246974 1246974
                        1246979 1247018 1247020 1247022 1247023 1247024 1247027 1247028
                        1247030 1247031 1247033 1247035 1247054 1247061 1247062 1247064
                        1247074 1247076 1247078 1247079 1247088 1247089 1247091 1247097
                        1247098 1247099 1247101 1247102 1247103 1247104 1247112 1247113
                        1247116 1247118 1247119 1247123 1247125 1247126 1247128 1247130
                        1247131 1247132 1247136 1247137 1247138 1247141 1247143 1247145
                        1247146 1247147 1247149 1247150 1247151 1247152 1247153 1247154
                        1247155 1247156 1247157 1247160 1247162 1247163 1247164 1247167
                        1247169 1247170 1247171 1247174 1247176 1247177 1247178 1247181
                        1247209 1247210 1247220 1247222 1247223 1247227 1247229 1247231
                        1247233 1247234 1247235 1247236 1247238 1247239 1247240 1247241
                        1247242 1247243 1247249 1247250 1247251 1247252 1247253 1247255
                        1247262 1247265 1247270 1247271 1247273 1247274 1247276 1247277
                        1247278 1247279 1247280 1247282 1247283 1247284 1247285 1247286
                        1247288 1247289 1247290 1247292 1247293 1247308 1247311 1247313
                        1247314 1247317 1247325 1247326 1247347 1247348 1247349 1247358
                        1247366 1247372 1247376 1247426 1247432 1247432 1247437 1247442
                        1247483 1247495 1247500 1247500 1247500 1247690 1247712 1247712
                        1247719 1247720 1247816 1247816 1247816 1247819 1247837 1247838
                        1247850 1247850 1247858 1247858 1247907 1247935 1247936 1247948
                        1247948 1247949 1247950 1247963 1247976 1248082 1248088 1248097
                        1248111 1248121 1248158 1248166 1248175 1248178 1248179 1248183
                        1248185 1248186 1248188 1248190 1248192 1248194 1248196 1248198
                        1248199 1248200 1248202 1248205 1248206 1248208 1248209 1248211
                        1248211 1248212 1248213 1248214 1248216 1248217 1248222 1248223
                        1248224 1248225 1248227 1248228 1248229 1248230 1248232 1248234
                        1248235 1248240 1248255 1248296 1248297 1248299 1248301 1248302
                        1248304 1248306 1248312 1248317 1248333 1248334 1248337 1248338
                        1248340 1248341 1248343 1248345 1248349 1248350 1248354 1248355
                        1248356 1248356 1248357 1248359 1248360 1248361 1248363 1248365
                        1248366 1248367 1248368 1248374 1248377 1248378 1248380 1248384
                        1248386 1248390 1248392 1248395 1248396 1248399 1248400 1248401
                        1248501 1248501 1248511 1248512 1248516 1248516 1248573 1248575
                        1248577 1248586 1248586 1248609 1248610 1248616 1248617 1248619
                        1248621 1248622 1248624 1248626 1248627 1248628 1248630 1248631
                        1248634 1248635 1248639 1248643 1248647 1248648 1248652 1248655
                        1248660 1248662 1248664 1248666 1248669 1248670 1248672 1248674
                        1248681 1248727 1248728 1248748 1248754 1248754 1248775 1248776
                        1248792 1248800 1248801 1248842 1249022 1249038 1249049 1249055
                        1249055 1249060 1249061 1249062 1249064 1249065 1249066 1249079
                        1249088 1249104 1249126 1249128 1249143 1249147 1249156 1249159
                        1249160 1249161 1249163 1249164 1249166 1249167 1249169 1249170
                        1249172 1249176 1249177 1249179 1249182 1249186 1249190 1249191
                        1249191 1249193 1249195 1249199 1249201 1249202 1249203 1249204
                        1249206 1249207 1249208 1249215 1249220 1249221 1249226 1249235
                        1249241 1249254 1249256 1249258 1249262 1249263 1249265 1249266
                        1249269 1249271 1249272 1249273 1249274 1249278 1249279 1249281
                        1249282 1249284 1249285 1249286 1249288 1249290 1249292 1249295
                        1249296 1249297 1249299 1249300 1249301 1249302 1249303 1249304
                        1249305 1249306 1249307 1249308 1249309 1249312 1249313 1249314
                        1249315 1249316 1249317 1249318 1249319 1249320 1249321 1249322
                        1249323 1249324 1249333 1249334 1249338 1249346 1249348 1249348
                        1249367 1249367 1249374 1249375 1249375 1249385 1249397 1249397
                        1249398 1249413 1249435 1249435 1249450 1249477 1249478 1249479
                        1249486 1249490 1249494 1249495 1249500 1249504 1249506 1249508
                        1249509 1249510 1249512 1249513 1249515 1249516 1249522 1249523
                        1249524 1249526 1249533 1249537 1249538 1249540 1249542 1249545
                        1249547 1249548 1249550 1249552 1249554 1249562 1249566 1249584
                        1249584 1249587 1249590 1249598 1249604 1249608 1249608 1249609
                        1249615 1249618 1249636 1249686 1249735 1249774 1249814 1249832
                        1249833 1249887 1249888 1249895 1249901 1249904 1249906 1249912
                        1249915 1249974 1249975 1249977 1249982 1249985 1249998 1250002
                        1250007 1250021 1250025 1250028 1250032 1250032 1250034 1250082
                        1250086 1250087 1250088 1250091 1250119 1250123 1250124 1250133
                        1250176 1250177 1250179 1250192 1250202 1250203 1250204 1250205
                        1250232 1250232 1250233 1250234 1250237 1250237 1250242 1250247
                        1250249 1250251 1250252 1250258 1250262 1250266 1250267 1250268
                        1250275 1250276 1250279 1250281 1250291 1250292 1250294 1250296
                        1250297 1250298 1250334 1250343 1250343 1250344 1250349 1250365
                        1250371 1250373 1250377 1250379 1250386 1250388 1250388 1250389
                        1250398 1250399 1250400 1250402 1250406 1250407 1250408 1250410
                        1250450 1250455 1250491 1250491 1250508 1250513 1250519 1250522
                        1250536 1250553 1250553 1250553 1250562 1250566 1250567 1250573
                        1250596 1250650 1250655 1250655 1250664 1250671 1250692 1250702
                        1250704 1250705 1250705 1250711 1250712 1250713 1250716 1250719
                        1250721 1250722 1250723 1250729 1250736 1250737 1250738 1250739
                        1250741 1250742 1250746 1250748 1250748 1250749 1250758 1250946
                        1250951 1250952 1250983 1251100 1251114 1251120 1251134 1251135
                        1251135 1251143 1251146 1251176 1251177 1251186 1251198 1251199
                        1251213 1251214 1251214 1251216 1251230 1251232 1251233 1251253
                        1251254 1251255 1251256 1251257 1251258 1251259 1251260 1251261
                        1251262 1251305 1251511 1251511 1251679 1251679 1251804 1251809
                        1251810 1251817 1251819 1251827 1251850 1251898 1251920 1251930
                        1251966 1251967 1251971 1251979 1251981 1251982 1252008 1252025
                        1252025 1252033 1252035 1252036 1252039 1252044 1252046 1252047
                        1252048 1252048 1252051 1252052 1252054 1252056 1252060 1252062
                        1252063 1252064 1252065 1252067 1252069 1252070 1252072 1252073
                        1252074 1252075 1252076 1252078 1252079 1252081 1252082 1252083
                        1252084 1252153 1252158 1252217 1252217 1252250 1252253 1252265
                        1252266 1252267 1252270 1252270 1252290 1252301 1252303 1252330
                        1252333 1252336 1252337 1252342 1252346 1252348 1252349 1252352
                        1252357 1252390 1252414 1252417 1252418 1252425 1252425 1252525
                        1252678 1252679 1252681 1252686 1252688 1252689 1252696 1252712
                        1252725 1252734 1252744 1252744 1252763 1252772 1252773 1252774
                        1252776 1252779 1252780 1252784 1252785 1252787 1252789 1252790
                        1252794 1252795 1252797 1252808 1252809 1252817 1252819 1252821
                        1252822 1252824 1252826 1252836 1252841 1252845 1252848 1252849
                        1252850 1252851 1252854 1252858 1252861 1252862 1252865 1252866
                        1252873 1252891 1252892 1252900 1252901 1252902 1252909 1252911
                        1252912 1252915 1252917 1252918 1252919 1252921 1252923 1252924
                        1252928 1252930 1252931 1252932 1252933 1252934 1252935 1252939
                        1252974 1253018 1253025 1253029 1253029 1253044 1253049 1253060
                        1253078 1253079 1253087 1253129 1253129 1253140 1253145 1253155
                        1253155 1253176 1253177 1253178 1253238 1253238 1253262 1253275
                        1253318 1253321 1253324 1253328 1253330 1253342 1253344 1253348
                        1253349 1253352 1253355 1253360 1253362 1253363 1253365 1253367
                        1253369 1253386 1253394 1253395 1253400 1253402 1253403 1253404
                        1253405 1253407 1253408 1253409 1253410 1253412 1253413 1253414
                        1253415 1253416 1253421 1253422 1253423 1253424 1253425 1253426
                        1253427 1253428 1253431 1253433 1253436 1253437 1253438 1253440
                        1253441 1253442 1253443 1253445 1253448 1253449 1253450 1253451
                        1253453 1253455 1253456 1253457 1253458 1253460 1253463 1253471
                        1253472 1253491 1253500 1253581 1253581 1253611 1253622 1253623
                        1253624 1253635 1253643 1253647 1253674 1253679 1253691 1253739
                        1253739 1253740 1253740 1253741 1253757 1253757 1253783 1253901
                        1253901 1253904 1253960 1254079 1254079 1254119 1254126 1254128
                        1254157 1254157 1254158 1254158 1254159 1254159 1254160 1254160
                        1254181 1254195 1254196 1254206 1254214 1254221 1254227 1254244
                        1254244 1254264 1254293 1254297 1254297 1254299 1254306 1254307
                        1254308 1254308 1254310 1254315 1254324 1254324 1254336 1254336
                        1254353 1254363 1254378 1254400 1254401 1254408 1254415 1254430
                        1254430 1254431 1254431 1254435 1254441 1254441 1254441 1254441
                        1254447 1254477 1254480 1254480 1254510 1254511 1254512 1254514
                        1254515 1254518 1254518 1254519 1254520 1254563 1254563 1254571
                        1254615 1254616 1254618 1254621 1254624 1254650 1254662 1254662
                        1254666 1254666 1254670 1254670 1254679 1254679 1254791 1254793
                        1254794 1254795 1254796 1254797 1254798 1254808 1254809 1254813
                        1254815 1254817 1254820 1254821 1254824 1254825 1254827 1254828
                        1254829 1254830 1254832 1254835 1254839 1254840 1254842 1254843
                        1254845 1254846 1254847 1254849 1254850 1254851 1254852 1254854
                        1254856 1254858 1254860 1254861 1254864 1254866 1254866 1254867
                        1254867 1254867 1254868 1254869 1254871 1254873 1254878 1254878
                        1254892 1254894 1254928 1254928 1254957 1254959 1254961 1254964
                        1254977 1254996 1254997 1255024 1255024 1255026 1255027 1255030
                        1255034 1255035 1255039 1255040 1255041 1255042 1255052 1255053
                        1255057 1255058 1255064 1255065 1255066 1255066 1255066 1255068
                        1255071 1255072 1255074 1255075 1255077 1255081 1255082 1255083
                        1255084 1255087 1255092 1255094 1255095 1255097 1255099 1255102
                        1255103 1255111 1255116 1255120 1255121 1255122 1255124 1255128
                        1255129 1255131 1255134 1255135 1255136 1255138 1255140 1255142
                        1255144 1255145 1255146 1255148 1255149 1255150 1255152 1255154
                        1255155 1255156 1255157 1255160 1255161 1255164 1255167 1255169
                        1255171 1255172 1255175 1255179 1255181 1255182 1255186 1255187
                        1255190 1255193 1255196 1255197 1255199 1255202 1255203 1255206
                        1255209 1255216 1255218 1255220 1255221 1255223 1255226 1255227
                        1255228 1255230 1255231 1255232 1255233 1255234 1255241 1255242
                        1255243 1255244 1255245 1255246 1255247 1255251 1255252 1255253
                        1255255 1255256 1255259 1255260 1255261 1255262 1255266 1255268
                        1255269 1255272 1255273 1255274 1255276 1255279 1255297 1255311
                        1255312 1255316 1255318 1255319 1255325 1255326 1255326 1255327
                        1255329 1255333 1255346 1255346 1255349 1255351 1255354 1255357
                        1255360 1255372 1255377 1255378 1255379 1255380 1255395 1255400
                        1255401 1255402 1255403 1255415 1255417 1255428 1255433 1255434
                        1255435 1255459 1255459 1255480 1255482 1255483 1255488 1255489
                        1255490 1255491 1255493 1255495 1255505 1255506 1255507 1255508
                        1255509 1255526 1255527 1255529 1255530 1255533 1255536 1255537
                        1255541 1255542 1255544 1255547 1255550 1255552 1255553 1255567
                        1255569 1255572 1255580 1255593 1255601 1255603 1255611 1255614
                        1255622 1255672 1255678 1255687 1255688 1255694 1255695 1255698
                        1255703 1255706 1255707 1255708 1255709 1255715 1255715 1255721
                        1255722 1255723 1255724 1255725 1255731 1255731 1255732 1255732
                        1255733 1255733 1255734 1255734 1255752 1255764 1255765 1255765
                        1255768 1255811 1255812 1255813 1255814 1255816 1255821 1255822
                        1255823 1255868 1255895 1255930 1255931 1255932 1255934 1255943
                        1255944 1256070 1256105 1256105 1256160 1256238 1256243 1256244
                        1256244 1256246 1256246 1256288 1256331 1256341 1256341 1256389
                        1256389 1256390 1256390 1256427 1256427 1256435 1256436 1256457
                        1256484 1256495 1256525 1256525 1256526 1256526 1256572 1256576
                        1256579 1256582 1256584 1256586 1256591 1256592 1256593 1256594
                        1256597 1256605 1256606 1256607 1256608 1256609 1256610 1256611
                        1256612 1256613 1256616 1256617 1256619 1256622 1256623 1256624
                        1256624 1256625 1256627 1256628 1256630 1256632 1256638 1256640
                        1256641 1256643 1256644 1256644 1256645 1256646 1256647 1256650
                        1256651 1256653 1256654 1256655 1256656 1256659 1256660 1256661
                        1256664 1256665 1256667 1256668 1256673 1256674 1256675 1256677
                        1256679 1256680 1256682 1256683 1256688 1256689 1256708 1256716
                        1256726 1256728 1256730 1256732 1256733 1256737 1256741 1256742
                        1256744 1256748 1256749 1256752 1256754 1256755 1256756 1256757
                        1256759 1256760 1256761 1256763 1256766 1256766 1256770 1256773
                        1256774 1256777 1256779 1256780 1256781 1256784 1256785 1256792
                        1256793 1256794 1256794 1256802 1256804 1256804 1256805 1256805
                        1256805 1256807 1256807 1256808 1256808 1256809 1256809 1256810
                        1256810 1256811 1256811 1256812 1256812 1256816 1256816 1256816
                        1256817 1256817 1256817 1256818 1256818 1256818 1256818 1256819
                        1256819 1256819 1256820 1256820 1256820 1256821 1256821 1256821
                        1256822 1256822 1256829 1256830 1256830 1256831 1256832 1256833
                        1256834 1256834 1256835 1256835 1256836 1256836 1256837 1256837
                        1256838 1256838 1256839 1256839 1256840 1256840 1256841 1256864
                        1256865 1256865 1256865 1256867 1256867 1256867 1256876 1256878
                        1256880 1256975 1257005 1257005 1257015 1257029 1257031 1257035
                        1257042 1257046 1257049 1257049 1257053 1257068 1257068 1257111
                        1257116 1257143 1257144 1257144 1257154 1257154 1257155 1257158
                        1257159 1257163 1257164 1257167 1257168 1257174 1257179 1257180
                        1257181 1257181 1257183 1257202 1257204 1257207 1257208 1257209
                        1257215 1257217 1257218 1257220 1257221 1257222 1257225 1257227
                        1257228 1257231 1257232 1257234 1257236 1257238 1257243 1257245
                        1257246 1257274 1257276 1257277 1257279 1257282 1257296 1257309
                        1257325 1257332 1257353 1257353 1257354 1257354 1257355 1257355
                        1257359 1257359 1257364 1257364 1257365 1257365 1257395 1257396
                        1257396 1257440 1257463 1257466 1257472 1257473 1257473 1257474
                        1257490 1257492 1257496 1257496 1257504 1257511 1257521 1257551
                        1257552 1257553 1257554 1257556 1257557 1257559 1257560 1257561
                        1257562 1257565 1257570 1257572 1257573 1257576 1257579 1257580
                        1257581 1257586 1257593 1257593 1257594 1257594 1257595 1257595
                        1257598 1257600 1257603 1257625 1257631 1257635 1257661 1257667
                        1257669 1257679 1257682 1257686 1257687 1257688 1257692 1257692
                        1257703 1257704 1257705 1257706 1257707 1257708 1257709 1257714
                        1257715 1257716 1257718 1257722 1257723 1257726 1257729 1257730
                        1257732 1257734 1257735 1257737 1257739 1257740 1257741 1257742
                        1257743 1257745 1257749 1257750 1257755 1257757 1257758 1257759
                        1257761 1257762 1257763 1257765 1257768 1257770 1257772 1257773
                        1257775 1257776 1257777 1257788 1257789 1257790 1257805 1257808
                        1257809 1257811 1257813 1257814 1257815 1257816 1257817 1257818
                        1257825 1257830 1257836 1257875 1257882 1257882 1257895 1257908
                        1257918 1257942 1257952 1257976 1258002 1258002 1258005 1258005
                        1258020 1258020 1258022 1258045 1258045 1258049 1258049 1258051
                        1258051 1258054 1258054 1258080 1258080 1258081 1258081 1258143
                        1258153 1258163 1258167 1258175 1258181 1258183 1258183 1258184
                        1258193 1258193 1258222 1258231 1258232 1258234 1258237 1258245
                        1258249 1258252 1258256 1258258 1258259 1258272 1258273 1258276
                        1258277 1258279 1258280 1258286 1258289 1258290 1258293 1258297
                        1258298 1258299 1258301 1258303 1258304 1258305 1258308 1258309
                        1258311 1258311 1258313 1258317 1258319 1258321 1258323 1258324
                        1258326 1258330 1258331 1258337 1258338 1258340 1258344 1258349
                        1258354 1258355 1258358 1258371 1258374 1258376 1258377 1258379
                        1258385 1258387 1258389 1258392 1258392 1258394 1258395 1258397
                        1258411 1258414 1258415 1258419 1258421 1258422 1258423 1258424
                        1258429 1258430 1258442 1258447 1258455 1258461 1258464 1258465
                        1258468 1258469 1258476 1258483 1258484 1258489 1258506 1258517
                        1258518 1258518 1258519 1258520 1258524 1258544 1258568 1258641
                        1258655 1258655 1258660 1258672 1258701 1258718 1258784 1258784
                        1258790 1258824 1258826 1258849 1258849 1258850 1258854 1258855
                        1258856 1258857 1258859 1258933 1258945 1258953 1258954 1258961
                        1259051 1259126 1259126 1259186 1259188 1259199 1259222 1259240
                        1259264 1259265 1259266 1259267 1259268 1259271 1259311 1259311
                        1259329 1259362 1259362 1259362 1259363 1259363 1259364 1259364
                        1259365 1259365 1259367 1259370 1259418 1259418 1259420 1259438
                        1259446 1259447 1259448 1259450 1259451 1259452 1259455 1259456
                        1259457 1259461 1259461 1259463 1259464 1259466 1259467 1259468
                        1259469 1259472 1259484 1259485 1259497 1259528 1259535 1259543
                        1259546 1259580 1259608 1259611 1259616 1259619 1259619 1259623
                        1259650 1259650 1259652 1259672 1259697 1259697 1259704 1259707
                        1259711 1259711 1259713 1259726 1259726 1259728 1259729 1259729
                        1259731 1259734 1259735 1259748 1259759 1259795 1259797 1259799
                        1259803 1259806 1259816 1259825 1259825 1259845 1259845 1259857
                        1259859 1259859 1259859 1259859 1259859 1259865 1259868 1259869
                        1259870 1259871 1259873 1259878 1259886 1259889 1259891 1259924
                        1259955 1259963 1259989 1259994 1259997 1259998 1260005 1260009
                        1260010 1260012 1260018 1260026 1260078 1260078 1260082 1260082
                        1260265 1260347 1260414 1260428 1260439 1260441 1260441 1260442
                        1260442 1260443 1260443 1260444 1260444 1260445 1260445 1260455
                        1260459 1260460 1260462 1260463 1260464 1260468 1260471 1260480
                        1260481 1260482 1260483 1260484 1260485 1260486 1260489 1260490
                        1260494 1260497 1260498 1260500 1260504 1260505 1260507 1260514
                        1260522 1260523 1260526 1260527 1260528 1260529 1260530 1260531
                        1260532 1260533 1260536 1260537 1260538 1260541 1260544 1260546
                        1260549 1260550 1260551 1260552 1260555 1260561 1260562 1260566
                        1260571 1260572 1260573 1260576 1260580 1260581 1260588 1260589
                        1260593 1260606 1260613 1260728 1260729 1260730 1260731 1260732
                        1260735 1260754 1260754 1260755 1260755 1260798 1260799 1260800
                        1260801 1260807 1260811 1260876 1260996 1261020 1261149 1261155
                        1261206 1261206 1261209 1261280 1261280 1261287 1261288 1261295
                        1261348 1261410 1261420 1261496 1261498 1261503 1261504 1261505
                        1261506 1261507 1261550 1261555 1261581 1261582 1261584 1261585
                        1261592 1261601 1261602 1261606 1261617 1261618 1261621 1261622
                        1261624 1261629 1261630 1261630 1261630 1261632 1261634 1261635
                        1261636 1261637 1261638 1261639 1261641 1261644 1261645 1261648
                        1261653 1261654 1261655 1261656 1261657 1261658 1261659 1261660
                        1261661 1261669 1261678 1261678 1261679 1261685 1261686 1261687
                        1261692 1261694 1261696 1261700 1261702 1261703 1261705 1261706
                        1261707 1261708 1261710 1261712 1261713 1261714 1261717 1261718
                        1261719 1261720 1261738 1261750 1261751 1261752 1261768 1261772
                        1261778 1261779 1261780 1261781 1261786 1261788 1261789 1261796
                        1261797 1261809 1261809 1261824 1261845 1261845 1261845 1261866
                        1261876 1261880 1261896 1261957 1261957 1262019 1262053 1262054
                        1262055 1262061 1262063 1262074 1262078 1262086 1262087 1262099
                        1262100 1262101 1262144 1262179 1262181 1262216 1262220 1262221
                        1262223 1262223 1262223 1262223 1262245 1262250 1262254 1262255
                        1262315 1262425 1262426 1262464 1262464 1262465 1262465 1262480
                        1262573 1262601 1262616 1262617 1262627 1262631 1262632 1262635
                        1262636 1262638 1262662 1262665 1262671 1262673 1262709 1262725
                        1262731 1262750 1262752 1262758 1263001 1263012 1263018 1263044
                        1263048 1263052 1263064 1263074 1263077 1263085 1263093 1263095
                        1263104 1263107 1263131 1263135 1263138 1263140 1263141 1263165
                        1263176 1263255 1263366 1263367 1263556 1263562 1263582 1263592
                        1263593 1263595 1263596 1263604 1263668 1263689 1263689 1263689
                        1263815 1263882 1263901 1263931 1263933 1263942 1263995 1264013
                        1264014 1264059 1264082 1264097 1264183 1264233 1264427 1264449
                        1264450 1264469 1264511 1264511 1264512 1264512 1264513 1264513
                        1264514 1264514 1264515 1264515 1264586 1264674 1264837 1264848
                        1265085 1265116 1265119 1265144 1265209 1265296 1265296 1265308
                        1265308 1265421 1265428 1265449 1265456 1265626 1265758 1265846
                        1265960 1325335 1548723 1573097 1615555 1748105 1753026 1757758
                        1774659 1775046 1780432 1784253 1793811 1813401 1818766 1822450
                        1822935 1822936 1826451 1826652 1827224 1827303 1827444 1829112
                        1830415 1830978 1831552 1833270 1834851 1835357 1835425 1835828
                        1836781 1836925 1837431 1837617 1837987 1839327 1839795 1839992
                        1840429 1840437 1840505 1840510 1841029 1842928 1842932 1842935
                        1842937 1847845 1848183 1849077 1849471 1850598 1850982 1851044
                        1851049 1852011 1852179 1853737 1854438 1854439 1854795 1855318
                        1858241 1860670 1861265 1861728 1863605 1865450 1867408 1869378
                        1869408 1869642 1870673 1871152 1871219 1871630 1871631 1873095
                        1873296 1874017 1874111 1874458 1874937 1875356 1875506 1875965
                        1876179 1876390 1876800 1877344 1877730 1879513 1879945 1880857
                        1881027 1884276 1884444 1885404 1887996 1889671 1890069 1893029
                        1893162 1893334 1893404 1893752 1894572 1895012 1895032 1896353
                        1897487 1898074 1898627 1898825 1898830 1898858 1899593 1899759
                        1899883 1900413 1901080 1901932 1905691 1935995 1964722 2009552
                        2019224 2019357 2023207 2023209 2026089 2026156 2026311 2027345
                        2027365 2027378 2028001 2029323 2029425 2029462 2029752 2030135
                        2033783 2034185 215997 222971 441356 614646 671060 676100 676118
                        864039 867620 CVE-2013-0340 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105
                        CVE-2017-8287 CVE-2019-15903 CVE-2020-8911 CVE-2020-8912 CVE-2021-47432
                        CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-29154 CVE-2022-31022
                        CVE-2022-3821 CVE-2022-45748 CVE-2022-48622 CVE-2022-48669 CVE-2022-48772
                        CVE-2022-50253 CVE-2023-0109 CVE-2023-0160 CVE-2023-2058 CVE-2023-28746
                        CVE-2023-31315 CVE-2023-38417 CVE-2023-3966 CVE-2023-4016 CVE-2023-40546
                        CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
                        CVE-2023-42818 CVE-2023-45229 CVE-2023-45230 CVE-2023-45288 CVE-2023-45853
                        CVE-2023-45853 CVE-2023-45866 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841
                        CVE-2023-46842 CVE-2023-47210 CVE-2023-50782 CVE-2023-51780 CVE-2023-52160
                        CVE-2023-52425 CVE-2023-52426 CVE-2023-52434 CVE-2023-52435 CVE-2023-52458
                        CVE-2023-52472 CVE-2023-52483 CVE-2023-52489 CVE-2023-52503 CVE-2023-52581
                        CVE-2023-52610 CVE-2023-52616 CVE-2023-52618 CVE-2023-52622 CVE-2023-52631
                        CVE-2023-52635 CVE-2023-52640 CVE-2023-52641 CVE-2023-52645 CVE-2023-52647
                        CVE-2023-52648 CVE-2023-52649 CVE-2023-52650 CVE-2023-52652 CVE-2023-52653
                        CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52658
                        CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52663
                        CVE-2023-52664 CVE-2023-52667 CVE-2023-52668 CVE-2023-52669 CVE-2023-52670
                        CVE-2023-52671 CVE-2023-52672 CVE-2023-52673 CVE-2023-52674 CVE-2023-52675
                        CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52681
                        CVE-2023-52683 CVE-2023-52686 CVE-2023-52687 CVE-2023-52688 CVE-2023-52690
                        CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52695
                        CVE-2023-52696 CVE-2023-52697 CVE-2023-52698 CVE-2023-52699 CVE-2023-52735
                        CVE-2023-52749 CVE-2023-52750 CVE-2023-52751 CVE-2023-52752 CVE-2023-52753
                        CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763
                        CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768
                        CVE-2023-52769 CVE-2023-52771 CVE-2023-52772 CVE-2023-52773 CVE-2023-52774
                        CVE-2023-52775 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781
                        CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787
                        CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794
                        CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800
                        CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806
                        CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811
                        CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816
                        CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825
                        CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833
                        CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838
                        CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844
                        CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850
                        CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856
                        CVE-2023-52857 CVE-2023-52858 CVE-2023-52859 CVE-2023-52860 CVE-2023-52861
                        CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866
                        CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871
                        CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876
                        CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881
                        CVE-2023-52882 CVE-2023-52883 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886
                        CVE-2023-52887 CVE-2023-52889 CVE-2023-52915 CVE-2023-52916 CVE-2023-5366
                        CVE-2023-5388 CVE-2023-6238 CVE-2023-6270 CVE-2023-7042 CVE-2023-7256
                        CVE-2024-0639 CVE-2024-0793 CVE-2024-10041 CVE-2024-10963 CVE-2024-10975
                        CVE-2024-11053 CVE-2024-11595 CVE-2024-11596 CVE-2024-12084 CVE-2024-12084
                        CVE-2024-12085 CVE-2024-12085 CVE-2024-12086 CVE-2024-12086 CVE-2024-12087
                        CVE-2024-12087 CVE-2024-12088 CVE-2024-12088 CVE-2024-12133 CVE-2024-12678
                        CVE-2024-12747 CVE-2024-12747 CVE-2024-13176 CVE-2024-13176 CVE-2024-14027
                        CVE-2024-2182 CVE-2024-21823 CVE-2024-2193 CVE-2024-2201 CVE-2024-22099
                        CVE-2024-2236 CVE-2024-2236 CVE-2024-2312 CVE-2024-2312 CVE-2024-23848
                        CVE-2024-24425 CVE-2024-24426 CVE-2024-24806 CVE-2024-24861 CVE-2024-2511
                        CVE-2024-25131 CVE-2024-25133 CVE-2024-25739 CVE-2024-25741 CVE-2024-26458
                        CVE-2024-26461 CVE-2024-26462 CVE-2024-26590 CVE-2024-26601 CVE-2024-26611
                        CVE-2024-26614 CVE-2024-26615 CVE-2024-26623 CVE-2024-26625 CVE-2024-26631
                        CVE-2024-26632 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26637
                        CVE-2024-26638 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26643
                        CVE-2024-26654 CVE-2024-26656 CVE-2024-26657 CVE-2024-26663 CVE-2024-26665
                        CVE-2024-26668 CVE-2024-26669 CVE-2024-26671 CVE-2024-26673 CVE-2024-26674
                        CVE-2024-26676 CVE-2024-26677 CVE-2024-26679 CVE-2024-26682 CVE-2024-26683
                        CVE-2024-26684 CVE-2024-26685 CVE-2024-26691 CVE-2024-26692 CVE-2024-26704
                        CVE-2024-26714 CVE-2024-26726 CVE-2024-26731 CVE-2024-26733 CVE-2024-26734
                        CVE-2024-26735 CVE-2024-26737 CVE-2024-26739 CVE-2024-26740 CVE-2024-26742
                        CVE-2024-26750 CVE-2024-26758 CVE-2024-26759 CVE-2024-26760 CVE-2024-26761
                        CVE-2024-26764 CVE-2024-26767 CVE-2024-26769 CVE-2024-26772 CVE-2024-26773
                        CVE-2024-26774 CVE-2024-26775 CVE-2024-26780 CVE-2024-26783 CVE-2024-26785
                        CVE-2024-26786 CVE-2024-26791 CVE-2024-26793 CVE-2024-26794 CVE-2024-26802
                        CVE-2024-26804 CVE-2024-26805 CVE-2024-26807 CVE-2024-26808 CVE-2024-26809
                        CVE-2024-26812 CVE-2024-26813 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816
                        CVE-2024-26822 CVE-2024-26826 CVE-2024-26828 CVE-2024-26832 CVE-2024-26835
                        CVE-2024-26836 CVE-2024-26837 CVE-2024-26844 CVE-2024-26845 CVE-2024-26846
                        CVE-2024-26849 CVE-2024-26851 CVE-2024-26853 CVE-2024-26854 CVE-2024-26855
                        CVE-2024-26856 CVE-2024-26857 CVE-2024-26858 CVE-2024-26860 CVE-2024-26861
                        CVE-2024-26862 CVE-2024-26863 CVE-2024-26865 CVE-2024-26866 CVE-2024-26868
                        CVE-2024-26870 CVE-2024-26878 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883
                        CVE-2024-26884 CVE-2024-26885 CVE-2024-26889 CVE-2024-26898 CVE-2024-26899
                        CVE-2024-26900 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906 CVE-2024-26909
                        CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26923
                        CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931
                        CVE-2024-26932 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937
                        CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26944
                        CVE-2024-26945 CVE-2024-26946 CVE-2024-26948 CVE-2024-26949 CVE-2024-26950
                        CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958
                        CVE-2024-26959 CVE-2024-26960 CVE-2024-26961 CVE-2024-26962 CVE-2024-26963
                        CVE-2024-26964 CVE-2024-26965 CVE-2024-26966 CVE-2024-26968 CVE-2024-26969
                        CVE-2024-26970 CVE-2024-26972 CVE-2024-26973 CVE-2024-26974 CVE-2024-26975
                        CVE-2024-26976 CVE-2024-26977 CVE-2024-26978 CVE-2024-26981 CVE-2024-26982
                        CVE-2024-26983 CVE-2024-26984 CVE-2024-26986 CVE-2024-26988 CVE-2024-26989
                        CVE-2024-26990 CVE-2024-26991 CVE-2024-26992 CVE-2024-26993 CVE-2024-26994
                        CVE-2024-26995 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000
                        CVE-2024-27001 CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008
                        CVE-2024-27009 CVE-2024-27010 CVE-2024-27011 CVE-2024-27012 CVE-2024-27013
                        CVE-2024-27014 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020
                        CVE-2024-27022 CVE-2024-27023 CVE-2024-27024 CVE-2024-27025 CVE-2024-27027
                        CVE-2024-27028 CVE-2024-27029 CVE-2024-27030 CVE-2024-27031 CVE-2024-27036
                        CVE-2024-27037 CVE-2024-27038 CVE-2024-27039 CVE-2024-27040 CVE-2024-27041
                        CVE-2024-27042 CVE-2024-27043 CVE-2024-27044 CVE-2024-27045 CVE-2024-27046
                        CVE-2024-27047 CVE-2024-27048 CVE-2024-27049 CVE-2024-27050 CVE-2024-27051
                        CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27056 CVE-2024-27057
                        CVE-2024-27059 CVE-2024-27060 CVE-2024-27062 CVE-2024-27064 CVE-2024-27065
                        CVE-2024-27067 CVE-2024-27068 CVE-2024-27071 CVE-2024-27072 CVE-2024-27073
                        CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078
                        CVE-2024-27079 CVE-2024-27080 CVE-2024-27388 CVE-2024-27389 CVE-2024-27391
                        CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399
                        CVE-2024-27400 CVE-2024-27401 CVE-2024-27402 CVE-2024-27403 CVE-2024-27404
                        CVE-2024-27405 CVE-2024-27408 CVE-2024-27410 CVE-2024-27411 CVE-2024-27412
                        CVE-2024-27413 CVE-2024-27414 CVE-2024-27416 CVE-2024-27417 CVE-2024-27418
                        CVE-2024-27419 CVE-2024-27431 CVE-2024-27432 CVE-2024-27433 CVE-2024-27434
                        CVE-2024-27435 CVE-2024-27436 CVE-2024-27437 CVE-2024-28085 CVE-2024-28182
                        CVE-2024-28757 CVE-2024-28757 CVE-2024-28892 CVE-2024-29038 CVE-2024-29039
                        CVE-2024-29040 CVE-2024-2961 CVE-2024-31076 CVE-2024-31142 CVE-2024-31143
                        CVE-2024-31145 CVE-2024-31146 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601
                        CVE-2024-33602 CVE-2024-33619 CVE-2024-34069 CVE-2024-34397 CVE-2024-34459
                        CVE-2024-34777 CVE-2024-35247 CVE-2024-35784 CVE-2024-35786 CVE-2024-35788
                        CVE-2024-35789 CVE-2024-35790 CVE-2024-35791 CVE-2024-35794 CVE-2024-35795
                        CVE-2024-35796 CVE-2024-35799 CVE-2024-35800 CVE-2024-35801 CVE-2024-35803
                        CVE-2024-35804 CVE-2024-35805 CVE-2024-35806 CVE-2024-35807 CVE-2024-35808
                        CVE-2024-35809 CVE-2024-35810 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813
                        CVE-2024-35814 CVE-2024-35815 CVE-2024-35817 CVE-2024-35819 CVE-2024-35821
                        CVE-2024-35822 CVE-2024-35823 CVE-2024-35824 CVE-2024-35825 CVE-2024-35827
                        CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35831 CVE-2024-35833
                        CVE-2024-35834 CVE-2024-35835 CVE-2024-35836 CVE-2024-35837 CVE-2024-35838
                        CVE-2024-35841 CVE-2024-35842 CVE-2024-35843 CVE-2024-35845 CVE-2024-35847
                        CVE-2024-35848 CVE-2024-35849 CVE-2024-35850 CVE-2024-35851 CVE-2024-35852
                        CVE-2024-35853 CVE-2024-35854 CVE-2024-35855 CVE-2024-35857 CVE-2024-35860
                        CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865
                        CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870
                        CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879
                        CVE-2024-35880 CVE-2024-35883 CVE-2024-35884 CVE-2024-35885 CVE-2024-35886
                        CVE-2024-35887 CVE-2024-35889 CVE-2024-35890 CVE-2024-35891 CVE-2024-35892
                        CVE-2024-35893 CVE-2024-35895 CVE-2024-35896 CVE-2024-35897 CVE-2024-35898
                        CVE-2024-35899 CVE-2024-35900 CVE-2024-35901 CVE-2024-35902 CVE-2024-35903
                        CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35908 CVE-2024-35909
                        CVE-2024-35911 CVE-2024-35912 CVE-2024-35913 CVE-2024-35914 CVE-2024-35915
                        CVE-2024-35916 CVE-2024-35917 CVE-2024-35921 CVE-2024-35922 CVE-2024-35924
                        CVE-2024-35925 CVE-2024-35926 CVE-2024-35927 CVE-2024-35928 CVE-2024-35930
                        CVE-2024-35931 CVE-2024-35932 CVE-2024-35933 CVE-2024-35934 CVE-2024-35935
                        CVE-2024-35936 CVE-2024-35937 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940
                        CVE-2024-35942 CVE-2024-35943 CVE-2024-35944 CVE-2024-35945 CVE-2024-35946
                        CVE-2024-35947 CVE-2024-35949 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952
                        CVE-2024-35953 CVE-2024-35954 CVE-2024-35955 CVE-2024-35956 CVE-2024-35957
                        CVE-2024-35958 CVE-2024-35959 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962
                        CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967
                        CVE-2024-35969 CVE-2024-35970 CVE-2024-35971 CVE-2024-35972 CVE-2024-35973
                        CVE-2024-35974 CVE-2024-35975 CVE-2024-35976 CVE-2024-35977 CVE-2024-35978
                        CVE-2024-35979 CVE-2024-35981 CVE-2024-35982 CVE-2024-35984 CVE-2024-35986
                        CVE-2024-35989 CVE-2024-35990 CVE-2024-35991 CVE-2024-35992 CVE-2024-35995
                        CVE-2024-35997 CVE-2024-35998 CVE-2024-35999 CVE-2024-36002 CVE-2024-36003
                        CVE-2024-36004 CVE-2024-36005 CVE-2024-36006 CVE-2024-36007 CVE-2024-36008
                        CVE-2024-36009 CVE-2024-36010 CVE-2024-36011 CVE-2024-36012 CVE-2024-36013
                        CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36017 CVE-2024-36018
                        CVE-2024-36019 CVE-2024-36020 CVE-2024-36021 CVE-2024-36024 CVE-2024-36025
                        CVE-2024-36026 CVE-2024-36029 CVE-2024-36030 CVE-2024-36032 CVE-2024-36270
                        CVE-2024-36281 CVE-2024-36286 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478
                        CVE-2024-36479 CVE-2024-36489 CVE-2024-36880 CVE-2024-36881 CVE-2024-36882
                        CVE-2024-36885 CVE-2024-36887 CVE-2024-36889 CVE-2024-36890 CVE-2024-36891
                        CVE-2024-36893 CVE-2024-36894 CVE-2024-36895 CVE-2024-36896 CVE-2024-36897
                        CVE-2024-36898 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902
                        CVE-2024-36903 CVE-2024-36904 CVE-2024-36906 CVE-2024-36907 CVE-2024-36909
                        CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914
                        CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36918 CVE-2024-36919
                        CVE-2024-36921 CVE-2024-36922 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926
                        CVE-2024-36928 CVE-2024-36929 CVE-2024-36930 CVE-2024-36931 CVE-2024-36933
                        CVE-2024-36934 CVE-2024-36935 CVE-2024-36936 CVE-2024-36937 CVE-2024-36938
                        CVE-2024-36939 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944
                        CVE-2024-36945 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950
                        CVE-2024-36951 CVE-2024-36952 CVE-2024-36953 CVE-2024-36955 CVE-2024-36957
                        CVE-2024-36959 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965
                        CVE-2024-36967 CVE-2024-36969 CVE-2024-36970 CVE-2024-36971 CVE-2024-36972
                        CVE-2024-36973 CVE-2024-36974 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978
                        CVE-2024-36979 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354
                        CVE-2024-37370 CVE-2024-37371 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385
                        CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38538 CVE-2024-38539
                        CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545
                        CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550
                        CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555
                        CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560
                        CVE-2024-38562 CVE-2024-38563 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566
                        CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571
                        CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579
                        CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586
                        CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592
                        CVE-2024-38594 CVE-2024-38595 CVE-2024-38596 CVE-2024-38597 CVE-2024-38598
                        CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603
                        CVE-2024-38604 CVE-2024-38605 CVE-2024-38608 CVE-2024-38609 CVE-2024-38610
                        CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618
                        CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628
                        CVE-2024-38629 CVE-2024-38630 CVE-2024-38632 CVE-2024-38633 CVE-2024-38634
                        CVE-2024-38635 CVE-2024-38636 CVE-2024-38659 CVE-2024-38661 CVE-2024-38662
                        CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39276 CVE-2024-39277
                        CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371
                        CVE-2024-39463 CVE-2024-39466 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471
                        CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39476
                        CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39483 CVE-2024-39484
                        CVE-2024-39486 CVE-2024-39487 CVE-2024-39488 CVE-2024-39489 CVE-2024-39490
                        CVE-2024-39491 CVE-2024-39493 CVE-2024-39494 CVE-2024-39496 CVE-2024-39497
                        CVE-2024-39498 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502
                        CVE-2024-39504 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508
                        CVE-2024-39509 CVE-2024-39510 CVE-2024-40724 CVE-2024-40896 CVE-2024-40897
                        CVE-2024-40899 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903
                        CVE-2024-40904 CVE-2024-40905 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909
                        CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40916
                        CVE-2024-40919 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40923
                        CVE-2024-40924 CVE-2024-40925 CVE-2024-40926 CVE-2024-40927 CVE-2024-40928
                        CVE-2024-40929 CVE-2024-40930 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934
                        CVE-2024-40935 CVE-2024-40936 CVE-2024-40937 CVE-2024-40938 CVE-2024-40939
                        CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40944
                        CVE-2024-40945 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40954
                        CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960
                        CVE-2024-40961 CVE-2024-40962 CVE-2024-40964 CVE-2024-40965 CVE-2024-40966
                        CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40973 CVE-2024-40975
                        CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40979 CVE-2024-40981
                        CVE-2024-40982 CVE-2024-40983 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988
                        CVE-2024-40989 CVE-2024-40990 CVE-2024-40992 CVE-2024-40994 CVE-2024-40995
                        CVE-2024-40997 CVE-2024-40998 CVE-2024-40999 CVE-2024-41000 CVE-2024-41001
                        CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41007 CVE-2024-41009
                        CVE-2024-41010 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014
                        CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41020 CVE-2024-41022
                        CVE-2024-41024 CVE-2024-41025 CVE-2024-41028 CVE-2024-41032 CVE-2024-41035
                        CVE-2024-41036 CVE-2024-41037 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040
                        CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049
                        CVE-2024-41050 CVE-2024-41051 CVE-2024-41056 CVE-2024-41057 CVE-2024-41058
                        CVE-2024-41059 CVE-2024-41060 CVE-2024-41061 CVE-2024-41062 CVE-2024-41063
                        CVE-2024-41064 CVE-2024-41065 CVE-2024-41066 CVE-2024-41068 CVE-2024-41069
                        CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074
                        CVE-2024-41075 CVE-2024-41076 CVE-2024-41078 CVE-2024-41079 CVE-2024-41080
                        CVE-2024-41081 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089
                        CVE-2024-41090 CVE-2024-41091 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094
                        CVE-2024-41095 CVE-2024-41096 CVE-2024-41097 CVE-2024-41098 CVE-2024-41311
                        CVE-2024-41996 CVE-2024-42064 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073
                        CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42079 CVE-2024-42080
                        CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089
                        CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42095 CVE-2024-42096
                        CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42105
                        CVE-2024-42106 CVE-2024-42107 CVE-2024-42109 CVE-2024-42110 CVE-2024-42113
                        CVE-2024-42114 CVE-2024-42115 CVE-2024-42117 CVE-2024-42119 CVE-2024-42120
                        CVE-2024-42121 CVE-2024-42122 CVE-2024-42124 CVE-2024-42125 CVE-2024-42126
                        CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42132 CVE-2024-42133
                        CVE-2024-42136 CVE-2024-42137 CVE-2024-42138 CVE-2024-42139 CVE-2024-42141
                        CVE-2024-42142 CVE-2024-42143 CVE-2024-42144 CVE-2024-42145 CVE-2024-42147
                        CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42154 CVE-2024-42155
                        CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42159 CVE-2024-42161
                        CVE-2024-42162 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42226
                        CVE-2024-42227 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232
                        CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240
                        CVE-2024-42241 CVE-2024-42243 CVE-2024-42244 CVE-2024-42245 CVE-2024-42246
                        CVE-2024-42247 CVE-2024-42250 CVE-2024-42252 CVE-2024-42253 CVE-2024-42259
                        CVE-2024-42265 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42271
                        CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42278 CVE-2024-42279
                        CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285
                        CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290
                        CVE-2024-42291 CVE-2024-42292 CVE-2024-42294 CVE-2024-42295 CVE-2024-42298
                        CVE-2024-42301 CVE-2024-42302 CVE-2024-42303 CVE-2024-42304 CVE-2024-42305
                        CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311
                        CVE-2024-42312 CVE-2024-42313 CVE-2024-42314 CVE-2024-42315 CVE-2024-42316
                        CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43374
                        CVE-2024-43790 CVE-2024-43802 CVE-2024-43803 CVE-2024-43816 CVE-2024-43817
                        CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43824
                        CVE-2024-43825 CVE-2024-43826 CVE-2024-43828 CVE-2024-43829 CVE-2024-43830
                        CVE-2024-43831 CVE-2024-43832 CVE-2024-43833 CVE-2024-43834 CVE-2024-43835
                        CVE-2024-43837 CVE-2024-43839 CVE-2024-43840 CVE-2024-43841 CVE-2024-43842
                        CVE-2024-43845 CVE-2024-43846 CVE-2024-43847 CVE-2024-43849 CVE-2024-43850
                        CVE-2024-43851 CVE-2024-43853 CVE-2024-43854 CVE-2024-43855 CVE-2024-43856
                        CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864
                        CVE-2024-43866 CVE-2024-43867 CVE-2024-43870 CVE-2024-43871 CVE-2024-43872
                        CVE-2024-43873 CVE-2024-43874 CVE-2024-43875 CVE-2024-43876 CVE-2024-43877
                        CVE-2024-43879 CVE-2024-43880 CVE-2024-43881 CVE-2024-43882 CVE-2024-43883
                        CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43890 CVE-2024-43892
                        CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43897 CVE-2024-43898
                        CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904
                        CVE-2024-43905 CVE-2024-43906 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909
                        CVE-2024-43911 CVE-2024-43912 CVE-2024-43914 CVE-2024-44625 CVE-2024-4467
                        CVE-2024-44931 CVE-2024-44935 CVE-2024-44938 CVE-2024-44939 CVE-2024-44944
                        CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44951
                        CVE-2024-44952 CVE-2024-44954 CVE-2024-44960 CVE-2024-44961 CVE-2024-44962
                        CVE-2024-44965 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971
                        CVE-2024-44977 CVE-2024-44982 CVE-2024-44984 CVE-2024-44985 CVE-2024-44986
                        CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991
                        CVE-2024-44997 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001
                        CVE-2024-45002 CVE-2024-45003 CVE-2024-45005 CVE-2024-45006 CVE-2024-45007
                        CVE-2024-45008 CVE-2024-45011 CVE-2024-45012 CVE-2024-45013 CVE-2024-45015
                        CVE-2024-45017 CVE-2024-45018 CVE-2024-45019 CVE-2024-45020 CVE-2024-45021
                        CVE-2024-45022 CVE-2024-45023 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029
                        CVE-2024-45030 CVE-2024-45306 CVE-2024-45337 CVE-2024-45338 CVE-2024-45387
                        CVE-2024-45490 CVE-2024-45490 CVE-2024-45491 CVE-2024-45491 CVE-2024-45492
                        CVE-2024-45492 CVE-2024-45679 CVE-2024-4603 CVE-2024-46672 CVE-2024-46673
                        CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679
                        CVE-2024-46685 CVE-2024-46686 CVE-2024-46687 CVE-2024-46689 CVE-2024-46691
                        CVE-2024-46692 CVE-2024-46693 CVE-2024-46694 CVE-2024-46695 CVE-2024-46702
                        CVE-2024-46706 CVE-2024-46707 CVE-2024-46709 CVE-2024-46710 CVE-2024-46714
                        CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719 CVE-2024-46720
                        CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726
                        CVE-2024-46728 CVE-2024-46729 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732
                        CVE-2024-46734 CVE-2024-46735 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739
                        CVE-2024-46741 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746
                        CVE-2024-46747 CVE-2024-46749 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752
                        CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46757 CVE-2024-46758
                        CVE-2024-46759 CVE-2024-46760 CVE-2024-46761 CVE-2024-46767 CVE-2024-46771
                        CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46776 CVE-2024-46778
                        CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786
                        CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46797 CVE-2024-46798
                        CVE-2024-46822 CVE-2024-4741 CVE-2024-47606 CVE-2024-47814 CVE-2024-50602
                        CVE-2024-50602 CVE-2024-52009 CVE-2024-52010 CVE-2024-52308 CVE-2024-52522
                        CVE-2024-52533 CVE-2024-53164 CVE-2024-53164 CVE-2024-54031 CVE-2024-54148
                        CVE-2024-55196 CVE-2024-5535 CVE-2024-5564 CVE-2024-55947 CVE-2024-56171
                        CVE-2024-56362 CVE-2024-56406 CVE-2024-56513 CVE-2024-56514 CVE-2024-56738
                        CVE-2024-57891 CVE-2024-57951 CVE-2024-57952 CVE-2024-58090 CVE-2024-58251
                        CVE-2024-58251 CVE-2024-6119 CVE-2024-7409 CVE-2024-8006 CVE-2024-8096
                        CVE-2024-8176 CVE-2024-8986 CVE-2024-9526 CVE-2024-9632 CVE-2024-9681
                        CVE-2024-9779 CVE-2025-0167 CVE-2025-0395 CVE-2025-0395 CVE-2025-0650
                        CVE-2025-0725 CVE-2025-0913 CVE-2025-0913 CVE-2025-10148 CVE-2025-10148
                        CVE-2025-10158 CVE-2025-10158 CVE-2025-10158 CVE-2025-10158 CVE-2025-10911
                        CVE-2025-10911 CVE-2025-10911 CVE-2025-11021 CVE-2025-11187 CVE-2025-11187
                        CVE-2025-11230 CVE-2025-11411 CVE-2025-11468 CVE-2025-11561 CVE-2025-11563
                        CVE-2025-11563 CVE-2025-11731 CVE-2025-11896 CVE-2025-11961 CVE-2025-11961
                        CVE-2025-12084 CVE-2025-1215 CVE-2025-1296 CVE-2025-13151 CVE-2025-13151
                        CVE-2025-13462 CVE-2025-13465 CVE-2025-13601 CVE-2025-13601 CVE-2025-13836
                        CVE-2025-13837 CVE-2025-14017 CVE-2025-14017 CVE-2025-14087 CVE-2025-14087
                        CVE-2025-14104 CVE-2025-14104 CVE-2025-14512 CVE-2025-14512 CVE-2025-14524
                        CVE-2025-14524 CVE-2025-14819 CVE-2025-14819 CVE-2025-14876 CVE-2025-15079
                        CVE-2025-15079 CVE-2025-15224 CVE-2025-15224 CVE-2025-15281 CVE-2025-15281
                        CVE-2025-15282 CVE-2025-15444 CVE-2025-15467 CVE-2025-15467 CVE-2025-15467
                        CVE-2025-15468 CVE-2025-15468 CVE-2025-15469 CVE-2025-21609 CVE-2025-21613
                        CVE-2025-21614 CVE-2025-21816 CVE-2025-22034 CVE-2025-22077 CVE-2025-22130
                        CVE-2025-22134 CVE-2025-22869 CVE-2025-22869 CVE-2025-22870 CVE-2025-22870
                        CVE-2025-22870 CVE-2025-22872 CVE-2025-22872 CVE-2025-22874 CVE-2025-23013
                        CVE-2025-23141 CVE-2025-24014 CVE-2025-24528 CVE-2025-24928 CVE-2025-25207
                        CVE-2025-25208 CVE-2025-2588 CVE-2025-27113 CVE-2025-27587 CVE-2025-28162
                        CVE-2025-28162 CVE-2025-28164 CVE-2025-28164 CVE-2025-29087 CVE-2025-29088
                        CVE-2025-30204 CVE-2025-30258 CVE-2025-30258 CVE-2025-30258 CVE-2025-31115
                        CVE-2025-31133 CVE-2025-32414 CVE-2025-32415 CVE-2025-3360 CVE-2025-3576
                        CVE-2025-37744 CVE-2025-37751 CVE-2025-37798 CVE-2025-37821 CVE-2025-37841
                        CVE-2025-37845 CVE-2025-37849 CVE-2025-37856 CVE-2025-37861 CVE-2025-37864
                        CVE-2025-37904 CVE-2025-37916 CVE-2025-37955 CVE-2025-38006 CVE-2025-38008
                        CVE-2025-38019 CVE-2025-38034 CVE-2025-38038 CVE-2025-38052 CVE-2025-38058
                        CVE-2025-38062 CVE-2025-38075 CVE-2025-38084 CVE-2025-38085 CVE-2025-38087
                        CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38091 CVE-2025-38095
                        CVE-2025-38096 CVE-2025-38098 CVE-2025-38099 CVE-2025-38101 CVE-2025-38102
                        CVE-2025-38103 CVE-2025-38106 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109
                        CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38114
                        CVE-2025-38117 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122
                        CVE-2025-38123 CVE-2025-38124 CVE-2025-38125 CVE-2025-38127 CVE-2025-38128
                        CVE-2025-38129 CVE-2025-38134 CVE-2025-38135 CVE-2025-38136 CVE-2025-38137
                        CVE-2025-38138 CVE-2025-38140 CVE-2025-38141 CVE-2025-38142 CVE-2025-38143
                        CVE-2025-38145 CVE-2025-38146 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151
                        CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38156 CVE-2025-38157
                        CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38165 CVE-2025-38168
                        CVE-2025-38169 CVE-2025-38170 CVE-2025-38172 CVE-2025-38173 CVE-2025-38174
                        CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38184
                        CVE-2025-38185 CVE-2025-38186 CVE-2025-38188 CVE-2025-38189 CVE-2025-38190
                        CVE-2025-38193 CVE-2025-38197 CVE-2025-38198 CVE-2025-38201 CVE-2025-38205
                        CVE-2025-38208 CVE-2025-38209 CVE-2025-38211 CVE-2025-38213 CVE-2025-38214
                        CVE-2025-38215 CVE-2025-38216 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222
                        CVE-2025-38224 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38228
                        CVE-2025-38229 CVE-2025-38231 CVE-2025-38232 CVE-2025-38233 CVE-2025-38234
                        CVE-2025-38242 CVE-2025-38243 CVE-2025-38244 CVE-2025-38245 CVE-2025-38246
                        CVE-2025-38249 CVE-2025-38251 CVE-2025-38253 CVE-2025-38255 CVE-2025-38256
                        CVE-2025-38257 CVE-2025-38258 CVE-2025-38259 CVE-2025-38262 CVE-2025-38263
                        CVE-2025-38264 CVE-2025-38265 CVE-2025-38267 CVE-2025-38268 CVE-2025-38270
                        CVE-2025-38272 CVE-2025-38273 CVE-2025-38274 CVE-2025-38275 CVE-2025-38277
                        CVE-2025-38278 CVE-2025-38286 CVE-2025-38287 CVE-2025-38288 CVE-2025-38289
                        CVE-2025-38290 CVE-2025-38291 CVE-2025-38292 CVE-2025-38293 CVE-2025-38297
                        CVE-2025-38298 CVE-2025-38299 CVE-2025-38300 CVE-2025-38301 CVE-2025-38302
                        CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38306 CVE-2025-38307
                        CVE-2025-38311 CVE-2025-38312 CVE-2025-38313 CVE-2025-38315 CVE-2025-38317
                        CVE-2025-38318 CVE-2025-38319 CVE-2025-38321 CVE-2025-38322 CVE-2025-38323
                        CVE-2025-38326 CVE-2025-38332 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337
                        CVE-2025-38338 CVE-2025-38339 CVE-2025-38341 CVE-2025-38342 CVE-2025-38343
                        CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350
                        CVE-2025-38351 CVE-2025-38352 CVE-2025-38353 CVE-2025-38354 CVE-2025-38355
                        CVE-2025-38356 CVE-2025-38359 CVE-2025-38360 CVE-2025-38361 CVE-2025-38362
                        CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38368 CVE-2025-38369
                        CVE-2025-38371 CVE-2025-38372 CVE-2025-38373 CVE-2025-38374 CVE-2025-38375
                        CVE-2025-38376 CVE-2025-38377 CVE-2025-38379 CVE-2025-38380 CVE-2025-38381
                        CVE-2025-38382 CVE-2025-38383 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386
                        CVE-2025-38387 CVE-2025-38389 CVE-2025-38390 CVE-2025-38391 CVE-2025-38392
                        CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38397 CVE-2025-38399
                        CVE-2025-38400 CVE-2025-38401 CVE-2025-38402 CVE-2025-38403 CVE-2025-38404
                        CVE-2025-38405 CVE-2025-38406 CVE-2025-38408 CVE-2025-38409 CVE-2025-38410
                        CVE-2025-38412 CVE-2025-38413 CVE-2025-38414 CVE-2025-38415 CVE-2025-38416
                        CVE-2025-38417 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38421
                        CVE-2025-38423 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426 CVE-2025-38427
                        CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38438
                        CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444
                        CVE-2025-38445 CVE-2025-38446 CVE-2025-38448 CVE-2025-38449 CVE-2025-38450
                        CVE-2025-38451 CVE-2025-38453 CVE-2025-38454 CVE-2025-38455 CVE-2025-38456
                        CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461
                        CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466
                        CVE-2025-38467 CVE-2025-38468 CVE-2025-38470 CVE-2025-38472 CVE-2025-38473
                        CVE-2025-38474 CVE-2025-38475 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478
                        CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38484
                        CVE-2025-38485 CVE-2025-38487 CVE-2025-38488 CVE-2025-38488 CVE-2025-38489
                        CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495
                        CVE-2025-38496 CVE-2025-38497 CVE-2025-38499 CVE-2025-38500 CVE-2025-38500
                        CVE-2025-38503 CVE-2025-38505 CVE-2025-38506 CVE-2025-38507 CVE-2025-38508
                        CVE-2025-38510 CVE-2025-38511 CVE-2025-38512 CVE-2025-38513 CVE-2025-38514
                        CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38521 CVE-2025-38524
                        CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530
                        CVE-2025-38531 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538
                        CVE-2025-38539 CVE-2025-38539 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543
                        CVE-2025-38544 CVE-2025-38545 CVE-2025-38546 CVE-2025-38547 CVE-2025-38548
                        CVE-2025-38549 CVE-2025-38550 CVE-2025-38551 CVE-2025-38552 CVE-2025-38553
                        CVE-2025-38554 CVE-2025-38554 CVE-2025-38555 CVE-2025-38556 CVE-2025-38557
                        CVE-2025-38559 CVE-2025-38560 CVE-2025-38563 CVE-2025-38564 CVE-2025-38565
                        CVE-2025-38566 CVE-2025-38568 CVE-2025-38569 CVE-2025-38571 CVE-2025-38572
                        CVE-2025-38572 CVE-2025-38573 CVE-2025-38574 CVE-2025-38576 CVE-2025-38581
                        CVE-2025-38582 CVE-2025-38583 CVE-2025-38584 CVE-2025-38585 CVE-2025-38586
                        CVE-2025-38587 CVE-2025-38588 CVE-2025-38588 CVE-2025-38589 CVE-2025-38590
                        CVE-2025-38591 CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38601
                        CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38608
                        CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38614 CVE-2025-38616
                        CVE-2025-38616 CVE-2025-38617 CVE-2025-38617 CVE-2025-38618 CVE-2025-38618
                        CVE-2025-38619 CVE-2025-38621 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624
                        CVE-2025-38628 CVE-2025-38630 CVE-2025-38631 CVE-2025-38632 CVE-2025-38634
                        CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38643 CVE-2025-38644
                        CVE-2025-38645 CVE-2025-38646 CVE-2025-38648 CVE-2025-38653 CVE-2025-38656
                        CVE-2025-38658 CVE-2025-38659 CVE-2025-38660 CVE-2025-38662 CVE-2025-38664
                        CVE-2025-38664 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671
                        CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680 CVE-2025-38681
                        CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38686 CVE-2025-38687
                        CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695
                        CVE-2025-38700 CVE-2025-38701 CVE-2025-38702 CVE-2025-38703 CVE-2025-38704
                        CVE-2025-38705 CVE-2025-38706 CVE-2025-38709 CVE-2025-38710 CVE-2025-38717
                        CVE-2025-38718 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725
                        CVE-2025-38727 CVE-2025-38728 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732
                        CVE-2025-38733 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-39673
                        CVE-2025-39675 CVE-2025-39676 CVE-2025-39677 CVE-2025-39678 CVE-2025-39679
                        CVE-2025-39681 CVE-2025-39682 CVE-2025-39682 CVE-2025-39683 CVE-2025-39684
                        CVE-2025-39685 CVE-2025-39686 CVE-2025-39687 CVE-2025-39689 CVE-2025-39691
                        CVE-2025-39693 CVE-2025-39694 CVE-2025-39695 CVE-2025-39697 CVE-2025-39698
                        CVE-2025-39700 CVE-2025-39701 CVE-2025-39702 CVE-2025-39703 CVE-2025-39705
                        CVE-2025-39706 CVE-2025-39707 CVE-2025-39709 CVE-2025-39710 CVE-2025-39711
                        CVE-2025-39712 CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719
                        CVE-2025-39721 CVE-2025-39722 CVE-2025-39723 CVE-2025-39724 CVE-2025-39726
                        CVE-2025-39727 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738 CVE-2025-39739
                        CVE-2025-39742 CVE-2025-39744 CVE-2025-39746 CVE-2025-39747 CVE-2025-39748
                        CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39753 CVE-2025-39754
                        CVE-2025-39756 CVE-2025-39757 CVE-2025-39758 CVE-2025-39759 CVE-2025-39760
                        CVE-2025-39761 CVE-2025-39763 CVE-2025-39764 CVE-2025-39765 CVE-2025-39766
                        CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39775 CVE-2025-39779
                        CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39788 CVE-2025-39790
                        CVE-2025-39791 CVE-2025-39792 CVE-2025-39795 CVE-2025-39797 CVE-2025-39797
                        CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39805 CVE-2025-39806
                        CVE-2025-39807 CVE-2025-39808 CVE-2025-39810 CVE-2025-39811 CVE-2025-39812
                        CVE-2025-39813 CVE-2025-39813 CVE-2025-39814 CVE-2025-39816 CVE-2025-39817
                        CVE-2025-39819 CVE-2025-39822 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825
                        CVE-2025-39826 CVE-2025-39827 CVE-2025-39828 CVE-2025-39829 CVE-2025-39830
                        CVE-2025-39831 CVE-2025-39832 CVE-2025-39833 CVE-2025-39834 CVE-2025-39835
                        CVE-2025-39836 CVE-2025-39838 CVE-2025-39839 CVE-2025-39841 CVE-2025-39842
                        CVE-2025-39844 CVE-2025-39845 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849
                        CVE-2025-39850 CVE-2025-39851 CVE-2025-39852 CVE-2025-39853 CVE-2025-39854
                        CVE-2025-39857 CVE-2025-39859 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863
                        CVE-2025-39864 CVE-2025-39865 CVE-2025-39866 CVE-2025-39869 CVE-2025-39870
                        CVE-2025-39871 CVE-2025-39873 CVE-2025-39875 CVE-2025-39876 CVE-2025-39877
                        CVE-2025-39880 CVE-2025-39880 CVE-2025-39881 CVE-2025-39882 CVE-2025-39884
                        CVE-2025-39885 CVE-2025-39889 CVE-2025-39890 CVE-2025-39891 CVE-2025-39895
                        CVE-2025-39896 CVE-2025-39897 CVE-2025-39898 CVE-2025-39899 CVE-2025-39900
                        CVE-2025-39902 CVE-2025-39903 CVE-2025-39907 CVE-2025-39909 CVE-2025-39911
                        CVE-2025-39913 CVE-2025-39916 CVE-2025-39917 CVE-2025-39918 CVE-2025-39922
                        CVE-2025-39923 CVE-2025-39925 CVE-2025-39926 CVE-2025-39927 CVE-2025-39931
                        CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39944 CVE-2025-39945
                        CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39950
                        CVE-2025-39952 CVE-2025-39955 CVE-2025-39956 CVE-2025-39957 CVE-2025-39961
                        CVE-2025-39963 CVE-2025-39963 CVE-2025-39964 CVE-2025-39965 CVE-2025-39967
                        CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972
                        CVE-2025-39973 CVE-2025-39973 CVE-2025-39977 CVE-2025-39977 CVE-2025-39977
                        CVE-2025-39978 CVE-2025-39979 CVE-2025-39980 CVE-2025-39981 CVE-2025-39982
                        CVE-2025-39984 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988
                        CVE-2025-39990 CVE-2025-39991 CVE-2025-39992 CVE-2025-39993 CVE-2025-39994
                        CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-39998 CVE-2025-40000
                        CVE-2025-40001 CVE-2025-40003 CVE-2025-40005 CVE-2025-40006 CVE-2025-40009
                        CVE-2025-40011 CVE-2025-40012 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018
                        CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40021 CVE-2025-40024
                        CVE-2025-40027 CVE-2025-40029 CVE-2025-40030 CVE-2025-40031 CVE-2025-40032
                        CVE-2025-40033 CVE-2025-40035 CVE-2025-40036 CVE-2025-40037 CVE-2025-40038
                        CVE-2025-40040 CVE-2025-40042 CVE-2025-40043 CVE-2025-40044 CVE-2025-40045
                        CVE-2025-40047 CVE-2025-40048 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052
                        CVE-2025-40053 CVE-2025-40055 CVE-2025-40056 CVE-2025-40058 CVE-2025-40059
                        CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40064 CVE-2025-40070
                        CVE-2025-40071 CVE-2025-40074 CVE-2025-40075 CVE-2025-40078 CVE-2025-40080
                        CVE-2025-40081 CVE-2025-40083 CVE-2025-40085 CVE-2025-40086 CVE-2025-40087
                        CVE-2025-40091 CVE-2025-40096 CVE-2025-40097 CVE-2025-40098 CVE-2025-40099
                        CVE-2025-40100 CVE-2025-40101 CVE-2025-40102 CVE-2025-40103 CVE-2025-40104
                        CVE-2025-40105 CVE-2025-40106 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110
                        CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120
                        CVE-2025-40121 CVE-2025-40123 CVE-2025-40127 CVE-2025-40129 CVE-2025-40130
                        CVE-2025-40130 CVE-2025-40132 CVE-2025-40133 CVE-2025-40134 CVE-2025-40135
                        CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40142 CVE-2025-40147
                        CVE-2025-40149 CVE-2025-40153 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157
                        CVE-2025-40158 CVE-2025-40159 CVE-2025-40159 CVE-2025-40160 CVE-2025-40161
                        CVE-2025-40162 CVE-2025-40164 CVE-2025-40165 CVE-2025-40166 CVE-2025-40167
                        CVE-2025-40168 CVE-2025-40169 CVE-2025-40170 CVE-2025-40171 CVE-2025-40172
                        CVE-2025-40173 CVE-2025-40175 CVE-2025-40176 CVE-2025-40177 CVE-2025-40178
                        CVE-2025-40179 CVE-2025-40180 CVE-2025-40181 CVE-2025-40183 CVE-2025-40185
                        CVE-2025-40186 CVE-2025-40187 CVE-2025-40188 CVE-2025-40190 CVE-2025-40192
                        CVE-2025-40194 CVE-2025-40195 CVE-2025-40196 CVE-2025-40197 CVE-2025-40198
                        CVE-2025-40200 CVE-2025-40201 CVE-2025-40202 CVE-2025-40203 CVE-2025-40204
                        CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 CVE-2025-40209
                        CVE-2025-40211 CVE-2025-40212 CVE-2025-40212 CVE-2025-40213 CVE-2025-40214
                        CVE-2025-40214 CVE-2025-40215 CVE-2025-40218 CVE-2025-40219 CVE-2025-40219
                        CVE-2025-40220 CVE-2025-40221 CVE-2025-40223 CVE-2025-40225 CVE-2025-40226
                        CVE-2025-40230 CVE-2025-40231 CVE-2025-40233 CVE-2025-40235 CVE-2025-40237
                        CVE-2025-40238 CVE-2025-40239 CVE-2025-40240 CVE-2025-40242 CVE-2025-40246
                        CVE-2025-40248 CVE-2025-40250 CVE-2025-40251 CVE-2025-40252 CVE-2025-40253
                        CVE-2025-40254 CVE-2025-40255 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258
                        CVE-2025-40258 CVE-2025-40259 CVE-2025-40261 CVE-2025-40262 CVE-2025-40263
                        CVE-2025-40264 CVE-2025-40266 CVE-2025-40268 CVE-2025-40269 CVE-2025-40271
                        CVE-2025-40272 CVE-2025-40273 CVE-2025-40274 CVE-2025-40275 CVE-2025-40276
                        CVE-2025-40277 CVE-2025-40278 CVE-2025-40279 CVE-2025-40280 CVE-2025-40282
                        CVE-2025-40283 CVE-2025-40284 CVE-2025-40284 CVE-2025-40287 CVE-2025-40288
                        CVE-2025-40289 CVE-2025-40292 CVE-2025-40293 CVE-2025-40294 CVE-2025-40297
                        CVE-2025-40297 CVE-2025-40300 CVE-2025-40301 CVE-2025-40302 CVE-2025-40303
                        CVE-2025-40304 CVE-2025-40307 CVE-2025-40308 CVE-2025-40309 CVE-2025-40309
                        CVE-2025-40309 CVE-2025-40309 CVE-2025-40310 CVE-2025-40311 CVE-2025-40314
                        CVE-2025-40315 CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40319
                        CVE-2025-40320 CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324
                        CVE-2025-40328 CVE-2025-40329 CVE-2025-40330 CVE-2025-40331 CVE-2025-40332
                        CVE-2025-40337 CVE-2025-40338 CVE-2025-40339 CVE-2025-40340 CVE-2025-40342
                        CVE-2025-40343 CVE-2025-40344 CVE-2025-40345 CVE-2025-40346 CVE-2025-40347
                        CVE-2025-40350 CVE-2025-40353 CVE-2025-40354 CVE-2025-40355 CVE-2025-40357
                        CVE-2025-40359 CVE-2025-40360 CVE-2025-40362 CVE-2025-40363 CVE-2025-40364
                        CVE-2025-40779 CVE-2025-40909 CVE-2025-41244 CVE-2025-4128 CVE-2025-4373
                        CVE-2025-43859 CVE-2025-45582 CVE-2025-45582 CVE-2025-4573 CVE-2025-4598
                        CVE-2025-4598 CVE-2025-46721 CVE-2025-4673 CVE-2025-4673 CVE-2025-4674
                        CVE-2025-47268 CVE-2025-47273 CVE-2025-47906 CVE-2025-47907 CVE-2025-47911
                        CVE-2025-47911 CVE-2025-47912 CVE-2025-47913 CVE-2025-47913 CVE-2025-47913
                        CVE-2025-47914 CVE-2025-47914 CVE-2025-47950 CVE-2025-4802 CVE-2025-4877
                        CVE-2025-4878 CVE-2025-48964 CVE-2025-49011 CVE-2025-49133 CVE-2025-49136
                        CVE-2025-49140 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-52565
                        CVE-2025-5278 CVE-2025-52881 CVE-2025-53057 CVE-2025-53066 CVE-2025-5318
                        CVE-2025-5351 CVE-2025-5372 CVE-2025-54518 CVE-2025-54770 CVE-2025-54771
                        CVE-2025-55753 CVE-2025-56225 CVE-2025-58050 CVE-2025-58060 CVE-2025-58098
                        CVE-2025-58181 CVE-2025-58181 CVE-2025-58181 CVE-2025-58183 CVE-2025-58185
                        CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189 CVE-2025-58190
                        CVE-2025-58190 CVE-2025-58364 CVE-2025-58436 CVE-2025-59375 CVE-2025-59375
                        CVE-2025-59432 CVE-2025-59464 CVE-2025-59777 CVE-2025-5987 CVE-2025-6018
                        CVE-2025-6020 CVE-2025-6021 CVE-2025-6052 CVE-2025-6069 CVE-2025-6075
                        CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-6170
                        CVE-2025-61723 CVE-2025-61724 CVE-2025-61725 CVE-2025-61726 CVE-2025-61726
                        CVE-2025-61726 CVE-2025-61727 CVE-2025-61727 CVE-2025-61728 CVE-2025-61728
                        CVE-2025-61728 CVE-2025-61729 CVE-2025-61729 CVE-2025-61730 CVE-2025-61730
                        CVE-2025-61730 CVE-2025-61731 CVE-2025-61731 CVE-2025-61731 CVE-2025-61732
                        CVE-2025-61732 CVE-2025-61748 CVE-2025-61915 CVE-2025-61984 CVE-2025-61985
                        CVE-2025-62689 CVE-2025-64505 CVE-2025-64505 CVE-2025-64506 CVE-2025-64506
                        CVE-2025-64720 CVE-2025-64720 CVE-2025-65018 CVE-2025-65018 CVE-2025-65082
                        CVE-2025-65955 CVE-2025-66199 CVE-2025-66200 CVE-2025-66293 CVE-2025-66293
                        CVE-2025-66418 CVE-2025-66418 CVE-2025-66471 CVE-2025-66471 CVE-2025-66471
                        CVE-2025-66614 CVE-2025-66628 CVE-2025-67030 CVE-2025-67746 CVE-2025-68119
                        CVE-2025-68119 CVE-2025-68119 CVE-2025-68121 CVE-2025-68121 CVE-2025-68121
                        CVE-2025-68121 CVE-2025-68146 CVE-2025-68156 CVE-2025-68160 CVE-2025-68160
                        CVE-2025-68167 CVE-2025-68170 CVE-2025-68171 CVE-2025-68172 CVE-2025-68173
                        CVE-2025-68174 CVE-2025-68176 CVE-2025-68178 CVE-2025-68180 CVE-2025-68181
                        CVE-2025-68183 CVE-2025-68184 CVE-2025-68185 CVE-2025-68186 CVE-2025-68188
                        CVE-2025-68190 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68197
                        CVE-2025-68198 CVE-2025-68200 CVE-2025-68201 CVE-2025-68202 CVE-2025-68206
                        CVE-2025-68207 CVE-2025-68208 CVE-2025-68209 CVE-2025-68210 CVE-2025-68211
                        CVE-2025-68213 CVE-2025-68215 CVE-2025-68217 CVE-2025-68218 CVE-2025-68222
                        CVE-2025-68223 CVE-2025-68227 CVE-2025-68230 CVE-2025-68233 CVE-2025-68235
                        CVE-2025-68237 CVE-2025-68238 CVE-2025-68239 CVE-2025-68241 CVE-2025-68242
                        CVE-2025-68244 CVE-2025-68245 CVE-2025-68249 CVE-2025-68252 CVE-2025-68254
                        CVE-2025-68255 CVE-2025-68256 CVE-2025-68257 CVE-2025-68258 CVE-2025-68259
                        CVE-2025-68261 CVE-2025-68264 CVE-2025-68265 CVE-2025-68283 CVE-2025-68284
                        CVE-2025-68284 CVE-2025-68285 CVE-2025-68285 CVE-2025-68286 CVE-2025-68287
                        CVE-2025-68289 CVE-2025-68290 CVE-2025-68292 CVE-2025-68293 CVE-2025-68295
                        CVE-2025-68296 CVE-2025-68297 CVE-2025-68298 CVE-2025-68301 CVE-2025-68302
                        CVE-2025-68303 CVE-2025-68305 CVE-2025-68306 CVE-2025-68307 CVE-2025-68308
                        CVE-2025-68310 CVE-2025-68311 CVE-2025-68312 CVE-2025-68313 CVE-2025-68317
                        CVE-2025-68320 CVE-2025-68325 CVE-2025-68327 CVE-2025-68328 CVE-2025-68329
                        CVE-2025-68330 CVE-2025-68331 CVE-2025-68332 CVE-2025-68335 CVE-2025-68337
                        CVE-2025-68339 CVE-2025-68340 CVE-2025-68341 CVE-2025-68342 CVE-2025-68343
                        CVE-2025-68344 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68348
                        CVE-2025-68349 CVE-2025-68351 CVE-2025-68352 CVE-2025-68353 CVE-2025-68354
                        CVE-2025-68356 CVE-2025-68359 CVE-2025-68360 CVE-2025-68361 CVE-2025-68362
                        CVE-2025-68363 CVE-2025-68366 CVE-2025-68367 CVE-2025-68368 CVE-2025-68371
                        CVE-2025-68372 CVE-2025-68374 CVE-2025-68376 CVE-2025-68378 CVE-2025-68379
                        CVE-2025-68380 CVE-2025-68615 CVE-2025-68618 CVE-2025-68724 CVE-2025-68725
                        CVE-2025-68732 CVE-2025-68735 CVE-2025-68736 CVE-2025-68740 CVE-2025-68741
                        CVE-2025-68742 CVE-2025-68743 CVE-2025-68744 CVE-2025-68745 CVE-2025-68746
                        CVE-2025-68747 CVE-2025-68748 CVE-2025-68749 CVE-2025-68750 CVE-2025-68753
                        CVE-2025-68757 CVE-2025-68758 CVE-2025-68759 CVE-2025-68764 CVE-2025-68765
                        CVE-2025-68766 CVE-2025-68768 CVE-2025-68770 CVE-2025-68771 CVE-2025-68773
                        CVE-2025-68775 CVE-2025-68776 CVE-2025-68777 CVE-2025-68778 CVE-2025-68783
                        CVE-2025-68784 CVE-2025-68785 CVE-2025-68788 CVE-2025-68789 CVE-2025-68792
                        CVE-2025-68794 CVE-2025-68795 CVE-2025-68797 CVE-2025-68798 CVE-2025-68799
                        CVE-2025-68800 CVE-2025-68801 CVE-2025-68802 CVE-2025-68803 CVE-2025-68804
                        CVE-2025-68808 CVE-2025-68810 CVE-2025-68811 CVE-2025-68813 CVE-2025-68813
                        CVE-2025-68813 CVE-2025-68814 CVE-2025-68815 CVE-2025-68816 CVE-2025-68818
                        CVE-2025-68819 CVE-2025-68820 CVE-2025-68821 CVE-2025-68822 CVE-2025-68950
                        CVE-2025-68973 CVE-2025-68973 CVE-2025-69204 CVE-2025-69277 CVE-2025-69418
                        CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420
                        CVE-2025-69421 CVE-2025-69421 CVE-2025-6965 CVE-2025-69720 CVE-2025-7039
                        CVE-2025-7039 CVE-2025-70873 CVE-2025-70873 CVE-2025-71064 CVE-2025-71066
                        CVE-2025-71066 CVE-2025-71066 CVE-2025-71071 CVE-2025-71073 CVE-2025-71076
                        CVE-2025-71077 CVE-2025-71078 CVE-2025-71079 CVE-2025-71080 CVE-2025-71081
                        CVE-2025-71082 CVE-2025-71083 CVE-2025-71084 CVE-2025-71085 CVE-2025-71085
                        CVE-2025-71085 CVE-2025-71086 CVE-2025-71087 CVE-2025-71088 CVE-2025-71089
                        CVE-2025-71091 CVE-2025-71093 CVE-2025-71094 CVE-2025-71095 CVE-2025-71096
                        CVE-2025-71097 CVE-2025-71098 CVE-2025-71099 CVE-2025-71100 CVE-2025-71101
                        CVE-2025-71104 CVE-2025-71108 CVE-2025-71111 CVE-2025-71112 CVE-2025-71113
                        CVE-2025-71114 CVE-2025-71116 CVE-2025-71118 CVE-2025-71119 CVE-2025-71120
                        CVE-2025-71120 CVE-2025-71123 CVE-2025-71125 CVE-2025-71126 CVE-2025-71130
                        CVE-2025-71131 CVE-2025-71132 CVE-2025-71133 CVE-2025-71134 CVE-2025-71135
                        CVE-2025-71136 CVE-2025-71137 CVE-2025-71138 CVE-2025-71141 CVE-2025-71142
                        CVE-2025-71143 CVE-2025-71145 CVE-2025-71147 CVE-2025-71148 CVE-2025-71149
                        CVE-2025-71154 CVE-2025-71156 CVE-2025-71157 CVE-2025-71161 CVE-2025-71162
                        CVE-2025-71163 CVE-2025-71182 CVE-2025-71183 CVE-2025-71184 CVE-2025-71185
                        CVE-2025-71186 CVE-2025-71188 CVE-2025-71189 CVE-2025-71190 CVE-2025-71191
                        CVE-2025-71192 CVE-2025-71193 CVE-2025-71194 CVE-2025-71195 CVE-2025-71196
                        CVE-2025-71197 CVE-2025-71198 CVE-2025-71199 CVE-2025-71200 CVE-2025-71222
                        CVE-2025-71224 CVE-2025-71225 CVE-2025-71229 CVE-2025-71231 CVE-2025-71232
                        CVE-2025-71233 CVE-2025-71234 CVE-2025-71235 CVE-2025-71236 CVE-2025-71238
                        CVE-2025-71239 CVE-2025-71268 CVE-2025-71269 CVE-2025-71302 CVE-2025-7424
                        CVE-2025-7425 CVE-2025-7709 CVE-2025-7709 CVE-2025-8058 CVE-2025-8114
                        CVE-2025-8114 CVE-2025-8194 CVE-2025-8277 CVE-2025-8277 CVE-2025-8291
                        CVE-2025-8732 CVE-2025-8732 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230
                        CVE-2025-9230 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 CVE-2025-9615
                        CVE-2025-9615 CVE-2026-0665 CVE-2026-0672 CVE-2026-0861 CVE-2026-0861
                        CVE-2026-0865 CVE-2026-0915 CVE-2026-0915 CVE-2026-0964 CVE-2026-0964
                        CVE-2026-0965 CVE-2026-0965 CVE-2026-0966 CVE-2026-0966 CVE-2026-0967
                        CVE-2026-0967 CVE-2026-0968 CVE-2026-0968 CVE-2026-0988 CVE-2026-0988
                        CVE-2026-0989 CVE-2026-0989 CVE-2026-0989 CVE-2026-0990 CVE-2026-0990
                        CVE-2026-0992 CVE-2026-0992 CVE-2026-1299 CVE-2026-1299 CVE-2026-1484
                        CVE-2026-1484 CVE-2026-1485 CVE-2026-1485 CVE-2026-1489 CVE-2026-1489
                        CVE-2026-1536 CVE-2026-1709 CVE-2026-1757 CVE-2026-1757 CVE-2026-1761
                        CVE-2026-1965 CVE-2026-1965 CVE-2026-1965 CVE-2026-21226 CVE-2026-21441
                        CVE-2026-21444 CVE-2026-21637 CVE-2026-21710 CVE-2026-21712 CVE-2026-21713
                        CVE-2026-21714 CVE-2026-21715 CVE-2026-21716 CVE-2026-21717 CVE-2026-22695
                        CVE-2026-22695 CVE-2026-22701 CVE-2026-22791 CVE-2026-22795 CVE-2026-22795
                        CVE-2026-22796 CVE-2026-22796 CVE-2026-22801 CVE-2026-22801 CVE-2026-2297
                        CVE-2026-22976 CVE-2026-22977 CVE-2026-22978 CVE-2026-22979 CVE-2026-22980
                        CVE-2026-22981 CVE-2026-22982 CVE-2026-22984 CVE-2026-22985 CVE-2026-22986
                        CVE-2026-22988 CVE-2026-22989 CVE-2026-22990 CVE-2026-22991 CVE-2026-22992
                        CVE-2026-22993 CVE-2026-22996 CVE-2026-22997 CVE-2026-22998 CVE-2026-22999
                        CVE-2026-22999 CVE-2026-23000 CVE-2026-23001 CVE-2026-23002 CVE-2026-23003
                        CVE-2026-23004 CVE-2026-23004 CVE-2026-23004 CVE-2026-23005 CVE-2026-23006
                        CVE-2026-23010 CVE-2026-23011 CVE-2026-23017 CVE-2026-23018 CVE-2026-23021
                        CVE-2026-23022 CVE-2026-23023 CVE-2026-23024 CVE-2026-23026 CVE-2026-23030
                        CVE-2026-23031 CVE-2026-23033 CVE-2026-23035 CVE-2026-23037 CVE-2026-23038
                        CVE-2026-23042 CVE-2026-23047 CVE-2026-23049 CVE-2026-23050 CVE-2026-23053
                        CVE-2026-23054 CVE-2026-23055 CVE-2026-23056 CVE-2026-23057 CVE-2026-23058
                        CVE-2026-23059 CVE-2026-23060 CVE-2026-23061 CVE-2026-23062 CVE-2026-23063
                        CVE-2026-23064 CVE-2026-23065 CVE-2026-23066 CVE-2026-23068 CVE-2026-23069
                        CVE-2026-23070 CVE-2026-23071 CVE-2026-23072 CVE-2026-23073 CVE-2026-23074
                        CVE-2026-23074 CVE-2026-23074 CVE-2026-23076 CVE-2026-23078 CVE-2026-23080
                        CVE-2026-23082 CVE-2026-23083 CVE-2026-23084 CVE-2026-23085 CVE-2026-23086
                        CVE-2026-23088 CVE-2026-23089 CVE-2026-23090 CVE-2026-23091 CVE-2026-23094
                        CVE-2026-23095 CVE-2026-23096 CVE-2026-23097 CVE-2026-23099 CVE-2026-23100
                        CVE-2026-23101 CVE-2026-23102 CVE-2026-23103 CVE-2026-23104 CVE-2026-23105
                        CVE-2026-23107 CVE-2026-23108 CVE-2026-23110 CVE-2026-23111 CVE-2026-23111
                        CVE-2026-23111 CVE-2026-23112 CVE-2026-23116 CVE-2026-23119 CVE-2026-23120
                        CVE-2026-23121 CVE-2026-23123 CVE-2026-23125 CVE-2026-23128 CVE-2026-23129
                        CVE-2026-23131 CVE-2026-23133 CVE-2026-23135 CVE-2026-23136 CVE-2026-23137
                        CVE-2026-23138 CVE-2026-23139 CVE-2026-23140 CVE-2026-23141 CVE-2026-23142
                        CVE-2026-23144 CVE-2026-23145 CVE-2026-23146 CVE-2026-23148 CVE-2026-23150
                        CVE-2026-23151 CVE-2026-23152 CVE-2026-23154 CVE-2026-23155 CVE-2026-23156
                        CVE-2026-23157 CVE-2026-23158 CVE-2026-23161 CVE-2026-23163 CVE-2026-23166
                        CVE-2026-23167 CVE-2026-23168 CVE-2026-23169 CVE-2026-23170 CVE-2026-23171
                        CVE-2026-23172 CVE-2026-23173 CVE-2026-23176 CVE-2026-23177 CVE-2026-23178
                        CVE-2026-23179 CVE-2026-23182 CVE-2026-23187 CVE-2026-23188 CVE-2026-23189
                        CVE-2026-23190 CVE-2026-23191 CVE-2026-23193 CVE-2026-23198 CVE-2026-23201
                        CVE-2026-23202 CVE-2026-23204 CVE-2026-23204 CVE-2026-23204 CVE-2026-23207
                        CVE-2026-23208 CVE-2026-23209 CVE-2026-23209 CVE-2026-23209 CVE-2026-23209
                        CVE-2026-23210 CVE-2026-23213 CVE-2026-23214 CVE-2026-23215 CVE-2026-23216
                        CVE-2026-23221 CVE-2026-23222 CVE-2026-23223 CVE-2026-23224 CVE-2026-23229
                        CVE-2026-23230 CVE-2026-23231 CVE-2026-23236 CVE-2026-23237 CVE-2026-23239
                        CVE-2026-23240 CVE-2026-23242 CVE-2026-23243 CVE-2026-23245 CVE-2026-23246
                        CVE-2026-23253 CVE-2026-23255 CVE-2026-23260 CVE-2026-23261 CVE-2026-23262
                        CVE-2026-23264 CVE-2026-23266 CVE-2026-23268 CVE-2026-23268 CVE-2026-23268
                        CVE-2026-23268 CVE-2026-23268 CVE-2026-23268 CVE-2026-23269 CVE-2026-23270
                        CVE-2026-23271 CVE-2026-23272 CVE-2026-23273 CVE-2026-23274 CVE-2026-23276
                        CVE-2026-23277 CVE-2026-23278 CVE-2026-23279 CVE-2026-23281 CVE-2026-23290
                        CVE-2026-23291 CVE-2026-23292 CVE-2026-23293 CVE-2026-23297 CVE-2026-23298
                        CVE-2026-23300 CVE-2026-23304 CVE-2026-23307 CVE-2026-23312 CVE-2026-23313
                        CVE-2026-23315 CVE-2026-23316 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319
                        CVE-2026-23321 CVE-2026-23324 CVE-2026-23325 CVE-2026-23326 CVE-2026-23334
                        CVE-2026-23335 CVE-2026-23336 CVE-2026-23339 CVE-2026-23340 CVE-2026-23343
                        CVE-2026-23346 CVE-2026-23347 CVE-2026-23351 CVE-2026-23354 CVE-2026-23357
                        CVE-2026-23360 CVE-2026-23361 CVE-2026-23362 CVE-2026-23363 CVE-2026-23365
                        CVE-2026-23367 CVE-2026-23368 CVE-2026-23369 CVE-2026-23370 CVE-2026-23372
                        CVE-2026-23373 CVE-2026-23374 CVE-2026-23375 CVE-2026-23378 CVE-2026-23379
                        CVE-2026-23381 CVE-2026-23382 CVE-2026-23383 CVE-2026-23386 CVE-2026-23387
                        CVE-2026-23391 CVE-2026-23392 CVE-2026-23393 CVE-2026-23395 CVE-2026-23396
                        CVE-2026-23397 CVE-2026-23398 CVE-2026-23399 CVE-2026-23401 CVE-2026-23403
                        CVE-2026-23404 CVE-2026-23405 CVE-2026-23406 CVE-2026-23407 CVE-2026-23408
                        CVE-2026-23409 CVE-2026-23410 CVE-2026-23411 CVE-2026-23413 CVE-2026-23414
                        CVE-2026-23417 CVE-2026-23418 CVE-2026-23419 CVE-2026-23420 CVE-2026-23425
                        CVE-2026-23426 CVE-2026-23434 CVE-2026-23436 CVE-2026-23437 CVE-2026-23437
                        CVE-2026-23437 CVE-2026-23437 CVE-2026-23440 CVE-2026-23441 CVE-2026-23442
                        CVE-2026-23443 CVE-2026-23445 CVE-2026-23446 CVE-2026-23447 CVE-2026-23448
                        CVE-2026-23449 CVE-2026-23450 CVE-2026-23452 CVE-2026-23454 CVE-2026-23455
                        CVE-2026-23456 CVE-2026-23457 CVE-2026-23458 CVE-2026-23460 CVE-2026-23461
                        CVE-2026-23462 CVE-2026-23463 CVE-2026-23464 CVE-2026-23465 CVE-2026-23466
                        CVE-2026-23468 CVE-2026-23470 CVE-2026-23472 CVE-2026-23473 CVE-2026-23474
                        CVE-2026-23475 CVE-2026-23893 CVE-2026-2447 CVE-2026-24484 CVE-2026-24515
                        CVE-2026-24515 CVE-2026-24733 CVE-2026-24734 CVE-2026-24882 CVE-2026-24882
                        CVE-2026-24883 CVE-2026-25075 CVE-2026-25210 CVE-2026-25210 CVE-2026-25547
                        CVE-2026-25645 CVE-2026-25646 CVE-2026-25646 CVE-2026-25679 CVE-2026-25727
                        CVE-2026-25727 CVE-2026-26080 CVE-2026-26081 CVE-2026-26157 CVE-2026-26158
                        CVE-2026-2673 CVE-2026-26996 CVE-2026-27135 CVE-2026-27135 CVE-2026-27137
                        CVE-2026-27138 CVE-2026-27139 CVE-2026-27140 CVE-2026-27142 CVE-2026-27143
                        CVE-2026-27144 CVE-2026-27171 CVE-2026-27171 CVE-2026-27456 CVE-2026-2757
                        CVE-2026-2758 CVE-2026-2759 CVE-2026-2760 CVE-2026-2761 CVE-2026-2762
                        CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767
                        CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772
                        CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777
                        CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782
                        CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787
                        CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792
                        CVE-2026-2793 CVE-2026-28295 CVE-2026-28296 CVE-2026-28387 CVE-2026-28387
                        CVE-2026-28388 CVE-2026-28388 CVE-2026-28389 CVE-2026-28389 CVE-2026-28390
                        CVE-2026-28390 CVE-2026-28417 CVE-2026-28493 CVE-2026-28494 CVE-2026-28686
                        CVE-2026-28687 CVE-2026-28688 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691
                        CVE-2026-28692 CVE-2026-28693 CVE-2026-29111 CVE-2026-29111 CVE-2026-2920
                        CVE-2026-2922 CVE-2026-29518 CVE-2026-29518 CVE-2026-30883 CVE-2026-30922
                        CVE-2026-30929 CVE-2026-30931 CVE-2026-30935 CVE-2026-30936 CVE-2026-30937
                        CVE-2026-31389 CVE-2026-31392 CVE-2026-31393 CVE-2026-31394 CVE-2026-31395
                        CVE-2026-31400 CVE-2026-31402 CVE-2026-31403 CVE-2026-31405 CVE-2026-31406
                        CVE-2026-31406 CVE-2026-31406 CVE-2026-31406 CVE-2026-31407 CVE-2026-31408
                        CVE-2026-31411 CVE-2026-31412 CVE-2026-31415 CVE-2026-31416 CVE-2026-31417
                        CVE-2026-31420 CVE-2026-31421 CVE-2026-31422 CVE-2026-31423 CVE-2026-31424
                        CVE-2026-31425 CVE-2026-31426 CVE-2026-31427 CVE-2026-31428 CVE-2026-31431
                        CVE-2026-31431 CVE-2026-31431 CVE-2026-31431 CVE-2026-31435 CVE-2026-31449
                        CVE-2026-31453 CVE-2026-31456 CVE-2026-31470 CVE-2026-31494 CVE-2026-31496
                        CVE-2026-31503 CVE-2026-31504 CVE-2026-31505 CVE-2026-31507 CVE-2026-31515
                        CVE-2026-31519 CVE-2026-31525 CVE-2026-31526 CVE-2026-31528 CVE-2026-31533
                        CVE-2026-31547 CVE-2026-31550 CVE-2026-31554 CVE-2026-31565 CVE-2026-31579
                        CVE-2026-31586 CVE-2026-31588 CVE-2026-31644 CVE-2026-31649 CVE-2026-31658
                        CVE-2026-31662 CVE-2026-31666 CVE-2026-31668 CVE-2026-31669 CVE-2026-31675
                        CVE-2026-31678 CVE-2026-31679 CVE-2026-31681 CVE-2026-31682 CVE-2026-31684
                        CVE-2026-31685 CVE-2026-31691 CVE-2026-31694 CVE-2026-31700 CVE-2026-3172
                        CVE-2026-31738 CVE-2026-31787 CVE-2026-31788 CVE-2026-31789 CVE-2026-31789
                        CVE-2026-31790 CVE-2026-31790 CVE-2026-31812 CVE-2026-3184 CVE-2026-31853
                        CVE-2026-31900 CVE-2026-32274 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282
                        CVE-2026-32283 CVE-2026-32288 CVE-2026-32289 CVE-2026-32597 CVE-2026-32776
                        CVE-2026-32776 CVE-2026-32776 CVE-2026-32777 CVE-2026-32777 CVE-2026-32777
                        CVE-2026-32778 CVE-2026-32778 CVE-2026-32778 CVE-2026-33186 CVE-2026-33416
                        CVE-2026-33416 CVE-2026-33554 CVE-2026-33636 CVE-2026-33636 CVE-2026-33814
                        CVE-2026-34073 CVE-2026-34379 CVE-2026-34380 CVE-2026-34582 CVE-2026-34588
                        CVE-2026-34589 CVE-2026-34743 CVE-2026-34743 CVE-2026-34757 CVE-2026-34757
                        CVE-2026-3479 CVE-2026-35328 CVE-2026-35329 CVE-2026-35330 CVE-2026-35331
                        CVE-2026-35332 CVE-2026-35333 CVE-2026-35334 CVE-2026-35535 CVE-2026-3644
                        CVE-2026-3783 CVE-2026-3783 CVE-2026-3784 CVE-2026-3784 CVE-2026-3805
                        CVE-2026-3805 CVE-2026-40176 CVE-2026-40244 CVE-2026-40250 CVE-2026-40261
                        CVE-2026-40355 CVE-2026-40356 CVE-2026-4046 CVE-2026-4046 CVE-2026-4046
                        CVE-2026-40706 CVE-2026-41035 CVE-2026-41035 CVE-2026-41035 CVE-2026-41035
                        CVE-2026-4105 CVE-2026-4105 CVE-2026-41651 CVE-2026-41888 CVE-2026-4224
                        CVE-2026-43009 CVE-2026-43025 CVE-2026-43027 CVE-2026-43037 CVE-2026-43038
                        CVE-2026-43045 CVE-2026-43050 CVE-2026-43060 CVE-2026-43082 CVE-2026-43088
                        CVE-2026-43153 CVE-2026-43190 CVE-2026-43265 CVE-2026-43284 CVE-2026-43329
                        CVE-2026-43365 CVE-2026-43366 CVE-2026-43441 CVE-2026-43494 CVE-2026-43500
                        CVE-2026-43503 CVE-2026-43617 CVE-2026-43617 CVE-2026-43618 CVE-2026-43618
                        CVE-2026-43619 CVE-2026-43619 CVE-2026-43620 CVE-2026-43620 CVE-2026-4437
                        CVE-2026-4437 CVE-2026-4438 CVE-2026-4438 CVE-2026-4519 CVE-2026-45232
                        CVE-2026-45232 CVE-2026-46300 CVE-2026-46333 CVE-2026-46333 CVE-2026-4873
                        CVE-2026-4878 CVE-2026-4878 CVE-2026-5450 CVE-2026-5450 CVE-2026-5545
                        CVE-2026-5928 CVE-2026-5928 CVE-2026-5958 CVE-2026-6253 CVE-2026-6276
                        CVE-2026-6429 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 9
Released:    Mon Nov  3 11:23:57 2025
Summary:     Optional update for mcphost
Type:        feature
Severity:    moderate
References:  
This update for mcphost fixes the following issues:

This adds mcphost in release 0.31.1.

-----------------------------------------------------------------
Advisory ID: 14
Released:    Thu Nov 13 14:25:54 2025
Summary:     Recommended update for agama-products, agama-web-ui, agama, rubygem-agama-yast
Type:        recommended
Severity:    moderate
References:  1012628,1065729,1141539,1181674,1186716,1187716,1193599,1194869,1195775,1204562,1207948,1208593,1209657,1209834,1213573,1214852,1215199,1215587,1216196,1216358,1216702,1217169,1217384,1217408,1217481,1217489,1217750,1217912,1217959,1218205,1218336,1218442,1218447,1218562,1218730,1218779,1218820,1218917,1219104,1219170,1219224,1219451,1219478,1219485,1219596,1219623,1219633,1219832,1219834,1219847,1219953,1220021,1220045,1220120,1220138,1220148,1220328,1220342,1220427,1220428,1220430,1220569,1220587,1220738,1220783,1220915,1220942,1221044,1221057,1221086,1221293,1221303,1221504,1221612,1221615,1221635,1221645,1221647,1221649,1221654,1221656,1221659,1221765,1221777,1221783,1221816,1221829,1221830,1221858,1221958,1222011,1222015,1222080,1222173,1222241,1222264,1222273,1222294,1222301,1222303,1222304,1222307,1222326,1222328,1222357,1222366,1222368,1222371,1222378,1222380,1222385,1222422,1222426,1222428,1222437,1222438,1222445,1222459,1222463,1222464,1222489,1222522,1222525,1
 222532,1222557,1222559,1222563,1222585,1222588,1222596,1222606,1222608,1222613,1222615,1222617,1222618,1222619,1222622,1222624,1222627,1222630,1222635,1222654,1222721,1222727,1222768,1222769,1222771,1222775,1222777,1222779,1222780,1222782,1222793,1222799,1222801,1222809,1222810,1222893,1222968,1223007,1223010,1223011,1223015,1223016,1223018,1223020,1223021,1223023,1223024,1223033,1223034,1223035,1223038,1223039,1223041,1223045,1223046,1223051,1223052,1223058,1223060,1223061,1223062,1223076,1223077,1223084,1223111,1223113,1223138,1223143,1223187,1223189,1223190,1223191,1223198,1223202,1223265,1223285,1223315,1223338,1223369,1223380,1223384,1223390,1223439,1223462,1223532,1223539,1223570,1223575,1223590,1223591,1223592,1223593,1223625,1223626,1223627,1223629,1223631,1223632,1223633,1223634,1223637,1223638,1223641,1223642,1223643,1223644,1223645,1223646,1223648,1223649,1223650,1223651,1223652,1223653,1223654,1223655,1223657,1223660,1223661,1223663,1223664,1223665,1223666,1223667,122366
 8,1223669,1223670,1223671,1223675,1223677,1223678,1223679,1223686,1223692,1223693,1223695,1223696,1223698,1223699,1223705,1223709,1223711,1223712,1223714,1223715,1223717,1223718,1223723,1223725,1223728,1223731,1223732,1223734,1223735,1223737,1223738,1223739,1223740,1223741,1223744,1223745,1223747,1223748,1223749,1223750,1223752,1223754,1223756,1223757,1223759,1223760,1223761,1223762,1223764,1223765,1223768,1223769,1223770,1223774,1223776,1223778,1223779,1223780,1223781,1223782,1223787,1223788,1223789,1223790,1223802,1223804,1223805,1223806,1223807,1223808,1223810,1223813,1223815,1223816,1223819,1223821,1223822,1223823,1223824,1223826,1223827,1223828,1223829,1223831,1223834,1223836,1223837,1223838,1223842,1223843,1223844,1223847,1223863,1223869,1223870,1223871,1223872,1223874,1223944,1223945,1223946,1223991,1224049,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224348,1224414,1224422,1224423,1224429,1224430,1224432,1224433,1224437,122
 4438,1224439,1224442,1224443,1224445,1224449,1224477,1224479,1224480,1224481,1224482,1224486,1224487,1224488,1224490,1224491,1224492,1224493,1224494,1224495,1224497,1224498,1224499,1224500,1224501,1224502,1224504,1224505,1224506,1224507,1224508,1224509,1224511,1224512,1224513,1224515,1224516,1224517,1224519,1224520,1224521,1224523,1224524,1224525,1224526,1224530,1224531,1224534,1224537,1224539,1224540,1224541,1224542,1224543,1224544,1224545,1224546,1224549,1224550,1224552,1224553,1224555,1224557,1224558,1224559,1224562,1224565,1224566,1224567,1224568,1224569,1224571,1224572,1224573,1224575,1224576,1224577,1224578,1224579,1224580,1224581,1224582,1224583,1224584,1224585,1224586,1224587,1224588,1224589,1224592,1224596,1224598,1224600,1224601,1224602,1224603,1224604,1224605,1224606,1224607,1224608,1224609,1224611,1224612,1224613,1224614,1224615,1224617,1224618,1224619,1224620,1224621,1224622,1224623,1224624,1224626,1224627,1224628,1224629,1224630,1224632,1224633,1224634,1224636,1224637,
 1224638,1224639,1224640,1224641,1224643,1224644,1224645,1224646,1224647,1224648,1224649,1224650,1224651,1224652,1224653,1224654,1224655,1224657,1224659,1224660,1224661,1224662,1224663,1224664,1224665,1224666,1224667,1224668,1224670,1224671,1224672,1224673,1224674,1224675,1224676,1224677,1224678,1224679,1224680,1224681,1224682,1224683,1224685,1224686,1224687,1224688,1224692,1224696,1224697,1224698,1224699,1224701,1224703,1224704,1224705,1224706,1224707,1224709,1224710,1224712,1224714,1224716,1224717,1224718,1224719,1224720,1224721,1224722,1224723,1224725,1224727,1224729,1224730,1224731,1224732,1224733,1224735,1224736,1224738,1224739,1224740,1224741,1224742,1224743,1224747,1224749,1224751,1224759,1224763,1224764,1224765,1224766,1224767,1224790,1224792,1224793,1224803,1224804,1224866,1224928,1224930,1224932,1224933,1224935,1224936,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224989,1224992,1224998,1225000,1225001,1225004,1225006,1225007,1225008,1225009,12250
 14,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225053,1225076,1225077,1225078,1225081,1225085,1225086,1225088,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225133,1225134,1225136,1225172,1225180,1225272,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225489,1225490,1225502,1225527,1225529,1225530,1225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225578,1225579,1225580,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225594,1225595,1225599,1225600,1225601,1225602,1225605,1225607,1225609,1225610,1225611,1225616,1225618,1225640,1225642,1225681,1225692,1225694,1225695,1225696,1225698,1225699,1225702,1225704,1225705,1225708,1225710,1225711,1225712,1225714,1225715,1225717,1225719,1225720,1225722,1225723,12
 25726,1225728,1225731,1225732,1225734,1225735,1225736,1225737,1225741,1225744,1225745,1225746,1225747,1225748,1225749,1225750,1225752,1225753,1225756,1225757,1225758,1225759,1225760,1225761,1225762,1225763,1225765,1225766,1225767,1225769,1225770,1225773,1225775,1225805,1225810,1225815,1225820,1225823,1225827,1225829,1225830,1225834,1225835,1225839,1225840,1225842,1225843,1225847,1225851,1225856,1225866,1225872,1225894,1225895,1225896,1225898,1225903,1225945,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226202,1226211,1226212,1226213,1226226,1226457,1226502,1226503,1226513,1226514,1226519,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,1226777
 ,1226780,1226781,1226783,1226785,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226866,1226867,1226868,1226875,1226876,1226878,1226879,1226883,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226915,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226993,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227103,1227149,1227190,1227282,1227362,1227363,1227383,1227432,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228
 408,1228417,1243795,1249636,1251898,1253145,CVE-2021-47432,CVE-2022-48669,CVE-2022-48772,CVE-2023-0160,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52434,CVE-2023-52435,CVE-2023-52458,CVE-2023-52472,CVE-2023-52483,CVE-2023-52503,CVE-2023-52616,CVE-2023-52618,CVE-2023-52622,CVE-2023-52631,CVE-2023-52635,CVE-2023-52640,CVE-2023-52641,CVE-2023-52645,CVE-2023-52647,CVE-2023-52648,CVE-2023-52649,CVE-2023-52650,CVE-2023-52652,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52658,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52663,CVE-2023-52664,CVE-2023-52667,CVE-2023-52669,CVE-2023-52670,CVE-2023-52671,CVE-2023-52672,CVE-2023-52673,CVE-2023-52674,CVE-2023-52675,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52681,CVE-2023-52683,CVE-2023-52686,CVE-2023-52687,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52695,CVE-2023-52696,CVE-2023-52697,CVE-2023-52698,CVE-2023-
 52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52751,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52771,CVE-2023-52772,CVE-2023-52773,CVE-2023-52774,CVE-2023-52775,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,C
 VE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52882,CVE-2023-52883,CVE-2023-52884,CVE-2023-6238,CVE-2023-6270,CVE-2023-7042,CVE-2024-0639,CVE-2024-21823,CVE-2024-22099,CVE-2024-23848,CVE-2024-24861,CVE-2024-25739,CVE-2024-25741,CVE-2024-26601,CVE-2024-26611,CVE-2024-26614,CVE-2024-26615,CVE-2024-26623,CVE-2024-26625,CVE-2024-26632,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-266
 38,CVE-2024-26641,CVE-2024-26642,CVE-2024-26643,CVE-2024-26654,CVE-2024-26656,CVE-2024-26657,CVE-2024-26663,CVE-2024-26665,CVE-2024-26671,CVE-2024-26673,CVE-2024-26674,CVE-2024-26676,CVE-2024-26679,CVE-2024-26684,CVE-2024-26685,CVE-2024-26691,CVE-2024-26692,CVE-2024-26704,CVE-2024-26714,CVE-2024-26726,CVE-2024-26731,CVE-2024-26733,CVE-2024-26734,CVE-2024-26737,CVE-2024-26739,CVE-2024-26740,CVE-2024-26742,CVE-2024-26750,CVE-2024-26758,CVE-2024-26760,CVE-2024-26761,CVE-2024-26764,CVE-2024-26767,CVE-2024-26769,CVE-2024-26772,CVE-2024-26773,CVE-2024-26774,CVE-2024-26775,CVE-2024-26780,CVE-2024-26783,CVE-2024-26785,CVE-2024-26786,CVE-2024-26791,CVE-2024-26793,CVE-2024-26794,CVE-2024-26802,CVE-2024-26805,CVE-2024-26807,CVE-2024-26813,CVE-2024-26814,CVE-2024-26815,CVE-2024-26816,CVE-2024-26822,CVE-2024-26826,CVE-2024-26828,CVE-2024-26832,CVE-2024-26836,CVE-2024-26844,CVE-2024-26845,CVE-2024-26846,CVE-2024-26853,CVE-2024-26854,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26858,CVE-
 2024-26860,CVE-2024-26861,CVE-2024-26862,CVE-2024-26863,CVE-2024-26865,CVE-2024-26866,CVE-2024-26868,CVE-2024-26870,CVE-2024-26878,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26889,CVE-2024-26898,CVE-2024-26899,CVE-2024-26900,CVE-2024-26901,CVE-2024-26903,CVE-2024-26906,CVE-2024-26909,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26923,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26932,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26944,CVE-2024-26945,CVE-2024-26946,CVE-2024-26948,CVE-2024-26949,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26957,CVE-2024-26958,CVE-2024-26959,CVE-2024-26960,CVE-2024-26961,CVE-2024-26962,CVE-2024-26963,CVE-2024-26964,CVE-2024-26965,CVE-2024-26966,CVE-2024-26968,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26973,CVE-2024-26974,CVE-2024-26
 975,CVE-2024-26977,CVE-2024-26978,CVE-2024-26981,CVE-2024-26982,CVE-2024-26983,CVE-2024-26984,CVE-2024-26986,CVE-2024-26988,CVE-2024-26989,CVE-2024-26990,CVE-2024-26991,CVE-2024-26992,CVE-2024-26993,CVE-2024-26994,CVE-2024-26995,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27002,CVE-2024-27003,CVE-2024-27004,CVE-2024-27008,CVE-2024-27009,CVE-2024-27012,CVE-2024-27013,CVE-2024-27014,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27022,CVE-2024-27023,CVE-2024-27025,CVE-2024-27027,CVE-2024-27028,CVE-2024-27029,CVE-2024-27030,CVE-2024-27031,CVE-2024-27036,CVE-2024-27037,CVE-2024-27038,CVE-2024-27039,CVE-2024-27040,CVE-2024-27041,CVE-2024-27042,CVE-2024-27043,CVE-2024-27044,CVE-2024-27045,CVE-2024-27046,CVE-2024-27047,CVE-2024-27048,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27056,CVE-2024-27057,CVE-2024-27059,CVE-2024-27060,CVE-2024-27062,CVE-2024-27064,CVE-2024-27065,CVE-2024-27067,CVE-2024-27068,CVE
 -2024-27071,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27080,CVE-2024-27388,CVE-2024-27389,CVE-2024-27391,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27402,CVE-2024-27404,CVE-2024-27405,CVE-2024-27408,CVE-2024-27410,CVE-2024-27411,CVE-2024-27412,CVE-2024-27413,CVE-2024-27414,CVE-2024-27416,CVE-2024-27417,CVE-2024-27418,CVE-2024-27419,CVE-2024-27431,CVE-2024-27432,CVE-2024-27434,CVE-2024-27435,CVE-2024-27436,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35784,CVE-2024-35786,CVE-2024-35788,CVE-2024-35789,CVE-2024-35790,CVE-2024-35791,CVE-2024-35794,CVE-2024-35795,CVE-2024-35796,CVE-2024-35799,CVE-2024-35800,CVE-2024-35801,CVE-2024-35803,CVE-2024-35804,CVE-2024-35805,CVE-2024-35806,CVE-2024-35807,CVE-2024-35808,CVE-2024-35809,CVE-2024-35810,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35814,CVE-2024-35815,CVE-2024-35817,CVE-2024-3
 5819,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35824,CVE-2024-35825,CVE-2024-35827,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35831,CVE-2024-35833,CVE-2024-35834,CVE-2024-35835,CVE-2024-35836,CVE-2024-35837,CVE-2024-35838,CVE-2024-35841,CVE-2024-35842,CVE-2024-35843,CVE-2024-35845,CVE-2024-35847,CVE-2024-35848,CVE-2024-35849,CVE-2024-35850,CVE-2024-35851,CVE-2024-35852,CVE-2024-35853,CVE-2024-35854,CVE-2024-35857,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-35868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35880,CVE-2024-35883,CVE-2024-35884,CVE-2024-35885,CVE-2024-35886,CVE-2024-35887,CVE-2024-35889,CVE-2024-35890,CVE-2024-35891,CVE-2024-35892,CVE-2024-35893,CVE-2024-35895,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35901,CVE-2024-35903,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CV
 E-2024-35908,CVE-2024-35909,CVE-2024-35911,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35916,CVE-2024-35917,CVE-2024-35921,CVE-2024-35922,CVE-2024-35924,CVE-2024-35925,CVE-2024-35926,CVE-2024-35927,CVE-2024-35928,CVE-2024-35930,CVE-2024-35931,CVE-2024-35932,CVE-2024-35933,CVE-2024-35934,CVE-2024-35935,CVE-2024-35936,CVE-2024-35937,CVE-2024-35938,CVE-2024-35940,CVE-2024-35942,CVE-2024-35943,CVE-2024-35944,CVE-2024-35945,CVE-2024-35946,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35953,CVE-2024-35954,CVE-2024-35955,CVE-2024-35956,CVE-2024-35957,CVE-2024-35958,CVE-2024-35959,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35970,CVE-2024-35971,CVE-2024-35972,CVE-2024-35973,CVE-2024-35974,CVE-2024-35975,CVE-2024-35976,CVE-2024-35977,CVE-2024-35978,CVE-2024-35979,CVE-2024-35981,CVE-2024-35982,CVE-2024-35984,CVE-2024-35986,CVE-2024-35989,CVE-2024-35990,CVE-2024-
 35991,CVE-2024-35992,CVE-2024-35995,CVE-2024-35997,CVE-2024-35998,CVE-2024-35999,CVE-2024-36002,CVE-2024-36003,CVE-2024-36004,CVE-2024-36005,CVE-2024-36006,CVE-2024-36007,CVE-2024-36008,CVE-2024-36009,CVE-2024-36010,CVE-2024-36011,CVE-2024-36012,CVE-2024-36013,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36017,CVE-2024-36018,CVE-2024-36019,CVE-2024-36020,CVE-2024-36021,CVE-2024-36024,CVE-2024-36025,CVE-2024-36026,CVE-2024-36029,CVE-2024-36030,CVE-2024-36032,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36880,CVE-2024-36882,CVE-2024-36885,CVE-2024-36887,CVE-2024-36889,CVE-2024-36890,CVE-2024-36891,CVE-2024-36893,CVE-2024-36894,CVE-2024-36895,CVE-2024-36896,CVE-2024-36897,CVE-2024-36898,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36903,CVE-2024-36904,CVE-2024-36906,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36918,CVE-2024-36919,C
 VE-2024-36921,CVE-2024-36922,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36928,CVE-2024-36930,CVE-2024-36931,CVE-2024-36934,CVE-2024-36935,CVE-2024-36936,CVE-2024-36937,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36945,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36952,CVE-2024-36955,CVE-2024-36957,CVE-2024-36959,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36974,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024
 -38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-38575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38604,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38659,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39276,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,
 CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE-2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091
This update for agama-products, agama-web-ui, agama, rubygem-agama-yast fixes the following issues:

Changes in agama-web-ui:

- Use the JavaScript/TypeScript parser to extract strings for
  translation
- Preserve installer options values after successful submission
  (bsc#1249636).
- Fixed the check about which DASDs can be formatted (bsc#1243795).

Changes in agama:

- Do not log errors when retrieving NetworkManager secrets to prevent
  leaking them (bsc#1251898).

Changes in rubygem-agama-yast:

- Fixed an error in the calculation of partitions when several
  MD RAIDs are created (bsc#1253145).


-----------------------------------------------------------------
Advisory ID: 16
Released:    Thu Nov 13 20:37:21 2025
Summary:     Recommended update for az-cli-cmd
Type:        recommended
Severity:    important
References:  1252390,1253140
This update for az-cli-cmd fixes the following issues:

Changes in az-cli-cmd:

Version 1.37.0:

  - Drop dependencies that do not appear needed. Not referenced in the
    sources of azure-cli upstream. (bsc#1253140)
  - Change the deriviation chain by adding the az-sdk container as a base

- Remove the executable script if it exists prior to generation of
  a new wrapper by flake-ctl. Otherwise flake-ctl complains about the
  existence of the script and we get an error during package update.

- Disable security context for shared volume
  For sharing the home directory with the container the
  security context needs to be disabled to allow this
  shared mount. For details about this setting as well
  as approval on the approach please visit bsc#1252390

-----------------------------------------------------------------
Advisory ID: 18
Released:    Fri Nov 14 19:18:17 2025
Summary:     Recommended update for scanner-databases
Type:        recommended
Severity:    moderate
References:  1221399,CVE-2024-28182
This update for scanner-databases fixes the following issues:

initial shipment.

-----------------------------------------------------------------
Advisory ID: 29
Released:    Wed Nov 19 10:37:50 2025
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1188441,1220724,1221239,1249584,CVE-2025-59375
This update for expat fixes the following issues:

- CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)

-----------------------------------------------------------------
Advisory ID: 24
Released:    Wed Nov 19 10:40:24 2025
Summary:     Security update for libxslt
Type:        security
Severity:    important
References:  1199079,1220356,1227525,1250553,1251979,CVE-2025-10911,CVE-2025-11731
This update for libxslt fixes the following issues:

Changes in libxslt:

- CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979)
- CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553)

-----------------------------------------------------------------
Advisory ID: 27
Released:    Wed Nov 19 10:41:40 2025
Summary:     Recommended update for wpa_supplicant
Type:        recommended
Severity:    moderate
References:  1224044,CVE-2024-34397
This update for wpa_supplicant fixes the following issues:

- Build wpa_gui with qt6 instead of obsolete qt5
- Update build config:
  * Enable 802.11ax support

-----------------------------------------------------------------
Advisory ID: 26
Released:    Wed Nov 19 10:43:19 2025
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1229339,1238848
This update for dracut fixes the following issues:

- Additional fixes for PXE boot with filled-in NBFT (bsc#1238848):
    * fix (74nvmf): make sure autoconnect script is run at least once
    * fix (74nvmf): only set netroot if it's yet empty

-----------------------------------------------------------------
Advisory ID: 32
Released:    Wed Nov 19 10:50:34 2025
Summary:     Recommended update for autofs
Type:        recommended
Severity:    important
References:  1221482,1221940,1222992,1223423,1223424,1223425,1228041,1250091,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602
This update for autofs fixes the following issues:

Changes in autofs:

- Modified NetworkManager-autofs: (bsc#1250091)
  * don't reload autofs.service on loopback interface changes
  * add --no-block option to request asynchronous behavior

-----------------------------------------------------------------
Advisory ID: 33
Released:    Wed Nov 19 11:14:36 2025
Summary:     Security update for ongres-scram
Type:        security
Severity:    important
References:  1208690,1226412,1226529,1250399,CVE-2025-59432
This update for ongres-scram fixes the following issues:

- CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399)

-----------------------------------------------------------------
Advisory ID: 44
Released:    Thu Nov 20 14:59:55 2025
Summary:     Recommended update for nvidia-open-driver-G06-signed
Type:        recommended
Severity:    moderate
References:  1221289,1229930,1229931,1229932,1249235,1249814,1250536,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
This update for nvidia-open-driver-G06-signed fixes the following issues:

Changes in nvidia-open-driver-G06-signed:

Update CUDA variant to 580.95.05.

Update to version 580.95.05 (boo#1250536).

Update non-CUDA variant to 580.82.07 (boo#1249235).

Update CUDA variant to 580.82.07.

-----------------------------------------------------------------
Advisory ID: 45
Released:    Thu Nov 20 17:06:27 2025
Summary:     Recommended update for wsl-firstboot
Type:        recommended
Severity:    moderate
References:  1224282,CVE-2024-34459
This update for wsl-firstboot fixes the following issues:

Update to version 1.5.9+git20251110.c1fca4e:

  * Adding Leap/TW check to modules/registration
  * Changing date tag for modules/switch

Update to version 1.5.8+git20251110.828658c:

  * Adding 'or' for when ID == opensuse-tumbleweed so that wsl-config doesn't
    list 'switch' as an option in TW as well

Update to version 1.5.7+git20251108.7a67d02:

  * Adding a check for ID since we have Leap/SLE 16.0
    - Also will 'continue' when ID == opensuse-leap so that wsl-config
      doesn't list 'switch' as an option in Leap

Update to version 1.5.6+git20251104.86be8d4:

  * Adding 'sleep and clear' to sbin/wsl-firstboot
  * Adding skip check for SLE16.0 to modules/switch
  * Removing ability to skip initual user creation

-----------------------------------------------------------------
Advisory ID: 50
Released:    Tue Nov 25 08:35:00 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1215199,1218644,1230020,1230034,1230062,1234634,1234693,1234863,1235953,1236897,1237108,1237131,1237542,1237776,1238972,1239206,1240324,1240696,1240966,1240998,1241166,1241353,1241403,1241435,1242034,1242086,1242414,1242782,1242864,1242965,1242995,1243000,1243055,1243068,1243100,1243112,1243774,1244309,1244723,1244734,1244749,1244792,1244812,1244930,1244939,1245000,1245151,1245193,1245206,1245216,1245260,1245410,1245457,1245504,1245506,1245508,1245510,1245596,1245621,1245630,1245654,1245657,1245658,1245659,1245663,1245664,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245678,1245683,1245684,1245686,1245688,1245690,1245691,1245695,1245700,1245703,1245705,1245710,1245711,1245713,1245714,1245715,1245717,1245719,1245721,1245723,1245726,1245728,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245751,1245757,1245763,1245765,1245767,1245769,1245777,1245780,1245781,1245784,1245785,1245787,1245812,1245814,1245815,1245937,1
 245945,1245952,1245955,1245956,1245963,1245966,1245970,1245973,1245976,1245977,1245986,1246000,1246002,1246005,1246008,1246012,1246022,1246023,1246031,1246034,1246037,1246041,1246042,1246047,1246049,1246050,1246053,1246054,1246055,1246057,1246098,1246109,1246125,1246166,1246171,1246176,1246181,1246183,1246185,1246186,1246188,1246190,1246192,1246193,1246195,1246220,1246234,1246236,1246240,1246243,1246244,1246245,1246246,1246248,1246250,1246252,1246253,1246255,1246258,1246259,1246260,1246262,1246266,1246268,1246283,1246285,1246286,1246287,1246290,1246292,1246293,1246295,1246297,1246333,1246334,1246337,1246342,1246349,1246351,1246353,1246354,1246358,1246364,1246366,1246370,1246375,1246376,1246385,1246386,1246387,1246438,1246443,1246444,1246447,1246450,1246453,1246473,1246490,1246509,1246547,1246631,1246651,1246688,1246777,1246781,1246782,1246868,1246896,1246911,1246979,1247018,1247020,1247022,1247023,1247024,1247027,1247028,1247031,1247033,1247035,1247061,1247062,1247064,1247076,124707
 8,1247079,1247088,1247089,1247091,1247097,1247098,1247099,1247101,1247102,1247103,1247104,1247112,1247113,1247116,1247118,1247119,1247123,1247125,1247126,1247128,1247130,1247131,1247132,1247136,1247137,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247152,1247153,1247154,1247155,1247156,1247157,1247160,1247162,1247163,1247164,1247167,1247169,1247170,1247171,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247220,1247223,1247227,1247229,1247231,1247233,1247234,1247235,1247236,1247238,1247239,1247241,1247243,1247250,1247251,1247252,1247253,1247255,1247262,1247265,1247270,1247271,1247273,1247274,1247276,1247277,1247278,1247279,1247280,1247282,1247283,1247284,1247285,1247288,1247289,1247290,1247293,1247308,1247311,1247313,1247314,1247317,1247325,1247347,1247348,1247349,1247366,1247372,1247376,1247426,1247437,1247442,1247483,1247500,1247712,1247837,1247838,1247935,1247936,1247949,1247950,1247963,1247976,1248088,1248111,1248121,1248183,1248186,1248190,124
 8192,1248194,1248198,1248199,1248200,1248202,1248205,1248211,1248223,1248224,1248225,1248230,1248235,1248255,1248296,1248297,1248299,1248302,1248304,1248306,1248312,1248333,1248334,1248337,1248338,1248340,1248341,1248343,1248345,1248349,1248350,1248354,1248355,1248357,1248359,1248361,1248363,1248365,1248367,1248368,1248374,1248377,1248378,1248380,1248386,1248390,1248392,1248395,1248396,1248399,1248401,1248511,1248512,1248573,1248575,1248577,1248609,1248610,1248616,1248617,1248619,1248621,1248622,1248624,1248627,1248628,1248634,1248635,1248639,1248643,1248647,1248648,1248652,1248655,1248662,1248664,1248666,1248669,1248674,1248681,1248727,1248728,1248748,1248754,1248775,1249022,1249038,1249060,1249061,1249062,1249064,1249065,1249066,1249126,1249143,1249156,1249159,1249160,1249163,1249164,1249166,1249167,1249169,1249170,1249172,1249176,1249177,1249182,1249186,1249190,1249193,1249195,1249199,1249201,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249258,1249262,1249263,
 1249265,1249266,1249269,1249271,1249272,1249273,1249274,1249278,1249279,1249281,1249282,1249284,1249285,1249286,1249288,1249290,1249292,1249295,1249296,1249297,1249299,1249300,1249301,1249303,1249304,1249305,1249306,1249308,1249309,1249312,1249313,1249314,1249315,1249316,1249318,1249319,1249320,1249321,1249322,1249323,1249324,1249333,1249334,1249338,1249346,1249374,1249413,1249477,1249478,1249479,1249486,1249490,1249494,1249500,1249504,1249506,1249508,1249509,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249547,1249548,1249550,1249552,1249554,1249562,1249566,1249587,1249598,1249604,1249608,1249615,1249618,1249774,1249833,1249887,1249888,1249901,1249904,1249906,1249915,1249974,1249975,1250002,1250007,1250021,1250025,1250028,1250032,1250087,1250088,1250119,1250123,1250124,1250177,1250179,1250203,1250204,1250205,1250237,1250242,1250247,1250249,1250251,1250258,1250262,1250266,1250267,1250268,1250275,1250276,1250281,1250291,12502
 92,1250294,1250296,1250297,1250298,1250334,1250344,1250365,1250371,1250377,1250386,1250389,1250398,1250402,1250406,1250407,1250408,1250450,1250491,1250519,1250522,1250650,1250655,1250671,1250702,1250711,1250712,1250713,1250716,1250719,1250722,1250729,1250736,1250737,1250739,1250741,1250742,1250758,1250952,1251100,1251114,1251134,1251135,1251143,1251146,1251186,1251216,1251230,1251810,1252084,CVE-2023-7256,CVE-2024-53164,CVE-2024-57891,CVE-2024-57951,CVE-2024-57952,CVE-2024-58090,CVE-2024-8006,CVE-2025-22034,CVE-2025-22077,CVE-2025-23141,CVE-2025-37798,CVE-2025-37821,CVE-2025-37849,CVE-2025-37856,CVE-2025-37861,CVE-2025-37864,CVE-2025-38006,CVE-2025-38008,CVE-2025-38019,CVE-2025-38034,CVE-2025-38038,CVE-2025-38052,CVE-2025-38058,CVE-2025-38062,CVE-2025-38075,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38091,CVE-2025-38095,CVE-2025-38096,CVE-2025-38098,CVE-2025-38099,CVE-2025-38101,CVE-2025-38102,CVE-2025-38103,CVE-2025-38106,CVE-2025-38107,CVE-2025-38108,CVE-
 2025-38109,CVE-2025-38110,CVE-2025-38111,CVE-2025-38112,CVE-2025-38113,CVE-2025-38114,CVE-2025-38117,CVE-2025-38118,CVE-2025-38119,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-38124,CVE-2025-38125,CVE-2025-38127,CVE-2025-38128,CVE-2025-38129,CVE-2025-38134,CVE-2025-38135,CVE-2025-38136,CVE-2025-38137,CVE-2025-38138,CVE-2025-38140,CVE-2025-38141,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38146,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38156,CVE-2025-38157,CVE-2025-38159,CVE-2025-38160,CVE-2025-38161,CVE-2025-38165,CVE-2025-38168,CVE-2025-38169,CVE-2025-38170,CVE-2025-38172,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38184,CVE-2025-38185,CVE-2025-38186,CVE-2025-38188,CVE-2025-38189,CVE-2025-38190,CVE-2025-38193,CVE-2025-38197,CVE-2025-38198,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38209,CVE-2025-38211,CVE-2025-38213,CVE-2025-38214,CVE-2025-38
 215,CVE-2025-38216,CVE-2025-38217,CVE-2025-38220,CVE-2025-38222,CVE-2025-38224,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38228,CVE-2025-38229,CVE-2025-38231,CVE-2025-38232,CVE-2025-38233,CVE-2025-38234,CVE-2025-38242,CVE-2025-38244,CVE-2025-38245,CVE-2025-38246,CVE-2025-38249,CVE-2025-38251,CVE-2025-38253,CVE-2025-38255,CVE-2025-38256,CVE-2025-38257,CVE-2025-38258,CVE-2025-38259,CVE-2025-38263,CVE-2025-38264,CVE-2025-38265,CVE-2025-38267,CVE-2025-38268,CVE-2025-38270,CVE-2025-38272,CVE-2025-38273,CVE-2025-38274,CVE-2025-38275,CVE-2025-38277,CVE-2025-38278,CVE-2025-38286,CVE-2025-38287,CVE-2025-38288,CVE-2025-38289,CVE-2025-38290,CVE-2025-38291,CVE-2025-38292,CVE-2025-38293,CVE-2025-38299,CVE-2025-38300,CVE-2025-38301,CVE-2025-38302,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38306,CVE-2025-38307,CVE-2025-38311,CVE-2025-38312,CVE-2025-38313,CVE-2025-38315,CVE-2025-38317,CVE-2025-38318,CVE-2025-38319,CVE-2025-38322,CVE-2025-38323,CVE-2025-38326,CVE-2025-38332,CVE
 -2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CVE-2025-38339,CVE-2025-38341,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38351,CVE-2025-38352,CVE-2025-38353,CVE-2025-38354,CVE-2025-38355,CVE-2025-38356,CVE-2025-38359,CVE-2025-38360,CVE-2025-38361,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38368,CVE-2025-38369,CVE-2025-38371,CVE-2025-38372,CVE-2025-38373,CVE-2025-38374,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38381,CVE-2025-38382,CVE-2025-38383,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38390,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38397,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38402,CVE-2025-38403,CVE-2025-38404,CVE-2025-38405,CVE-2025-38406,CVE-2025-38408,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38413,CVE-2025-38414,CVE-2025-38415,CVE-2025-3
 8416,CVE-2025-38417,CVE-2025-38418,CVE-2025-38419,CVE-2025-38420,CVE-2025-38421,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38427,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38438,CVE-2025-38439,CVE-2025-38440,CVE-2025-38441,CVE-2025-38443,CVE-2025-38444,CVE-2025-38445,CVE-2025-38446,CVE-2025-38448,CVE-2025-38449,CVE-2025-38450,CVE-2025-38451,CVE-2025-38453,CVE-2025-38454,CVE-2025-38455,CVE-2025-38456,CVE-2025-38457,CVE-2025-38458,CVE-2025-38459,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38464,CVE-2025-38465,CVE-2025-38466,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38472,CVE-2025-38473,CVE-2025-38474,CVE-2025-38475,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38484,CVE-2025-38485,CVE-2025-38487,CVE-2025-38488,CVE-2025-38489,CVE-2025-38490,CVE-2025-38491,CVE-2025-38493,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38499,CV
 E-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38508,CVE-2025-38514,CVE-2025-38524,CVE-2025-38526,CVE-2025-38527,CVE-2025-38528,CVE-2025-38531,CVE-2025-38533,CVE-2025-38539,CVE-2025-38544,CVE-2025-38545,CVE-2025-38546,CVE-2025-38549,CVE-2025-38552,CVE-2025-38553,CVE-2025-38554,CVE-2025-38555,CVE-2025-38556,CVE-2025-38557,CVE-2025-38559,CVE-2025-38560,CVE-2025-38563,CVE-2025-38564,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2025-38571,CVE-2025-38572,CVE-2025-38573,CVE-2025-38574,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,CVE-2025-38584,CVE-2025-38585,CVE-2025-38586,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38605,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38614,CVE-2025-38616,CVE-2025-38617,CVE-2025-38618,CVE-2025-38619,CVE-2025-38621,CVE-2025-38622,CVE-2025-38623,CVE-2025-38624,CVE-2025-38628,CVE-2025-38630,CVE-2025-38631,CVE-2025-
 38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38644,CVE-2025-38646,CVE-2025-38648,CVE-2025-38656,CVE-2025-38658,CVE-2025-38659,CVE-2025-38660,CVE-2025-38662,CVE-2025-38664,CVE-2025-38665,CVE-2025-38668,CVE-2025-38670,CVE-2025-38671,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38686,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38700,CVE-2025-38701,CVE-2025-38702,CVE-2025-38703,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38710,CVE-2025-38717,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38733,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39673,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39683,CVE-2025-39684,CVE-2025-39685,CVE-2025-39686,CVE-2025-39687,C
 VE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39695,CVE-2025-39697,CVE-2025-39698,CVE-2025-39700,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39707,CVE-2025-39709,CVE-2025-39710,CVE-2025-39711,CVE-2025-39712,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39722,CVE-2025-39723,CVE-2025-39724,CVE-2025-39726,CVE-2025-39727,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39744,CVE-2025-39746,CVE-2025-39747,CVE-2025-39748,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39765,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39775,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39788,CVE-2025-39790,CVE-2025-39791,CVE-2025-39792,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39807,CVE-2025-39808,CVE-2025
 -39810,CVE-2025-39811,CVE-2025-39813,CVE-2025-39816,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39828,CVE-2025-39830,CVE-2025-39832,CVE-2025-39833,CVE-2025-39834,CVE-2025-39835,CVE-2025-39836,CVE-2025-39838,CVE-2025-39839,CVE-2025-39841,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39851,CVE-2025-39852,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39875,CVE-2025-39877,CVE-2025-39882,CVE-2025-39884,CVE-2025-39885,CVE-2025-39889,CVE-2025-39890,CVE-2025-39891,CVE-2025-39896,CVE-2025-39898,CVE-2025-39899,CVE-2025-39900,CVE-2025-39902,CVE-2025-39907,CVE-2025-39909,CVE-2025-39916,CVE-2025-39918,CVE-2025-39922,CVE-2025-39923,CVE-2025-39925,CVE-2025-39926,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,
 CVE-2025-39952,CVE-2025-39957,CVE-2025-40300


The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).
- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).
- CVE-2024-57952: Revert 'libfs: fix infinite directory reads for offset dir' (bsc#1237131).
- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).
- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).
- CVE-2025-22077: Revert 'smb: client: fix TCP timers deadlock after rmmod' (bsc#1241403).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864).
- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185).
- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).
- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).
- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).
- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).
- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).
- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).
- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).
- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).
- CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137).
- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when
  rproc_handle_resources() fails in rproc_attach() (bsc#1247136).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).
- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).
- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).
- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).
- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).
- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).
- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299).
- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).
- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).
- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).
- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).
- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).
- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).
- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156).
- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).
- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).
- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).
- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).
- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).
- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).
- CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533).
- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).
- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).
- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).
- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).
- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).
- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).
- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).
- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).
- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).
- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).
- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).
- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).
- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).
- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).
- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).
- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).
- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).

The following non-security bugs were fixed:

- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).
- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).
- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).
- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- ACPICA: Fix largest possible resource descriptor index (git-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).
- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: lx_core: use int type to store negative error codes (git-fixes).
- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: timer: fix ida_free call while not allocated (git-fixes).
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).
- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).
- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).
- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).
- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).
- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).
- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).
- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).
- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).
- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Disable CET before shutdown by tboot (bsc#1247950).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation/x86: Document new attack vector controls (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: KVM: Fix unexpected unindent warning (git-fixes).
- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Drop ath12k patch that was reverted in the upstream (git-fixes)
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone
  using CMA or investigating CMA issues, with a small and simple code base
  and no runtime overhead.
- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).
- Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself.
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).
- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).
- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).
- HID: asus: add support for missing PX series fn keys (stable-fixes).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).
- HID: hidraw: tighten ioctl command parsing (git-fixes).
- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).
- HID: input: report battery status changes immediately (git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).
- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).
- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).
- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).
- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).
- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).
- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).
- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).
- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).
- KVM: TDX: Do not report base TDVMCALLs (git-fixes).
- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).
- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).
- KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302).
- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).
- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).
- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).
- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).
- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).
- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).
- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes).
- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).
- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).
- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move upstreamed SPI patch into sorted section
- NFS: Fix a race when updating an existing write (git-fixes).
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).
- NFSv4: Do not clear capabilities that won't be reset (git-fixes).
- Octeontx2-af: Skip overlap check for SPI field (git-fixes).
- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI/pwrctrl: Fix device leak at registration (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).
- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).
- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes).
- PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).
- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).
- PCI: rcar-gen4: Fix PHY initialization (git-fixes).
- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes).
- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- PM / devfreq: Fix a index typo in trans_stat (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).
- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).
- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).
- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mana_ib: Add device statistics support (bsc#1246651).
- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).
- RDMA/mana_ib: Extend modify QP (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- README.BRANCH: mfranc at suse.cz leaving SUSE
- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Reapply 'x86/smp: Eliminate mwait_play_dead_cpuid_hint()' (jsc#PED-13815).
- Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes).
- Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes).
- Revert 'drm/nouveau: check ioctl command codes better' (git-fixes).
- Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes).
- Revert 'leds: trigger: netdev: Configure LED blink interval for HW offload' (git-fixes).
- Revert 'mac80211: Dynamically set CoDel parameters per station' (stable-fixes).
- Revert 'usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- Revert 'wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO' (git-fixes).
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- Squashfs: add additional inode sanity checking (git-fixes).
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).
- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- Update config files: revive pwc driver for Leap (bsc#1249060)
- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).
- accel/ivpu: Correct DCT interrupt handling (git-fixes).
- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).
- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).
- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).
- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)
- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)
- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)
- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes)
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)
- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: add big-endian property back into watchdog node (git-fixes)
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)
- arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes)
- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)
- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)
- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)
- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)
- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)
- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)
- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)
- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- arm64: dts: st: fix timer used for ticks (git-fixes)
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- arm64: map [_text, _stext) virtual address range (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- arm64: poe: Handle spurious Overlay faults (git-fixes)
- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)
- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)
- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)
- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)
- ata: ahci: Disable DIPM if host lacks support (stable-fixes).
- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).
- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).
- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode (git-fixes).
- benet: fix BUG when creating VFs (git-fixes).
- block: Introduce bio_needs_zone_write_plugging() (git-fixes).
- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).
- block: ensure discard_granularity is zero when discard is not supported (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- block: sanitize chunk_sectors for atomic write limits (git-fixes).
- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).
- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).
- bnxt_en: Fix DCB ETS validation (git-fixes).
- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).
- bnxt_en: Fix stats context reservation logic (git-fixes).
- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).
- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).
- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).
- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)
- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)
- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).
- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).
- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).
- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).
- bpf: Forget ranges when refining tnum after JSET (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).
- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).
- bpf: Reject narrower access to pointer ctx fields (git-fixes).
- bpf: Return prog btf_id without capable check (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).
- bpf: fix possible endless loop in BPF map iteration (git-fixes).
- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).
- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).
- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).
- btrfs: add debug build only WARN (bsc#1249038).
- btrfs: add function comment for check_committed_ref() (git-fixes).
- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).
- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).
- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).
- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).
- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).
- btrfs: codify pattern for adding block_group to bg_list (git-fixes).
- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).
- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).
- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).
- btrfs: exit after state split error at set_extent_bit() (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).
- btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).
- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).
- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).
- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).
- btrfs: fix squota compressed stats leak (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).
- btrfs: fix the inode leak in btrfs_iget() (git-fixes).
- btrfs: fix two misuses of folio_shift() (git-fixes).
- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).
- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).
- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).
- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).
- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).
- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).
- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).
- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).
- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).
- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).
- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).
- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).
- btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes).
- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).
- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).
- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).
- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).
- btrfs: remove redundant path release when replaying a log tree (git-fixes).
- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).
- btrfs: restore mount option info messages during mount (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: return any hit error from extent_writepage_io() (git-fixes).
- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).
- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).
- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).
- btrfs: simplify error detection flow during log replay (git-fixes).
- btrfs: simplify return logic at check_committed_ref() (git-fixes).
- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).
- btrfs: unfold transaction aborts when replaying log trees (git-fixes).
- btrfs: unify ordering of btrfs_key initializations (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- btrfs: use filemap_get_folio() helper (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).
- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).
- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).
- build_bug.h: Add KABI assert (bsc#1249186).
- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).
- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes).
- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).
- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).
- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: at91: sam9x7: update pll clk ranges (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).
- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).
- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).
- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).
- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).
- clk: samsung: exynos850: fix a comment (git-fixes).
- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).
- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- config.sh: SLFO 1.2 branched in IBS
- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cpu: Define attack vectors (git-fixes).
- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).
- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).
- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)
- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).
- cpufreq: Exit governor when failed to start old governor (stable-fixes).
- cpufreq: Init policy->rwsem before it may be possibly used (git-fixes).
- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).
- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).
- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).
- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).
- cpufreq: armada-8k: make both cpu masks static (git-fixes).
- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes).
- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).
- cpufreq: mediatek: fix device leak on probe failure (git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).
- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes).
- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).
- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- devlink: Add support for u64 parameters (jsc#PED-13331).
- devlink: avoid param type value translations (jsc#PED-13331).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).
- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).
- dm-mpath: do not print the 'loaded' message if registering fails (git-fixes).
- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).
- dm-table: fix checking for rq stackable devices (git-fixes).
- dm: Check for forbidden splitting of zone write operations (git-fixes).
- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).
- docs: admin-guide: update to current minimum pipe size default (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).
- dpll: Make ZL3073X invisible (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).
- dpll: zl3073x: Fix build failure (jsc#PED-13331).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/base/node: fix double free in register_one_node() (git-fixes).
- drivers/base/node: handle error properly in register_one_node() (git-fixes).
- drivers: base: handle module_kobject creation (git-fixes).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).
- drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).
- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Fix mismatch type comparison (stable-fixes).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).
- drm/amd/display: Initialize mode_select to 0 (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/display: remove output_tf_change flag (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).
- drm/amd/pm: fix null pointer access (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).
- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).
- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).
- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).
- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).
- drm/amdgpu/swm14: Update power limit logic (stable-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).
- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).
- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).
- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).
- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).
- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: fix vram reservation issue (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).
- drm/bridge: fix OF node leak (git-fixes).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- drm/cirrus-qemu: Fix pitch programming (git-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).
- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).
- drm/gem: Internally test import_attach for imported objects (git-fixes).
- drm/gem: Test for imported GEM buffers with helper (stable-fixes).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).
- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).
- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).
- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).
- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).
- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).
- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).
- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).
- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).
- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).
- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).
- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).
- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: update the high bitfield of certain DSI registers (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).
- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).
- drm/panthor: validate group queue count (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/simpledrm: Do not upcast in release helpers (git-fixes).
- drm/tests: Fix endian warning (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/xe/bmg: Add new PCI IDs (stable-fixes).
- drm/xe/bmg: Add one additional PCI ID (stable-fixes).
- drm/xe/bmg: Update Wa_22019338487 (git-fixes).
- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).
- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/tile: Release kobject for the failure path (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/uapi: loosen used tracking restriction (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).
- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).
- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).
- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).
- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).
- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).
- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).
- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).
- drm/xe: Move page fault init after topology init (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).
- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).
- e1000e: ignore uninitialized checksum word on tgp (git-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- erofs: avoid reading more for fragment maps (git-fixes).
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).
- fbcon: Fix OOB access in font allocation (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- fbdev: Fix logic error in 'offb' name match (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).
- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).
- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).
- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).
- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).
- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).
- firmware: firmware: meson-sm: fix compile-test default (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- firmware: tegra: Fix IVC dependency problems (stable-fixes).
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes).
- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450
- ftrace: Fix function profiler's filtering functionality (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).
- gfs2: Clean up delete work processing (bsc#1247220).
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).
- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).
- gfs2: Minor delete_work_func cleanup (bsc#1247220).
- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).
- gfs2: Prevent inode creation race (2) (bsc#1247220).
- gfs2: Prevent inode creation race (bsc#1247220).
- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220).
- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).
- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).
- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).
- gfs2: Update to the evict / remote delete documentation (bsc#1247220).
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).
- gfs2: gfs2_evict_inode clarification (bsc#1247220).
- gfs2: minor evict fix (bsc#1247220).
- gfs2: skip if we cannot defer delete (bsc#1247220).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).
- gve: Fix stuck TX queue for DQ queue format (git-fixes).
- gve: prevent ethtool ops after shutdown (git-fixes).
- habanalabs: fix UAF in export_dmabuf() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- hv_netvsc: Link queues to NAPIs (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i2c: designware: Add disabling clocks when probe fails (git-fixes).
- i2c: designware: Add quirk for Intel Xe (stable-fixes).
- i2c: designware: Fix clock issue when PM is disabled (git-fixes).
- i2c: designware: Use temporary variable for struct device (stable-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).
- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).
- i2c: omap: Add support for setting mux (stable-fixes).
- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).
- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).
- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i3c: add missing include to internal header (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- i3c: master: svc: Use manual response for IBI events (git-fixes).
- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).
- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice/ptp: fix crosstimestamp reporting (git-fixes).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).
- ice: check correct pointer in fwlog debugfs (git-fixes).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).
- ice: fix incorrect counter for buffer allocation failures (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- ice: use fixed adapter index for E825C embedded devices (git-fixes).
- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).
- idpf: add cross timestamping (jsc#PED-13728).
- idpf: add flow steering support (jsc#PED-13728).
- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).
- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).
- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).
- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).
- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).
- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).
- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).
- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).
- idpf: improve when to set RE bit logic (jsc#PED-13728).
- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).
- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).
- idpf: preserve coalescing settings across resets (jsc#PED-13728).
- idpf: remove obsolete stashing code (jsc#PED-13728).
- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).
- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).
- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).
- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).
- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).
- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).
- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).
- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).
- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).
- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).
- iio/adc/pac1934: fix channel disable configuration (git-fixes).
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).
- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).
- iio: adc: ad7173: fix setting ODR in probe (git-fixes).
- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).
- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).
- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).
- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5360: use int type to store negative error codes (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes (git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).
- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).
- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).
- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).
- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).
- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).
- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.
- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).
- iommu/amd: Fix alias device DTE setting (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes).
- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- iommu: Handle race with default domain setup (git-fixes).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).
- ixgbe: prevent from unwanted interface name changes (git-fixes).
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).
- kABI fix after Add TDX support for vSphere (jsc#PED-13302).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).
- kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121).
- kABI workaround for amd_sfh (git-fixes).
- kABI workaround for drm_gem.h (git-fixes).
- kABI workaround for struct mtk_base_afe changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).
- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).
- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).
- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kabi: Restore layout of parallel_data (bsc1248343).
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).
- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- kbuild: rust: add rustc-min-version support function (git-fixes)
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).
- kernel: param: rename locate_module_kobject (stable-fixes).
- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).
- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).
- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).
- livepatch: Add stack_order sysfs attribute (poo#187320).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).
- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).
- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).
- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).
- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).
- maple_tree: fix status setup on restore to active (git-fixes).
- maple_tree: fix testing for 32 bit builds (git-fixes).
- mctp: no longer rely on net->dev_index_head (git-fixes).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).
- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in
  w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: Fix reset GPIO timings (stable-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).
- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).
- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).
- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).
- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).
- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).
- media: uvcvideo: Rollback non processed entities on error (git-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: Fix MSM8998 frequency table (git-fixes).
- media: venus: Fix OOB read due to missing payload bound check (git-fixes).
- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix 'BUG: Invalid wait context' lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).
- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).
- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).
- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).
- microchip: lan865x: Fix module autoloading (git-fixes).
- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).
- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes).
- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).
- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).
- mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes).
- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).
- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).
- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).
- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).
- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).
- mm: close theoretical race where stale TLB entries could linger (git-fixes).
- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).
- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).
- mm: move page table sync declarations to linux/pgtable.h (git-fixes).
- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).
- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).
- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).
- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fix spurious wake-up on under memory pressure (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).
- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).
- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).
- net/mlx5: CT: Use the correct counter offset (git-fixes).
- net/mlx5: Check device memory pointer before usage (git-fixes).
- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).
- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).
- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).
- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).
- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).
- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).
- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).
- net/mlx5: Nack sync reset when SFs are present (git-fixes).
- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).
- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).
- net/mlx5e: Add new prio for promiscuous mode (git-fixes).
- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).
- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).
- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).
- net/mlx5e: Set local Xoff after FW update (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).
- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).
- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).
- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).
- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).
- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).
- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).
- net: llc: reset skb->transport_header (git-fixes).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).
- net: mana: Add support for net_shaper_ops (bsc#1245726).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).
- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).
- net: mana: Handle unsupported HWC commands (bsc#1245726).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).
- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).
- net: nfc: nci: Add parameter validation for packet data (git-fixes).
- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).
- net: phy: bcm54811: PHY initialization (stable-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount (git-fixes).
- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).
- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).
- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).
- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).
- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).
- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).
- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).
- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).
- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).
- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).
- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).
- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).
- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-13331).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).
- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).
- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).
- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).
- nvme-auth: update bi_directional flag (git-fixes).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-pci: try function level reset on init failure (git-fixes).
- nvme-tcp: log TLS handshake failures at error level (git-fixes).
- nvme-tcp: send only permitted commands for secure concat (git-fixes).
- nvme: fix PI insert on write (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- nvmet: exit debugfs after discovery subsystem exits (git-fixes).
- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).
- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).
- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).
- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).
- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).
- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).
- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).
- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).
- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).
- of: unittest: Unlock on error in unittest_data_add() (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- percpu: fix race on alloc failed warning limit (git-fixes).
- perf bpf-event: Fix use-after-free in synthesis (git-fixes).
- perf bpf-utils: Constify bpil_array_desc (git-fixes).
- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).
- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).
- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).
- perf parse-events: Set default GH modifier properly (git-fixes).
- perf record: Cache build-ID of hit DSOs only (git-fixes).
- perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes).
- perf sched: Fix memory leaks in 'perf sched latency' (git-fixes).
- perf sched: Fix memory leaks in 'perf sched map' (git-fixes).
- perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes).
- perf sched: Free thread->priv using priv_destructor (git-fixes).
- perf sched: Make sure it frees the usage string (git-fixes).
- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).
- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).
- perf test: Fix a build error in x86 topdown test (git-fixes).
- perf tests bp_account: Fix leaked file descriptor (git-fixes).
- perf tools: Remove libtraceevent in .gitignore (git-fixes).
- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).
- perf trace: Remove --map-dump documentation (git-fixes).
- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: mscc: Fix timestamping for vsc8584 (git-fixes).
- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).
- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes).
- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).
- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).
- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: renesas: Use int type to store negative error codes (git-fixes).
- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).
- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).
- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).
- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).
- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).
- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).
- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- power: supply: max77976_charger: fix constant current reporting (git-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- pptp: fix pptp_xmit() error path (git-fixes).
- printk: nbcon: Allow reacquire during panic (bsc#1246688).
- psample: adjust size if rate_as_probability is set (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).
- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).
- r8169: add support for RTL8125D (stable-fixes).
- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).
- r8169: do not scan PHY addresses > 0 (stable-fixes).
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: scmi: Use int type to store negative error codes (git-fixes).
- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- reset: eyeq: fix OF node leak (git-fixes).
- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).
- resource: fix false warning in __request_region() (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- ring-buffer: Make reading page consistent with the code logic (git-fixes).
- rpm/config.sh: SLFO 1.2 is now synced to OBS as well
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).
- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).
- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).
- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).
- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).
- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).
- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).
- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).
- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).
- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- samples: mei: Fix building on musl libc (git-fixes).
- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).
- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).
- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).
- sched/deadline: Fix dl_server_stopped() (bsc#1247936).
- sched/deadline: Initialize dl_servers after SMP (git-fixes)
- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)
- scsi: Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).
- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).
- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).
- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).
- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).
- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).
- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).
- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).
- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).
- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).
- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).
- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).
- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).
- scsi: ufs: core: Fix error return with query response (git-fixes).
- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).
- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).
- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).
- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).
- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).
- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).
- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).
- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).
- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).
- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).
- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).
- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).
- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).
- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).
- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).
- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).
- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).
- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).
- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).
- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).
- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).
- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).
- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).
- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).
- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).
- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).
- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).
- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: ALSA: fix memory leak in utimer test (git-fixes).
- selftests: livepatch: add new ftrace helpers functions (poo#187320).
- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).
- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).
- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).
- selftests: livepatch: save and restore kprobe state (poo#187320).
- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).
- selftests: livepatch: test livepatching a kprobed function (poo#187320).
- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).
- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).
- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix netns refcount leak after net_passive changes (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).
- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).
- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).
- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).
- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).
- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).
- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).
- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).
- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).
- spi: fix return code when spi device has too many chipselects (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).
- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).
- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdc_ncm_ctx: move new member to end (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: mark hyperv_drm as external
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).
- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).
- tools/power turbostat: Fix build with musl (stable-fixes).
- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).
- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- trace/fgraph: Fix error handling (git-fixes).
- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).
- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- tracing: Switch trace.c code over to use guard() (git-fixes).
- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).
- tracing: fprobe events: Fix possible UAF on modules (git-fixes).
- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).
- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).
- tty: serial: fix print format specifiers (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).
- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: fusb302: cache PD RX state (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- use uniform permission checks for all mount propagation changes (git-fixes).
- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).
- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).
- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).
- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).
- vhost: Reintroduce kthread API and add mode selection (git-fixes).
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- virtchnl2: add flow steering support (jsc#PED-13728).
- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).
- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).
- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).
- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).
- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).
- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).
- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix group data packet drops during rekey (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath12k: fix the fetching of combined rssi (git-fixes).
- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: Remove redundant header files (git-fixes).
- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: avoid weird state in error path (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: fix linked list corruption (git-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).
- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).
- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).
- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).
- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).
- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).
- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).
- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).
- wifi: mwifiex: send world regulatory domain to driver (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).
- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).
- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).
- writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776).
- writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776).
- writeback: Avoid excessively long inode switching times (bsc#1237776).
- writeback: Avoid softlockup when switching many inodes (bsc#1237776).
- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).
- x86/Kconfig: Add arch attack vector support (git-fixes).
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- x86/boot: Sanitize boot params before parsing command line (git-fixes).
- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).
- x86/bugs: Add attack vector controls for BHI (git-fixes).
- x86/bugs: Add attack vector controls for GDS (git-fixes).
- x86/bugs: Add attack vector controls for ITS (git-fixes).
- x86/bugs: Add attack vector controls for L1TF (git-fixes).
- x86/bugs: Add attack vector controls for MDS (git-fixes).
- x86/bugs: Add attack vector controls for MMIO (git-fixes).
- x86/bugs: Add attack vector controls for RFDS (git-fixes).
- x86/bugs: Add attack vector controls for SRBDS (git-fixes).
- x86/bugs: Add attack vector controls for SRSO (git-fixes).
- x86/bugs: Add attack vector controls for SSB (git-fixes).
- x86/bugs: Add attack vector controls for TAA (git-fixes).
- x86/bugs: Add attack vector controls for TSA (git-fixes).
- x86/bugs: Add attack vector controls for retbleed (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).
- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).
- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).
- x86/bugs: Avoid warning when overriding return thunk (git-fixes).
- x86/bugs: Clean up SRSO microcode handling (git-fixes).
- x86/bugs: Define attack vectors relevant for each bug (git-fixes).
- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).
- x86/bugs: Introduce cdt_possible() (git-fixes).
- x86/bugs: Print enabled attack vectors (git-fixes).
- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).
- x86/bugs: Select best SRSO mitigation (git-fixes).
- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).
- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).
- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).
- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).
- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).
- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).
- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).
- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- x86/microcode: Consolidate the loader enablement checking (git-fixes).
- x86/microcode: Update the Intel processor flag scan check (git-fixes).
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).
- x86/mm/pat: do not collapse pages without PSE set (git-fixes).
- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes).
- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes).
- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/pti: Add attack vector controls for PTI (git-fixes).
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes).
- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).
- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).
- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).
- xfs: remove unused trace event xfs_log_cil_return (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).
- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).
- zram: permit only one post-processing operation at a time (git-fixes).

-----------------------------------------------------------------
Advisory ID: 57
Released:    Wed Nov 26 15:30:14 2025
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086
This update for curl fixes the following issues:

- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)

Other fixes:
- tool_operate: fix return code when --retry is used but not
  triggered (bsc#1249367)

-----------------------------------------------------------------
Advisory ID: 60
Released:    Wed Nov 26 15:34:50 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1221812,1227322,1229007,1233529,CVE-2024-4467,CVE-2024-7409
This update for cyrus-sasl fixes the following issues:

- Fixed Python3 error log upon importing pycurl (bsc#1233529)

-----------------------------------------------------------------
Advisory ID: 61
Released:    Wed Nov 26 16:14:24 2025
Summary:     Recommended update for libHBAAPI2
Type:        recommended
Severity:    important
References:  1012628,1193454,1194869,1205462,1208783,1213123,1214285,1215199,1220066,1220252,1220877,1221326,1221630,1221645,1221652,1221857,1222254,1222335,1222350,1222364,1222372,1222387,1222433,1222434,1222625,1222633,1222634,1222808,1222967,1222973,1223053,1223074,1223191,1223395,1223635,1223720,1223731,1223742,1223763,1223767,1223777,1223803,1224105,1224415,1224485,1224496,1224510,1224535,1224631,1224636,1224690,1224694,1224700,1224711,1225475,1225582,1225607,1225718,1225751,1225814,1225832,1225838,1225903,1226031,1226127,1226502,1226530,1226588,1226604,1226743,1226751,1226765,1226798,1226801,1226834,1226874,1226885,1226920,1227149,1227182,1227383,1227437,1227492,1227493,1227494,1227618,1227620,1227623,1227627,1227634,1227706,1227722,1227724,1227725,1227728,1227729,1227732,1227733,1227734,1227747,1227750,1227754,1227758,1227760,1227761,1227764,1227766,1227770,1227771,1227772,1227774,1227781,1227784,1227785,1227787,1227790,1227791,1227792,1227796,1227798,1227799,1227802,1227808,1
 227810,1227811,1227812,1227815,1227816,1227818,1227820,1227823,1227824,1227826,1227828,1227829,1227830,1227832,1227833,1227834,1227839,1227840,1227846,1227849,1227851,1227853,1227863,1227864,1227865,1227867,1227869,1227870,1227883,1227884,1227891,1227893,1227929,1227950,1227957,1227981,1228020,1228021,1228192,1228235,1228236,1228247,1228321,1228409,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228457,1228458,1228459,1228460,1228462,1228463,1228466,1228467,1228468,1228469,1228470,1228472,1228479,1228480,1228481,1228482,1228483,1228484,1228485,1228486,1228487,1228489,1228491,1228492,1228493,1228494,1228495,1228496,1228499,1228500,1228501,1228502,1228503,1228505,1228508,1228509,1228510,1228511,1228513,1228515,1228516,1228518,1228520,1228525,1228527,1228530,1228531,1228539,1228561,1228563,1228564,1228565,1228567,1228568,1228572,1228576,1228579,1228580,1228581,1228582,1228584,1228586,1228588,1228590,1228591,1228599,1228615,1228616,1228617,1228625,122862
 6,1228633,1228635,1228636,1228640,1228643,1228644,1228646,1228649,1228650,1228654,1228655,1228656,1228658,1228660,1228662,1228665,1228666,1228667,1228672,1228673,1228674,1228677,1228680,1228687,1228705,1228706,1228707,1228708,1228709,1228710,1228718,1228720,1228721,1228722,1228723,1228724,1228726,1228727,1228733,1228737,1228743,1228748,1228754,1228756,1228757,1228758,1228764,1228766,1228779,1228801,1228849,1228850,1228857,1228959,1228964,1228966,1228967,1228971,1228973,1228977,1228978,1228979,1228986,1228988,1228989,1228991,1228992,1229005,1229024,1229042,1229045,1229046,1229054,1229056,1229086,1229134,1229136,1229154,1229156,1229160,1229167,1229168,1229169,1229170,1229171,1229172,1229173,1229174,1229239,1229240,1229241,1229243,1229244,1229245,1229246,1229247,1229248,1229249,1229250,1229251,1229252,1229253,1229254,1229255,1229256,1229287,1229290,1229291,1229292,1229294,1229296,1229297,1229298,1229299,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229313,1229314,1229315,122
 9316,1229317,1229318,1229319,1229320,1229327,1229341,1229342,1229344,1229345,1229346,1229347,1229349,1229350,1229351,1229353,1229354,1229355,1229356,1229357,1229358,1229359,1229360,1229365,1229366,1229369,1229370,1229373,1229374,1229379,1229381,1229382,1229383,1229386,1229388,1229390,1229391,1229392,1229395,1229398,1229399,1229400,1229402,1229403,1229404,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229444,1229451,1229452,1229455,1229456,1229480,1229481,1229482,1229484,1229485,1229486,1229487,1229488,1229489,1229490,1229493,1229495,1229496,1229497,1229500,1229503,1229707,1229739,1229743,1229746,1229747,1229752,1229754,1229755,1229756,1229759,1229761,1229767,1229781,1229784,1229785,1229787,1229788,1229789,1229792,1229820,1229827,1229830,1229837,1229940,1230056,1252158,CVE-2023-52489,CVE-2023-52581,CVE-2023-52668,CVE-2023-52688,CVE-2023-52859,CVE-2023-52885,CVE-2023-52886,CVE-2023-52887,CVE-2023-52889,CVE-2024-26590,CVE-2024-26631,CVE-2024-26637,CVE-2024-26668,CVE-2024-2666
 9,CVE-2024-26677,CVE-2024-26682,CVE-2024-26683,CVE-2024-26735,CVE-2024-26808,CVE-2024-26809,CVE-2024-26812,CVE-2024-26835,CVE-2024-26837,CVE-2024-26849,CVE-2024-26851,CVE-2024-26976,CVE-2024-27010,CVE-2024-27011,CVE-2024-27024,CVE-2024-27049,CVE-2024-27050,CVE-2024-27079,CVE-2024-27403,CVE-2024-27433,CVE-2024-27437,CVE-2024-31076,CVE-2024-35855,CVE-2024-35897,CVE-2024-35902,CVE-2024-35913,CVE-2024-35939,CVE-2024-35949,CVE-2024-36270,CVE-2024-36286,CVE-2024-36288,CVE-2024-36489,CVE-2024-36881,CVE-2024-36907,CVE-2024-36929,CVE-2024-36933,CVE-2024-36939,CVE-2024-36970,CVE-2024-36979,CVE-2024-38563,CVE-2024-38609,CVE-2024-38662,CVE-2024-39476,CVE-2024-39483,CVE-2024-39484,CVE-2024-39486,CVE-2024-39488,CVE-2024-39489,CVE-2024-39491,CVE-2024-39493,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39505,CVE-2024-39506,CVE-2024-39508,CVE-2024-39509,CVE-2024-39510,CVE-2024-40899,CVE-2024-40900,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40905,CVE-2024-40909,CVE-2
 024-40910,CVE-2024-40911,CVE-2024-40912,CVE-2024-40913,CVE-2024-40916,CVE-2024-40920,CVE-2024-40921,CVE-2024-40922,CVE-2024-40924,CVE-2024-40926,CVE-2024-40927,CVE-2024-40929,CVE-2024-40930,CVE-2024-40932,CVE-2024-40934,CVE-2024-40936,CVE-2024-40938,CVE-2024-40939,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40944,CVE-2024-40945,CVE-2024-40954,CVE-2024-40956,CVE-2024-40957,CVE-2024-40958,CVE-2024-40959,CVE-2024-40962,CVE-2024-40964,CVE-2024-40967,CVE-2024-40976,CVE-2024-40977,CVE-2024-40978,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40992,CVE-2024-40994,CVE-2024-40995,CVE-2024-40997,CVE-2024-41000,CVE-2024-41001,CVE-2024-41002,CVE-2024-41004,CVE-2024-41007,CVE-2024-41009,CVE-2024-41010,CVE-2024-41012,CVE-2024-41015,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41024,CVE-2024-41025,CVE-2024-41028,CVE-2024-41032,CVE-2024-41035,CVE-2024-41036,CVE-2024-41037,CVE-2024-41038,CVE-2024-41039,CVE-2024-410
 40,CVE-2024-41041,CVE-2024-41044,CVE-2024-41045,CVE-2024-41048,CVE-2024-41049,CVE-2024-41050,CVE-2024-41051,CVE-2024-41056,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41060,CVE-2024-41061,CVE-2024-41062,CVE-2024-41063,CVE-2024-41064,CVE-2024-41065,CVE-2024-41066,CVE-2024-41068,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41073,CVE-2024-41074,CVE-2024-41075,CVE-2024-41076,CVE-2024-41078,CVE-2024-41079,CVE-2024-41080,CVE-2024-41081,CVE-2024-41084,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41094,CVE-2024-41095,CVE-2024-41096,CVE-2024-41097,CVE-2024-41098,CVE-2024-42064,CVE-2024-42069,CVE-2024-42070,CVE-2024-42073,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42079,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42093,CVE-2024-42095,CVE-2024-42096,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42105,CVE-
 2024-42106,CVE-2024-42107,CVE-2024-42109,CVE-2024-42110,CVE-2024-42113,CVE-2024-42114,CVE-2024-42115,CVE-2024-42117,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42122,CVE-2024-42124,CVE-2024-42125,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42131,CVE-2024-42132,CVE-2024-42133,CVE-2024-42136,CVE-2024-42137,CVE-2024-42138,CVE-2024-42139,CVE-2024-42141,CVE-2024-42142,CVE-2024-42143,CVE-2024-42144,CVE-2024-42145,CVE-2024-42147,CVE-2024-42148,CVE-2024-42152,CVE-2024-42153,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42159,CVE-2024-42161,CVE-2024-42162,CVE-2024-42223,CVE-2024-42224,CVE-2024-42225,CVE-2024-42226,CVE-2024-42227,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42241,CVE-2024-42244,CVE-2024-42245,CVE-2024-42246,CVE-2024-42247,CVE-2024-42250,CVE-2024-42253,CVE-2024-42259,CVE-2024-42268,CVE-2024-42269,CVE-2024-42270,CVE-2024-42271,CVE-2024-42
 274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42278,CVE-2024-42279,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42290,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42298,CVE-2024-42301,CVE-2024-42302,CVE-2024-42303,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42314,CVE-2024-42315,CVE-2024-42316,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43817,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43824,CVE-2024-43825,CVE-2024-43826,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43833,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43840,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43847,CVE-2024-43849,CVE-2024-43850,CVE-2024-43851,CVE-2024-43853,CVE-2024-43854,CVE-2024-43855,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE
 -2024-43864,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43874,CVE-2024-43875,CVE-2024-43876,CVE-2024-43877,CVE-2024-43879,CVE-2024-43880,CVE-2024-43881,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43885,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43897,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43905,CVE-2024-43906,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-43911,CVE-2024-43912,CVE-2024-44931,CVE-2024-44938,CVE-2024-44939
This update for libHBAAPI2 fixes the following issues:

- use %license tag for COPYING (bsc#1252158)

-----------------------------------------------------------------
Advisory ID: 59
Released:    Wed Nov 26 16:57:34 2025
Summary:     Recommended update for the initial kernel livepatch
Type:        recommended
Severity:    important
References:  1214980,1216198,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,1325335,1548723,1573097,1615555,1748105,1753026,1757758,1774659,1775046,1780432,1784253,1793811,1813401,1818766,1822450,1822935,1822936,1826451,1826652,1827224,1827303,1827444,1829112,1830415,1830978,1831552,1833270,1834851,1835357,1835425,1835828,1836781,1836925,1837431,1837617,1837987,1839327,1839795,1839992,1840429,1840437,1840505,1840510,1841029,1842928,1842932,1842935,1842937,1847845,1848183,1849077,1849471,1850598,1850982,1851044,1851049,1852011,1852179,1853737,1854438,1854439,1854795,1855318,1858241,1860670,1861265,1861728,1863605,1865450,1867408,1869378,1869408,1869642,1870673,1871152,1871219,1871630,1871631,1873095,1873296,1874017,1874111,1874458,1874937,1875356,1875506,1875965,1876179,1876390,1876800,1877344,1877730,1879513,1879945,1880857,1881027,1884276,1884444,1885404,1887996,1889671,1890069,1893029,1
 893162,1893334,1893404,1893752,1894572,1895012,1895032,1896353,1897487,1898074,1898627,1898825,1898830,1898858,1899593,1899759,1899883,1900413,1901080,1901932,1905691,215997,671060,676100,676118,864039,CVE-2023-5388


This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.


-----------------------------------------------------------------
Advisory ID: 58
Released:    Wed Nov 26 18:04:24 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1218644,1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221763,1221786,1221787,1221821,1221822,1221824,1221827,1222548,1222899,1223306,1223336,1223428,1224388,1225291,1225551,1226463,1227138,1229465,1238472,1239206,1241166,1241637,1247222,1248630,1249161,1249226,1249302,1249317,1249397,1249398,1249495,1249512,1249608,1249735,1250202,1250379,1250400,1250455,1250491,1250704,1250721,1250749,1250946,1251176,1251177,1251232,1251233,1251804,1251809,1251819,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252067,1252069,1252070,1252072,1252074,1252075,1252076,1252078,1252079,1252081,1252082,1252083,1252253,1252265,1252267,1252270,1252330,1252333,1252336,1252346,1252348,1252349,1252678,1252679,1252688,1252725,1252734,1252772,1252774,1252780,1252785,1252787,1252789,1252797,1252819,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252862,1252865,1252866,1252873,1252902,1
 252909,1252915,1252918,1252921,1252939,CVE-2024-2511,CVE-2024-4603,CVE-2024-4741,CVE-2024-5535,CVE-2024-6119,CVE-2025-21816,CVE-2025-38653,CVE-2025-38718,CVE-2025-39676,CVE-2025-39702,CVE-2025-39756,CVE-2025-39779,CVE-2025-39797,CVE-2025-39812,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39903,CVE-2025-39911,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39950,CVE-2025-39955,CVE-2025-39956,CVE-2025-39963,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39979,CVE-2025-39981,CVE-2025-39982,CVE-2025-39984,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39992,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40009,CVE-2025-40011,CVE-2025-40012,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE
 -2025-40036,CVE-2025-40037,CVE-2025-40040,CVE-2025-40043,CVE-2025-40044,CVE-2025-40048,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40085,CVE-2025-40087,CVE-2025-40091,CVE-2025-40096,CVE-2025-40100,CVE-2025-40104,CVE-2025-40364

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).

The following non security issues were fixed:

- add bug reference to existing hv_netvsc change (bsc#1252265)
- amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).
- cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166).
- cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
- cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
  The character was previously 'N', but upstream used it for TAINT_TEST,
  which prompted the change of TAINT_NO_SUPPORT to 'n'.
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).

-----------------------------------------------------------------
Advisory ID: 68
Released:    Thu Nov 27 11:42:28 2025
Summary:     Recommended update for numatop
Type:        recommended
Severity:    important
References:  1230904,1247358,1248317
This update for numatop fixes the following issues:

- Fix segmentation fault in the latency view (bsc#1248317)
- Fix inability to start on processors with more than 256 CPUs per NUMA node (bsc#1247358)
- Switch to ncursesw6

-----------------------------------------------------------------
Advisory ID: 67
Released:    Thu Nov 27 11:43:11 2025
Summary:     Recommended update for read-only-root-fs
Type:        recommended
Severity:    moderate
References:  1230093,1230516,1250133,CVE-2024-8096
This update for read-only-root-fs fixes the following issues:

- Add additional check in %post to prevent generating the btrfs
  /etc subvolume during a KIWI run (bsc#1250133)

-----------------------------------------------------------------
Advisory ID: 73
Released:    Thu Nov 27 16:46:11 2025
Summary:     Recommended update for mdadm
Type:        recommended
Severity:    moderate
References:  1200723,1204968,1207266,1213873,1218110,1221906,1226414,1226415,1228091,1228223,1228809,1229518,1229997,1241474,1243443,1246806,1248097,1253060,CVE-2022-3821
This update for mdadm fixes the following issues:

- Version update 4.4+29.gf8bb524b.
- Fix race condition between mdcheck_start.service and mdcheck_continue.service
  (bsc#1243443, bsc#1248097).
- mdadm_env.sh ignoring MDADM_RAIDDEVICES if MDADM_SCAN is set (bsc#1229997).
- Split off the Software RAID HOWTO into a -doc package.
- Upstream bug fixes for mdadm (bsc#1253060).
- _service: switch to tar_scm for better interoperabity with SLFO.
- Fix systemd unit file handling in spec file (bnc#1207266).
- Stop emitting %release into program binaries (bnc#1246806).
- Add MAILFROM address to email envelope, avoid smtp auth errors (bsc#1241474).

-----------------------------------------------------------------
Advisory ID: 74
Released:    Thu Nov 27 16:52:25 2025
Summary:     Recommended update for libnxz
Type:        recommended
Severity:    moderate
References:  1220770,1220771,1220772,1227186,1227187,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462,CVE-2024-37370,CVE-2024-37371
This update for libnxz fixes the following issues:

Update to version 0.64+git4.2f1ae54:

  * lib/nx_crc : Fix compile error with gcc15
  * Changed README.md instructions to substitute zlib

-----------------------------------------------------------------
Advisory ID: 77
Released:    Thu Nov 27 20:50:12 2025
Summary:     Recommended update for gpgme
Type:        recommended
Severity:    important
References:  1215377,1231055,1252425
This update for gpgme fixes the following issues:

- Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055)
    * To avoid gpgme constructing an invalid gpg command line when
      the DISPLAY variable is empty it can be treated as unset.
    * Reported upstream: dev.gnupg.org/T7919

-----------------------------------------------------------------
Advisory ID: 81
Released:    Fri Nov 28 08:46:24 2025
Summary:     Security update for openssh
Type:        security
Severity:    moderate
References:  1012628,1183045,1215199,1216223,1216776,1220382,1221527,1221610,1221650,1222629,1223600,1223848,1225487,1225812,1225903,1226003,1226507,1226606,1226666,1226846,1226860,1227487,1227694,1227726,1227819,1227885,1227890,1227962,1228090,1228140,1228244,1228507,1228771,1229001,1229004,1229019,1229086,1229167,1229169,1229289,1229334,1229362,1229363,1229364,1229371,1229380,1229389,1229394,1229429,1229443,1229452,1229455,1229456,1229494,1229585,1229753,1229764,1229768,1229790,1229810,1229899,1229928,1230015,1230119,1230123,1230124,1230125,1230169,1230170,1230171,1230173,1230174,1230175,1230176,1230178,1230180,1230181,1230185,1230191,1230192,1230193,1230194,1230195,1230200,1230204,1230206,1230207,1230209,1230211,1230213,1230217,1230221,1230224,1230230,1230232,1230233,1230240,1230244,1230245,1230247,1230248,1230269,1230270,1230295,1230340,1230413,1230426,1230430,1230431,1230432,1230433,1230434,1230435,1230440,1230441,1230442,1230444,1230450,1230451,1230454,1230455,1230457,1230459,1
 230506,1230507,1230511,1230515,1230517,1230518,1230519,1230520,1230521,1230524,1230526,1230533,1230535,1230539,1230540,1230549,1230556,1230562,1230563,1230564,1230580,1230582,1230589,1230602,1230699,1230700,1230701,1230702,1230703,1230704,1230705,1230706,1230709,1230711,1230712,1230715,1230719,1230722,1230724,1230725,1230726,1230727,1230730,1230731,1230732,1230747,1230748,1230749,1230751,1230752,1230753,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230775,1230776,1230780,1230783,1230786,1230787,1230791,1230794,1230796,1230802,1230806,1230808,1230809,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1230831,1230854,1230948,1231008,1231035,1231120,1231146,1231182,1231183,1251198,1251199,CVE-2023-52610,CVE-2023-52752,CVE-2023-52915,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26804,CVE-2024-36953,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40965,CVE-2024-40973,CVE-2024-40983,CVE-2024-42154,CVE-2024-42243,CVE-2024-42252,CVE-2024-42265,CVE-2024
 -42294,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43832,CVE-2024-43835,CVE-2024-43845,CVE-2024-43870,CVE-2024-43890,CVE-2024-43898,CVE-2024-43904,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44947,CVE-2024-44948,CVE-2024-44950,CVE-2024-44951,CVE-2024-44952,CVE-2024-44954,CVE-2024-44960,CVE-2024-44961,CVE-2024-44962,CVE-2024-44965,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-44971,CVE-2024-44977,CVE-2024-44982,CVE-2024-44984,CVE-2024-44985,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44991,CVE-2024-44997,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45002,CVE-2024-45003,CVE-2024-45005,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45012,CVE-2024-45013,CVE-2024-45015,CVE-2024-45017,CVE-2024-45018,CVE-2024-45019,CVE-2024-45020,CVE-2024-45021,CVE-2024-45022,CVE-2024-45023,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-45030,CVE-2024-46672,
 CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46687,CVE-2024-46689,CVE-2024-46691,CVE-2024-46692,CVE-2024-46693,CVE-2024-46694,CVE-2024-46695,CVE-2024-46702,CVE-2024-46706,CVE-2024-46707,CVE-2024-46709,CVE-2024-46710,CVE-2024-46714,CVE-2024-46715,CVE-2024-46716,CVE-2024-46717,CVE-2024-46719,CVE-2024-46720,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46728,CVE-2024-46729,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46734,CVE-2024-46735,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46741,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46749,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CVE-2024-46757,CVE-2024-46758,CVE-2024-46759,CVE-2024-46760,CVE-2024-46761,CVE-2024-46767,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46776,CVE-2024-46778,CVE-202
 4-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46797,CVE-2024-46798,CVE-2024-46822,CVE-2025-61984,CVE-2025-61985
This update for openssh fixes the following issues:

 - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198).
 - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199).

-----------------------------------------------------------------
Advisory ID: 82
Released:    Fri Nov 28 10:35:08 2025
Summary:     Security update for java-21-openjdk
Type:        security
Severity:    important
References:  1007273,1175678,1218171,1219004,1221525,1221963,1222086,1222398,1223094,1223107,1223430,1223766,1224771,1225267,1226014,1226030,1226128,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228647,1228787,1229014,1230229,1230267,1230912,1231043,1246806,1252414,1252417,1252418,222971,CVE-2025-53057,CVE-2025-53066,CVE-2025-61748
This update for java-21-openjdk fixes the following issues:

Update to upstream tag jdk-21.0.9+10 (October 2025 CPU):

- CVE-2025-53066: Fixed enhance path factories (bsc#1252417).
- CVE-2025-61748: Fixed enhance string handling (bsc#1252418).
- CVE-2025-53057: Fixed enhance certificate handling (bsc#1252414).

Other bug fixes:

- Do not embed rebuild counter (bsc#1246806)

-----------------------------------------------------------------
Advisory ID: 94
Released:    Thu Dec  4 09:53:01 2025
Summary:     Recommended update for samba
Type:        recommended
Severity:    moderate
References:  1194818,1249179
This update for samba fixes the following issues:

- Update [printers] location to /var/samba/spool (bsc#1249179).
- Update to version 4.22.6:
    * macOS Finder client DFS broken on 4.22.0;
    * Samba 4.22 breaks Time Machine;
    * Spotlight search restriction for shares incomplete and
      default search searches in too many attributes;
    * rpcd_mdssvc may crash because name mangling is not initialized;
    * Only increment lease epoch if a lease was granted;
    * samba-4.21 fails to join AD when multiple DCs are returned;
    * 'net ads group' failed to list domain groups;
    * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send;
    * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set;

-----------------------------------------------------------------
Advisory ID: 106
Released:    Mon Dec 15 13:52:50 2025
Summary:     Security update for grub2
Type:        security
Severity:    important
References:  1216320,1234959,1245636,1245738,1245953,1246231,1247242,1249088,1249385,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2024-56738,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for grub2 fixes the following issues:

Changes in grub2:

- CVE-2025-54771: Fixed grub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free  (bsc#1252930)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)

- Bump upstream SBAT generation to 6

- Fix 'sparse file not allowed' error after grub2-reboot (bsc#1245738)
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
- turn off page flipping for i386-pc using VBE video backend (bsc#1245636)
- Fix boot hangs in setting up serial console when ACPI SPCR table is present
  and redirection is disabled (bsc#1249088)
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
- Skip mount point in grub_find_device function (bsc#1246231)

- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)

-----------------------------------------------------------------
Advisory ID: 107
Released:    Mon Dec 15 19:16:15 2025
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1225771,1250232,1250233,1250234,CVE-2024-5564,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232
This update for openssl-3 fixes the following issues:

- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232)
- CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233)
- CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234)

-----------------------------------------------------------------
Advisory ID: 108
Released:    Tue Dec 16 12:13:33 2025
Summary:     Recommended update for openldap2_6
Type:        recommended
Severity:    moderate
References:  1027519,1214718,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1225953,1227355,1228574,1228575,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146
This update for openldap2_6 fixes the following issues:

Changes in openldap2_6:

- Add limited support for libldap-2.4 library compatibility (jsc#PED-13833)

-----------------------------------------------------------------
Advisory ID: 109
Released:    Tue Dec 16 15:14:02 2025
Summary:     Recommended update for freetype2
Type:        recommended
Severity:    moderate
References:  1233593,1233594,CVE-2024-11595,CVE-2024-11596
This update for freetype2 fixes the following issues:

Changes in freetype2:

- update to 2.13.3:
- Do not build the ft2demos flavor in SLE16 where Qt5 will not be
  available

-----------------------------------------------------------------
Advisory ID: 113
Released:    Fri Dec 19 18:38:16 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1235463,1243474,1245193,1245431,1245498,1245499,1246328,1246843,1247500,1248792,1249256,1249397,1249912,1249977,1249982,1250034,1250176,1250237,1250252,1250705,1250723,1250746,1251120,1251817,1252054,1252063,1252301,1252303,1252342,1252352,1252357,1252681,1252686,1252763,1252776,1252779,1252790,1252794,1252795,1252808,1252809,1252817,1252821,1252824,1252836,1252845,1252901,1252912,1252917,1252919,1252923,1252928,1253018,1253155,1253176,1253238,1253275,1253318,1253324,1253328,1253330,1253342,1253348,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253386,1253394,1253395,1253402,1253403,1253405,1253407,1253408,1253409,1253410,1253412,1253416,1253421,1253422,1253423,1253424,1253425,1253426,1253427,1253428,1253431,1253433,1253436,1253438,1253440,1253441,1253443,1253445,1253448,1253449,1253450,1253451,1253453,1253455,1253456,1253457,1253463,1253472,1253622,1253624,1253635,1253643,1253647,1254119,1254181,1254221,1254308,1254315,CVE-2020-8911,CVE-2020-8912,CVE-2
 022-50253,CVE-2023-0109,CVE-2024-0793,CVE-2024-24425,CVE-2024-24426,CVE-2024-44625,CVE-2024-52009,CVE-2024-52010,CVE-2024-52308,CVE-2024-52522,CVE-2024-8986,CVE-2024-9526,CVE-2025-37916,CVE-2025-38084,CVE-2025-38085,CVE-2025-38321,CVE-2025-38728,CVE-2025-39805,CVE-2025-39819,CVE-2025-39822,CVE-2025-39831,CVE-2025-39859,CVE-2025-39897,CVE-2025-39917,CVE-2025-39944,CVE-2025-39961,CVE-2025-39980,CVE-2025-39990,CVE-2025-40001,CVE-2025-40003,CVE-2025-40006,CVE-2025-40021,CVE-2025-40024,CVE-2025-40027,CVE-2025-40031,CVE-2025-40033,CVE-2025-40038,CVE-2025-40047,CVE-2025-40053,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40081,CVE-2025-40083,CVE-2025-40086,CVE-2025-40098,CVE-2025-40101,CVE-2025-40102,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40132,CVE-2025-40133,CVE-2025-40134,CVE-2025-40135,C
 VE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40142,CVE-2025-40149,CVE-2025-40153,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40158,CVE-2025-40159,CVE-2025-40161,CVE-2025-40162,CVE-2025-40164,CVE-2025-40165,CVE-2025-40166,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40175,CVE-2025-40176,CVE-2025-40177,CVE-2025-40178,CVE-2025-40180,CVE-2025-40183,CVE-2025-40185,CVE-2025-40186,CVE-2025-40187,CVE-2025-40188,CVE-2025-40192,CVE-2025-40194,CVE-2025-40196,CVE-2025-40197,CVE-2025-40198,CVE-2025-40200,CVE-2025-40201,CVE-2025-40202,CVE-2025-40203,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
- CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499).
- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034).
- CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977).
- CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
- CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746).
- CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723).
- CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
- CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817).
- CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
- CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
- CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923).
- CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
- CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
- CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426).
- CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455).
- CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457).

The following non security issues were fixed:

- ACPI: scan: Update honor list for RPMI System MSI (stable-fixes).
- ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
- Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a
  proper watchdog interface and has many code issues. It only handles
  obscure and obsolete hardware. Stop building and supporting this driver
  (jsc#PED-14062).
- Fix 'drm/xe: Don't allow evicting of BOs in same VM in array of VM binds' (bsc#1252923)
- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
- KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
- KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
- KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes).
- PCI/ERR: Update device error_state already after reset (stable-fixes).
- PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes).
- Revert 'net/mlx5e: Update and set Xon/Xoff upon MTU set' (git-fixes).
- Revert 'net/mlx5e: Update and set Xon/Xoff upon port speed set' (git-fixes).
- Update config files: enable zstd module decompression (jsc#PED-14115).
- bpf/selftests: Fix test_tcpnotify_user (bsc#1253635).
- btrfs: do not clear read-only when adding sprout device (bsc#1253238).
- btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
- drm/amd/display: update color on atomic commit time (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
- mount: handle NULL values in mnt_ns_release() (bsc#1254308)
- net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357).
- net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353).
- net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353).
- net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353).
- net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353).
- net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353).
- net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353).
- net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353).
- net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353).
- net: phy: realtek: use string choices helpers (jsc#PED-14353).
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746)
- net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746)
- net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746)
- nvmet-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvmet-auth: update sc_c in target host hash calculation (git-fixes).
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes).
- powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949).
- pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353).
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353).
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: remove leftover locks after reverted change (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353).
- r8169: replace custom flag with disable_work() et al (jsc#PED-14353).
- r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353).
- ring-buffer: Update pages_touched to reflect persistent buffer content (git-fixes).
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643).
- sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843).
- sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792).
- sched/fair: Proportional newidle balance (bsc#1248792).
- sched/fair: Proportional newidle balance -KABI (bsc#1248792).
- sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792).
- sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792).
- sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792).
- sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792).
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221).
- smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
- wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181).
- wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315).
- wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315).
- wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315).
- wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315).
- wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315).
- wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315).
- wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315).
- wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315).
- wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315).
- wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315).
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315).
- wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315).
- wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315).
- wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315).
- wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315).
- x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843).
- x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843).
- x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843).

-----------------------------------------------------------------
Advisory ID: 117
Released:    Mon Dec 22 11:29:06 2025
Summary:     Recommended update for wicked2nm
Type:        recommended
Severity:    moderate
References:  1218609,1220117,1221831,1223605,1225598,CVE-2024-28085
This update for wicked2nm fixes the following issues:

- Update to v1.4.0
    * Activate only connections if present in the current system
    * Improve error output, exit codes and add flag to disable user hints
    * Add support for autoip-fallback

-----------------------------------------------------------------
Advisory ID: 119
Released:    Fri Jan  2 17:58:16 2026
Summary:     Security update for sssd
Type:        security
Severity:    important
References:  1231833,1244325,1251827,CVE-2025-11561
This update for sssd fixes the following issues:

- CVE-2025-11561: Fixed default Kerberos configuration allowing privilege
  escalation on AD-joined Linux systems (bsc#1244325)

-----------------------------------------------------------------
Advisory ID: 120
Released:    Wed Jan  7 10:12:50 2026
Summary:     Recommended update for patterns-sap
Type:        recommended
Severity:    critical
References:  1232579,1250279,1254650,CVE-2024-50602
This update for patterns-sap fixes the following issues:

- remove package 'golang-github-prometheus-prometheus' from pattern
  'trento_server' and 'monitoring' (bsc#1254650)
- fix pattern name used in Provides/Obsoletes of SLE15 pattern 'sap_server' (bsc#1250279)

-----------------------------------------------------------------
Advisory ID: 123
Released:    Thu Jan  8 10:27:55 2026
Summary:     Recommended update for elemental-register, elemental-toolkit, elemental-system-agent, elemental
Type:        recommended
Severity:    moderate
References:  1231714,1239623,1240623,CVE-2024-41311
This update for elemental-register, elemental-toolkit, elemental-system-agent, elemental fixes the following issues:

Changes in elemental-register:

- Upgrade to v1.8.0:
  Add policycoreutils-python-utils (bsc#1240623)
  Include an empty /etc/machine-id file (bsc#1239623)

-----------------------------------------------------------------
Advisory ID: 124
Released:    Thu Jan  8 12:57:28 2026
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    critical
References:  1232211,1246912,1250343
This update for libzypp fixes the following issues:

Changes in libzypp:

- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install (bsc#1246912)
- version 17.37.18

-----------------------------------------------------------------
Advisory ID: 126
Released:    Sun Jan 11 17:27:45 2026
Summary:     Recommended update for lz4
Type:        recommended
Severity:    moderate
References:  1207377,1218474,1228142,1230679,CVE-2022-45748,CVE-2024-40724,CVE-2024-45679
This update for lz4 fixes the following issues:

- align rpm changelog with sle15 and do not ignore test suite result

-----------------------------------------------------------------
Advisory ID: 131
Released:    Mon Jan 12 12:14:46 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1231565,1254157,1254158,1254159,1254160,1254480,CVE-2024-9632,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:

- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
  (bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
  enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
  `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
  PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
  transparency and gamma correction (bsc#1254480).

-----------------------------------------------------------------
Advisory ID: 132
Released:    Mon Jan 12 12:52:23 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1223979,1249055,1254297,1254662,1254878,CVE-2024-34069,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512,CVE-2025-7039
This update for glib2 fixes the following issues:

Update to version 2.84.4.

Security issues fixed:

- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
  filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
  processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
  large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
- CVE-2025-7039: integer overflow when creating temporary files may lead to an out-of-bounds memory access that can be
  used for path traversal or exposure of sensitive content in a temporary file (bsc#1249055).

Other issues fixed and changes:

- Fix GFile leak in `g_local_file_set_display_name` during error handling.
- Fix incorrect output parameter handling in closure helper of `g_settings_bind_with_mapping_closures`.
- `gfileutils`: fix computation of temporary file name.
- Fix GFile leak in  `g_local_file_set_display_name()`.
- `gthreadpool`: catch `pool_spawner` creation failure.
- `gio/filenamecompleter`: fix leaks.
- `gfilenamecompleter`: fix `g_object_unref()` of undefined value.

-----------------------------------------------------------------
Advisory ID: 138
Released:    Wed Jan 14 11:23:16 2026
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1232528,1255715,1256244,1256246,1256390,CVE-2024-9681,CVE-2025-68973
This update for gpg2 fixes the following issues:

- CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715).

Other security fixes:

- gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246).
- gpg: Error out on unverified output for non-detached signatures (bsc#1256244).
- gpg: Deprecate the option --not-dash-escaped (bsc#1256390).

-----------------------------------------------------------------
Advisory ID: 139
Released:    Wed Jan 14 11:49:51 2026
Summary:     Security update for apache2
Type:        security
Severity:    moderate
References:  1219975,1254511,1254512,1254514,1254515,CVE-2023-52160,CVE-2025-55753,CVE-2025-58098,CVE-2025-65082,CVE-2025-66200
This update for apache2 fixes the following issues:

  - CVE-2025-55753: Fixed mod_md (ACME), unintended retry intervals (bsc#1254511)
  - CVE-2025-58098: Fixed Server Side Includes adds query string to #exec cmd (bsc#1254512)
  - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514)
  - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515)

-----------------------------------------------------------------
Advisory ID: 140
Released:    Wed Jan 14 12:01:44 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1233282,1255731,1255732,1255733,1255734,1256105,CVE-2024-52533,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:

This update for curl fixes the following issues:

- CVE-2025-14017: broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

-----------------------------------------------------------------
Advisory ID: 158
Released:    Tue Jan 20 12:02:10 2026
Summary:     Security update of open-vm-tools
Type:        security
Severity:    important
References:  1225451,1233393,1234304,1250373,1250692,CVE-2025-41244
This update for open-vm-tools fixes the following issues:

Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692):

Please refer to the Release Notes at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md.

The granular changes that have gone into the open-vm-tools 13.0.5 release
are in the ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog.

There are no new features in the open-vm-tools 13.0.5 release. This is
primarily a maintenance release that addresses a security issue.

This release resolves and includes the patch for CVE-2025-41244. For more
information on this vulnerability and its impact on Broadcom products,
see VMSA-2025-0015.

A minor enhancement has been made for Guest OS Customization. The
DeployPkg plugin has been updated to use 'systemctl reboot', if available.

For a more complete list of issues addressed in this release, see the
What's New and Resolved Issues section of the Release Notes.

-----------------------------------------------------------------
Advisory ID: 162
Released:    Thu Jan 22 09:15:08 2026
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1231185,1231328,1250655,1250664,1253679,1254264,1254928
This update for suse-module-tools fixes the following issues:

- Update to version 16.0.64:
  * udev rules: write block queue attributes only if necessary (bsc#1254928)
- Update to version 16.0.63:
    * 80-hotplug-cpu-mem.rules: remount tmpfs on 'online' uevents (bsc#1254264)
    * udev: use systemd service to remount tmpfs (bsc#1253679)
- Update to version 16.0.62:
    * spec file: remove %udev_rules_update call (bsc#1250664)
- Update to version 16.0.61:
    * weak-modules2: skip livepatch dir when checking for unresolved symbols (bsc#1250655)

-----------------------------------------------------------------
Advisory ID: 164
Released:    Thu Jan 22 11:13:12 2026
Summary:     Security update for libpcap
Type:        security
Severity:    low
References:  1233078,1255765,CVE-2024-10963,CVE-2025-11961
This update for libpcap fixes the following issues:

- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
  read and write (bsc#1255765).

-----------------------------------------------------------------
Advisory ID: 166
Released:    Thu Jan 22 13:53:33 2026
Summary:     Security update for go1.24
Type:        security
Severity:    important
References:  1234068,1236217,1256816,1256817,1256818,1256819,1256820,1256821,CVE-2024-11053,CVE-2025-61726,CVE-2025-61728,CVE-2025-61730,CVE-2025-61731,CVE-2025-68119,CVE-2025-68121
This update for go1.24 fixes the following issues:

Update to go1.24.12 (released 2026-01-15) (bsc#1236217)

Security fixes:

 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).
 - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).
 - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).
 - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).
 - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).
 - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).

Other fixes:

  * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled
  * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes
  * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386
  * go#76796 runtime: race detector crash on ppc64le
  * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range

-----------------------------------------------------------------
Advisory ID: 170
Released:    Thu Jan 22 14:47:27 2026
Summary:     Security update for python313
Type:        security
Severity:    moderate
References:  1244680,1244705,1247249,1251305,1252974,1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837,CVE-2025-6069,CVE-2025-6075,CVE-2025-8194,CVE-2025-8291
This update for python313 fixes the following issues:

- Update to 3.13.11:

- Security
    - CVE-2025-12084: cpython: Fixed quadratic algorithm in
      xml.dom.minidom leading to denial of service (bsc#1254997)
    - CVE-2025-13836: Fixed default Content-Lenght read amount
      from HTTP response (bsc#1254400)
    - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
    - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory
      (EOCD) not checked by the 'zipfile' module (bsc#1251305)
    - gh-137836: Add support of the “plaintext” element, RAWTEXT
      elements “xmp”, “iframe”, “noembed” and “noframes”, and
      optionally RAWTEXT element “noscript” in
      html.parser.HTMLParser.
    - gh-136063: email.message: ensure linear complexity for
      legacy HTTP parameters parsing. Patch by Bénédikt Tran.
    - CVE-2025-6075: Fixed performance issues caused by user-controller
      os.path.expandvars() (bsc#1252974)
- Library
    - gh-140797: Revert changes to the undocumented re.Scanner
      class. Capturing groups are still allowed for backward
      compatibility, although using them can lead to incorrect
      result. They will be forbidden in future Python versions.
    - gh-142206: The resource tracker in the multiprocessing
      module now uses the original communication protocol, as in
      Python 3.14.0 and below, by default. This avoids issues
      with upgrading Python while it is running. (Note that such
      ‘in-place’ upgrades are not tested.) The tracker remains
      compatible with subprocesses that use new protocol (that
      is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).
- Core and Builtins
    - gh-142218: Fix crash when inserting into a split table
      dictionary with a non str key that matches an existing key.


- Update to 3.13.10:

- Tools/Demos
    - gh-141442: The iOS testbed now correctly handles test
      arguments that contain spaces.
- Tests
    - gh-140482: Preserve and restore the state of stty echo as
      part of the test environment.
    - gh-140082: Update python -m test to set FORCE_COLOR=1 when
      being run with color enabled so that unittest which is run
      by it with redirected output will output in color.
    - gh-136442: Use exitcode 1 instead of 5 if
      unittest.TestCase.setUpClass() raises an exception
- Library
    - gh-74389: When the stdin being used by a subprocess.Popen
      instance is closed, this is now ignored in
      subprocess.Popen.communicate() instead of leaving the class
      in an inconsistent state.
    - gh-87512: Fix subprocess.Popen.communicate() timeout
      handling on Windows when writing large input. Previously,
      the timeout was ignored during stdin writing, causing the
      method to block indefinitely if the child process did not
      consume input quickly. The stdin write is now performed in
      a background thread, allowing the timeout to be properly
      enforced.
    - gh-141473: When subprocess.Popen.communicate() was called
      with input and a timeout and is called for a second time
      after a TimeoutExpired exception before the process has
      died, it should no longer hang.
    - gh-59000: Fix pdb breakpoint resolution for class methods
      when the module defining the class is not imported.
    - gh-141570: Support file-like object raising OSError from
      fileno() in color detection (_colorize.can_colorize()).
      This can occur when sys.stdout is redirected.
    - gh-141659: Fix bad file descriptor errors from
      _posixsubprocess on AIX.
    - gh-141497: ipaddress: ensure that the methods
      IPv4Network.hosts() and IPv6Network.hosts() always return
      an iterator.
    - gh-140938: The statistics.stdev() and statistics.pstdev()
      functions now raise a ValueError when the input contains an
      infinity or a NaN.
    - gh-124111: Updated Tcl threading configuration in _tkinter
      to assume that threads are always available in Tcl 9 and
      later.
    - gh-137109: The os.fork and related forking APIs will no
      longer warn in the common case where Linux or macOS
      platform APIs return the number of threads in a process and
      find the answer to be 1 even when a os.register_at_fork()
      after_in_parent= callback (re)starts a thread.
    - gh-141314: Fix assertion failure in io.TextIOWrapper.tell()
      when reading files with standalone carriage return (\r)
      line endings.
    - gh-141311: Fix assertion failure in io.BytesIO.readinto()
      and undefined behavior arising when read position is above
      capcity in io.BytesIO.
    - gh-141141: Fix a thread safety issue with
      base64.b85decode(). Contributed by Benel Tayar.
    - gh-140911: collections: Ensure that the methods
      UserString.rindex() and UserString.index() accept
      collections.UserString instances as the sub argument.
    - gh-140797: The undocumented re.Scanner class now forbids
      regular expressions containing capturing groups in its
      lexicon patterns. Patterns using capturing groups could
      previously lead to crashes with segmentation fault. Use
      non-capturing groups (?:…) instead.
    - gh-140815: faulthandler now detects if a frame or a code
      object is invalid or freed. Patch by Victor Stinner.
    - gh-100218: Correctly set errno when socket.if_nametoindex()
      or socket.if_indextoname() raise an OSError. Patch by
      Bénédikt Tran.
    - gh-140875: Fix handling of unclosed character references
      (named and numerical) followed by the end of file in
      html.parser.HTMLParser with convert_charrefs=False.
    - gh-140734: multiprocessing: fix off-by-one error when
      checking the length of a temporary socket file path. Patch
      by Bénédikt Tran.
    - gh-140874: Bump the version of pip bundled in ensurepip to
      version 25.3
    - gh-140691: In urllib.request, when opening a FTP URL fails
      because a data connection cannot be made, the control
      connection’s socket is now closed to avoid
      a ResourceWarning.
    - gh-103847: Fix hang when cancelling process created by
      asyncio.create_subprocess_exec() or
      asyncio.create_subprocess_shell(). Patch by Kumar Aditya.
    - gh-140590: Fix arguments checking for the
      functools.partial.__setstate__() that may lead to internal
      state corruption and crash. Patch by Sergey Miryanov.
    - gh-140634: Fix a reference counting bug in
      os.sched_param.__reduce__().
    - gh-140633: Ignore AttributeError when setting a module’s
      __file__ attribute when loading an extension module
      packaged as Apple Framework.
    - gh-140593: xml.parsers.expat: Fix a memory leak that could
      affect users with ElementDeclHandler() set to a custom
      element declaration handler. Patch by Sebastian Pipping.
    - gh-140607: Inside io.RawIOBase.read(), validate that the
      count of bytes returned by io.RawIOBase.readinto() is valid
      (inside the provided buffer).
    - gh-138162: Fix logging.LoggerAdapter with merge_extra=True
      and without the extra argument.
    - gh-140474: Fix memory leak in array.array when creating
      arrays from an empty str and the u type code.
    - gh-140272: Fix memory leak in the clear() method of the
      dbm.gnu database.
    - gh-140041: Fix import of ctypes on Android and Cygwin when
      ABI flags are present.
    - gh-139905: Add suggestion to error message for
      typing.Generic subclasses when cls.__parameters__ is
      missing due to a parent class failing to call
      super().__init_subclass__() in its __init_subclass__.
    - gh-139845: Fix to not print KeyboardInterrupt twice in
      default asyncio REPL.
    - gh-139783: Fix inspect.getsourcelines() for the case when
      a decorator is followed by a comment or an empty line.
    - gh-70765: http.server: fix default handling of HTTP/0.9
      requests in BaseHTTPRequestHandler. Previously,
      BaseHTTPRequestHandler.parse_request() incorrectly waited
      for headers in the request although those are not supported
      in HTTP/0.9. Patch by Bénédikt Tran.
    - gh-139391: Fix an issue when, on non-Windows platforms, it
      was not possible to gracefully exit a python -m asyncio
      process suspended by Ctrl+Z and later resumed by fg other
      than with kill.
    - gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004',
      'euc_jisx0213' and 'euc_jis_2004' codecs truncating null
      chars as they were treated as part of multi-character
      sequences.
    - gh-139246: fix: paste zero-width in default repl width is
      wrong.
    - gh-90949: Add SetAllocTrackerActivationThreshold() and
      SetAllocTrackerMaximumAmplification() to xmlparser objects
      to prevent use of disproportional amounts of dynamic memory
      from within an Expat parser. Patch by Bénédikt Tran.
    - gh-139065: Fix trailing space before a wrapped long word if
      the line length is exactly width in textwrap.
    - gh-138993: Dedent credits text.
    - gh-138859: Fix generic type parameterization raising
      a TypeError when omitting a ParamSpec that has a default
      which is not a list of types.
    - gh-138775: Use of python -m with base64 has been fixed to
      detect input from a terminal so that it properly notices
      EOF.
    - gh-98896: Fix a failure in multiprocessing resource_tracker
      when SharedMemory names contain colons. Patch by Rani
      Pinchuk.
    - gh-75989: tarfile.TarFile.extractall() and
      tarfile.TarFile.extract() now overwrite symlinks when
      extracting hardlinks. (Contributed by Alexander Enrique
      Urieles Nieto in gh-75989.)
    - gh-83424: Allows creating a ctypes.CDLL without name when
      passing a handle as an argument.
    - gh-136234: Fix asyncio.WriteTransport.writelines() to be
      robust to connection failure, by using the same behavior as
      write().
    - gh-136057: Fixed the bug in pdb and bdb where next and step
      can’t go over the line if a loop exists in the line.
    - gh-135307: email: Fix exception in set_content() when
      encoding text and max_line_length is set to 0 or None
      (unlimited).
    - gh-134453: Fixed subprocess.Popen.communicate() input=
      handling of memoryview instances that were non-byte shaped
      on POSIX platforms. Those are now properly cast to a byte
      shaped view instead of truncating the input. Windows
      platforms did not have this bug.
    - gh-102431: Clarify constraints for “logical” arguments in
      methods of decimal.Context.
- IDLE
    - gh-96491: Deduplicate version number in IDLE shell title
      bar after saving to a file.
- Documentation
    - gh-141994: xml.sax.handler: Make Documentation of
      xml.sax.handler.feature_external_ges warn of opening up to
      external entity attacks. Patch by Sebastian Pipping.
    - gh-140578: Remove outdated sencence in the documentation
      for multiprocessing, that implied that
      concurrent.futures.ThreadPoolExecutor did not exist.
- Core and Builtins
    - gh-142048: Fix quadratically increasing garbage collection
      delays in free-threaded build.
    - gh-141930: When importing a module, use Python’s regular
      file object to ensure that writes to .pyc files are
      complete or an appropriate error is raised.
    - gh-120158: Fix inconsistent state when enabling or
      disabling monitoring events too many times.
    - gh-141579: Fix sys.activate_stack_trampoline() to properly
      support the perf_jit backend. Patch by Pablo Galindo.
    - gh-141312: Fix the assertion failure in the __setstate__
      method of the range iterator when a non-integer argument is
      passed. Patch by Sergey Miryanov.
    - gh-140939: Fix memory leak when bytearray or bytes is
      formated with the
      %*b format with a large width that results in
      %a MemoryError.
    - gh-140530: Fix a reference leak when raise exc from cause
      fails. Patch by Bénédikt Tran.
    - gh-140576: Fixed crash in tokenize.generate_tokens() in
      case of specific incorrect input. Patch by Mikhail Efimov.
    - gh-140551: Fixed crash in dict if dict.clear() is called at
      the lookup stage. Patch by Mikhail Efimov and Inada Naoki.
    - gh-140471: Fix potential buffer overflow in ast.AST node
      initialization when encountering malformed _fields
      containing non-str.
    - gh-140406: Fix memory leak when an object’s __hash__()
      method returns an object that isn’t an int.
    - gh-140306: Fix memory leaks in cross-interpreter channel
      operations and shared namespace handling.
    - gh-140301: Fix memory leak of PyConfig in subinterpreters.
    - gh-140000: Fix potential memory leak when a reference cycle
      exists between an instance of typing.TypeAliasType,
      typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple
      and its __name__ attribute. Patch by Mikhail Efimov.
    - gh-139748: Fix reference leaks in error branches of
      functions accepting path strings or bytes such as compile()
      and os.system(). Patch by Bénédikt Tran.
    - gh-139516: Fix lambda colon erroneously start format spec
      in f-string in tokenizer.
    - gh-139640: Fix swallowing some syntax warnings in different
      modules if they accidentally have the same message and are
      emitted from the same line. Fix duplicated warnings in the
      finally block.
    - gh-137400: Fix a crash in the free threading build when
      disabling profiling or tracing across all threads with
      PyEval_SetProfileAllThreads() or
      PyEval_SetTraceAllThreads() or their Python equivalents
      threading.settrace_all_threads() and
      threading.setprofile_all_threads().
    - gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to
      match old pre-3.13 REPL behavior.
- C API
    - gh-140042: Removed the sqlite3_shutdown call that could
      cause closing connections for sqlite when used with
      multiple sub interpreters.
    - gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API
      3.11 and older: don’t treat Py_NotImplemented as immortal.
      Patch by Victor Stinner.

- Update to 3.13.9:

  - Library
    - gh-139783: Fix inspect.getsourcelines() for the case when a
      decorator is followed by a comment or an empty line.

- Update to 3.13.8:

  - Tools/Demos
    - gh-139330: SBOM generation tool didn’t cross-check the version
      and checksum values against the Modules/expat/refresh.sh script,
      leading to the values becoming out-of-date during routine
      updates.
    - gh-137873: The iOS test runner has been simplified, resolving
      some issues that have been observed using the runner in GitHub
      Actions and Azure Pipelines test environments.
  - Tests
    - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
      --verbose option anymore. Patch by Victor Stinner.
  - Security
    - gh-139400: xml.parsers.expat: Make sure that parent Expat
      parsers are only garbage-collected once they are no longer
      referenced by subparsers created by
      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
    - gh-139283: sqlite3: correctly handle maximum number of rows to
      fetch in Cursor.fetchmany and reject negative values for
      Cursor.arraysize. Patch by Bénédikt Tran.
    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
      according to the HTML5 standard: ] ]> and ]] > no longer end the
      CDATA section. Add private method _set_support_cdata() which can
      be used to specify how to parse <[CDATA[ — as a CDATA section in
      foreign content (SVG or MathML) or as a bogus comment in the
      HTML namespace.
  - Library
    - gh-139312: Upgrade bundled libexpat to 2.7.3
    - gh-139289: Do a real lazy-import on rlcompleter in pdb and
      restore the existing completer after importing rlcompleter.
    - gh-139210: Fix use-after-free when reporting unknown event in
      xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
    - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
      subprocess.
    - gh-112729: Fix crash when calling _interpreters.create when the
      process is out of memory.
    - gh-139076: Fix a bug in the pydoc module that was hiding
      functions in a Python module if they were implemented in an
      extension module and the module did not have __all__.
    - gh-138998: Update bundled libexpat to 2.7.2
    - gh-130567: Fix possible crash in locale.strxfrm() due to a
      platform bug on macOS.
    - gh-138779: Support device numbers larger than 2**63-1 for the
      st_rdev field of the os.stat_result structure.
    - gh-128636: Fix crash in PyREPL when os.environ is overwritten
      with an invalid value for mac
    - gh-88375: Fix normalization of the robots.txt rules and URLs in
      the urllib.robotparser module. No longer ignore trailing ?.
      Distinguish raw special characters ?, = and & from the
      percent-encoded ones.
    - gh-138515: email is added to Emscripten build.
    - gh-111788: Fix parsing errors in the urllib.robotparser module.
      Don’t fail trying to parse weird paths. Don’t fail trying to
      decode non-UTF-8 robots.txt files.
    - gh-138432: zoneinfo.reset_tzpath() will now convert any
      os.PathLike objects it receives into strings before adding them
      to TZPATH. It will raise TypeError if anything other than a
      string is found after this conversion. If given an os.PathLike
      object that represents a relative path, it will now raise
      ValueError instead of TypeError, and present a more informative
      error message.
    - gh-138008: Fix segmentation faults in the ctypes module due to
      invalid argtypes. Patch by Dung Nguyen.
    - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
      platforms).
    - gh-138204: Forbid expansion of shared anonymous memory maps on
      Linux, which caused a bus error.
    - gh-138010: Fix an issue where defining a class with a
      @warnings.deprecated-decorated base class may not invoke the
      correct __init_subclass__() method in cases involving multiple
      inheritance. Patch by Brian Schubert.
    - gh-138133: Prevent infinite traceback loop when sending CTRL^C
      to Python through strace.
    - gh-134869: Fix an issue where pressing Ctrl+C during tab
      completion in the REPL would leave the autocompletion menu in a
      corrupted state.
    - gh-137317: inspect.signature() now correctly handles classes
      that use a descriptor on a wrapped __init__() or __new__()
      method. Contributed by Yongyu Yan.
    - gh-137754: Fix import of the zoneinfo module if the C
      implementation of the datetime module is not available.
    - gh-137490: Handle ECANCELED in the same way as EINTR in
      signal.sigwaitinfo() on NetBSD.
    - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
      inspect.getsource() for generator expressions.
    - gh-137017: Fix threading.Thread.is_alive to remain True until
      the underlying OS thread is fully cleaned up. This avoids false
      negatives in edge cases involving thread monitoring or premature
      threading.Thread.is_alive calls.
    - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
      instead of a ValueError if Python has been built without MD5
      support. In particular, SMTP clients will not attempt to use
      this method even if the remote server is assumed to support it.
      Patch by Bénédikt Tran.
    - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
      CRAM-MD5 authentication is not supported. Patch by Bénédikt
      Tran.
    - gh-135386: Fix opening a dbm.sqlite3 database for reading from
      read-only file or directory.
    - gh-126631: Fix multiprocessing forkserver bug which prevented
      __main__ from being preloaded.
    - gh-123085: In a bare call to importlib.resources.files(), ensure
      the caller’s frame is properly detected when importlib.resources
      is itself available as a compiled module only (no source).
    - gh-118981: Fix potential hang in
      multiprocessing.popen_spawn_posix that can happen when the child
      proc dies early by closing the child fds right away.
    - gh-78319: UTF8 support for the IMAP APPEND command has been made
      RFC compliant.
    - bpo-38735: Fix failure when importing a module from the root
      directory on unix-like platforms with sys.pycache_prefix set.
    - bpo-41839: Allow negative priority values from
      os.sched_get_priority_min() and os.sched_get_priority_max()
      functions.
  - Core and Builtins
    - gh-134466: Don’t run PyREPL in a degraded environment where
      setting termios attributes is not allowed.
    - gh-71810: Raise OverflowError for (-1).to_bytes() for signed
      conversions when bytes count is zero. Patch by Sergey B
      Kirpichev.
    - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
      __bases__ from the __dir__() entries of types.GenericAlias.
    - gh-134163: Fix a hang when the process is out of memory inside
      an exception handler.
    - gh-138479: Fix a crash when a generic object’s __typing_subst__
      returns an object that isn’t a tuple.
    - gh-137576: Fix for incorrect source code being shown in
      tracebacks from the Basic REPL when PYTHONSTARTUP is given.
      Patch by Adam Hartz.
    - gh-132744: Certain calls now check for runaway recursion and
      respect the system recursion limit.
  - C API
    - gh-87135: Attempting to acquire the GIL after runtime
      finalization has begun in a different thread now causes the
      thread to hang rather than terminate, which avoids potential
      crashes or memory corruption caused by attempting to terminate a
      thread that is running code not specifically designed to support
      termination. In most cases this hanging is harmless since the
      process will soon exit anyway.
      While not officially marked deprecated until 3.14,
      PyThread_exit_thread is no longer called internally and remains
      solely for interface compatibility. Its behavior is inconsistent
      across platforms, and it can only be used safely in the unlikely
      case that every function in the entire call stack has been
      designed to support the platform-dependent termination
      mechanism. It is recommended that users of this function change
      their design to not require thread termination. In the unlikely
      case that thread termination is needed and can be done safely,
      users may migrate to calling platform-specific APIs such as
      pthread_exit (POSIX) or _endthreadex (Windows) directly.
  - Build
    - gh-135734: Python can correctly be configured and built with
      ./configure --enable-optimizations --disable-test-modules.
      Previously, the profile data generation step failed due to PGO
      tests where immortalization couldn’t be properly suppressed.


- Update to 3.13.7:

  - gh-137583: Fix a deadlock introduced in 3.13.6 when a call
    to ssl.SSLSocket.recv was blocked in one thread, and then
    another method on the object (such as ssl.SSLSocket.send) was
    subsequently called in another thread.
  - gh-137044: Return large limit values as positive integers
    instead of negative integers in resource.getrlimit().
    Accept large values and reject negative values (except
    RLIM_INFINITY) for limits in resource.setrlimit().
  - gh-136914: Fix retrieval of doctest.DocTest.lineno
    for objects decorated with functools.cache() or
    functools.cached_property.
  - gh-131788: Make ResourceTracker.send from multiprocessing
    re-entrant safe
  - gh-136155: We are now checking for fatal errors in EPUB
    builds in CI.
  - gh-137400: Fix a crash in the free threading build when
    disabling profiling or tracing across all threads with
    PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
    or their Python equivalents threading.settrace_all_threads()
    and threading.setprofile_all_threads().


- Update to 3.13.6:

  - Security
    - gh-135661: Fix parsing start and end tags in
      html.parser.HTMLParser according to the HTML5 standard.
    - gh-102555: Fix comment parsing in html.parser.HTMLParser
      according to the HTML5 standard.
    - CVE-2025-6069: Fix quadratic complexity in processing specially
      crafted input in html.parser.HTMLParser. End-of-file errors
      are now handled according to the HTML5 specs – comments and
      declarations are automatically closed, tags are ignored
      (gh-135462, bsc#1244705).
    - CVE-2025-8194: tarfile now validates archives to ensure member
      offsets are non-negative. (gh-130577, bsc#1247249).
    - gh-118350: Fix support of escapable raw text mode (elements
      “textarea” and “title”) in html.parser.HTMLParser.
  - Core and Builtins
    - gh-58124: Fix name of the Python encoding in Unicode errors
      of the code page codec: use “cp65000” and “cp65001” instead
      of “CP_UTF7” and “CP_UTF8” which are not valid Python code
      names. Patch by Victor Stinner.
    - gh-137314: Fixed a regression where raw f-strings
      incorrectly interpreted escape sequences in format
      specifications. Raw f-strings now properly preserve literal
      backslashes in format specs, matching the behavior from
      Python 3.11. For example, rf'{obj:\xFF}' now correctly
      produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo.
    - gh-136541: Fix some issues with the perf trampolines
      on x86-64 and aarch64. The trampolines were not being
      generated correctly for some cases, which could lead to
      the perf integration not working correctly. Patch by Pablo
      Galindo.
    - gh-109700: Fix memory error handling in
      PyDict_SetDefault().
    - gh-78465: Fix error message for cls.__new__(cls, ...) where
      cls is not instantiable builtin or extension type (with
      tp_new set to NULL).
    - gh-135871: Non-blocking mutex lock attempts now return
      immediately when the lock is busy instead of briefly
      spinning in the free threading build.
    - gh-135607: Fix potential weakref races in an object’s
      destructor on the free threaded build.
    - gh-135496: Fix typo in the f-string conversion type error
      (“exclamanation” -> “exclamation”).
    - gh-130077: Properly raise custom syntax errors when
      incorrect syntax containing names that are prefixes of soft
      keywords is encountered. Patch by Pablo Galindo.
    - gh-135148: Fixed a bug where f-string debug expressions
      (using =) would incorrectly strip out parts of strings
      containing escaped quotes and # characters. Patch by Pablo
      Galindo.
    - gh-133136: Limit excess memory usage in the free threading
      build when a large dictionary or list is resized and
      accessed by multiple threads.
    - gh-132617: Fix dict.update() modification check that could
      incorrectly raise a “dict mutated during update” error when
      a different dictionary was modified that happens to share
      the same underlying keys object.
    - gh-91153: Fix a crash when a bytearray is concurrently
      mutated during item assignment.
    - gh-127971: Fix off-by-one read beyond the end of a string
      in string search.
    - gh-125723: Fix crash with gi_frame.f_locals when generator
      frames outlive their generator. Patch by Mikhail Efimov.
  - Library
    - gh-132710: If possible, ensure that uuid.getnode()
      returns the same result even across different processes.
      Previously, the result was constant only within the same
      process. Patch by Bénédikt Tran.
    - gh-137273: Fix debug assertion failure in
      locale.setlocale() on Windows.
    - gh-137257: Bump the version of pip bundled in ensurepip to
      version 25.2
    - gh-81325: tarfile.TarFile now accepts a path-like when
      working on a tar archive. (Contributed by Alexander Enrique
      Urieles Nieto in gh-81325.)
    - gh-130522: Fix unraisable TypeError raised during
      interpreter shutdown in the threading module.
    - gh-136549: Fix signature of threading.excepthook().
    - gh-136523: Fix wave.Wave_write emitting an unraisable when
      open raises.
    - gh-52876: Add missing keepends (default True)
      parameter to codecs.StreamReaderWriter.readline() and
      codecs.StreamReaderWriter.readlines().
    - gh-85702: If zoneinfo._common.load_tzdata is given a
      package without a resource a zoneinfo.ZoneInfoNotFoundError
      is raised rather than a PermissionError. Patch by Victor
      Stinner.
    - gh-134759: Fix UnboundLocalError in
      email.message.Message.get_payload() when the payload to
      decode is a bytes object. Patch by Kliment Lamonov.
    - gh-136028: Fix parsing month names containing “İ” (U+0130,
      LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime().
      This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.
    - gh-135995: In the palmos encoding, make byte 0x9b decode to
      › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK).
    - gh-53203: Fix time.strptime() for %c and %x formats on
      locales byn_ER, wal_ET and lzh_TW, and for %X format on
      locales ar_SA, bg_BG and lzh_TW.
    - gh-91555: An earlier change, which was introduced in
      3.13.4, has been reverted. It disabled logging for a logger
      during handling of log messages for that logger. Since the
      reversion, the behaviour should be as it was before 3.13.4.
    - gh-135878: Fixes a crash of types.SimpleNamespace on free
      threading builds, when several threads were calling its
      __repr__() method at the same time.
    - gh-135836: Fix IndexError in
      asyncio.loop.create_connection() that could occur when
      non-OSError exception is raised during connection and
      socket’s close() raises OSError.
    - gh-135836: Fix IndexError in
      asyncio.loop.create_connection() that could occur when the
      Happy Eyeballs algorithm resulted in an empty exceptions
      list during connection attempts.
    - gh-135855: Raise TypeError instead of SystemError when
      _interpreters.set___main___attrs() is passed a non-dict
      object. Patch by Brian Schubert.
    - gh-135815: netrc: skip security checks if os.getuid() is
      missing. Patch by Bénédikt Tran.
    - gh-135640: Address bug where it was possible to call
      xml.etree.ElementTree.ElementTree.write() on an ElementTree
      object with an invalid root element. This behavior blanked
      the file passed to write if it already existed.
    - gh-135444: Fix asyncio.DatagramTransport.sendto() to
      account for datagram header size when data cannot be sent.
    - gh-135497: Fix os.getlogin() failing for longer usernames
      on BSD-based platforms.
    - gh-135487: Fix reprlib.Repr.repr_int() when given integers
      with more than sys.get_int_max_str_digits() digits. Patch
      by Bénédikt Tran.
    - gh-135335: multiprocessing: Flush stdout and stderr after
      preloading modules in the forkserver.
    - gh-135244: uuid: when the MAC address cannot be
      determined, the 48-bit node ID is now generated with a
      cryptographically-secure pseudo-random number generator
      (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1().
    - gh-135069: Fix the “Invalid error handling” exception in
      encodings.idna.IncrementalDecoder to correctly replace the
      ‘errors’ parameter.
    - gh-134698: Fix a crash when calling methods of
      ssl.SSLContext or ssl.SSLSocket across multiple threads.
    - gh-132124: On POSIX-compliant systems,
      multiprocessing.util.get_temp_dir() now ignores TMPDIR
      (and similar environment variables) if the path length of
      AF_UNIX socket files exceeds the platform-specific maximum
      length when using the forkserver start method. Patch by
      Bénédikt Tran.
    - gh-133439: Fix dot commands with trailing spaces are
      mistaken for multi-line SQL statements in the sqlite3
      command-line interface.
    - gh-132969: Prevent the ProcessPoolExecutor executor thread,
      which remains running when shutdown(wait=False), from
      attempting to adjust the pool’s worker processes after
      the object state has already been reset during shutdown.
      A combination of conditions, including a worker process
      having terminated abormally, resulted in an exception and
      a potential hang when the still-running executor thread
      attempted to replace dead workers within the pool.
    - gh-130664: Support the '_' digit separator in formatting
      of the integral part of Decimal’s. Patch by Sergey B
      Kirpichev.
    - gh-85702: If zoneinfo._common.load_tzdata is given a
      package without a resource a ZoneInfoNotFoundError is
      raised rather than a IsADirectoryError.
    - gh-130664: Handle corner-case for Fraction’s formatting:
      treat zero-padding (preceding the width field by a zero
      ('0') character) as an equivalent to a fill character of
      '0' with an alignment type of '=', just as in case of
      float’s.
  - Tools/Demos
    - gh-135968: Stubs for strip are now provided as part of an
      iOS install.
  - Tests
    - gh-135966: The iOS testbed now handles the app_packages
      folder as a site directory.
    - gh-135494: Fix regrtest to support excluding tests from
      --pgo tests. Patch by Victor Stinner.
    - gh-135489: Show verbose output for failing tests during PGO
      profiling step with –enable-optimizations.
  - Documentation
    - gh-135171: Document that the iterator for the leftmost for
      clause in the generator expression is created immediately.
  - Build
    - gh-135497: Fix the detection of MAXLOGNAME in the
      configure.ac script.

-----------------------------------------------------------------
Advisory ID: 172
Released:    Thu Jan 22 15:29:42 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1256525,1256526,CVE-2026-22695,CVE-2026-22801
This update for libpng16 fixes the following issues:

- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).

-----------------------------------------------------------------
Advisory ID: 182
Released:    Fri Jan 23 09:24:13 2026
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1253029,1253960,1254873,CVE-2024-12678,CVE-2024-25131,CVE-2024-25133,CVE-2024-28892,CVE-2024-43803,CVE-2024-45338,CVE-2024-45387,CVE-2024-54148,CVE-2024-55196,CVE-2024-55947,CVE-2024-56362,CVE-2024-56513,CVE-2024-56514,CVE-2024-9779,CVE-2025-21609,CVE-2025-21613,CVE-2025-21614,CVE-2025-22130
This update for dracut fixes the following issues:

- Fix and update testsuite (bsc#1254873):
    * test (FULL-SYSTEMD):
        + ignore errors in systemd-vconsole-setup.service
        + use poweroff to shut down test
        + no need to include dbus to the target rootfs
    * test: move /failed to /run/failed as rootfs might be read-only
    * test: make the size of all test drives 512 MB
    * fix (systemd): move installation of libkmod to udev-rules module
    * test: switch to virtio for the QEMU drive
    * test: increase test VM memory from 512M to 1024M to avoid OOM killer
    * test: move more common test code to test-functions
    * test: upgrade to ext4
- fix (nfs): do not execute logic in nfs hooks if netroot is not nfs (bsc#1253960)
- fix (kernel-modules-extra): remove stray \ before / (bsc#1253029)

-----------------------------------------------------------------
Advisory ID: 188
Released:    Fri Jan 23 18:19:05 2026
Summary:     Recommended update for ibus
Type:        recommended
Severity:    important
References:  1234812,1252250,CVE-2024-40896
This update for ibus fixes the following issues:

- Upstream update to 1.5.33:
    * Fix reset signal w/ GTK_IM_MODULE=ibus in Wayland
    * Provide preedit semantic APIs
    * Do not load en-US compose table by default
    * IBus 1.5.33 will insert 'include %L' in your compose file
      automatically generated by old IBus versions
    * Implement IBusMessage
    * Improve BEPO compose sequence visuals
    * Update simple.xml with xkeyboard-config 2.45
    * Update ibusunicodegen.h with Unicode 17.0.0
    * Bug fixes for Wayland input-method
    * Fix PageUp/PageDown buttons with hiding candidate popup
    * Fix leaks and buffer overflows
- Drop patches for unmaintained distributions
- Fix: Barcode scanner input gets jumbled when ibus is running and
  an application written in certain frameworks has focus (bsc#1252250):
    * After libX11 is fixed about the XIM jumbled input issues, too quick
      focus change can causes a freeze with barcode reader
    * Fix the synchronous 'ProcessKeyEvent' D-Bus method in ibus-x11
    * Add ibus_input_context_set_post_process_key_event() and ibus_input_context_post_process_key_event()

-----------------------------------------------------------------
Advisory ID: 190
Released:    Mon Jan 26 10:12:02 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1234996,1235088,1246019,1248301,1248400,1248631,1248670,1248672,1249207,1249208,1249241,1249537,1250192,1251982,1252270,1253437,1254196,CVE-2024-53164,CVE-2025-38500,CVE-2025-38554,CVE-2025-38572,CVE-2025-38588,CVE-2025-38608,CVE-2025-38616,CVE-2025-38617,CVE-2025-38618,CVE-2025-38664,CVE-2025-39682,CVE-2025-39963,CVE-2025-40204,CVE-2025-40212

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248301).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1249241).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1250192).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).

The following non security issue was fixed:

- Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).

-----------------------------------------------------------------
Advisory ID: 201
Released:    Tue Jan 27 16:23:11 2026
Summary:     Recommended update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google-guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache-commons-beanutils, ant, auto
Type:        recommended
Severity:    moderate
References:  1220262,1230698,1245914,1245931,1245969,CVE-2023-50782,CVE-2024-41996
This update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google-guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache-commons-beanutils, ant, auto fixes the following issues:

Changes in xom:

- Make build recipe compatible with POSIX sh. Use %autosetup.

Changes in xmlunit:

- Upgrade to 2.11.0

  * XMLUnit 2.x is a complete rewrite of XMLUnit and actually
    doesn't share any code with XMLUnit for Java 1.x.
  * Some goals for XMLUnit 2.x:

    + create .NET and Java versions that are compatible in design
      while trying to be idiomatic for each platform
    + remove all static configuration (the old XMLUnit class
      setter methods)
    + focus on the parts that are useful for testing

      - XPath
      - (Schema) validation
      - comparisons

    + be independent of any test framework

  * XMLUnit 1.x is no longer maintained

- Use diretly the xalan-j2 jar instead of the jaxp_transform_impl
  alternative (bsc#1245931 and bsc#1245914)

  * In cases of ATTR_NAME_NOT_FOUND and CHILD_NODE_NOT_FOUND
    differences the value used to be the local name of the missing
    attribute or node.
  * New assertXpathEvaluatesTo overloads in XMLAssert and a new
    QualifiedName class can be used to assert the stringified result
    of an XPath expression is actually a qualified name

Changes in modello:

- Upgrade to upstream version 2.5.1

  * New features and improvements

    + Improve and add exceptions for singular method
    + Fix Snakeyaml
    + Restore singular method behavior like was in version 2.4.0

  * Maintenance

    + Partially migrate to JUnit 5
    + Apply spotless re-formatting
    + Update build, get rid of legacy, fix CLI
    + Use distributionManagement from parent pom

- Fix the modello script classpath to be able to run the velocity
  generator.

- Upgrade to upstream version 2.3.0

Changes in modello:

- Add -Dguice_custom_class_loading=CHILD option to the command-line
  launcher in order to avoid the following warnings with
  OpenJDK >= 24 :

  WARNING: A terminally deprecated method in sun.misc.Unsafe has
           been called
  WARNING: sun.misc.Unsafe::staticFieldBase has been called by
           com.google.inject.internal.aop.HiddenClassDefiner
  WARNING: Please consider reporting this to the maintainers of
           class com.google.inject.internal.aop.HiddenClassDefiner
  WARNING: sun.misc.Unsafe::staticFieldBase will be removed in a
           future release

- Upgrade to upstream version 2.5.1

  * New features and improvements

    + Improve and add exceptions for singular method
    + Fix Snakeyaml
    + Restore singular method behavior like was in version 2.4.0

  * Maintenance

    + Partially migrate to JUnit 5
    + Apply spotless re-formatting
    + Update build, get rid of legacy, fix CLI
    + Use distributionManagement from parent pom

- Add dependency on objectweb-asm to build with sisu 0.9.0.M4

- Fix the modello script classpath to be able to run the velocity
  generator.

Changes in junit5:

- Fix errors in aggregator.pom and in ant build system that prevent
  successful builds with upcoming Maven 4
- Generate a non-modular javadoc

Changes in jna:

+ do not put module-info.class in multirelease directories

Changes in javapackages-tools:

- Require findutils for working build-classpath (bsc#1245969)

- Upgrade to upstream version 6.4.1

  * Changes

    + Revert 'jpackage_script: Remove unneeded backslashes'
    + Initial implementation of %jp_binding macro
    + Replace invalid $ escape in regex

Changes in xz-java:

+ Do not put the module-info.class into multirelease directory
+ If building with Java 8 only, specify in the manifest the
  Automatic-Module-Name, so that it can be recognized as
  modular jar even in that configuration

Changes in sisu:

- Initial packaging of the Sisu Extenders with version 0.9.0.M4

- Upgrade to upstream milestone 0.9.0.M4

  * Most important change

    + ASM is 'demoted' to plain dependency, hence, consumer is able
      to override/update it the usual 'Maven way'. This applies to
      all components: inject, plexus and sisu-maven-plugin as well.
    + Historically, Sisu shaded in ASM just like Guice did. Later
      Sisu started shipping 'main' JAR with shaded ASM but also
      'no_asm' classified artifact without ASM (just like Guice did
      with  'classes' classified JAR). Starting from this version,
      Sisu does not shade ASM anymore, it is 'demoted' to transitive
      dependency.

  * Changes

    + Disable shallow clones for sonarcloud analysis
    + Remove spurious asserts
    + Post release cleanup
    + Fix jacoco + code coverage
    + Enable code coverage again for all modules
    + Use default property for the jacoco agent
    + Add documentation on Plexus Configurator API
    + Remove about.html as only relevant for Eclipse plugins
    + Document Lifecycle support
    + Call TypeAwareExpressionEvaluator.evaluate(String,Class) if
      available
    + Pass strict flag also via 'discoverComponents'
    + Embed/relocate ASM via m-shade-p
    + Update to ASM 9.8
    + Increase coverage
    + Align subproject names (and naming)
    + Build infra updates
    + Reproducible
    + Fix sisu-maven-plugin
    + Lax array converter
    + Update dependencies
    + Publishing to Central

- Build with bootstrap version of maven-plugins. This allows to be
  built early, since it will become a crucial plugin with Maven 4.

Changes in sisu:

- Upgrade to upstream milestone 0.9.0.M4

  * Most important change

    + ASM is 'demoted' to plain dependency, hence, consumer is able
      to override/update it the usual 'Maven way'. This applies to
      all components: inject, plexus and sisu-maven-plugin as well.
    + Historically, Sisu shaded in ASM just like Guice did. Later
      Sisu started shipping 'main' JAR with shaded ASM but also
      'no_asm' classified artifact without ASM (just like Guice did
      with  'classes' classified JAR). Starting from this version,
      Sisu does not shade ASM anymore, it is 'demoted' to transitive
      dependency.

  * Changes

    + Disable shallow clones for sonarcloud analysis
    + Remove spurious asserts
    + Post release cleanup
    + Fix jacoco + code coverage
    + Enable code coverage again for all modules
    + Use default property for the jacoco agent
    + Add documentation on Plexus Configurator API
    + Remove about.html as only relevant for Eclipse plugins
    + Document Lifecycle support
    + Call TypeAwareExpressionEvaluator.evaluate(String,Class) if
      available
    + Pass strict flag also via 'discoverComponents'
    + Embed/relocate ASM via m-shade-p
    + Update to ASM 9.8
    + Increase coverage
    + Align subproject names (and naming)
    + Build infra updates
    + Reproducible
    + Fix sisu-maven-plugin
    + Lax array converter
    + Update dependencies
    + Publishing to Central

Changes in jline3:

- Update to upstream version 3.30.6

  * New features and improvements

    + Improve console variable expansion (fixes #1370)
    + ConsoleEngineImpl: change method and field visibilities
    + Allow ConsoleEngineImpl subclasses access to
      VariableReferenceCompleter
    + feat: add reusable POSIX commands to builtins module
    + feat: support slurp command to be renamed
    + feat: Extend InputRC with method/s to directly read ~/.inputrc
      & /etc/inputrc
    + Allow system commands to be renamed.

  * Bug Fixes

    + Fix macOS hang in pipe operations by removing PTY terminal
      usage
    + enhancement: only compute suggestions in the Nano editor if
      something has changed
    + fix: refactor TerminalProvider methods to use
      inputEncoding/outputEncoding parameters
    + Fix System.out not working after closing dumb terminal
    + Optimize Display performance and fix terminal capability
      usage

  * Dependency updates

    + chore: Bump groovy.version from 4.0.27 to 4.0.28
    + chore: Bump com.palantir.javaformat:palantir-java-format from
      2.67.00 to 2.73.0
    + chore: Bump junit.version from 5.12.2 to 5.13.4
    + chore: Bump org.graalvm.sdk:graal-sdk from 24.2.1 to 24.2.2
    + chore: Bump com.google.jimfs:jimfs from 1.3.0 to 1.3.1
    + chore: Bump org.apache.maven.plugins:maven-enforcer-plugin
      from 3.5.0 to 3.6.1
    + chore: Bump on-headers and compression in /website
    + chore: Bump org.codehaus.gmavenplus:gmavenplus-plugin from
      4.2.0 to 4.2.1
    + chore: Bump org.apache.maven.plugins:maven-clean-plugin from
      3.4.1 to 3.5.0
    + chore: Bump org.codehaus.mojo:build-helper-maven-plugin from
      3.6.0 to 3.6.1
    + chore: Bump org.apache.maven.plugins:maven-gpg-plugin from
      3.2.7 to 3.2.8
    + chore: Bump eu.maveniverse.maven.njord:extension from 0.6.2
      to 0.7.5

  * Documentation updates

    + docs: Link to Nano Customization from Builtins doc page
    + docs: Add Capability.enter_ca_mode and Capability.exit_ca_mode
      tip

  * Maintenance

    + Remove double docs/docs in edit links on jline.org (fixes#
      1309)
    + chore: make downcall handles static final

- Build the ffm support in Factory, since we have now the java >= 22

- Update to upstream version 3.30.4

  * New features and improvements

    + add pluggable completion to Nano editor (fixes #1194)
    + enhanced MouseSupport to handle multiple mouse event formats
      (SGR, URXVT, SGR-Pixels)
    + add getCurrentMouseTracking to Terminal interface
    + add ability to get terminal default foreground and background
      colors
    + add password masking support for dumb terminals (fixes #1172)
    + add line numbers and current line marker to secondary prompt
      (fix for #1151)
    + Add support for separate encodings for stdin, stdout, and
      stderr
    + Make prompts work in non-fullscreen mode

  * Bug Fixes

    + use a fallback classloader suitable for java Modules or OSGi
      environments (fixes #1185)
    + NPE in Status#resize when supported is false (fixes #1191)
    + nano editor exiting when pressing Ctrl+Space (fixes #1200)
    + parse error of system default /usr/share/nano/*.nanorc
    + Terminal.trackMouse(MouseTracking.Off) (fixes #1189)
    + Make command execution order consistent in SystemRegistryImpl
    + handle invalid entries in history files gracefully
    + Properly fill screen lines with spaces when width is increased
      in ScreenTerminal
    + cursor position after Status.update()
    + improve script file detection and execution in Groovy REPL,
      fixes #1139
    + ensure proper cleanup of pump threads in terminal
      implementations
    + add history line width check in ScreenTerminal.setSize()
      (fixes #1206)
    + console-ui example: catch UserInterruptException in place of
      IOError
    + Ctrl+Space handling on Windows terminals
    + Update LineReaderImpl to use new readMouseEvent signature with
      lastBinding parameter
    + enhance nanorc loading and introduce a ClasspathResourceUtil
      utility
    + missing close in PosixSysTerminal.
    + Jansi AnsiConsole broken color detection in uber jars
    + SyntaxHighlighter glob pattern handling for non-default file
      systems

  * Documentation

    + Integrate website into main repository
    + improve JLineNativeLoader documentation and references
    + fix readme
    + Add comprehensive Javadoc to jline-builtins module
    + improve Javadoc in console module
    + add comprehensive Javadoc to org.jline.style package
    + add comprehensive Javadoc to JLine Terminal and Reader
    + Add missing DISABLE_EVENT_EXPANSION JavaDoc (fixes #1218)
    + Make sure snippets compile
    + Corrected the maven central link
    + correct PicocliJLineExample snippet name in
      library-integration.md
    + validate code snippets during build time instead of runtime
    + add missing @SInCE 3.30.0 annotations to new methods in
      Terminal
    + integrate GitHub wiki content into website documentation
    + Improve website build system and documentation management
    + fix javadoc redirect URL issue
    + Add picocli links to library integration
    + Mention InputRC on Builtins
    + doc: update version to 3.30.0 and add Javadoc integration
    + integrate ConsoleUI documentation into website
    + add syntax highlighting example classes for documentation
    + Expand DISABLE_EVENT_EXPANSION JavaDoc (re. #1238)
    + Link to documentation website earlier in README (see #1240)
    + Link to Pty4j on Terminal

- Rewrite to use Ant to build. This prevents potential cycles with
  upcoming Maven 4

Changes in j2objc-annotations:

- Update to version 3.0.0

  * no structured changelog available
  * this version is a modular jar needed by guava

Changes in jackson-databind:

- Fix 'Not fully interpolated version' error with Maven 4

Changes in icu4j:

+ detect java version up to 25 when running ant

Changes in guava:

- Upgrade to guava 33.4.8

  * Changes of version 33.4.8

    + util.concurrent: Removed our VarHandle code from
      guava-android. While the code was never used at runtime under
      Android, it was causing problems under the Android Gradle
      Plugin with a minSdkVersion below 26. To continue to avoid
      sun.misc.Unsafe under the JVM, guava-android will now always
      use AtomicReferenceFieldUpdater when run there.

  * Changes of version 33.4.7
    + Modified the guava module's dependency on failureaccess to be
      transitive. Also, modified the guava-testlib module to make
      its dependency on guava transitive, to remove its dependency
      on failureaccess, and to add a dependency (transitive) on
      junit.
    + util.concurrent: Modified our fast paths to ensure that they
      continue to work when run through optimizers, such as those
      commonly used by Android apps. This fixes problems that some
      users may have seen since Guava 33.4.5.
    + util.concurrent: Changed the guava-android copy of
      AbstractFuture to try VarHandle before Unsafe, eliminating a
      warning under newer JDKs.

  * Changes of version 33.4.6

    + Removed the extra copy of each class from the Guava jar. The
      extra copies were an accidental addition from the
      modularization work in Guava 33.4.5.
    + Fixed annotation-related warnings when using Guava in modular
      builds. The most common such warning is Cannot find annotation
      method 'value()' in type 'DoNotMock': ....

  * Changes of version 33.4.5

    + Changed the Guava jar (plus guava-testlib and failureaccess
      jars) to be a modular jar.
    + Changed various classes to stop using sun.misc.Unsafe under
      Java 9+.
      ° Note that, if you use guava-android on the JVM (instead of
        using guava-jre), Guava will still try to use
        sun.misc.Unsafe. We will do further work on this in the
        future.
    + Belatedly updated the Public Suffix List data.

  * Changes of version 33.4.4

    + Migrated from Checker Framework annotations to JSpecify
      annotations.
    + Made our usages of nullness annotations available in our GWT
      artifact. GWT users will need to upgrade to GWT 2.12.1, which
      makes GWT as tolerant of Java 8 type-use annotations as it is
      of other annotations.

  * Changes of version 33.4.3

    + Migrated from @CheckForNull to the Checker Framework
      @Nullable. Most tools recognize both annotations, so we expect
      this to be a no-op in almost all cases. This release removes
      our dependency on JSR-305.

  * Changes of version 33.4.2

    + Changed @ParametricNullness into a no-op for Kotlin and
      IntelliJ. Before now, it was forcing many usages of type
      variables to have platform types, which meant that Kotlin
      couldn't check those usages for nullness errors. With this
      change, Kotlin can detect more errors.

  * Changes of version 33.4.1

    + Replaced our custom @ElementTypesAreNonnullByDefault
      annotations with the JSpecify @NullMarked annotation.

  * Changes of version 33.4.0

    + Exposed additional Java 8 APIs to Android users.
    + base: Deprecated Charsets constants in favor of
      StandardCharsets. We will not remove the constants, but we
      recommend using StandardCharsets for consistency.
    + base: Added ToStringHelper.omitEmptyValues().
    + collect: Added an optimized copyOf method to TreeRangeMap.
    + collect.testing: Fixed @Require annotations so that features
      implied by absent features are not also required to be absent.
    + io: Changed ByteSink and CharSink to no longer call flush() in
      some cases before close(). This is a no-op for well-behaved
      streams, which internally flush their data as part of closing.
      However, we have discovered some stream implementations that
      have overridden close() to do nothing, including not to flush
      some buffered data. If this change causes problems, the
      simplest fix is usually to change the close() override to at
      least call flush().
    + net: Added HttpHeaders.ALT_SVC and MediaType.CBOR.

  * Changes of version 33.3.1

    + Added j2objc-annotations to the Gradle runtime classpath to
      stop producing an Android Gradle Plugin error.

  * Changes of version 33.3.0

    + base: Removed @Beta from the Duration overload of
      Suppliers.memoizeWithExpiration.
    + cache: Added CacheBuilder Duration overloads to guava-android.
    + collect: Removed @Beta from the guava-android Collector APIs.
    + collect: Added ImmutableMultimap.builderWithExpectedKeys and
      ImmutableMultimap.Builder.expectedValuesPerKey.
    + graph: Improved Graphs.hasCycle to avoid causing
      StackOverflowError for long paths.
    + net: Added text/markdown to MediaType.
    + net: Deprecated HttpHeaders constant for Sec-Ch-UA-Form-Factor
      in favor of Sec-Ch-UA-Form-Factors to follow the latest spec.
    + testing: Changed some test libraries to throw AssertionError
      (instead of the more specific AssertionFailedError) in some
      cases.

    + we are folding the failureaccess into the main guava.jar, so
      we don't have a special module for it.

Changes in google-guice:

- Fix build with Java 25

Changes in google-gson:

- Rewrite the build system for ant to avoid potential build cycles
  with upcoming Maven 4

Changes in geronimo-specs:

- Do not use update-alternatives

Changes in exec-maven-plugin:

- Upgrade to upstream version 3.5.1

- Changes of 3.5.1

  * Bug Fixes

    + Add ClassLoader support for ASM ClassWriter

  * Maintenance

    + Fix ITs for Maven 4 rc-3
    + Document how to use env vars in commandlineArgs

- Changes of 3.5.0

  * New features and improvements

    + Add toolchain java path to environment variables in ExecMojo

  * Bug Fixes

    + #322, enable to control the exec:java interaction with JVM
      classloader more finely

  * Maintenance

    + Update site descriptor to 2.0.0
    + Toolchains manual improvements
    + Manage version of maven-toolchains-plugin

- Changes of 3.4.1

  * Bug Fixes

    + Environment variable Path should be used as case-insensitive
    + fix: NPE because declared MavenSession field hides field of
      superclass

  * Maintenance

    + Remove redundant spotless configuration

  * Build

    + Use Maven4 enabled with GH Action
    + Use shared release drafter GH Action

- Chages of 3.4.0

  * New features and improvements

    + Allow <includePluginDependencies> to be specified for the
      exec:exec goal

  * Bug Fixes

    + Do not get UPPERCASE env vars

  * Maintenance

    + Remove Log4j 1.2.x from ITs

  * Build

    + Use Maven 3.9.7 and 4.0.0-beta-3

- Changes of 3.3.0

  * New features and improvements

    + Add option to include runtime and provided

- Changes of 3.2.0

  * New features and improvements

    + Enable to exec:java runnables and not only mains with loosely
      coupled injections
    + Try to get rid of legacy API which can break starting with
      java 17

  * Bug Fixes

    + Fix #401 - Maven v4 compatibility

  * Maintenance

    + ITs improvement
    + Fix documentation formatting, add menu items for new examples
    + Execute mexec-137 also on unix family
    + Remove unused test

  * Build

    + Bump release-drafter/release-drafter from 5 to 6

- Changes of 3.1.1

  * New features and improvements

    + Remove unused killAfter options
    + [#391] Cope with Thread::stop being unavailable in JDK 20+
    + Only prefix program output with thread name when running with
      multiple threads
    + [#389] Add option 'blockSystemExit' to 'java' mojo
    + Require Maven 3.6.3+
    + Ensure maven.properties can be forwarded to system properties
      for exec:java

  * Bug Fixes

    + Fix #158 - Fix non ascii character handling
    + [#323] exec arguments missing

  * Maintenance

    + Code cleanups - use newer JDK features
    + Enable spotless for code formatting
    + Require Maven 3.6.3+
    + ITs cleanups
    + Use Resolver Api for dependency resolving
  * Build
    + Workaround for concurrent access to local repository on
      Windows by ITs
    + Use Maven 3.9.4, 3.8.8 in GitHub build
- Changes of 3.1.0
  * New features and improvements
    + Require Maven 3.2.5
    + Support stream inheritance for the forked process, fixes #71
  * Bug Fixes
    + Fix NullPointerException when using plugin dependencies in
      version 1.6.0
    + preload common pool - issue #198
    + fix handling of LongModulePathArgument and LongClassPathArgument
    + Do not drop environment variables that contain '=' in their value,
      or have no value.
    + Empty argument tag should add empty string instead of null
    + Fixes #160, ensure the java classloader is a child first one and
      supports to excludes some gathered classpath element to solve
      manually conflicts
  * Maintenance
    + Get rid of maven-artifact-transfer from dependencies
    + Cleanup project site
    + Cleanup project
    + Fix build badge for current CI system
    + Enforce JAVA_HOME for ITs
    + Drop Invokable interface
    + Remove unused class
    + Remove unused class and profile to build it
    + Remove unused imports
    + Remove unused fields
    + Bump sniffed signatures
    + fix issue with IBM semu 11
    + [DEPS] remove unused logging dependencies.
    + Fixed message: Removed duplicate space
    + Fix spelling in error msg (occured -> occurred)
  * Build
    + Testing with Maven 3.2.5 and 3.8.6
    + use shared gh action from ASF
    + use Temurin JDK

Changes in bouncycastle:

- Update to 1.82:

  * Defects Fixed:

    - SNOVA and MAYO are now correctly added to the JCA provider module-info file.
    - TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7.
    - BCJSSE: Session binding map is now shared across all stages of the
      session lifecycle (SunJSSE compatibility).
    - The CMCEPrivateKeyParameters#reconstructPublicKey method was returning
      an empty byte array. It now returns an encoding of the public key.
    - CBZip2InputStream no longer auto-closes at end-of-contents.
    - The BC CertPath implementation was eliminating certificates on the
      bases of the Key-ID. This is not in accordance with RFC 4158.
    - Support for the previous set of libOQS Falcon OIDs has been restored.
    - The BC CipherInputStream could throw an exception if asked to handle an
      AEAD stream consisting of the MAC only.
    - Some KeyAgreement classes were missing in the Java 11 class hierarchy.
    - Fix typo in a constant name in the HPKE class and deprecate the old constant.
    - Fuzzing analysis has been done on the OpenPGP API and additional code
      has been added to prevent escaping exceptions.

  * Additional Features and Functionality:

    - SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable
      and EncodableService.
    - BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150.
    - BCJSSE: Added support for system properties 'jdk.tls.{client,server}.maxInboundCertificateChainLength'
    - BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00.
    - The Composite post-quantum signatures implementation has been updated to
      the latest draft (07) draft-ietf-lamps-pq-composite-sigs.
    - '_PREHASH' implementations are now provided for all composite signatures
      to allow the hash of the date to be used instead of the actual data in
      signature calculation.
    - The gradle build can now be used to generate an Bill of Materials (BOM) file.
    - It is now possible to configure the SignerInfoVerifierBuilder used by the
      SignedMailValidator class.
    - The Ascon family of algorithms has been updated with the latest published changes.
    - Composite signature keys can now be constructed from the individual keys of
      the algorithms composing the composite.
    - PGPSecretKey, PGPSignatureGenerator now support version 6.
    - Further optimisation work has been done on ML-KEM public key validation.
    - Zeroization of passwords in the JCA PKCS12 key store has been improved.
    - The 'org.bouncycastle.drbg.effective_256bits_entropy' property has been
      added for platforms where the entropy source is not producing 1 full bit
      of entropy per bit and additional bits are required (default value 282).
    - OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility).
    - The HQC KEM has been updated with the latest draft updates.

  * Additional Notes:

    - The legacy post-quantum package has now been removed.

- Update to 1.81:

  * Defects Fixed:

    - A potention NullPointerException in the KEM KDF KemUtil class
      has been removed.
    - Overlapping input/output buffers in doFinal could result in
      data corruption.
    - Fixed Grain-128AEAD decryption incorrectly handle MAC verification.
    - Add configurable header validation to prevent malicious header
      injection in PGP cleartext signed messages; Fix signature packet
      encoding issues in PGPSignature.join() and embedded signatures
      while phasing out legacy format.
    - Fixed ParallelHash initialization stall when using block size B=0.
    - The PRF from the PBKDF2 function was been lost when PBMAC1 was
      initialized from protectionAlgorithm. This has been fixed.
    - The lowlevel DigestFactory was cloning MD5 when being asked
      to clone SHA1.

  * Additional Features and Functionality:

    - XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/
    - Further support has been added for generation and use of PGP V6 keys
    - Additional validation has been added for armored headers in Cleartext
      Signed Messages.
    - The PQC signature algorithm proposal Mayo has been added to the
      low-level API and the BCPQC provider.
    - The PQC signature algorithm proposal Snova has been added to the
      low-level API and the BCPQC provider.
    - Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs.
    - The Falcon implementation has been updated to the latest draft.
    - Support has been added for generating keys which encode as seed-only
      and expanded-key-only for ML-KEM and ML-DSA private keys.
    - Private key encoding of ML-DSA and ML-KEM private keys now follows
      the latest IETF draft.
    - The Ascon family of algorithms has been updated to the initial draft
      of SP 800-232. Some additional optimisation work has been done.
    - Support for ML-DSA's external-mu calculation and signing has been
      added to the BC provider.
    - CMS now supports ML-DSA for SignedData generation.
    - Introduce high-level OpenPGP API for message creation/consumption
      and certificate evaluation.
    - Added JDK21 KEM API implementation for HQC algorithm.
    - BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks.
    - BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05).
    - BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00).
    - BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order
      (BCSSLParameters.useNamedGroupsOrder).

Changes in byte-buddy:

- Fix build with maven 4

- Update to v1.17.6

  * Changes of v1.17.6

    + Add convenience wrapper for ResettableClassFileTransformer
      that implicitly delegates to correct transformer method.
    + Add filter for deduplicate fields and methods in class file.
    + Add missing static requirement of Spotbugs annotations to
      module descriptors.
    + Add LazinessMode for TypePool and add convenience support to
      AgentBuilder.
    + Fix source jars for multi-version release to contain
      duplicated source.

- Update to v1.17.5

  * Changes of v1.17.5

    + Update ASM to version 9.8 to support Java 25 using ASM reader
      and writer.
    + Include AnnotationRemoval visitor for removing or replacing
      annotations.

- Update to v1.17.4

  * Changes of v1.17.4

    + Add SafeVarargs plugin.
    + Fix OSGi declaration for byte-buddy-agent.

- Update to v1.17.3

  * Changes of v1.17.3

    + Fix bug in ASM to Class File API bridge handling tableswitch
      instructions.
    + Add plugin for adding SafeVarargs annotations.
    + Further generify MemberSubstitution API.

- Update to v1.17.2

  * Changes of v1.17.2

    + Update Class File API integration to include support for
      several omitted byte codes.
    + Adjust attach API emulation for OpenJ9 to not create
      subfolder if temporary folder is set explicitly.

- Update to v1.17.1

  * Changes of v1.17.1

    + Fix bug in MemberSubstitution were argument indices were
      resolved by one digit off.
    + Update Class File API integration to avoid that parameter
      annotations are lost.

Changes in byaccj:

- add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
  still allow build on SLE / Leap 15

Changes in apache-commons-logging:

- Upgrade to 1.3.5

  * Fixed Bugs

    + Javadoc is missing its Overview page.
    + Remove -nouses directive from maven-bundle-plugin. OSGi
      package imports now state 'uses' definitions for package
      imports, this doesn't affect JPMS (from
      org.apache.commons:commons-parent:80).

  * Changes

    + Bump org.apache.commons:commons-parent from 72 to 81 #285,
      #287, #295, #298, #303, #310, #339.
    + Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0
      #288 [test].
    + Bump log4j2.version from 2.23.1 to 2.24.3 #292, #299, #319,
      #328.

  * Removed:
    + Remove 'cobertura' plugin use JaCoco, Cobertura is
      unmaintained.

    + LOGGING-193: Update Log4j 2 OSGi imports #268.
    + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog.
    + Fix NullPointerException in SimpleLog#write(Object) on null

Changes in apache-commons-cli:

- Update to 1.10.0

  * New Features

    + CLI-339: Help formatter extension in the new package #314.
    + CommandLine.Builder implements Supplier<CommandLine>.
    + DefaultParser.Builder implements Supplier<DefaultParser>.
    + CLI-340: Add CommandLine.getParsedOptionValues() #334.
    + CLI-333: org.apache.commons.cli.Option.Builder implements
      Supplier<Option>.

  * Fixed Bugs

    + Deprecate CommandLine.Builder() in favor of
      CommandLine.builder().
    + Deprecate DeprecatedAttributes.Builder() in favor of
      DeprecatedAttributes.builder().
    + Refactor default parser test #294.
    + Port to JUnit 5.
    + Generics for Converter should use Exception not Throwable.
    + Pick up maven-antrun-plugin version from parent POM
      org.apache:apache.
    + Javadoc is missing its Overview page.
    + Get mockito version from parent pom (#351).
    + Remove -nouses directive from maven-bundle-plugin. OSGi
      package imports now state 'uses' definitions for package
      imports, this doesn't affect JPMS
      (from org.apache.commons:commons-parent:80).
    + Deprecate PatternOptionBuilder.PatternOptionBuilder().
    + CLI-341: HelpFormatter infinite loop with 0 width input.
    + CLI-349: Fail faster with a more precise NullPointerException:
      Option.processValue() throws NullPointerException when passed
      null value with value separator configured.
    + CLI-344: Fail faster with a more precise NullPointerException:
      DefaultParser.parse() throws NullPointerException when options
      parameter is null.
    + CLI-347: Options.addOptionGroup(OptionGroup) does not remove
      required options from requiredOpts list.
    + org.apache.commons.cli.Option.Builder.get() should throw
      IllegalStateException instead of IllegalArgumentException.
    + org.apache.commons.cli.Option.processValue(String) should
      throw IllegalStateException instead of
      IllegalArgumentException.
    + org.apache.commons.cli.OptionBuilder.create() should throw
      IllegalStateException instead of IllegalArgumentException.

  * Updates

    + Bump org.apache.commons:commons-parent from 72 to 85 #302,
      #304, #310, #315, #320, #327, #371.
    + [test] Bump commons-io:commons-io from 2.16.1 to 2.20.0 #309,
      #337.
    + [test] Bump org.apache.commons:commons-text from 1.12.0 to
      1.14.0 #344.
    + Update site documentation to
      https://maven.apache.org/xsd/xdoc-2.0.xsd.

    + CLI-334: Fix Javadoc pathing #280.
    + CLI-335: Updated properties documentation #285.
    + CLI-336: Deprecation not always reported #284.

Changes in apache-commons-codec:

- Update to 1.18.0

  * New features

    + Add Base32.Builder.setHexDecodeTable(boolean).
    + Add Base32.Builder.setHexEncodeTable(boolean).

  * Changes

    + Bump org.apache.commons:commons-parent from 78 to 79.

- Includes changes from 1.17.2

  * Fixed Bugs

    + Rewrite DaitchMokotoffSoundex.soundex(String) using
      String.join().
    + CODEC-324:  Use Resource.class to load resources, rather than
      its class loader #353.
    + Deprecate CharSequenceUtils.CharSequenceUtils().
    + Deprecate Sha2Crypt.Sha2Crypt().

  * Changes

    + Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0
      #296, #305, #313.
    + Bump org.apache.commons:commons-parent from 71 to 78 #310,
      #312, #319, #323, #326, #333.
    + [test] Bump commons-io:commons-io from 2.16.1 to 2.18.0 #318,
      #341.
    + Bump org.codehaus.mojo:taglist-maven-plugin from 3.1.0 to
      3.2.1 #332.

Changes in apache-commons-daemon:

- Upgrade to 1.4.1

  * Bug Fixes:

    + several issues around Java OS and header files location
      detection.
    + Correct several log messages where an incorrect placeholder
      led to truncation of the inserted values.

  * New Features

    + Add protection to avoid high CPU usage for applications
      running in JVM mode that do not wait for the stop method to
      be called before the start method returns. Fixes DAEMON-460.
    + The minimum Java version has been increased to Java 8

Changes in apache-commons-dbcp:

- Do not provide the hibernate_jdbc_cache alternative

Changes in apache-commons-beanutils:

- Updated to 1.9.3

    - Fixed Bugs:

      * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12.
      * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2.
      * BEANUTILS-490: Update Java requirement from Java 5 to 6.
      * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8.

- update to 1.8.3 and rename to apache- to follow the upstream

Changes in auto:

- Force annotation processing, since it is needed with Java 25


-----------------------------------------------------------------
Advisory ID: 203
Released:    Wed Jan 28 09:27:48 2026
Summary:     Security update for ImageMagick
Type:        security
Severity:    important
References:  1234100,1234101,1234102,1234103,1234104,1235475,1254435,1254820,1255821,1255822,1255823,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747,CVE-2025-65955,CVE-2025-66628,CVE-2025-68618,CVE-2025-68950,CVE-2025-69204
This update for ImageMagick fixes the following issues:

- CVE-2025-65955: Fixed use-after-free/double-free in ImageMagick (bsc#1254435)
- CVE-2025-66628: Fixed Integer Overflow leading to out of bounds read in ImageMagick (32-bit only)  (bsc#1254820)
- CVE-2025-68618: Fixed that reading a malicious SVG file may result in a DoS attack (bsc#1255821)
- CVE-2025-68950: Fixed check for circular references in mvg files may lead to stack overflow (bsc#1255822)
- CVE-2025-69204: Fixed an integer overflow can lead to a DoS attack (bsc#1255823)

-----------------------------------------------------------------
Advisory ID: 206
Released:    Wed Jan 28 12:26:08 2026
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1219724,1248516,CVE-2024-24806
This update for grub2 fixes the following issues:

- Optimize PBKDF2 to reduce the decryption time (bsc#1248516)
    * lib/crypto: Introduce new HMAC functions to reuse buffers
    * lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle
    * kern/misc: Implement faster grub_memcpy() for aligned buffers

-----------------------------------------------------------------
Advisory ID: 212
Released:    Wed Jan 28 17:04:56 2026
Summary:     Security update for python-urllib3
Type:        security
Severity:    important
References:  1215377,1254866,1254867,CVE-2025-66418,CVE-2025-66471
This update for python-urllib3 fixes the following issues:

- CVE-2025-66471: Fixed excessive resource consumption via decompression
  of highly compressed data in Streaming API (bsc#1254867)
- CVE-2025-66418: Fixed resource exhaustion via unbounded number of links
  in the decompression chain (bsc#1254866)

-----------------------------------------------------------------
Advisory ID: 217
Released:    Thu Jan 29 16:32:26 2026
Summary:     Security update for elemental-register, elemental-toolkit
Type:        security
Severity:    important
References:  1220763,1229238,1229685,1229822,1230078,1231373,1235695,1236151,1237137,1241826,1241857,1251511,1251679,1253581,1253901,1254079,CVE-2024-43374,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2024-47814,CVE-2025-1215,CVE-2025-22134,CVE-2025-22872,CVE-2025-24014,CVE-2025-47911,CVE-2025-47913,CVE-2025-47914,CVE-2025-58181,CVE-2025-58190
This update for elemental-register, elemental-toolkit fixes the following issues:

elemental-register was updated to 1.8.1:

Changes on top of v1.8.1:

  * Update headers to 2026
  * Update questions to include SL Micro 6.2

Update to v1.8.1:

  * Install yip config files in before-install step
  * Bump github.com/rancher-sandbox/go-tpm and its dependencies
    This includes few CVE fixes:
    * bsc#1241826 (CVE-2025-22872)
    * bsc#1241857 (CVE-2025-22872)
    * bsc#1251511 (CVE-2025-47911)
    * bsc#1251679 (CVE-2025-58190)

elemental-toolkit was updated to v2.3.2:

  * Bump golang.org/x/crypto library
    This includes few CVE fixes:
    * bsc#1241826 (CVE-2025-22872)
    * bsc#1241857 (CVE-2025-22872)
    * bsc#1251511 (CVE-2025-47911)
    * bsc#1251679 (CVE-2025-58190)
    * bsc#1253581 (CVE-2025-47913)
    * bsc#1253901 (CVE-2025-58181)
    * bsc#1254079 (CVE-2025-47914)

-----------------------------------------------------------------
Advisory ID: 221
Released:    Thu Jan 29 17:14:38 2026
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1233517,1256389,1257395,1257396,CVE-2025-23013,CVE-2026-24882,CVE-2026-24883
This update for gpg2 fixes the following issues:

- CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396).
- CVE-2026-24883: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value (bsc#1257395).
- gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389).

-----------------------------------------------------------------
Advisory ID: 218
Released:    Thu Jan 29 18:44:57 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1219458,1229069,1229272,1230007,1230596,1234027,1236282,1256436,1256766,1256822,1257005,CVE-2023-31315,CVE-2025-0395,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:

Security fixes:

- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).

Other fixes:

- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)

-----------------------------------------------------------------
Advisory ID: 224
Released:    Fri Jan 30 11:05:07 2026
Summary:     Security update for unbound
Type:        security
Severity:    moderate
References:  1233699,1234665,1236282,1252525,CVE-2025-0395,CVE-2025-11411
This update for unbound fixes the following issues:

Update to 1.24.1:

- CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525).

-----------------------------------------------------------------
Advisory ID: 225
Released:    Fri Jan 30 15:38:31 2026
Summary:     Security update for alloy
Type:        security
Severity:    important
References:  1215098,1215099,1215100,1215101,1215102,1215103,1230316,1255074,1255333,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881,CVE-2025-68156
This update for alloy fixes the following issues:

Update to 1.12.2:

Security fixes:

- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):
- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container
  breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)

Other fixes:

    - Add missing configuration parameter
      deployment_name_from_replicaset to k8sattributes processor
      (5b90a9d) (@dehaansa)
    - database_observability: Fix schema_details collector to fetch
      column definitions with case sensitive table names (#4872)
      (560dff4) (@jharvey10, @fridgepoet)
    - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)
    - deps: Update npm dependencies [backport] (#5201) (8e06c26)
      (@jharvey10)
    - Ensure the squid exporter wrapper properly brackets ipv6
      addresses [backport] (#5205) (e329cc6) (@dehaansa)
    - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)
      (@kalleep)
    - Prevent panic in import.git when update fails [backport]
      (#5204) (c82fbae) (@dehaansa, @jharvey10)
    - show correct fallback alloy version instead of v1.13.0
      (#5110) (b72be99) (@dehaansa, @jharvey10)

-----------------------------------------------------------------
Advisory ID: 229
Released:    Fri Jan 30 22:24:31 2026
Summary:     Security update for python-filelock
Type:        security
Severity:    moderate
References:  1223596,1230145,1255244,1256457,CVE-2025-68146,CVE-2026-22701
This update for python-filelock fixes the following issues:

- CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files (bsc#1255244).
- CVE-2026-22701: TOCTOU race condition in the SoftFileLock implementation (bsc#1256457).

-----------------------------------------------------------------
Advisory ID: 230
Released:    Mon Feb  2 12:54:26 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1205462,1214285,1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765,1243112,1245193,1247500,1250388,1252046,1252861,1253155,1253238,1253262,1253365,1253400,1253413,1253414,1253442,1253458,1253623,1253674,1253739,1254126,1254128,1254195,1254244,1254363,1254378,1254408,1254477,1254510,1254518,1254519,1254520,1254615,1254616,1254618,1254621,1254624,1254791,1254793,1254794,1254795,1254796,1254797,1254798,1254808,1254809,1254813,1254815,1254821,1254824,1254825,1254827,1254828,1254829,1254830,1254832,1254835,1254840,1254843,1254846,1254847,1254849,1254850,1254851,1254852,1254854,1254856,1254858,1254860,1254861,1254864,1254868,1254869,1254871,1254894,1254957,1254959,1254961,1254964,1254996,1255026,1255030,1255034,1255035,1255039,1255040,1255041,1255042,1255057,1255058,1255064,1255065,1255068,1255071,1255072,1255075,1255077,1255081,1255082,1255083,1255087,1255092,1255094,1255095,1255097,1255099,1255103,1255116,1255120,1255121,1255122,1255124,1255131,1255134,1
 255135,1255136,1255138,1255140,1255142,1255145,1255146,1255149,1255150,1255152,1255154,1255155,1255156,1255161,1255167,1255169,1255171,1255175,1255179,1255181,1255182,1255186,1255187,1255190,1255193,1255196,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255220,1255221,1255223,1255226,1255227,1255228,1255230,1255231,1255233,1255234,1255242,1255243,1255246,1255247,1255251,1255252,1255253,1255255,1255256,1255259,1255260,1255261,1255262,1255272,1255273,1255274,1255276,1255279,1255297,1255312,1255316,1255318,1255325,1255329,1255346,1255349,1255351,1255354,1255357,1255377,1255379,1255380,1255395,1255401,1255415,1255428,1255433,1255434,1255480,1255483,1255488,1255489,1255493,1255495,1255505,1255507,1255508,1255509,1255533,1255541,1255550,1255552,1255553,1255567,1255580,1255601,1255603,1255611,1255614,1255672,1255688,1255698,1255706,1255707,1255709,1255722,1255723,1255724,1255812,1255813,1255814,1255816,1255931,1255932,1255934,1255943,1255944,1256238,1256495,1256606,1256794,CVE-20
 25-38704,CVE-2025-39880,CVE-2025-39977,CVE-2025-40042,CVE-2025-40123,CVE-2025-40130,CVE-2025-40160,CVE-2025-40167,CVE-2025-40170,CVE-2025-40179,CVE-2025-40190,CVE-2025-40209,CVE-2025-40211,CVE-2025-40212,CVE-2025-40213,CVE-2025-40214,CVE-2025-40215,CVE-2025-40218,CVE-2025-40219,CVE-2025-40220,CVE-2025-40221,CVE-2025-40223,CVE-2025-40225,CVE-2025-40226,CVE-2025-40231,CVE-2025-40233,CVE-2025-40235,CVE-2025-40237,CVE-2025-40238,CVE-2025-40239,CVE-2025-40240,CVE-2025-40242,CVE-2025-40246,CVE-2025-40248,CVE-2025-40250,CVE-2025-40251,CVE-2025-40252,CVE-2025-40254,CVE-2025-40255,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40264,CVE-2025-40266,CVE-2025-40268,CVE-2025-40269,CVE-2025-40271,CVE-2025-40272,CVE-2025-40273,CVE-2025-40274,CVE-2025-40275,CVE-2025-40276,CVE-2025-40277,CVE-2025-40278,CVE-2025-40279,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40287,CVE-2025-40288,CVE-2025-40289,CVE-2025-40292,CVE-2025-40293,CVE-2025-40294,CVE-2025-4029
 7,CVE-2025-40301,CVE-2025-40302,CVE-2025-40303,CVE-2025-40304,CVE-2025-40307,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40319,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40330,CVE-2025-40331,CVE-2025-40332,CVE-2025-40337,CVE-2025-40338,CVE-2025-40339,CVE-2025-40340,CVE-2025-40342,CVE-2025-40343,CVE-2025-40344,CVE-2025-40345,CVE-2025-40346,CVE-2025-40347,CVE-2025-40350,CVE-2025-40353,CVE-2025-40354,CVE-2025-40355,CVE-2025-40357,CVE-2025-40359,CVE-2025-40360,CVE-2025-40362,CVE-2025-68167,CVE-2025-68170,CVE-2025-68171,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68181,CVE-2025-68183,CVE-2025-68184,CVE-2025-68185,CVE-2025-68190,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68197,CVE-2025-68198,CVE-2025-68201,CVE-2025-68202,CVE-2025-68206,CVE-2025-68207,CVE-2025-68208,CVE-2025-68209,CVE-2025-68210,CVE-2
 025-68213,CVE-2025-68215,CVE-2025-68217,CVE-2025-68222,CVE-2025-68223,CVE-2025-68230,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68239,CVE-2025-68242,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68254,CVE-2025-68255,CVE-2025-68256,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68264,CVE-2025-68283,CVE-2025-68284,CVE-2025-68285,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68293,CVE-2025-68298,CVE-2025-68301,CVE-2025-68302,CVE-2025-68303,CVE-2025-68305,CVE-2025-68306,CVE-2025-68307,CVE-2025-68308,CVE-2025-68311,CVE-2025-68312,CVE-2025-68313,CVE-2025-68317,CVE-2025-68327,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68340,CVE-2025-68342,CVE-2025-68343,CVE-2025-68344,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68351,CVE-2025-68352,CVE-2025-68353,CVE-2025-68354,CVE-2025-68362,CVE-2025-68363,CVE-2025-68378,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-687
 36,CVE-2025-68740,CVE-2025-68742,CVE-2025-68744,CVE-2025-68746,CVE-2025-68747,CVE-2025-68748,CVE-2025-68749,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766,CVE-2025-71096

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-38704: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408).
- CVE-2025-39880: ceph: fix race condition validating r_parent before applying state (bsc#1250388).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365).
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling
- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1254961).
- CVE-2025-40215: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40218: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (bsc#1254964).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40237: fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809).
- CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
- CVE-2025-40239: net: phy: micrel: always set shared->phydev for LAN8814 (bsc#1254868).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40246: xfs: fix out of bounds memory read error in symlink repair (bsc#1254861).
- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
- CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).
- CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856).
- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in
  qede_tpa_cont() and qede_tpa_end() (bsc#1254849).
- CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852).
- CVE-2025-40255: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
- CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082).
- CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).
- CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).
- CVE-2025-40276: drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (bsc#1254824).
- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).
- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).
- CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).
- CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318).
- CVE-2025-40347: net: enetc: fix the deadlock of enetc_mdio_lock (bsc#1255262).
- CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260).
- CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261).
- CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097).
- CVE-2025-40359: perf/x86/intel: Fix KASAN global-out-of-bounds warning (bsc#1255087).
- CVE-2025-40362: ceph: fix multifs mds auth caps issue (bsc#1255103).
- CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
- CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242).
- CVE-2025-68198: crash: fix crashkernel resource shrink (bsc#1255243).
- CVE-2025-68202: sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223).
- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
- CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227).
- CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).
- CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path (bsc#1255226).
- CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
- CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68293: mm/huge_memory: fix NULL pointer deference when splitting folio (bsc#1255150).
- CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120).
- CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121).
- CVE-2025-68317: io_uring/zctx: check chained notif contexts (bsc#1255354).
- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).
- CVE-2025-68353: net: vxlan: prevent NULL deref in vxlan_xmit_one (bsc#1255533).
- CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552).
- CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).
- CVE-2025-68736: landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- CVE-2025-68742: bpf: Fix invalid prog->stats access when update_effective_progs fails (bsc#1255707).
- CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).
- CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606).

The following non security issues were fixed:

- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672).
- Set HZ=1000 for ppc64 default configuration (jsc#PED-14344)
- bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433).
- btrfs: handle aligned EOF truncation correctly for subpage cases (bsc#1253238).
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- cpuset: fix warning when disabling remote partition (bsc#1256794).
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes).
- netdevsim: print human readable IP address (bsc#1255071).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event
  handling (bsc#1253262 ltc#216029).
- powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493
  bsc#1254244 ltc#216496).
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346).
- selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349).
- selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349).
- serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes).
- supported.conf: Mark lan 743x supported (jsc#PED-14571)
- tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477).
- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495).
- x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495).
- x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256495).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495).

-----------------------------------------------------------------
Advisory ID: 235
Released:    Mon Feb  2 13:41:24 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1236217,1238572,1257049,1257353,1257354,1257355,CVE-2025-22870,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:

- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).

-----------------------------------------------------------------
Advisory ID: 237
Released:    Mon Feb  2 14:00:02 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1232024,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:

Security fixes:

 - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).
 - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
 - CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).
 - CVE-2025-15469: 'openssl dgst' one-shot codepath silently truncates inputs >16MB (bsc#1256832).
 - CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).
 - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
 - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
 - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
 - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
 - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
 - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
 - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).

Other fixes:

- Enable livepatching support for ppc64le (bsc#1257274).

-----------------------------------------------------------------
Advisory ID: 239
Released:    Tue Feb  3 16:33:50 2026
Summary:     Recommended update for mariadb
Type:        recommended
Severity:    moderate
References:  1235151,1236588,1236590,1255024,CVE-2025-0167,CVE-2025-0725
This update for mariadb fixes the following issues:

Changes in mariadb:

- Fix incomplete SELinux labels during database update (bsc#1255024)

-----------------------------------------------------------------
Advisory ID: 240
Released:    Tue Feb  3 17:33:50 2026
Summary:     Recommended update for az-cli-cmd
Type:        recommended
Severity:    low
References:  1228086,1230468,1231792,1232063,1236982,1237695,1253491
This update for az-cli-cmd fixes the following issues:

- Update package summary (bsc#1253491)

-----------------------------------------------------------------
Advisory ID: 242
Released:    Wed Feb  4 12:37:13 2026
Summary:     Security update for cups
Type:        security
Severity:    critical
References:  1244057,1249049,1249128,1253783,1254353,CVE-2025-58060,CVE-2025-58364,CVE-2025-58436,CVE-2025-61915
This update for cups fixes the following issues:

Update to version 2.4.16.

Security issues fixed:

- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).
- CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128).
- CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049).

Other updates and bugfixes:

- Version upgrade to 2.4.16:

  * 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
    potentially reading past the end of the source string
    (Issue #1438)
  * The web interface did not support domain usernames fully
    (Issue #1441)
  * Fixed an infinite loop issue in the GTK+ print dialog
    (Issue #1439 boo#1254353)
  * Fixed stopping scheduler on unknown directive in
    configuration (Issue #1443)
  * Fixed packages for Immutable Mode (jsc#PED-14775
    from epic jsc#PED-14688)

- Version upgrade to 2.4.15:

  * Fixed potential crash in 'cups-driverd' when there are
    duplicate PPDs (Issue #1355)
  * Fixed error recovery when scanning for PPDs
    in 'cups-driverd' (Issue #1416)

- Version upgrade to 2.4.14.

- Version upgrade to 2.4.13:

  * Added 'print-as-raster' printer and job attributes
    for forcing rasterization (Issue #1282)
  * Updated documentation (Issue #1086)
  * Updated IPP backend to try a sanitized user name if the
    printer/server does not like the value (Issue #1145)
  * Updated the scheduler to send the 'printer-added'
    or 'printer-modified' events  whenever an IPP Everywhere PPD
    is installed (Issue #1244)
  * Updated the scheduler to send the 'printer-modified' event
    whenever the system default printer is changed (Issue #1246)
  * Fixed a memory leak in 'httpClose' (Issue #1223)
  * Fixed missing commas in 'ippCreateRequestedArray'
    (Issue #1234)
  * Fixed subscription issues in the scheduler and D-Bus notifier
    (Issue #1235)
  * Fixed media-default reporting for custom sizes (Issue #1238)
  * Fixed support for IPP/PPD options with periods or underscores
    (Issue #1249)
  * Fixed parsing of real numbers in PPD compiler source files
    (Issue #1263)
  * Fixed scheduler freezing with zombie clients (Issue #1264)
  * Fixed support for the server name in the ErrorLog filename
    (Issue #1277)
  * Fixed job cleanup after daemon restart (Issue #1315)
  * Fixed handling of buggy DYMO USB printer serial numbers
   (Issue #1338)
  * Fixed unreachable block in IPP backend (Issue #1351)
  * Fixed memory leak in _cupsConvertOptions (Issue #1354)

- Version upgrade to 2.4.12:

  * GnuTLS follows system crypto policies now (Issue #1105)
  * Added `NoSystem` SSLOptions value (Issue #1130)
  * Now we raise alert for certificate issues (Issue #1194)
  * Added Kyocera USB quirk (Issue #1198)
  * The scheduler now logs a job's debugging history
    if the backend fails (Issue #1205)
  * Fixed a potential timing issue with `cupsEnumDests`
    (Issue #1084)
  * Fixed a potential 'lost PPD' condition in the scheduler
    (Issue #1109)
  * Fixed a compressed file error handling bug (Issue #1070)
  * Fixed a bug in the make-and-model whitespace trimming
    code (Issue #1096)
  * Fixed a removal of IPP Everywhere permanent queue
    if installation failed (Issue #1102)
  * Fixed `ServerToken None` in scheduler (Issue #1111)
  * Fixed invalid IPP keyword values created from PPD
    option names (Issue #1118)
  * Fixed handling of 'media' and 'PageSize' in the same
    print request (Issue #1125)
  * Fixed client raster printing from macOS (Issue #1143)
  * Fixed the default User-Agent string.
  * Fixed a recursion issue in `ippReadIO`.
  * Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
  * Fixed validation of dateTime values with time zones
    more than UTC+11 (Issue #1201)
  * Fixed attributes returned by the Create-Xxx-Subscriptions
    requests (Issue #1204)
  * Fixed `ippDateToTime` when using a non GMT/UTC timezone
    (Issue #1208)
  * Fixed `job-completed` event notifications for jobs that are
    cancelled before started (Issue #1209)
  * Fixed DNS-SD discovery with `ippfind` (Issue #1211)

-----------------------------------------------------------------
Advisory ID: 244
Released:    Thu Feb  5 12:26:20 2026
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1231472,1256805,CVE-2026-0989
This update for libxml2 fixes the following issues:

- CVE-2026-0989: Fixed call stack exhaustion leading to application crash
  due to RelaxNG parser not limiting the recursion depth when
  resolving `<include>` directives (bsc#1256805).

-----------------------------------------------------------------
Advisory ID: 245
Released:    Thu Feb  5 12:50:09 2026
Summary:     Recommended update for doxygen
Type:        recommended
Severity:    moderate
References:  1233289,1233322
This update for doxygen fixes the following issues:

- drop %suse_update_desktop_file usage
- modified sources:
    * doxywizard.desktop

-----------------------------------------------------------------
Advisory ID: 250
Released:    Fri Feb  6 12:13:48 2026
Summary:     Security update for libsoup
Type:        security
Severity:    important
References:  1223687,1223689,1223690,1257440,1257598,CVE-2024-29038,CVE-2024-29039,CVE-2024-29040,CVE-2026-1536,CVE-2026-1761
This update for libsoup fixes the following issues:

- CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header
  (bsc#1257440).
- CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based
  buffer overflow (bsc#1257598).

-----------------------------------------------------------------
Advisory ID: 251
Released:    Tue Feb 10 10:37:11 2026
Summary:     Recommended update for libpfm
Type:        recommended
Severity:    moderate
References:  1236619,CVE-2025-24528
This update for libpfm fixes the following issues:

- s390: Add counter definition for IBM z17 (jsc#PED-13665)

-----------------------------------------------------------------
Advisory ID: 252
Released:    Wed Feb 11 12:13:17 2026
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1228081,1228184,1228659,1228728,1231986,1234765,1244449,1248356,1248501,1251981,1254563,1255326,1256427,CVE-2024-40897
This update for systemd fixes the following issues:

- terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326)
- core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- Name libsystemd-{shared,core} based on the major version of systemd and the
  package release number (bsc#1228081, bsc#1256427)
- systemd-update-helper: clean up the flags immediately after they have been consumed.
- systemd.spec: don't reexecute PID1 on transactional updates.
- Drop most of the workarounds contained in the fixlets.
- Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros
  where file-triggers were unreliable but that is no longer the case on the latest SLE distros.
- Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- main: switch explicitly to tty1 on soft-reboot (bsc#1231986)
- terminal-util: modernize vtnr_from_tty() a bit
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
  already available in %pre (bsc#1248501)
- core/cgroup: Properly handle aborting a pending freeze operation
- detect-virt: add bare-metal support for GCE (bsc#1244449)
- uki.conf is used by the ukify tool to create an Unified Kernel Image[...]
- Make sure that the ordering trick used to update the udev package as close as
  as possible to the update of the systemd package also works with zypper.
- Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659)
    * We also need to add 'Suggests: udev', which serves the same purpose as
      'OrderWithRequires: udev' but is part of the repository metadata.
      It should therefore hint zypper to install systemd and udev as close together as possible
- Fix systemd-network recommending libidn2-devel (bsc#1234765)

-----------------------------------------------------------------
Advisory ID: 258
Released:    Thu Feb 12 14:39:18 2026
Summary:     Recommended update for glib2-branding
Type:        recommended
Severity:    moderate
References:  1230537,1230901
This update for glib2-branding fixes the following issues:

Update branding for glib2.

-----------------------------------------------------------------
Advisory ID: 262
Released:    Fri Feb 13 10:22:53 2026
Summary:     Recommended update for python-wxPython
Type:        recommended
Severity:    moderate
References:  1237498
This update for python-wxPython fixes the following issues:

- Update to python-wxPython version 4.2.3:
  * Fix test issues with wx.lib.introspect (#2717)
  * Add support for building on Windows ARM64 (#2521)
  * Incorporate many improvements to type stubs (#2665)
  * Fix building documentation with latest sphinx (#2672)
  * Build smaller architecture-specific wheels on macOS instead of large
    universal2 wheels
  * Calculate scroll based on child's relative position to scrolledpanel
    in wx.lib.scrolledpanel
  * Fix float -> int conversion issues in wx.lib.fancytext (#2703)
  * Replace deprecated NumPy type aliases
  * Use wx.StaticText in wx.lib.agw.hyperlink (#2686)
  * Implement partial support for pyproject.toml and other build process improvements
  * Remove use of six and most Python 2 compatibility code
  * Fix wxWidgets build on OpenSUSE (#558, #1067, #2422, #2532)
  * Fix more int conversions in wx.lib.agw.flatnotebook
  * Make build output reproducible
  * Enable overridding wx.Sizer.InformFirstDirection() (#2452)
  * Implement __iter__ for wxList iterator classes (fixes Python 3.13.1 issue)
  * Fix wx.lib.mixins.rubberband not clearing DC on redraw
  * Support implementing CreateBitmapBundle for custom ArtProvider
  * Fix float/int conversion issues in wx.lib.ogl
  * Include usage of wxMemoryFSHandler in webview demo
  * Fix crash when accessing wx.stc.StyledTextCtrl.DropTarget.Data (#2043)
  * Fix AuiManager pane minimizing issue
  * Add range field to wx.lib.agw.pygauge.PyGauge format string (#2583)
  * Fix pickling of wx.RealPoint (#2644)
  * Avoid calling FlatMenu Destroy() in a finally block (#2630)
  * Update wxApp.IsDisplayAvailable to work on Wayland
  * Fix InspectionTool crashes due to bad perspective string errors
  * Drop support for Python 3.8 (EOL)
  * Add CreateAccessible for Windows only
  * Added check condition to AuiManager LoadPerspective()
  * Fix RecursionError in platebtn bitmap getters
  * Add Python implementation of GetPaths (#1944)
  * Support Wayland GTK backend in Window.GetHandle
  * Refactor python only pdfviewer to support displaying pdf files where
    not all pages have the same size
  * Improve support when specifying a pre-existing toolbar as the target for
    the restore icon when minimizing a pane in agw.aui
  * Multiple bugfixes in pure python aui
  * pdfviewer: Add support for pymupdf renaming

-----------------------------------------------------------------
Advisory ID: 266
Released:    Fri Feb 13 10:35:51 2026
Summary:     Recommended update for rpmlint
Type:        recommended
Severity:    moderate
References:  1236878,1240755,1256160,1256841,CVE-2024-12133
This update for rpmlint fixes the following issues:

Changes in rpmlint:

- Update to version 2.7.0+git20260122.f813669b:
  * systemd-tmpfiles: migrate texlive (bsc#1256841)
  * systemd-tmpfiles: whitelist sendmail spool directory (bsc#1256160)
  * permissions-whitelist: add exim drop-in file (bsc#1240755)

-----------------------------------------------------------------
Advisory ID: 269
Released:    Fri Feb 13 11:08:14 2026
Summary:     Security update for go1.25
Type:        security
Severity:    critical
References:  1222834,1224113,1244485,1256818,1257692,CVE-2025-61732,CVE-2025-68121
This update for go1.25 fixes the following issues:

Update to version 1.25.7.

Security issues fixed:

- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing  allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
  not account for the expiration of full certificate chain (bsc#1256818).

Other updates and bugfixes:

- version update to 1.25.7:

  * go#75844 cmd/compile: OOM killed on linux/arm64
  * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
  * go#77425 crypto/tls: CL 737700 broke session resumption on macOS

-----------------------------------------------------------------
Advisory ID: 272
Released:    Fri Feb 13 16:21:02 2026
Summary:     Recommended update for pacemaker
Type:        recommended
Severity:    important
References:  1232276,1237363,1237370,1237418,1239533,1246622,1250349,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113
This update for pacemaker fixes the following issues:

- tools: Prevent crm_verify from stating configuration is 'invalid' if it only has warnings (bsc#1250349)
- various: Avoid warnings about a negative value for `stonith-watchdog-timeout` (bsc#1246622)
- libcrmcommon:
     * Increase poll() timeout to 5s for liveness checks on sub-daemons (bsc#1239533)
     * Add retries on connect to avoid fatal errors when sub-daemons communicate
- libpacemaker:
     * Do not retry on ECONNREFUSED in tools.
     * Fix memory leak in pcmk__group_apply_location()
- daemons: Fix a bug iterating in get_op_total_timeout
- libcrmservice: consider a monitor pending if LoadUnit receives no reply from systemd (bsc#1232276)

-----------------------------------------------------------------
Advisory ID: 279
Released:    Fri Feb 13 17:45:28 2026
Summary:     Recommended update for pcr-oracle
Type:        recommended
Severity:    important
References:  1236842,1248516,1249079,CVE-2023-4016
This update for pcr-oracle fixes the following issues:

- Update to 0.5.9:
    * Fix event skipping due to double increment
    * Add '--persistent-srk' to make SRK persistent (bsc#1248516)
- Enable build on %{arm} as it is required by sdbootutil
- Update to 0.5.8:
    * Fix unsealing failure when using non default PCR bank
    * Extra checks for TPM self-test (bsc#1249079)

-----------------------------------------------------------------
Advisory ID: 284
Released:    Fri Feb 13 18:42:04 2026
Summary:     Security update for openCryptoki
Type:        security
Severity:    moderate
References:  1238700,1239335,1256673,1257116,CVE-2025-22869,CVE-2025-22870,CVE-2026-22791,CVE-2026-23893
This update for openCryptoki fixes the following issues:

Upgrade openCryptoki to 3.26 (jsc#PED-14609)

Security fixes:

 - CVE-2026-22791: supplying malformed compressed EC public key can lead to heap corruption or denial-of-service (bsc#1256673).
 - CVE-2026-23893: Privilege Escalation or Data Exposure via Symlink Following (bsc#1257116).

Other fixes:

  * Soft: Add support for RSA keys up to 16K bits.
  * CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
  * p11sak: Add support for generating RSA keys up to 16K bits.
  * Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION).
  * Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN.
  * p11sak: Add support for SHA-HMAC key types and key generation.
  * p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping
    with various key wrapping mechanism.
  * p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider.
  * p11sak: Add support for exporting non-sensitive private keys to password protected PEM files.
  * Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0).
  * EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE.
  * p11sak: Add support for generating BLS12-381 EC keys.
  * EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and
    a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16).
  * CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later).
  * Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured).
  * p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types.
  * Bug fixes.

-----------------------------------------------------------------
Advisory ID: 300
Released:    Thu Feb 19 11:31:04 2026
Summary:     Security update for python313
Type:        security
Severity:    important
References:  1035807,1036457,1079600,1198823,1198830,1198832,1257029,1257031,1257042,1257046,1257181,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406,CVE-2025-11468,CVE-2025-15282,CVE-2026-0672,CVE-2026-0865,CVE-2026-1299
This update for python313 fixes the following issues:

Update to version 3.13.12.

Security issues fixed:

- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
  characters (bsc#1257029).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
  (bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator`
  (bsc#1257181).

Other updates and bugfixes:

- Update to version 3.13.12.

  - Library

    - gh-144380: Improve performance of io.BufferedReader line
      iteration by ~49%.
    - gh-144169: Fix three crashes when non-string keyword
      arguments are supplied to objects in the ast module.
    - gh-144100: Fixed a crash in ctypes when using a deprecated
      POINTER(str) type in argtypes. Instead of aborting, ctypes
      now raises a proper Python exception when the pointer
      target type is unresolved.
    - gh-144050: Fix stat.filemode() in the pure-Python
      implementation to avoid misclassifying invalid mode values
      as block devices.
    - gh-144023: Fixed validation of file descriptor 0 in posix
      functions when used with follow_symlinks parameter.
    - gh-143999: Fix an issue where inspect.getgeneratorstate()
      and inspect.getcoroutinestate() could fail for generators
      wrapped by types.coroutine() in the suspended state.
    - gh-143706: Fix multiprocessing forkserver so that sys.argv
      is correctly set before __main__ is preloaded. Previously,
      sys.argv was empty during main module import in forkserver
      child processes. This fixes a regression introduced in
      3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test
      provided by Thomas Watson, thanks!
    - gh-143638: Forbid reentrant calls of the pickle.Pickler and
      pickle.Unpickler methods for the C implementation.
      Previously, this could cause crash or data corruption, now
      concurrent calls of methods of the same object raise
      RuntimeError.
    - gh-78724: Raise RuntimeError's when user attempts to call
      methods on half-initialized Struct objects, For example,
      created by Struct.__new__(Struct). Patch by Sergey
      B Kirpichev.
    - gh-143602: Fix a inconsistency issue in write() that leads
      to unexpected buffer overwrite by deduplicating the buffer
      exports.
    - gh-143547: Fix sys.unraisablehook() when the hook raises an
      exception and changes sys.unraisablehook(): hold a strong
      reference to the old hook. Patch by Victor Stinner.
    - gh-143378: Fix use-after-free crashes when a BytesIO object
      is concurrently mutated during write() or writelines().
    - gh-143346: Fix incorrect wrapping of the Base64 data in
      plistlib._PlistWriter when the indent contains a mix of
      tabs and spaces.
    - gh-143310: tkinter: fix a crash when a Python list is
      mutated during the conversion to a Tcl object (e.g., when
      setting a Tcl variable). Patch by Benedikt Tran.
    - gh-143309: Fix a crash in os.execve() on non-Windows
      platforms when given a custom environment mapping which is
      then mutated during parsing. Patch by Benedikt Tran.
    - gh-143308: pickle: fix use-after-free crashes when
      a PickleBuffer is concurrently mutated by a custom buffer
      callback during pickling. Patch by Benedikt Tran and Aaron
      Wieczorek.
    - gh-143237: Fix support of named pipes in the rotating
      logging handlers.
    - gh-143249: Fix possible buffer leaks in Windows overlapped
      I/O on error handling.
    - gh-143241: zoneinfo: fix infinite loop in
      ZoneInfo.from_file when parsing a malformed TZif file.
      Patch by Fatih Celik.
    - gh-142830: sqlite3: fix use-after-free crashes when the
      connection's callbacks are mutated during a callback
      execution. Patch by Benedikt Tran.
    - gh-143200: xml.etree.ElementTree: fix use-after-free
      crashes in __getitem__() and __setitem__() methods of
      Element when the element is concurrently mutated. Patch by
      Benedikt Tran.
    - gh-142195: Updated timeout evaluation logic in subprocess
      to be compatible with deterministic environments like
      Shadow where time moves exactly as requested.
    - gh-143145: Fixed a possible reference leak in ctypes when
      constructing results with multiple output parameters on
      error.
    - gh-122431: Corrected the error message in
      readline.append_history_file() to state that nelements must
      be non-negative instead of positive.
    - gh-143004: Fix a potential use-after-free in
      collections.Counter.update() when user code mutates the
      Counter during an update.
    - gh-143046: The asyncio REPL no longer prints copyright and
      version messages in the quiet mode (-q). Patch by Bartosz
      Slawecki.
    - gh-140648: The asyncio REPL now respects the -I flag
      (isolated mode). Previously, it would load and execute
      PYTHONSTARTUP even if the flag was set. Contributed by
      Bartosz Slawecki.
    - gh-142991: Fixed socket operations such as recvfrom() and
      sendto() for FreeBSD divert(4) socket.
    - gh-143010: Fixed a bug in mailbox where the precise timing
      of an external event could result in the library opening an
      existing file instead of a file it expected to create.
    - gh-142881: Fix concurrent and reentrant call of
      atexit.unregister().
    - gh-112127: Fix possible use-after-free in
      atexit.unregister() when the callback is unregistered
      during comparison.
    - gh-142783: Fix zoneinfo use-after-free with descriptor
      _weak_cache. a descriptor as _weak_cache could cause
      crashes during object creation. The fix ensures proper
      reference counting for descriptor-provided objects.
    - gh-142754: Add the ownerDocument attribute to
      xml.dom.minidom elements and attributes created by directly
      instantiating the Element or Attr class. Note that this way
      of creating nodes is not supported; creator functions like
      xml.dom.Document.documentElement() should be used instead.
    - gh-142784: The asyncio REPL now properly closes the loop
      upon the end of interactive session. Previously, it could
      cause surprising warnings. Contributed by Bartosz Slawecki.
    - gh-142555: array: fix a crash in a[i] = v when converting
      i to an index via i.__index__ or i.__float__ mutates the
      array.
    - gh-142594: Fix crash in TextIOWrapper.close() when the
      underlying buffer's closed property calls detach().
    - gh-142451: hmac: Ensure that the HMAC.block_size attribute
      is correctly copied by HMAC.copy. Patch by Benedikt Tran.
    - gh-142495: collections.defaultdict now prioritizes
      __setitem__() when inserting default values from
      default_factory. This prevents race conditions where
      a default value would overwrite a value set before
      default_factory returns.
    - gh-142651: unittest.mock: fix a thread safety issue where
      Mock.call_count may return inaccurate values when the mock
      is called concurrently from multiple threads.
    - gh-142595: Added type check during initialization of the
      decimal module to prevent a crash in case of broken stdlib.
      Patch by Sergey B Kirpichev.
    - gh-142517: The non-compat32 email policies now correctly
      handle refolding encoded words that contain bytes that can
      not be decoded in their specified character set. Previously
      this resulted in an encoding exception during folding.
    - gh-112527: The help text for required options in argparse
      no longer extended with '(default: None)'.
    - gh-142315: Pdb can now run scripts from anonymous pipes
      used in process substitution. Patch by Bartosz Slawecki.
    - gh-142282: Fix winreg.QueryValueEx() to not accidentally
      read garbage buffer under race condition.
    - gh-75949: Fix argparse to preserve | separators in mutually
      exclusive groups when the usage line wraps due to length.
    - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header
      name defects are now correctly passed to the handle_defect
      method of policy in FeedParser.
    - gh-142006: Fix a bug in the email.policy.default folding
      algorithm which incorrectly resulted in a doubled newline
      when a line ending at exactly max_line_length was followed
      by an unfoldable token.
    - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving
      underlying cancelled asyncio task running.
    - gh-139971: pydoc: Ensure that the link to the online
      documentation of a stdlib module is correct.
    - gh-139262: Some keystrokes can be swallowed in the new
      PyREPL on Windows, especially when used together with the
      ALT key. Fix by Chris Eibl.
    - gh-138897: Improved license/copyright/credits display in
      the REPL: now uses a pager.
    - gh-79986: Add parsing for References and In-Reply-To
      headers to the email library that parses the header content
      as lists of message id tokens. This prevents them from
      being folded incorrectly.
    - gh-109263: Starting a process from spawn context in
      multiprocessing no longer sets the start method globally.
    - gh-90871: Fixed an off by one error concerning the backlog
      parameter in create_unix_server(). Contributed by Christian
      Harries.
    - gh-133253: Fix thread-safety issues in linecache.
    - gh-132715: Skip writing objects during marshalling once
      a failure has occurred.
    - gh-127529: Correct behavior of
      asyncio.selector_events.BaseSelectorEventLoop._accept_connection()
      in handling ConnectionAbortedError in a loop. This improves
      performance on OpenBSD.

  - IDLE

    - gh-143774: Better explain the operation of Format / Format
      Paragraph.

  - Core and Builtins

    - gh-144307: Prevent a reference leak in module teardown at
      interpreter finalization.
    - gh-144194: Fix error handling in perf jitdump
      initialization on memory allocation failure.
    - gh-141805: Fix crash in set when objects with the same hash
      are concurrently added to the set after removing an element
      with the same hash while the set still contains elements
      with the same hash.
    - gh-143670: Fixes a crash in ga_repr_items_list function.
    - gh-143377: Fix a crash in _interpreters.capture_exception()
      when the exception is incorrectly formatted. Patch by
      Benedikt Tran.
    - gh-143189: Fix crash when inserting a non-str key into
      a split table dictionary when the key matches an existing
      key in the split table but has no corresponding value in
      the dict.
    - gh-143228: Fix use-after-free in perf trampoline when
      toggling profiling while threads are running or during
      interpreter finalization with daemon threads active. The
      fix uses reference counting to ensure trampolines are not
      freed while any code object could still reference them.
      Pach by Pablo Galindo
    - gh-142664: Fix a use-after-free crash in
      memoryview.__hash__ when the __hash__ method of the
      referenced object mutates that object or the view. Patch by
      Benedikt Tran.
    - gh-142557: Fix a use-after-free crash in bytearray.__mod__
      when the bytearray is mutated while formatting the %-style
      arguments. Patch by Benedikt Tran.
    - gh-143195: Fix use-after-free crashes in bytearray.hex()
      and memoryview.hex() when the separator's __len__() mutates
      the original object. Patch by Benedikt Tran.
    - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is
      0. Previously, it was set to 0 in this case.
    - gh-143003: Fix an overflow of the shared empty buffer in
      bytearray.extend() when __length_hint__() returns 0 for
      non-empty iterator.
    - gh-143006: Fix a possible assertion error when comparing
      negative non-integer float and int with the same number of
      bits in the integer part.
    - gh-142776: Fix a file descriptor leak in import.c
    - gh-142829: Fix a use-after-free crash in
      contextvars.Context comparison when a custom __eq__ method
      modifies the context via set().
    - gh-142766: Clear the frame of a generator when
      generator.close() is called.
    - gh-142737: Tracebacks will be displayed in fallback mode
      even if io.open() is lost. Previously, this would crash the
      interpreter. Patch by Bartosz Slawecki.
    - gh-142554: Fix a crash in divmod() when
      _pylong.int_divmod() does not return a tuple of length two
      exactly. Patch by Benedikt Tran.
    - gh-142560: Fix use-after-free in bytearray search-like
      methods (find(), count(), index(), rindex(), and rfind())
      by marking the storage as exported which causes
      reallocation attempts to raise BufferError. For contains(),
      split(), and rsplit() the buffer protocol is used for this.
    - gh-142343: Fix SIGILL crash on m68k due to incorrect
      assembly constraint.
    - gh-141732: Ensure the __repr__() for ExceptionGroup and
      BaseExceptionGroup does not change when the exception
      sequence that was original passed in to its constructor is
      subsequently mutated.
    - gh-100964: Fix reference cycle in exhausted generator
      frames. Patch by Savannah Ostrowski.
    - gh-140373: Correctly emit PY_UNWIND event when generator
      object is closed. Patch by Mikhail Efimov.
    - gh-138568: Adjusted the built-in help() function so that
      empty inputs are ignored in interactive mode.
    - gh-127773: Do not use the type attribute cache for types
      with incompatible MRO.

  - C API

    - gh-142571: PyUnstable_CopyPerfMapFile() now checks that
      opening the file succeeded before flushing.

  - Build

    - gh-142454: When calculating the digest of the JIT stencils
      input, sort the hashed files by filenames before adding
      their content to the hasher. This ensures deterministic
      hash input and hence deterministic hash, independent on
      filesystem order.
    - gh-141808: When running make clean-retain-profile, keep the
      generated JIT stencils. That way, the stencils are not
      generated twice when Profile-guided optimization (PGO) is
      used. It also allows distributors to supply their own
      pre-built JIT stencils.
    - gh-138061: Ensure reproducible builds by making JIT stencil
      header generation deterministic.

-----------------------------------------------------------------
Advisory ID: 299
Released:    Thu Feb 19 12:09:58 2026
Summary:     Security update for MozillaFirefox
Type:        security
Severity:    moderate
References:  1234015,1236886,1258231,CVE-2026-2447
This update for MozillaFirefox fixes the following issues:

Changes in MozillaFirefox:

Firefox Extended Support Release 140.7.1 ESR was released:

  * Fixed: Security fix.

MFSA 2026-10 (bsc#1258231):

  * CVE-2026-2447: Heap buffer overflow in libvpx.

-----------------------------------------------------------------
Advisory ID: 303
Released:    Fri Feb 20 11:28:32 2026
Summary:     Recommended update for zypper, libzypp, libsolv, zypp-plugin
Type:        recommended
Severity:    important
References:  1230267,1249435,1257068
This update for zypper, libzypp, libsolv, zypp-plugin fixes the following issues:

Changes in zypper:

- upgrade version to 1.14.94:
    * Fixed `bash-completion`: `zypper refresh` now ignores
      repository priority lines.
    * Changes to support building against restructured libzypp in stack build (bsc#1230267)

Changes in libzypp:

- upgrade version to 17.38.2:
    * Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros.
      See the ZYPP.CONF(5) man page for details.
    * Fix runtime check for broken rpm --runposttrans (bsc#1257068)
- upgrade version to 17.38.1:
    * Avoid libcurl-mini4 when building as it does not support ftp protocol.
    * Translation: updated .pot file.
- upgrade version to 17.38.0:
    * zypp.conf: follow the UAPI configuration file specification (PED-14658)
      In short terms it means we will no longer ship an /etc/zypp/zypp.conf,
      but store our own defaults in /usr/etc/zypp/zypp.conf. The systems administrator may choose
      to keep a full copy in /etc/zypp/zypp.conf ignoring our config file settings completely,
      or the preferred way - to overwrite specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files.
      See the ZYPP.CONF(5) man page for details.
    * cmake: correctly detect rpm6
    * Use 'zypp.tmp' as temp directory component to ease setting up SELinux policies (bsc#1249435)
    * zyppng: Update Provider to current MediaCurl2 download approach, drop Metalink

Changes in libsolv:

- bump version to 0.7.35:
    * fixed rare crash in the handling of allowuninstall in combination with forcebest updates
    * new pool_satisfieddep_map feature to test if a set of packages satisfies a dependency

Changes in zypp-plugin:

- upgrade version 0.6.6:
    * Fix link to libzypp plugins documentation:
      https://opensuse.github.io/libzypp/zypp-plugins.html

-----------------------------------------------------------------
Advisory ID: 304
Released:    Fri Feb 20 16:40:19 2026
Summary:     Security update for docker-stable
Type:        security
Severity:    moderate
References:  1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,1250508,1250596,1252290,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176
This update for docker-stable fixes the following issues:

- Enable SELinux in default daemon.json config (--selinux-enabled).
  This has no practical impact on non-SELinux systems (bsc#1252290).
- Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes
  by default and thus end up installing git with Docker (bsc#1250508).
- Include historical changelog data from before the docker-stable fork.
  This includes CVE numbers for security tracking reasons (bsc#1250596).

-----------------------------------------------------------------
Advisory ID: 305
Released:    Fri Feb 20 16:44:31 2026
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    important
References:  1238700,1239335,1257661,CVE-2025-22869,CVE-2025-22870
This update for lvm2 fixes the following issues:

- L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661)
    * libdaemon: fix suppressing stray fd warnings

-----------------------------------------------------------------
Advisory ID: 306
Released:    Fri Feb 20 16:44:31 2026
Summary:     Optional update for migrate-sles-to-sles4sap
Type:        optional
Severity:    moderate
References:  1239119,CVE-2025-30258
This update for migrate-sles-to-sles4sap fixes the following issues:

This ships the migrate-sles-to-sles4sap tool to migrate SLES to SLES 4 SAP. (jsc#PED-13724)

-----------------------------------------------------------------
Advisory ID: 310
Released:    Thu Feb 26 08:38:22 2026
Summary:     Recommended update for openssl-3
Type:        recommended
Severity:    low
References:  1219276,1223903,CVE-2022-48622
This update for openssl-3 fixes the following issues:

- removed test patches because they are not needed.

-----------------------------------------------------------------
Advisory ID: 311
Released:    Thu Feb 26 08:39:56 2026
Summary:     Recommended update for crmsh
Type:        recommended
Severity:    important
References:  1227316,1254571,1254892,1257143
This update for crmsh fixes the following issues:


- Update to version 5.0.0+20260126.316aa9fa:
    * Dev: options: Change 'force' option to be session-only (bsc#1254892)
    * Fix: sbd: Allow setting -1 to stonith-watchdog-timeout (bsc#1257143)
    * Fix: qdevice: Make sure stonith-watchdog-timeout is 2 times of SBD_WATCHDOG_TIMEOUT (bsc#1254571)
    * Fix: migration: Avoid exception inside thread
    * Dev: sbd: Remove sbd configuration directories while removing cluster node

-----------------------------------------------------------------
Advisory ID: 313
Released:    Thu Feb 26 10:43:17 2026
Summary:     Security update for python-urllib3_1
Type:        security
Severity:    moderate
References:  1224868,1254866,1254867,1256331,CVE-2025-66418,CVE-2025-66471,CVE-2026-21441
This update for python-urllib3_1 fixes the following issues:

- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).

-----------------------------------------------------------------
Advisory ID: 314
Released:    Thu Feb 26 17:51:31 2026
Summary:     Recommended update for gcc15
Type:        recommended
Severity:    moderate
References:  1240897,CVE-2025-3360
This update for gcc15 fixes the following issues:

Update to GCC 15.2 release

  * the GCC 15.2 release contains regression fixes accumulated since
    the GCC 15.1 release

- Fixes PR120714, RISC-V: incorrect frame pointer CFA address for
  stack-clash protection loops

-----------------------------------------------------------------
Advisory ID: 324
Released:    Fri Feb 27 10:19:31 2026
Summary:     Recommended update for build
Type:        recommended
Severity:    important
References:  1242901,1248776,1251920
This update for build fixes the following issues:

- pbuild: support for _manifest files
- VM builds: fix export of mtime out of the build env
- config:
    * tumbleweed syncing
    * slfo 1.2 updates
    * Re-create SLE 15 SP7 config (bsc#1251920)
- oci-archive:
    * Support package list introspection
    * Support sbom generation
- Docker.pm: Also handle 'zypper update'
- obs-docker-support: Pass --no-refresh to zypper
- fail if PKGID can not be queried
- Add a workaround to fix builds on debian aarch64 with old systemd versions
- Add gzip retry for the sidestore downloads
- Revert VCS indenting change to fix reproducible builds
- Helm: Use bool type for 'deprecated'
- Distribution config updates
- rpm: take package name from filename if no name is defined
- ARM: qemu emulation uses -cpu max now
- Add BuildFlags for changelogfulltimestamps
- Fixes for lookaside store download
- Create a symlink in /etc/localtime before calling zic
- createarchive: implement fallback for old tar versions
- Be more strict about the weird [qualifier] dependency extension
- Implement bcond_override_default
- Make substitutedeps work on the expanded dependencies
- Docker: support COPY --from=image
- Support an experimental 'BuildFlags: cgroup2'
- Support an experimental #!BuildTargetStage directive
- Support 'BuildFlags: rpm-nodebugmagic'
- mkosi: Don't include preinstall packages
- mkosi: Don't attempt to publish directory artifacts
- Fix excluding /dev, /sys, etc. from preinstallimages
- Set the source mtime to the commit timestamp for git (boo#1248776)
- calculate goname for fedora assets
- Make spec2changelog more resiliant to 3rd party spefiles
- pbuild:
    * Fix url construction in remoteurl handling
    * Fix xz decompression
- rpm:
    * Allow to set extra macros when parsing a specfile
    * genbuildrequs: set HOME before querying the specfile

-----------------------------------------------------------------
Advisory ID: 327
Released:    Fri Feb 27 11:34:41 2026
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    important
References:  1241872,1247286,1247495,1248158,1249686,1250513,1257875,CVE-2025-43859
This update for aaa_base fixes the following issues:

- Update to version 84.87+git20260210.ecce285:
    * For boo#1257875 get intrinsic DEFAULT_WM back
    * DIR_COLORS: add vt220 and .jxl
- Update to version 84.87+git20260112.8f614f3:
    * add ghost entries for the removed dirs
    * Revert list directories above all normal files.
- Update to version 84.87+git20251217.34fd7bc:
    * add tmpfiles template adm-backup.conf (jsc#PED-14803)
    * Fix old script to support copy mode as well
    * Support for XDG environment variables for the su,
    * adapted sugggestions
    * Patching nsswitch.conf only if it has not been generated by nsswitch-config (jsc#PED-13807).
    * Avoid nasty exceptions running tput
- Update to version 84.87+git20251111.509a363:
    * Avoid escape sequences on dump terminal of s390
- Update to version 84.87+git20251111.16d9d43:
    * Set XDG environment variables consistently without trailing slash
- Update to version 84.87+git20251110.af063e6:
    * Avoid escape sequences on dump terminal of s390
    * Set erase character from kbs entry of terminfo
- Update to version 84.87+git20251030.441f926:
    * Add systemd to /etc/nsswitch.conf (bsc#1250513)
    * Add group-directories-first option
    * prevent normal users from accessing dmesg (bsc#1249686)
    * Use explicit defaults for XDG environment variables
- Update to version 84.87+git20250903.33e5ba4:
    * Correct fix for (bsc#1247495, bsc#1248158)
- Update to version 84.87+git20250805.3069494:
    * Remove initviocons for tcsh as well and
    * Update csh.login
    * Add missing quoting and remove unneeded uses of eval
- Update to version 84.87+git20250801.f305627:
    * Remove sysconfig.language (bsc#1247286)
- Update to version 84.87+git20250801.b2fa3fe:
    * Allow /etc/locale.conf to have no newline

-----------------------------------------------------------------
Advisory ID: 325
Released:    Fri Feb 27 14:03:55 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1205462,1214285,1215199,1235905,1241020,1241078,1242505,1242974,1242986,1243452,1243507,1243662,1246184,1246282,1247030,1247292,1247712,1248166,1248175,1248178,1248179,1248185,1248188,1248196,1248206,1248208,1248209,1248211,1248212,1248213,1248214,1248216,1248217,1248222,1248227,1248228,1248229,1248232,1248234,1248240,1248360,1248366,1248384,1248626,1249307,1249609,1249895,1249998,1250032,1250082,1250388,1250705,1250738,1250748,1252712,1252773,1252784,1252891,1252900,1253049,1253078,1253079,1253087,1253344,1253500,1253739,1254244,1254308,1254447,1254839,1254842,1254845,1254977,1255102,1255128,1255157,1255164,1255172,1255216,1255232,1255241,1255245,1255266,1255268,1255269,1255319,1255327,1255346,1255403,1255417,1255459,1255482,1255506,1255526,1255527,1255529,1255530,1255536,1255537,1255542,1255544,1255547,1255569,1255593,1255622,1255694,1255695,1255703,1255708,1255811,1255930,1256579,1256582,1256584,1256586,1256591,1256592,1256593,1256594,1256597,1256605,1256607,1256608,1
 256609,1256610,1256611,1256612,1256613,1256616,1256617,1256619,1256622,1256623,1256625,1256627,1256628,1256630,1256632,1256638,1256641,1256643,1256645,1256646,1256650,1256651,1256653,1256654,1256655,1256656,1256659,1256660,1256661,1256664,1256665,1256667,1256668,1256674,1256677,1256680,1256682,1256683,1256688,1256689,1256716,1256726,1256728,1256730,1256733,1256737,1256741,1256742,1256744,1256748,1256749,1256752,1256754,1256755,1256756,1256757,1256759,1256760,1256761,1256763,1256770,1256773,1256774,1256777,1256779,1256781,1256785,1256792,1256793,1256794,1256864,1256865,1256867,1256975,1257015,1257035,1257053,1257154,1257155,1257158,1257159,1257163,1257164,1257167,1257168,1257179,1257180,1257202,1257204,1257207,1257208,1257215,1257217,1257218,1257220,1257221,1257225,1257227,1257232,1257234,1257236,1257243,1257245,1257276,1257277,1257279,1257282,1257296,1257309,1257473,1257504,1257603,CVE-2024-54031,CVE-2025-29087,CVE-2025-29088,CVE-2025-37744,CVE-2025-37751,CVE-2025-37841,CVE-2025-378
 45,CVE-2025-37904,CVE-2025-37955,CVE-2025-38243,CVE-2025-38262,CVE-2025-38297,CVE-2025-38298,CVE-2025-38379,CVE-2025-38423,CVE-2025-38505,CVE-2025-38507,CVE-2025-38510,CVE-2025-38511,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38521,CVE-2025-38529,CVE-2025-38530,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38539,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38547,CVE-2025-38548,CVE-2025-38550,CVE-2025-38551,CVE-2025-38569,CVE-2025-38589,CVE-2025-38590,CVE-2025-38645,CVE-2025-39689,CVE-2025-39795,CVE-2025-39813,CVE-2025-39814,CVE-2025-39817,CVE-2025-39829,CVE-2025-39880,CVE-2025-39913,CVE-2025-39927,CVE-2025-40030,CVE-2025-40045,CVE-2025-40097,CVE-2025-40106,CVE-2025-40147,CVE-2025-40195,CVE-2025-40257,CVE-2025-40259,CVE-2025-40261,CVE-2025-40363,CVE-2025-68174,CVE-2025-68178,CVE-2025-68188,CVE-2025-68200,CVE-2025-68211,CVE-2025-68218,CVE-2025-68227,CVE-2025-68241,CVE-2025-68245,CVE-2025-68261,CVE-2025-68296,CVE-2025-68297,CVE-
 2025-68320,CVE-2025-68325,CVE-2025-68337,CVE-2025-68341,CVE-2025-68348,CVE-2025-68349,CVE-2025-68356,CVE-2025-68359,CVE-2025-68360,CVE-2025-68361,CVE-2025-68366,CVE-2025-68367,CVE-2025-68368,CVE-2025-68372,CVE-2025-68374,CVE-2025-68376,CVE-2025-68379,CVE-2025-68725,CVE-2025-68735,CVE-2025-68741,CVE-2025-68743,CVE-2025-68764,CVE-2025-68768,CVE-2025-68770,CVE-2025-68771,CVE-2025-68773,CVE-2025-68775,CVE-2025-68776,CVE-2025-68777,CVE-2025-68778,CVE-2025-68783,CVE-2025-68784,CVE-2025-68788,CVE-2025-68789,CVE-2025-68792,CVE-2025-68795,CVE-2025-68797,CVE-2025-68798,CVE-2025-68799,CVE-2025-68800,CVE-2025-68801,CVE-2025-68802,CVE-2025-68803,CVE-2025-68804,CVE-2025-68808,CVE-2025-68811,CVE-2025-68813,CVE-2025-68814,CVE-2025-68815,CVE-2025-68816,CVE-2025-68819,CVE-2025-68820,CVE-2025-68821,CVE-2025-68822,CVE-2025-71064,CVE-2025-71066,CVE-2025-71073,CVE-2025-71076,CVE-2025-71077,CVE-2025-71078,CVE-2025-71079,CVE-2025-71080,CVE-2025-71081,CVE-2025-71082,CVE-2025-71083,CVE-2025-71084,CVE-2025-71
 085,CVE-2025-71086,CVE-2025-71087,CVE-2025-71088,CVE-2025-71089,CVE-2025-71091,CVE-2025-71093,CVE-2025-71094,CVE-2025-71095,CVE-2025-71097,CVE-2025-71098,CVE-2025-71099,CVE-2025-71100,CVE-2025-71101,CVE-2025-71108,CVE-2025-71111,CVE-2025-71112,CVE-2025-71113,CVE-2025-71114,CVE-2025-71116,CVE-2025-71118,CVE-2025-71119,CVE-2025-71120,CVE-2025-71123,CVE-2025-71126,CVE-2025-71130,CVE-2025-71131,CVE-2025-71132,CVE-2025-71133,CVE-2025-71135,CVE-2025-71136,CVE-2025-71137,CVE-2025-71138,CVE-2025-71141,CVE-2025-71142,CVE-2025-71143,CVE-2025-71145,CVE-2025-71147,CVE-2025-71148,CVE-2025-71149,CVE-2025-71154,CVE-2025-71156,CVE-2025-71157,CVE-2025-71162,CVE-2025-71163,CVE-2026-22976,CVE-2026-22977,CVE-2026-22978,CVE-2026-22981,CVE-2026-22982,CVE-2026-22984,CVE-2026-22985,CVE-2026-22986,CVE-2026-22988,CVE-2026-22989,CVE-2026-22990,CVE-2026-22991,CVE-2026-22992,CVE-2026-22993,CVE-2026-22996,CVE-2026-22997,CVE-2026-22999,CVE-2026-23000,CVE-2026-23001,CVE-2026-23002,CVE-2026-23005,CVE-2026-23006,CVE
 -2026-23011

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-40147: blk-throttle: fix access race during throttle policy activation (bsc#1253344).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
- CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
- CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
- CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
- CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
- CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
- CVE-2025-68211: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (bsc#1255319).
- CVE-2025-68218: nvme-multipath: fix lockdep WARN due to partition scan work (bsc#1255245).
- CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
- CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
- CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
- CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
- CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
- CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403).
- CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
- CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417).
- CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482).
- CVE-2025-68341: veth: reduce XDP no_direct return section to fix race (bsc#1255506).
- CVE-2025-68348: block: fix memory leak in __blkdev_issue_zero_pages (bsc#1255694).
- CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544).
- CVE-2025-68356: gfs2: Prevent recursive memory reclaim (bsc#1255593).
- CVE-2025-68359: btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542).
- CVE-2025-68360: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (bsc#1255536).
- CVE-2025-68361: erofs: limit the level of fs stacking for file-backed mounts (bsc#1255526).
- CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
- CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
- CVE-2025-68368: md: init bioset in mddev_init (bsc#1255527).
- CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
- CVE-2025-68376: coresight: ETR: Fix ETR buffer use-after-free issue (bsc#1255529).
- CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
- CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811).
- CVE-2025-68741: scsi: qla2xxx: Fix improper freeing of purex item (bsc#1255703).
- CVE-2025-68743: mshv: Fix create memory region overlap check (bsc#1255708).
- CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
- CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
- CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659).
- CVE-2025-68784: xfs: fix a UAF problem in xattr repair (bsc#1256793).
- CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
- CVE-2025-68792: tpm2-sessions: Fix out of range indexing in name_size (bsc#1256656).
- CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
- CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
- CVE-2025-68799: caif: fix integer underflow in cffrml_receive() (bsc#1256643).
- CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646).
- CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
- CVE-2025-68803: NFSD: NFSv4 file creation neglects setting ACL (bsc#1256770).
- CVE-2025-68811: svcrdma: use rc_pageoff for memcpy byte offset (bsc#1256677).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651).
- CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680).
- CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
- CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754).
- CVE-2025-68821: fuse: fix readahead reclaim deadlock (bsc#1256667).
- CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
- CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608).
- CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
- CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773).
- CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
- CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
- CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
- CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607).
- CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757).
- CVE-2025-71126: mptcp: avoid deadlock on fallback while reinjecting (bsc#1256755).
- CVE-2025-71132: smc91x: fix broken irq-context in PREEMPT_RT (bsc#1256737).
- CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733).
- CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761).
- CVE-2025-71137: octeontx2-pf: fix 'UBSAN: shift-out-of-bounds error' (bsc#1256760).
- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
- CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164).
- CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167).
- CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168).
- CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035).
- CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053).
- CVE-2026-22981: idpf: detach and close netdevs while handling a reset (bsc#1257225).
- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
- CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217).
- CVE-2026-22986: gpiolib: fix race condition for gdev->srcu (bsc#1257276).
- CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
- CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220).
- CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218).
- CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
- CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
- CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).

The following non security issues were fixed:

- ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
- Add bugnumber to an existing hv_netvsc change (bsc#1257473).
- Fix locking issue introduced by a CVE backport (bsc#1256975 bsc#1254977).
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- arm64: Update config files. Disable DEVPORT (bsc#1256792)
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
- btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes).
- drm/imagination: Wait for FW trace update command completion (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087).
- net: mana: Fix incorrect speed reported by debugfs (bsc#1255232).
- net: mana: Support HW link state events (bsc#1253049).
- nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015).
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes).
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864).
- scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346).
- slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes).
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154).
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes).
- smb: improve directory cache reuse for readdir operations (bsc#1252712).
- tsm-mr: Add TVM Measurement Register support (bsc#1257504).
- tsm-mr: Add tsm-mr sample code (bsc#1257504).
- virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504).
- virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504).
- virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes).
- x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504).
- x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504).

-----------------------------------------------------------------
Advisory ID: 328
Released:    Fri Feb 27 14:15:21 2026
Summary:     Security update for haproxy
Type:        security
Severity:    moderate
References:  1234128,1239883,1243317,1257521,1257976,CVE-2025-4802,CVE-2026-26080,CVE-2026-26081
This update for haproxy fixes the following issues:

- Update to version 3.2.12+git0.6011f448e
- CVE-2026-26081: Fixed a DOS vulnerability in QUIC. (bsc#1257976)
- CVE-2026-26080: Fixed a DOS vulnerability in QUIC. (bsc#1257976)

-----------------------------------------------------------------
Advisory ID: 329
Released:    Fri Feb 27 14:36:22 2026
Summary:     Security update for fluidsynth
Type:        security
Severity:    important
References:  1241453,1241551,1256435,CVE-2025-32414,CVE-2025-32415,CVE-2025-56225
This update for fluidsynth fixes the following issues:

- CVE-2025-56225: NULL pointer deference when loading and invalid MIDI file (bsc#1256435).

-----------------------------------------------------------------
Advisory ID: 330
Released:    Sun Mar  1 16:59:54 2026
Summary:     Security update for python-azure-core
Type:        security
Severity:    important
References:  1241083,1257703,CVE-2024-56406,CVE-2026-21226
This update for python-azure-core fixes the following issues:

- CVE-2026-21226: Fixed deserialization of untrusted data which may allow an authorized attacker to execute code over a network. (bsc#1257703)

-----------------------------------------------------------------
Advisory ID: 331
Released:    Mon Mar  2 13:51:58 2026
Summary:     Recommended update for maven, maven-archiver, maven-dependency-plugin, maven-dependency-analyzer, maven-compiler-plugin, maven-assembly-plugin, byte-buddy, bouncycastle, apache-parent, maven-parent, maven-resolver, maven-resources-plugin, objectweb-asm, truth, xmlunit, xz-java
Type:        recommended
Severity:    moderate
References:  1010996,1199079,1229003,1234798,1240009,1240343,441356
This update for maven, maven-archiver, maven-dependency-plugin, maven-dependency-analyzer, maven-compiler-plugin, maven-assembly-plugin, byte-buddy, bouncycastle, apache-parent, maven-parent, maven-resolver, maven-resources-plugin, objectweb-asm, truth, xmlunit, xz-java fixes the following issues:

Changes in maven:

Specify required maven-resolver version since the maven-resolver-provider requires methods added in 1.9.25

Upgrade to upstream version 3.9.12

  * New features and improvements
    + Apply resolver changes and improvements
    + Update formatting of prerequisites-requirements error to
      improve readability
    + Allow a Maven plugin to require a Java version
    + Use MavenRepositorySystem in ProjectBuildingHelper instead
      of deprecated RepositorySystem
    + Make maven.config use UTF8
    + Simplify prefix resolution
  * Bug Fixes
    + Add default implementation for new method in
      MavenPluginManager
    + Repository layout should be used in MavenRepositorySystem
    + Fix plugin prefix resolution when metadata is not available
      from repository
    + Improve source root modification warning message
    + Bug: bad cache isolation between two sessions
    + Set Guice class loading to CHILD - avoid using terminally
      deprecated methods
    + Avoid parsing MAVEN_OPTS (3.9.x)
  * Documentation updates
    + clarify repository vs deployment repository
    + add maintained branches
  * Maintenance
    + Add IntelliJ icon
    + Build by JDK 25
    + Deprecate org.apache.maven.repository.RepositorySystem in
      3.9.x
  * Build
    + Bump actions/download-artifact from 5.0.0 to 6.0.0
    + Bump actions/upload-artifact from 4.6.2 to 5.0.0
  * Dependency updates
    + Bump actions/cache from 4.2.3 to 5.0.0
    + Bump resolverVersion from 1.9.24 to 1.9.25
    + Bump actions/checkout from 5.0.0 to 6.0.1
    + Bump actions/setup-java from 5.0.0 to 5.1.0
    + Bump commons-cli:commons-cli from 1.9.0 to 1.11.0
    + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to
      1.29
    + Bump commons-io:commons-io from 2.19.0 to 2.21.0
    + Bump xmlunitVersion from 2.10.3 to 2.11.0
    + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24
      to 1.26
    + Bump org.ow2.asm:asm from 9.8 to 9.9
    + Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Changes in maven-archiver:

- Upgrade to maven-archiver 3.6.6

  * New features and improvements
     + Backport sorting of properties to maven archiver 3.x
  * Maintenance
     + Convert to MARKDOWN with doxia-converter
     + Add more timestamp tests
  * Dependency updates
     + Bump Maven to 3.9.12
     + Bump org.codehaus.plexus:plexus-archiver from 4.10.2 to 4.10.4
     + Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29




Changes in maven-dependency-plugin:

- Upgrade to version 3.9.0
  * New features and improvements
    + Use Resolver API in go-offline for dependencies resolving
    + Use Resolver API in go-offline for plugins resolving
    + Fixes #1522, add render-dependencies mojo
    + Use Resolver API in resolve-plugin
    + MDEP-964: unconditionally ignore dependencies known to be
      loaded by reflection
    + Update maven-dependency-analyzer to support Java24
    + MDEP-972: copy-dependencies: copy signatures alongside
      artifacts
    + MDEP-776: Warn when multiple dependencies have the same file
      name
    + MDEP-966: Migrate AnalyzeDepMgt to Sisu
    + MDEP-957: By default, don't report slf4j-simple as unused
  * Bug Fixes
    + ProjectBuildingRequest should not be modified
    + Fix: markersDirectory is not working when unpack goal is
      executed from command line
    + Fix broken link for analyze-exclusions-mojo on usage-page
    + MDEP-839: Avoid extra blank lines in file
    + Update collect URL
    + MDEP-689: Fixes ignored dependency filtering in go-offline
      goal
    + MDEP-960: Repair silent logging
  * Documentation updates
    + MDEP-933: Document dependency tree output formats
    + Add additional comment to clarify the minimal supported
      version of outputing dependency tree in JSON fromat.
    + MNGSITE-529: Rename 'Goals' to 'Plugin Documentation'
    + Unix file separators
  * Maintenance
    + Simplify usage of RepositoryManager and DependencyResolver
    + Use Resolver API in copy and unpack
    + Update site descriptor to 2.0.0
    + Enable prevent branch protection rules
    + Fix [MDEP-931: Replace PrintWriter with Writer in
      AbstractSerializing Visitor and subclasses
    + Cleanups dependencies
    + Copy edit parameter descriptions
    + Small Javadoc clarifications
    + MDEP-967: Change info to debug logging in
      AbstractFromConfigurationMojo
    + fix: remove duplicate maven-resolver-api and
      maven-resolver-util dependencies in pom.xml
    + Enable GH issues
    + Remove redundant/unneeded code
    + Add PR Automation and Stale actions
    + Keep files in temporary directory to be deleted after test
    + Drop unnecessary call
    + Avoid deprecated ArtifactFactory
    + MDEP-966: Convert remaining Mojos to Guice injection
    + MDEP-966: Convert Analyze Mojos to Guice constructor injection
    + MDEP-966: Prefer Guice injection
    + MDEP-966: Migrate TreeMojo/CopyMojo/AnalyzeExclusionsMojo/
      /UnpackMojo/CopyDependenciesMojo from Plexus to Sisu Guice
    + MDEP-966: @component --> @Inject for DisplayAncestorsMojo
    + Fixing flaky test in TestCopyDependenciesMojo
    + MNG-2961: Remove workaround for fixed bug
  * Build
    + Build by Maven 4
  * Dependency updates
    + Bump Maven in dependencies to 3.9.11
    + Bump commons-io:commons-io from 2.16.1 to 2.20.0
    + Bump jettyVersion from 9.4.56.v20240826 to 9.4.58.v20250814
    + Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0
    + Bump org.apache.maven.plugins:maven-plugins from 43 to 45
    + Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
    + Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1
    + Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0
    + Bump org.jsoup:jsoup from 1.18.1 to 1.21.2
    + MDEP-963: Bump
      org.apache.maven.shared:maven-dependency-analyzer from 1.15.0
      to 1.15.1

Changes in maven-dependency-analyzer:

- Upgrade to upstream version 1.17.0
  * New features and improvements
    + Recognize classes used in web.xml as main classes
    + Introduced a DependencyClassesProvider service
  * Maintenance
    + Update site descriptor to 2.0
    + Fix badges in README
    + Exclude slf4j 2.x and mockito 5.x from dependabot
    + feat: enable prevent branch protection rules
    + Catch exceptions on all paths
    + Add Apache 2.0 LICENSE file
    + Handle corrupt constant pools
    + Remove redundant code
    + move default to end
  * Build
    + Build on GH also by Maven 4
  * Dependency updates
    + Bump org.assertj:assertj-bom from 3.27.3 to 3.27.7
    + Bump org.apache.maven.shared:maven-shared-components from 44
      to 47
    + Bump mavenVersion from 3.9.9 to 3.9.12
    + Bump org.ow2.asm:asm from 9.8 to 9.9.1
    + Update Invoker Plugin and Plugin tools to support Java 25

    + Bump org.assertj:assertj-bom from 3.26.3 to 3.27.3

Changes in maven-compiler-plugin:

- Upgrade to upsteam release 3.15.0
  * Bug Fixes
    + Fix Java 25 compatibility during integration tests
    + MCOMPILER-540: useIncrementalCompilation=false may add
      generated sources to the sources list
  * Maintenance
    + Bump org.apache.maven.plugins:maven-plugins from 45 to 46
    + Remove declaration of 'plexus-snapshots' repository
    + Works only with Maven 4.0.0 rc4
    + Enable Java 25 and Maven 4 in CI
  * Dependency updates
    + Bump maven-plugin-testing-harness to 3.5.0
    + Bump plexusCompilerVersion from 2.15.0 to 2.16.2
    + Bump org.apache.maven.plugins:maven-plugins from 46 to 47
    + Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.2
    + Bump org.ow2.asm:asm from 9.8 to 9.9.1
    + Bump mavenVersion from 3.9.11 to 3.9.12

Changes in maven-assembly-plugin:

- Update to version 3.8.0
  * Bug Fixes
    + MASSEMBLY-1030: Manifest entries from archive configuration
      are not added in final MANIFEST
    + MASSEMBLY-1029: Use minimal level for model validation
  * Documentation updates
    + MNGSITE-529: Rename 'Goals' to 'Plugin Documentation'
  * Maintenance
    + chore: migrate junit3/4 to junit5
    + feat: enable prevent branch protection rules
    + Enable Github Issues
  * Dependency updates
    + MASSEMBLY-1028: Bump org.apache.maven:maven-archiver from
      3.6.1 to 3.6.2
    + Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.5
    + MASSEMBLY-1027: Bump commons-io:commons-io from 2.15.1 to
      2.16.0
    + Bump commons-io:commons-io from 2.16.0 to 2.21.0
    + Bump Maven to 3.9.11. Prerequisite still 3.6.3
    + Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0
    + Bump org.codehaus.plexus:plexus-io from 3.4.2 to 3.6.0
    + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to
      1.29
    + Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.4
    + Bump com.github.luben:zstd-jni from 1.5.5-11 to 1.5.7-6
    + Bump m-invoker-p to 3.9.1 for Java 25
    + Bump org.apache.maven.plugins:maven-plugins from 41 to 45
    + Bump org.apache.commons:commons-compress from 1.26.1 to 1.28.0
    + Bump commons-fileupload:commons-fileupload from 1.5 to 1.6.0
      in /src/it/projects/bugs/massembly-580
    + Bump org.codehaus.plexus:plexus-archiver from  to 4.10.0
    + Bump org.apache.maven.shared:maven-common-artifact-filters
      from 3.3.2 to 3.4.0
    + Bump org.apache.maven.shared:maven-filtering from 3.3.2 to
      3.4.0
    + Bump org.hamcrest:hamcrest from 2.2 to 3.0

Changes in byte-buddy:

- Update to v1.18.3
  * Changes of v1.18.3
    + Avoid using Class File API when Byte Buddy is loaded on the
      boot loader where multi-release jars are not available.
    + Add additional safety when processing class files with
      illegally formed parameters.
    + Update to latest ASM.
  * Changes of v1.18.2
    + Support modifiers for value classes in Valhalla builds.
    + Improve use of build cache in Gradle.

- Update to v1.18.1
  * Changes of v1.18.1
    + Fix generated module-info to include new package.
  * Changes of v1.18.0
    + Add support for module-info class files and
      ModuleDescriptions.
    + Allow for manipulating module information using the ByteBuddy
      API.
  * Changes of v1.17.8
    + Avoid use of types that are deprecated as of Java 26.
    + Include ASM 9.9 that offers ASM support for Java 26.
    + Make sure that generated code internal to Byte Buddy supports
      CDS if available.
    + Update version of ASM to JDK Class File API bridge to fix
      some minor bugs related to type annotations.
  * Changes of v1.17.7
    + Specify correct JVM environment for Android builds when using
      the Gradle plugin.
    + Avoid recomputing the size of a parameter list for
      performance reasons after measuring the significant impact.
    + Correct validation of JVM names to avoid breaking when Java
      names are not allowed while JVM names are, with Kotlin and
      others.

- Require for build objectweb-asm >= 9.8 for Opcodes.V25

Changes in bouncycastle:

- Update to 1.83:
  * Defects Fixed:
    - Attempting to check a password on a stripped PGP would throw an
      exception. Checking the password on such a key will now always
      return false.
    - Fixed an issue in KangarooTwelve where premature absorption caused
      erroneous 168-byte padding; absorption is now delayed so correct
      final-byte padding is applied.
    - BCJSSE: Fix supported_versions creation for renegotiation handshake.
    - (D)TLS: Reneg info now oly offered with pre-1.3.
  * Additional Features and Functionality:
    - A generic 'COMPOSITE' algorithm name has been added as a JCA
      Signature algorithm. The algorithm will identify the composite
      signature to use from the composite key passed in.
    - The composite signatures implementation has been updated to the
      final draft and now follows the submitted standard.
    - Support for the generation and use as trust anchors has been added
      for certificate signatures with id-alg-unsigned as the signature type.
    - Support for CMP direct POP for encryption keys using
      challenge/response has been added to the CMP/CRMF APIs.
    - Support for SupportedCurves attribute to the BC provider
    - BCJSSE: Added support for SLH-DSA signature schemes in TLS 1.3 per
      draft-reddy-tls-slhdsa-01.
    - Support has been added for the Java 25 KDF API (current algorithms,
      PBKDF2, SCRYPT, and HKDF).
    - Support for composite signatures is now included in CMS and timestamping.
    - It is now possible to disable the Lenstra check in RSA where the public
      key is not available via the system/security property
      'org.bouncycastle.rsa.no_lenstra_check'.

Changes in apache-parent:

- Update to 37:
  * New features and improvements
    + Disable parallel PUT on release

- Update to 36:
  * Breaking changes
    + Update minimum maven version to match current stable version
      (3.6.3 -> 3.9)
    + Introduce javaVersion property for maven.compiler.*
      configuration
    + Switch JDK >= 9 to only use maven.compiler.release
  * New features and improvements
    + Add default specification and implementation for javadoc and
      source manifest entries
  * Documentation updates
    + Clarify how to use Apache Snapshot repository
    + activate Fluido skin's anchorJs
  * Maintenance
    + Avoid - WARNING: Use of the three-letter time zone ID ... on
      JDK 25 for RAT plugin
    + feat: enable prevent branch protection rules

Changes in maven-parent:

- Upgrade to Apache Maven parent POM version 47
  * Dependency updates
    + Bump parent to 37
    + Bump org.junit:junit-bom from 5.14.1 to 5.14.2

- Upgrade to Apache Maven parent POM version 46
  * Breaking changes
    + Require Maven 3.6.3+ from plugins
    + Update rat plugin configuration
    + Use spotless 3 when running on JDK >= 17
    + Drop Doxia Tools parent pom
  * New features and improvements
    + MPOM-387: Exclude test scope from enforcedBytecodeVersion
    + feat: activate Fluido skin's anchorJs
    + Enhance target JDK definition for JDK >= 9
    + Always render a GitHub ribbon on the right-hand side
  * Maintenance
    + MPOM-277: Move maven-invoker-plugin configuration to one
      place
    + Remove doxia-tools from documentations
    + feat: enable prevent branch protection rules
    + Add Apache 2.0 LICENSE file

Changes in maven-resolver:

- Update to upstream version 1.9.25
  * New features and improvements
    + Add scope support for trusted checksums
    + Name mappers cleanup and new GAECV mapper
    + Proper metadata locking support
    + Ability to augment metadata nature for version range request
  * Bug Fixes
    + TrackingFileManager changes
    + Maven filters daemon friendly
    + Remove hack from Basic connector
    + Fix locking issues
  * Documentation updates
    + Updated the documentation to reflect the current list of name
      mappers
  * Maintenance
    + Mild backport: support same properties as Resolver 2.x
    + Maven resolver lockrepro
    + Bugfix: Java 25 broke test
  * Dependency updates
    + Bump com.github.siom79.japicmp:japicmp-maven-plugin from
      0.23.1 to 0.25.0
    + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24
      to 1.26
    + Bump commons-codec:commons-codec from 1.18.0 to 1.20.0
    + Bump org.redisson:redisson from 3.50.0 to 3.52.0
    + Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre
    + Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
    + Bump jettyVersion from 9.4.57.v20241219 to 9.4.58.v20250814
    + Bump mavenVersion from 3.9.10 to 3.9.11

Changes in maven-resolver:

- Update to upstream version 1.9.25
  * New features and improvements
    + Add scope support for trusted checksums
    + Name mappers cleanup and new GAECV mapper
    + Proper metadata locking support
    + Ability to augment metadata nature for version range request
  * Bug Fixes
    + TrackingFileManager changes
    + Maven filters daemon friendly
    + Remove hack from Basic connector
    + Fix locking issues
  * Documentation updates
    + Updated the documentation to reflect the current list of name
      mappers
  * Maintenance
    + Mild backport: support same properties as Resolver 2.x
    + Maven resolver lockrepro
    + Bugfix: Java 25 broke test
  * Dependency updates
    + Bump com.github.siom79.japicmp:japicmp-maven-plugin from
      0.23.1 to 0.25.0
    + Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24
      to 1.26
    + Bump commons-codec:commons-codec from 1.18.0 to 1.20.0
    + Bump org.redisson:redisson from 3.50.0 to 3.52.0
    + Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre
    + Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
    + Bump jettyVersion from 9.4.57.v20241219 to 9.4.58.v20250814
    + Bump mavenVersion from 3.9.10 to 3.9.11

Changes in maven-resources-plugin:

- Upgrade to version 3.4.0
  * New features and improvements
    + Enable GitHub Issues
  * Documentation updates
    + MNGSITE-529: Rename 'Goals' to 'Plugin Documentation'
    + MRESOURCES-299: Be more accurate on using filtering element
    + Don't bother with very old versions
  * Maintenance
    + Migrate site to Doxia 2
    + PlexusFileUtils Refaster recipes
    + Add PR Automation action
    + Improve release-drafter configuration
    + Add dependency to slf4j-simple for test scope
    + Use try with resources in integration test
    + reduce dependency scope of plexus-utils and commons-io
  * Dependency updates
    + Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.20.0
    + Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3
      to 1.9.24
    + Bump Maven to 3.9.11 while keep prerequisites on 3.6.3
    + MRESOURCES-304: Bump org.codehaus.plexus:plexus-interpolation
      from 1.26 to 1.27
    + Bump org.codehaus.plexus:plexus-interpolation from 1.27 to
      1.29
    + Bump m-invoker-p to 3.9.1
    + Bump org.apache.maven.plugins:maven-plugins from 39 to 45
    + Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
      from 3.3.0 to 3.4.0
    + MRESOURCES-302: Bump commons-io:commons-io from 2.11.0 to
      2.16.0
    + Bump commons-io:commons-io from 2.16.0 to 2.20.0
    + MRESOURCES-303: Bump org.apache.maven.shared:maven-filtering
      from 3.3.1 to 3.3.2
    + Bump org.apache.maven.shared:maven-filtering from 3.3.2 to
      3.4.0
    + MRESOURCES-305: Bump org.codehaus.plexus:plexus-utils from
      3.5.1 to 4.0.0
    + Bump apache/maven-gh-actions-shared from 3 to 4

    + MRESOURCES-171: ISO8859-1 properties files get changed into
    + MRESOURCES-210: copy-resources erases file permissions
    + MRESOURCES-236: Copying of files with permissions broken
    + MRESOURCES-257: property from list element in pom model
    + MRESOURCES-251: Upgrade plexus-interpolation 1.26
    + MRESOURCES-252: Add m2e lifecycle Metadata to plugin
    + MRESOURCES-256: make build Reproducible
    + MRESOURCES-258: Only overwrite filtered resources when
    + MRESOURCES-249: Upgrade maven-plugins parent to version 32
    + MRESOURCES-255: Upgrade plexus-utils 3.3.0
    + MRESOURCES-261: Make Maven 3.1.0 the minimum version
    + MRESOURCES-263: Update to maven-filtering 3.2.0

Changes in objectweb-asm:

- Upgrade to version 9.9.1
  * bug fixes
    + 318036: OutOfMemoryError when reading invalid class
    + 318037: Version ranges too wide on Import-Package

Changes in truth:

- Force annotation processing, since it is needed with Java 25

Changes in xmlunit:

- Upgrade to 2.11.0
  * XMLUnit 2.x is a complete rewrite of XMLUnit and actually
    doesn't share any code with XMLUnit for Java 1.x.
  * Some goals for XMLUnit 2.x:
    + create .NET and Java versions that are compatible in design
      while trying to be idiomatic for each platform
    + remove all static configuration (the old XMLUnit class
      setter methods)
    + focus on the parts that are useful for testing
      - XPath
      - (Schema) validation
      - comparisons
    + be independent of any test framework
  * XMLUnit 1.x is no longer maintained

- Use directly the xalan-j2 jar instead of the jaxp_transform_impl

Changes in xz-java:

- Upgrade to version 1.11
  * Fix a data corruption bug when encoding with the rarely-used
    option LZMA2Options.MODE_UNCOMPRESSED. To trigger the bug, a
    write call must cross an offset that is a multiple of 65536
    bytes. For example, one write of 70000 bytes or two write calls
    of 50000 bytes each would trigger the bug. The bug isn't
    triggered if there are ten write calls of 8192 bytes each
    followed by one 123-byte write.
  * If encoding to a .xz file, a decoder would catch the issue
    because the integrity check wouldn't match.
  * The binaries of 1.10 in the Maven Central require Java 8 and
    contain optimized classes for Java >= 9 as multi-release JAR.
    They were built with OpenJDK 21.0.9 on GNU/Linux and can be
    reproduced using the following command:
    SOURCE_DATE_EPOCH=1763575020 TZ=UTC0 ant maven

-----------------------------------------------------------------
Advisory ID: 337
Released:    Mon Mar  2 16:48:41 2026
Summary:     Recommended update for libpinyin
Type:        recommended
Severity:    moderate
References:  1239909,CVE-2025-2588
This update for libpinyin fixes the following issues:

- Update version to 2.10.3:
    * Fix bugs

-----------------------------------------------------------------
Advisory ID: 338
Released:    Tue Mar  3 09:57:47 2026
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1217885,1240919,1254299,1254415,1258022
This update for grub2 fixes the following issues:

- Support dm multipath bootlist on PowerPC (bsc#1254415)
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
- Fix error 'grub-core/script/lexer.c:352:out of memory' after PowerPC CAS Reboot (bsc#1254299)
    * Fix PowerPC CAS reboot to evaluate menu context

-----------------------------------------------------------------
Advisory ID: 341
Released:    Tue Mar  3 12:28:18 2026
Summary:     Recommended update for NetworkManager
Type:        recommended
Severity:    moderate
References:  1241957,1250086
This update for NetworkManager fixes the following issues:

- Move dispatcher.d/pre-up.d/90-nm-cloud-setup.sh to cloud-setup subpackage (bsc#1250086).

-----------------------------------------------------------------
Advisory ID: 344
Released:    Tue Mar  3 17:13:34 2026
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1229122,1244156,1244157,1257144,1257496,CVE-2025-0913,CVE-2025-4673,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:

- CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL
  dereference (bsc#1257144).
- CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496).

-----------------------------------------------------------------
Advisory ID: 346
Released:    Tue Mar  3 18:46:58 2026
Summary:     Security update for go1.24-openssl
Type:        security
Severity:    critical
References:  1236217,1242300,1245878,1247816,1248082,1249985,1251253,1251254,1251255,1251256,1251257,1251258,1251259,1251260,1251261,1251262,1254430,1254431,1256816,1256817,1256818,1256819,1256820,1256821,1257692,CVE-2025-47268,CVE-2025-47912,CVE-2025-58183,CVE-2025-58185,CVE-2025-58186,CVE-2025-58187,CVE-2025-58188,CVE-2025-58189,CVE-2025-61723,CVE-2025-61724,CVE-2025-61725,CVE-2025-61726,CVE-2025-61727,CVE-2025-61728,CVE-2025-61729,CVE-2025-61730,CVE-2025-61731,CVE-2025-61732,CVE-2025-68119,CVE-2025-68121
This update for go1.24-openssl fixes the following issues:

- Update to version 1.24.13 (jsc#SLE-18320)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)
- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)

-----------------------------------------------------------------
Advisory ID: 352
Released:    Wed Mar  4 11:44:08 2026
Summary:     Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1236177,1237496,1241190,1242938,1253415,CVE-2025-40130,CVE-2025-4598

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes one security issue

The following security issue was fixed:

- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (bsc#1253415).

-----------------------------------------------------------------
Advisory ID: 353
Released:    Wed Mar  4 11:51:24 2026
Summary:     Security update for libxml2, libxslt
Type:        security
Severity:    moderate
References:  1236136,1240366,1247850,1247858,1250553,1256804,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,CVE-2024-13176,CVE-2025-10911,CVE-2025-27587,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2, libxslt fixes the following issues:

Changes in libxml2:

- CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in
  `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811).
- CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling
  `nextCatalog` elements (bsc#1256809, bsc#1256812).
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files
  (bsc#1247858).
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595).
- CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553)

-----------------------------------------------------------------
Advisory ID: 358
Released:    Thu Mar  5 15:21:04 2026
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1205588,1243313,1247432,1254336,1254679,CVE-2024-2312,CVE-2025-47273
This update for shim fixes the following issues:

This update for shim fixes the following issues:

shim is updated to version 16.1:

- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol


shim is updated to version 16.0:


- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs

-----------------------------------------------------------------
Advisory ID: 361
Released:    Thu Mar  5 15:28:58 2026
Summary:     Recommended update for python-graphviz, graphviz
Type:        recommended
Severity:    moderate
References:  1244509,CVE-2025-6020
This update for python-graphviz, graphviz fixes the following issues:

Changes in python-graphviz:

Update to 0.21:

  * Drop Python 3.8 support (end of life 7 Oct 2024).
  * Tag Python 3.13 support.
  * Add support for ``format='svg_inline'``, available since upstream
    Graphviz 10.0.1. Produces header-less SVG suitable for inlining
    into HTML (see https://www.graphviz.org/docs/outputs/svg/).
  * Switch project to ``pyproject.toml`` and build to ``python -m build``)
    (https://build.pypa.io). This changes the source distribution formar
    from ``.zip`` to PEP 625 compliant ``.tar.gz``
    (https://peps.python.org/pep-0625/).

Changes in graphviz:

Update to 12.2.1:

  * Added

    - Support for building the SWIG-generated R language bindings
      has been integrated into the CMake build system. This is
      controllable by the -DENABLE_R={AUTO|ON|OFF} option.
    - A sandboxing wrapper, dot_sandbox, is now included with
      Graphviz. Users should prefer their platform’s native
      security solutions, but if nothing better is available this
      wrapper offers safe processing of untrusted inputs in some
      scenarios.

  * Changed

    - JPEG images without an APP0 leading segment are supported for
      use in src fields and friends. Previously Graphviz was overly
      strict with the types of JPEGs it would recognize. #2619
    - The CMake build system now discovers and uses
      pango_fc_font_lock_face if possible, for the Pango plugin to
      provide more information about used fonts.

  * Fixed

    - The GVPR library program depath no longer acts on previously
      deleted nodes, causing unpredictable results. #1702 (closed)
    - Void-typed function parameters (int foo(void bar)) and
      variables void baz; in GVPR are gracefully rejected.
      #2585 (closed)
    - Input that induce a set node height but no set node width no
      longer crash with the failure 'Assertion failed:
      (r->boundary[i] <= r->boundary[NUMDIMS + i]), function
      RTreeInsert'. It is typically not obvious to users when their
      input falls into this situation, hence why the assertion
      message is quoted here. This was a regression in Graphviz
      12.0.0. #2613 (closed)
    - Strings containing double quote characters preceded by escape
      sequences (e.g. \n') are once again correctly escaped in dot
      or canonical output. This was a regression in Graphviz 9.0.0.
      #2614 (closed)
    - dot_builtins no longer lists duplicate format options in its
      error messages. #2604 (closed)
    - A precision error that resulted in truncated edge lines has
      been corrected. This was a regression in Graphviz 12.0.0.
      #2620 (closed)
    - The xlib plugin (-Tx11) resets its initialization state
      during finalization. This fixes a rare scenario where
      multiple input graphs are supplied and initialization for one
      of the not-first graphs fails. In this scenario, finalization
      would be unaware of this failure and act on invalid state.

Update to 12.2.0:

  * Removed

    - Visual Studio build files have been removed. CMake is now the
      only supported build system on Windows.

  * Added

    - Support for building the SWIG-generated PHP language bindings
      has been integrated into the CMake build system. This is
      controllable by the -DENABLE_PHP={AUTO|ON|OFF} option.
    - Support for building the SWIG-generated Python language
      bindings has been integrated into the CMake build system.
      This is controllable by the -DENABLE_PYTHON={AUTO|ON|OFF}
      option.

  * Changed

    - An algorithm closer to that described in RFC 1942 and/or the
      CSS 2.1 specification is now used for sizing table cells
      within HTML-like labels. This is less scalable than the
      network simplex algorithm it replaces, but in general
      produces more intuitive results. #2159 (closed)
    - Tooltips on table elements within HTML-like labels are now
      propagated to SVGs produced by the core plugin (-Tsvg) even
      when the elements do not have href attributes. #1425 (closed)
    - In the Autotools build system, pkg-config is the only
      supported way for discovering Guile. Previous use of
      guile-config* has been removed. #2606 (closed)
    - The Autotools release artifacts for macOS
      (Darwin_*_graphviz-*.tar.gz) now use relative paths in links
      to dependent libraries and plugins. This should make the tree
      relocatable instead of having to live at
      /Users/gitlab/builds. #2501 (closed)
    - gml2gv no longer maps GML label attributes to Graphviz name
      attributes. These are now mapped to Graphviz label
      attributes. #2586 (closed)

  * Fixed

    - In the Autotools build system, the core plugin links against
      libm, fixing some unresolvable symbols. This was a regression
      in Graphviz 4.0.0. Though it would primarily have affected
      non-Graphviz applications attempting to load this plugin on
      Linux.
    - The osage layout engine now understands a cluster to be
      indicated by the common rules, including the 'cluster' prefix
      being case insensitive and the cluster=true attribute as an
      alternative. #2187
    - acyclic once again produces its output on stdout. This was a
      regression in Graphviz 10.0.1. #2600 (closed)
    - When using the Tclpathplan module, created vgpanes can once
      again be named and addressed. This was a regression in
      Graphviz 12.1.2.
    - Omitting a polygon identifier when running triangulation
      using the Tclpathplan module (e.g. vgpane0 triangulate
      instead of vgpane0 triangulate 42) no longer goes unnoticed
      and reads invalid memory. This bug seems to have existed
      since the first revision of Graphviz.
    - When using the Tclpathplan module, defining a malformed
      <3-point polygon and then attempting to triangulate this
      polygon no longer reads invalid memory. This case is now
      rejected with an error during triangulation. Like the
      previous entry, this bug seems to have existed since the
      first revision of Graphviz.
    - When using the Tclpathplan module, binding a pane’s
      triangulation callback to a string ending in a trailing %
      (e.g. vgpane0 bind triangle %) no longer causes later
      out-of-bounds reads during triangulation. Like the previous
      entries, this bug seems to have existed since the first
      revision of Graphviz. #2596 (closed)
    - Mouse right-clicks in Smyrna are no longer sticky. In some
      contexts, right-clicking the mouse would register a mouse
      down event but no mouse up event, leading Smyrna to believe
      the user was dragging with the right button held down.
    - Arrowhead missing from tail-end of edge #2437 (closed)
    - The Ruby bindings package (libgv-ruby) is once again
      installable on Ubuntu. This became uninstallable when
      Ruby 1.8 was no longer available on Ubuntu, as it had a hard
      coded dependency of Ruby 1.8. This has now been relaxed to
      depend on any Ruby version ≥ 1.8. #2607 (closed)
    - Generated GIFs and JPEGs display the graphed image instead
      of a single solid color. This was a regression in Graphviz
      12.1.1. #2609 (closed)
    - The CMake build system includes some supporting pieces of the
      SWIG-generated language bindings that were previously
      missing. It also links further dependencies that were
      previously missing.
    - In the CMake build system, linking of the Guile language
      bindings uses the full path to libguile, fixing issues on
      macOS.
    - The provided release packages for Debian-based operating
      systems (only Ubuntu currently) have corrected package
      dependencies. #2466 (closed)
    - Discussion of gvpr -c '' in the gvpr man page has been
      removed. This invocation did not do what was claimed.
      #2584 (closed)
- To see the full changelog for all intermediate releases, see:
  https://gitlab.com/graphviz/graphviz/-/blob/main/CHANGELOG.md


-----------------------------------------------------------------
Advisory ID: 370
Released:    Wed Mar 11 09:51:21 2026
Summary:     Security update for kea
Type:        security
Severity:    important
References:  1236931,1239119,1248801,CVE-2025-30258,CVE-2025-40779
This update for kea fixes the following issues:

Update to release 3.0.1:

- CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection (bsc#1248801).

-----------------------------------------------------------------
Advisory ID: 372
Released:    Wed Mar 11 10:48:28 2026
Summary:     Recommended update for ipw-firmware
Type:        recommended
Severity:    important
References:  1244079,1252153,CVE-2025-40909
This update for ipw-firmware fixes the following issues:

- mark LICENSE.ipw2x00 as %license (bsc#1252153)

-----------------------------------------------------------------
Advisory ID: 373
Released:    Thu Mar 12 14:45:55 2026
Summary:     Recommended update for aws-nitro-enclaves-cli
Type:        recommended
Severity:    moderate
References:  1236136,1250566,1250567,1250573,CVE-2024-13176
This update for aws-nitro-enclaves-cli fixes the following issues:

- Add header from kernel configs to blobs to fix image builds (bsc#1250573)
- Fix group in udev rule (bsc#1250566)
- Automatically load kernel module when allocator service is started (bsc#1250567)
- Update to version 1.4.3

-----------------------------------------------------------------
Advisory ID: 375
Released:    Thu Mar 12 14:46:52 2026
Summary:     Security update for amazon-ssm-agent
Type:        security
Severity:    important
References:  1242987,1253611,CVE-2025-47913
This update for amazon-ssm-agent fixes the following issues:

- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or
  signing request (bsc#1253611).

-----------------------------------------------------------------
Advisory ID: 374
Released:    Thu Mar 12 14:47:49 2026
Summary:     Security update for tomcat
Type:        security
Severity:    important
References:  1236931,1239119,1243069,1253460,1258371,1258385,1258387,CVE-2025-30258,CVE-2025-66614,CVE-2026-24733,CVE-2026-24734
This update for tomcat fixes the following issues:

Update to Tomcat 9.0.115:

- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387).
 * Catalina
 + Fix: 69623: Additional fix for the long standing regression that meant
 that calls to ClassLoader.getResource().getContent() failed when made from
 within a web application with resource caching enabled if the target
 resource was packaged in a JAR file. (markt)
 + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the
 CsrfPreventionFilter. (schultz)
 + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2
 requests when the content-length header is not set. (dsoumis)
 + Update: Update the minimum and recommended versions for Tomcat Native to
 1.3.4. (markt)
 + Add: Add a new ssoReauthenticationMode to the Tomcat provided
 Authenticators that provides a per Authenticator override of the SSO Valve
 requireReauthentication attribute. (markt)
 + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception
 rather than silently using a replacement character. (markt)
 + Fix: 69871: Increase log level to INFO for missing configuration for the
 rewrite valve. (remm)
 + Fix: Add log warnings for additional Host appBase suspicious values.
 (remm)
 + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar.
 org.apache.catalina.Connector no longer requires
 org.apache.tomcat.jni.AprStatus to be present. (markt)
 + Add: Add the ability to use a custom function to generate the client
 identifier in the CrawlerSessionManagerValve. This is only available
 programmatically. Pull request #902 by Brian Matzon. (markt)
 + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication
 so that a normal SPNEGO authentication is performed if the SSL Valve is
 configured with reauthentication enabled. This is so that the delegated
 credentials will be available to the web application. (markt)
 + Fix: When generating the class path in the Loader, re-order the check on
 individual class path components to avoid a potential
 NullPointerException. Identified by Coverity Scan. (markt)
 + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull
 request #915 by Joshua Rogers. (remm)
 + Update: Add an attribute, digestInRfc3112Order, to
 MessageDigestCredentialHandler to control the order in which the
 credential and salt are digested. By default, the current, non-RFC 3112
 compliant, order of salt then credential will be used. This default will
 change in Tomcat 12 to the RFC 3112 compliant order of credential then
 salt. (markt)
 * Cluster
 + Add: 62814: Document that human-readable names maybe used for
 mapSendOptions and align documentation with channelSendOptions. Based on
 pull request #929 by archan0621. (markt)
 * Clustering
 + Fix: Correct a regression introduced in 9.0.109 that broke some clustering
 configurations. (markt)
 * Coyote
 + Fix: Prevent concurrent release of OpenSSLEngine resources and the
 termination of the Tomcat Native library as it can cause crashes during
 Tomcat shutdown. (markt)
 + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm)
 + Fix: Improve warnings when setting ciphers lists in the FFM code,
 mirroring the tomcat-native changes. (remm)
 + Fix: 69910: Dereference TLS objects right after closing a socket to
 improve memory efficiency. (remm)
 + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig
 to reflect the existing implementation that allows one configuration style
 to be used for the trust attributes and a different style for all the
 other attributes. (markt)
 + Fix: Better warning message when OpenSSLConf configuration elements are
 used with a JSSE TLS implementation. (markt)
 + Fix: When using OpenSSL via FFM, don't log a warning about missing CA
 certificates unless CA certificates were configured and the configuration
 failed. (markt)
 + Add: For configuration consistency between OpenSSL and JSSE TLS
 implementations, TLSv1.3 cipher suites included in the ciphers attribute
 of an SSLHostConfig are now always ignored (previously they would be
 ignored with OpenSSL implementations and used with JSSE implementations)
 and a warning is logged that the cipher suite has been ignored. (markt)
 + Add: Add the ciphersuite attribute to SSLHostConfig to configure the
 TLSv1.3 cipher suites. (markt)
 + Add: Add OCSP support to JSSE based TLS connectors and make the use of
 OCSP configurable per connector for both JSSE and OpenSSL based TLS
 implementations. Align the checks performed by OpenSSL with those
 performed by JSSE. (markt)
 + Add: Add support for soft failure of OCSP checks with soft failure support
 disabled by default. (markt)
 + Add: Add support for configuring the verification flags passed to
 OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt)
 + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5.
 + Fix: Don't log an incorrect certificate KeyStore location when creating a
 TLS connector if the KeyStore instance has been set directly on the
 connector. (markt)
 + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm)
 + Add: Add strictSni attribute on the Connector to allow matching the
 SSLHostConfig configuration associated with the SNI host name to the
 SSLHostConfig configuration matched from the HTTP protocol host name. Non
 matching configurations will cause the request to be rejected. The
 attribute default value is true, enabling the matching. (remm)
 + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm)
 + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL
 provider. Pull request #912 by aogburn. (markt)
 + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers.
 * Jasper
 + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure
 that reuse() or release() is always called for a tag. (markt)
 + Fix: 69877: Catch IllegalArgumentException when processing URIs when
 creating the classpath to handle invalid URIs. (remm)
 + Fix: Fix populating the classpath with the webapp classloader
 repositories. (remm)
 + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some
 exception details. Patch submitted by Eric Blanquer. (remm)
 * Jdbc-pool
 + Fix: 64083: If the underlying connection has been closed, don't add it to
 the pool when it is returned. Pull request #235 by Alex Panchenko. (markt)
 * Web applications
 + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server
 status output if one or more of the web applications failed to start.
 (schultz)
 + Add: Manager: Include web application state in the HTML and JSON complete
 server status output. (markt)
 + Add: Documentation: Expand the documentation to better explain when OCSP
 is supported and when it is not. (markt)
 * Websocket
 + Fix: 69920: When attempting to write to a closed Writer or OutputStream
 obtained from a WebSocket session, throw an IOException rather than an
 IllegalStateExcpetion as required by Writer and strongly suggested by
 OutputStream. (markt)
 * Other
 + Add: Add property 'gpg.sign.files' to optionally disable release artefact
 signing with GPG. (rjung)
 + Add: Add test.silent property to suppress JUnit console output during test
 execution. Useful for cleaner console output when running tests with
 multiple threads. (csutherl)
 + Update: Update the internal fork of Commons Pool to 2.13.1. (markt)
 + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt)
 + Update: Update Commons Daemon to 1.5.1. (markt)
 + Update: Update ByteBuddy to 1.18.3. (markt)
 + Update: Update UnboundID to 7.0.4. (markt)
 + Update: Update Checkstyle to 12.3.1. (markt)
 + Add: Improvements to French translations. (markt)
 + Add: Improvements to Japanese translations provided by tak7iji. (markt)
 + Add: Improvements to Chinese translations provided by Yang. vincent.h and
 yong hu. (markt)
 + Update: Update Tomcat Native to 1.3.5. (markt)
 + Add: Add test profile system for selective test execution. Profiles can be
 specified via -Dtest.profile=<name> to run specific test subsets without
 using patterns directly. Profile patterns are defined in
 test-profiles.properties. (csutherl)
 + Update: Update file extension to media type mappings to align with the
 current list used by the Apache Web Server (httpd). (markt)
 + Update: Update Commons Daemon to 1.5.0. (markt)
 + Update: Update Byte Buddy to 1.18.2. (markt)
 + Update: Update Checkstyle to 12.2.0. (markt)
 + Add: Improvements to Spanish translations provided by White Vogel. (markt)
 + Add: Improvements to French translations. (remm)
 + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt)
 + Update: Update to Byte Buddy 1.17.8. (markt)
 + Update: Update to Checkstyle 12.1.1. (markt)
 + Update: Update to Jacoco 0.8.14. (markt)
 + Update: Update to SpotBugs 4.9.8. (markt)
 + Update: Update to JSign 7.4. (markt)
 + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung)

-----------------------------------------------------------------
Advisory ID: 377
Released:    Thu Mar 12 22:50:17 2026
Summary:     Recommended update for rust1.93
Type:        recommended
Severity:    important
References:  1189788,1216091,1222044,1225451,1228434,1229106,1230267,1232458,1234752,1235598,1235636,1236384,1236481,1236820,1236939,1236983,1237044,1237172,1237587,1237949,1238315,1239012,1239543,1239809,1240132,1240529,1241463,1243279,1243457,1243887,1243901,1244042,1244105,1244710,1245220,1245452,1245496,1245672,1253321,614646
This update for rust1.93 fixes the following issues:

- Resolve missing gcc requirement that may affect some crate building (bsc#1253321)

-----------------------------------------------------------------
Advisory ID: 381
Released:    Fri Mar 13 11:47:15 2026
Summary:     Security update for qemu
Type:        security
Severity:    moderate
References:  1221107,1255400,1256484,1257474,1257492,CVE-2024-2236,CVE-2025-14876,CVE-2026-0665
This update for qemu fixes the following issues:

- Update to version 10.0.8
- CVE-2025-14876: Fixed unbounded allocation in virtio-crypto. (bsc#1255400)
- CVE-2026-0665: Fixed PIRQ bounds check in xen_physdev_map_pirq. (bsc#1256484)

-----------------------------------------------------------------
Advisory ID: 389
Released:    Mon Mar 16 16:57:03 2026
Summary:     Security update for docker-stable
Type:        security
Severity:    important
References:  1240513,1245220,1246149,1246466,1253904,1254206,CVE-2025-30204,CVE-2025-58181
This update for docker-stable fixes the following issues:

- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)
- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)

-----------------------------------------------------------------
Advisory ID: 388
Released:    Mon Mar 16 17:42:36 2026
Summary:     Security update for MozillaFirefox
Type:        security
Severity:    important
References:  1216091,1218459,1241052,1258568,CVE-2026-2757,CVE-2026-2758,CVE-2026-2759,CVE-2026-2760,CVE-2026-2761,CVE-2026-2762,CVE-2026-2763,CVE-2026-2764,CVE-2026-2765,CVE-2026-2766,CVE-2026-2767,CVE-2026-2768,CVE-2026-2769,CVE-2026-2770,CVE-2026-2771,CVE-2026-2772,CVE-2026-2773,CVE-2026-2774,CVE-2026-2775,CVE-2026-2776,CVE-2026-2777,CVE-2026-2778,CVE-2026-2779,CVE-2026-2780,CVE-2026-2781,CVE-2026-2782,CVE-2026-2783,CVE-2026-2784,CVE-2026-2785,CVE-2026-2786,CVE-2026-2787,CVE-2026-2788,CVE-2026-2789,CVE-2026-2790,CVE-2026-2791,CVE-2026-2792,CVE-2026-2793
This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 140.8.0 ESR (bsc#1258568)
- CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component
- CVE-2026-2758: Use-after-free in the JavaScript: GC component
- CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component
- CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
- CVE-2026-2761: Sandbox escape in the Graphics: WebRender component
- CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component
- CVE-2026-2763: Use-after-free in the JavaScript Engine component
- CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
- CVE-2026-2765: Use-after-free in the JavaScript Engine component
- CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component
- CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component
- CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component
- CVE-2026-2769: Use-after-free in the Storage: IndexedDB component
- CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component
- CVE-2026-2771: Undefined behavior in the DOM: Core HTML component
- CVE-2026-2772: Use-after-free in the Audio/Video: Playback component
- CVE-2026-2773: Incorrect boundary conditions in the Web Audio component
- CVE-2026-2774: Integer overflow in the Audio/Video component
- CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component
- CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
- CVE-2026-2777: Privilege escalation in the Messaging System component
- CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core HTML component
- CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component
- CVE-2026-2780: Privilege escalation in the Netmonitor component
- CVE-2026-2781: Integer overflow in the Libraries component in NSS
- CVE-2026-2782: Privilege escalation in the Netmonitor component
- CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
- CVE-2026-2784: Mitigation bypass in the DOM: Security component
- CVE-2026-2785: Invalid pointer in the JavaScript Engine component
- CVE-2026-2786: Use-after-free in the JavaScript Engine component
- CVE-2026-2787: Use-after-free in the DOM: Window and Location component
- CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component
- CVE-2026-2789: Use-after-free in the Graphics: ImageLib component
- CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component
- CVE-2026-2791: Mitigation bypass in the Networking: Cache component
- CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
- CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

-----------------------------------------------------------------
Advisory ID: 390
Released:    Tue Mar 17 09:02:13 2026
Summary:     Recommended update for rubygem-agama-yast, agama-products
Type:        recommended
Severity:    moderate
References:  1243772,1258701,CVE-2025-48964
This update for rubygem-agama-yast, agama-products fixes the following issues:

Changes in rubygem-agama-yast:

- Do not log the URL password in the 'inst.install_url' bootparameter (bsc#1258701)

Changes in agama-products:

- Update translations.

-----------------------------------------------------------------
Advisory ID: 395
Released:    Tue Mar 17 13:51:10 2026
Summary:     Security update for python-maturin
Type:        security
Severity:    important
References:  1242844,1244596,1257918,CVE-2025-4373,CVE-2025-6052,CVE-2026-25727
This update for python-maturin fixes the following issue:

- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
  (bsc#1257918).

-----------------------------------------------------------------
Advisory ID: 396
Released:    Tue Mar 17 15:49:10 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1257364,1257365,1258020,CVE-2022-31022,CVE-2023-42818,CVE-2024-10975,CVE-2025-0913,CVE-2025-1296,CVE-2025-22874,CVE-2025-25207,CVE-2025-25208,CVE-2025-28162,CVE-2025-28164,CVE-2025-4128,CVE-2025-4573,CVE-2025-46721,CVE-2025-4673,CVE-2025-47950,CVE-2025-49011,CVE-2025-49136,CVE-2025-49140,CVE-2026-25646
This update for libpng16 fixes the following issues:

- CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
- CVE-2025-28162: Fixed a memory leaks when running `pngimage`. (bsc#1257364)
- CVE-2025-28164: Fixed a memory leaks when running `pngimage`. (bsc#1257365)

-----------------------------------------------------------------
Advisory ID: 401
Released:    Wed Mar 18 10:56:31 2026
Summary:     Security update for net-snmp
Type:        security
Severity:    important
References:  1243226,1255491,CVE-2025-6018,CVE-2025-68615
This update for net-snmp fixes the following issues:

- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491).

-----------------------------------------------------------------
Advisory ID: 405
Released:    Wed Mar 18 16:29:19 2026
Summary:     Security update for busybox
Type:        security
Severity:    important
References:  1243767,1258163,1258167,CVE-2025-5278,CVE-2026-26157,CVE-2026-26158
This update for busybox fixes the following issues:

Changes in busybox:

- CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. (bsc#1258163)
- CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archive entries. (bsc#1258167)

-----------------------------------------------------------------
Advisory ID: 407
Released:    Wed Mar 18 23:55:39 2026
Summary:     Recommended update for gcc15
Type:        recommended
Severity:    important
References:  1257463
This update for gcc15 fixes the following issues:

Changes in gcc15:

- Fixed bogus expression simplification (bsc#1257463)

-----------------------------------------------------------------
Advisory ID: 411
Released:    Thu Mar 19 09:11:15 2026
Summary:     Security update for poppler
Type:        security
Severity:    moderate
References:  1218459,1245985,1246038,1246466,1247054,1247690,1252337,CVE-2025-11896
This update for poppler fixes the following issues:

- CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337).

-----------------------------------------------------------------
Advisory ID: 412
Released:    Thu Mar 19 09:18:59 2026
Summary:     Security update for keylime
Type:        security
Severity:    critical
References:  1240414,1257895,CVE-2025-31115,CVE-2026-1709
This update for keylime fixes the following issues:

- Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895):
- CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895)

-----------------------------------------------------------------
Advisory ID: 416
Released:    Thu Mar 19 14:48:14 2026
Summary:     Security update for gstreamer-plugins-ugly
Type:        security
Severity:    important
References:  1242827,1243935,1247074,1259367,1259370,CVE-2025-4598,CVE-2026-2920,CVE-2026-2922
This update for gstreamer-plugins-ugly fixes the following issues:

- CVE-2026-2920: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259367).
- CVE-2026-2922: GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability (bsc#1259370).

-----------------------------------------------------------------
Advisory ID: 419
Released:    Fri Mar 20 10:31:54 2026
Summary:     Security update for ImageMagick
Type:        security
Severity:    important
References:  1245309,1245310,1245311,1245312,1245314,1245317,1258790,1259446,1259447,1259448,1259450,1259451,1259452,1259455,1259456,1259457,1259463,1259464,1259466,1259467,1259468,1259469,1259497,1259528,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987,CVE-2026-24484,CVE-2026-28493,CVE-2026-28494,CVE-2026-28686,CVE-2026-28687,CVE-2026-28688,CVE-2026-28689,CVE-2026-28690,CVE-2026-28691,CVE-2026-28692,CVE-2026-28693,CVE-2026-30883,CVE-2026-30929,CVE-2026-30931,CVE-2026-30935,CVE-2026-30936,CVE-2026-30937,CVE-2026-31853
This update for ImageMagick fixes the following issues:

- CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790).
- CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446).
- CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow
  (bsc#1259447).
- CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow
  (bsc#1259448).
- CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450).
- CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451).
- CVE-2026-28689: `domain='path'` authorization is checked before final file open/use and allows for read/write bypass
  via symlink swaps (bsc#1259452).
- CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456).
- CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455).
- CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457).
- CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466).
- CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467).
- CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow
  (bsc#1259468).
- CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469).
- CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497).
- CVE-2026-30936: heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464).
- CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463).
- CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely
  large images (bsc#1259528).

-----------------------------------------------------------------
Advisory ID: 418
Released:    Fri Mar 20 10:36:45 2026
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1246360,1259362,1259363,1259364,1259365,CVE-2025-7424,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:

- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).

-----------------------------------------------------------------
Advisory ID: 429
Released:    Tue Mar 24 06:43:06 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1244554,1244555,1244557,1244580,1244700,1246296,1256624,1256644,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-68813,CVE-2025-71085,CVE-2025-7425

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).

-----------------------------------------------------------------
Advisory ID: 428
Released:    Tue Mar 24 06:44:24 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1246597,1247240,1255052,1255053,1255378,1255402,1255895,1256624,1256644,1257669,CVE-2025-38488,CVE-2025-40214,CVE-2025-40258,CVE-2025-40284,CVE-2025-40297,CVE-2025-68284,CVE-2025-68285,CVE-2025-68813,CVE-2025-6965,CVE-2025-71085

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).

-----------------------------------------------------------------
Advisory ID: 432
Released:    Tue Mar 24 13:30:27 2026
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1245292,1247326,1247816,1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:

- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).

-----------------------------------------------------------------
Advisory ID: 437
Released:    Tue Mar 24 20:41:09 2026
Summary:     Security update for python-black
Type:        security
Severity:    important
References:  1246912,1259546,1259608,CVE-2026-31900,CVE-2026-32274
This update for python-black fixes the following issues:

- CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution (bsc#1259546).
- CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name (bsc#1259608).

-----------------------------------------------------------------
Advisory ID: 436
Released:    Tue Mar 24 21:36:24 2026
Summary:     Security update for the initial kernel livepatch
Type:        security
Severity:    important
References:  1241114,1241680,1247819


This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.


-----------------------------------------------------------------
Advisory ID: 435
Released:    Wed Mar 25 09:49:52 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1229122,1234634,1246118,1247719,1247720,1247816,1249590,1250748,1251135,1251966,1251971,1252008,1252266,1252911,1252924,1253129,1253691,1254817,1254928,1255129,1255144,1255148,1255311,1255490,1255572,1255721,1255868,1256640,1256675,1256679,1256708,1256732,1256784,1256802,1256865,1256867,1257154,1257174,1257209,1257222,1257228,1257231,1257246,1257332,1257466,1257472,1257473,1257551,1257552,1257553,1257554,1257556,1257557,1257559,1257560,1257561,1257562,1257565,1257570,1257572,1257573,1257576,1257579,1257580,1257581,1257586,1257600,1257631,1257635,1257679,1257682,1257686,1257687,1257688,1257704,1257705,1257706,1257707,1257709,1257714,1257715,1257716,1257718,1257722,1257723,1257726,1257729,1257730,1257732,1257734,1257735,1257737,1257739,1257740,1257741,1257742,1257743,1257745,1257749,1257750,1257755,1257757,1257758,1257759,1257761,1257762,1257763,1257765,1257768,1257770,1257772,1257775,1257776,1257788,1257789,1257790,1257805,1257808,1257809,1257811,1257813,1257814,1257815,1
 257816,1257817,1257818,1257830,1257942,1257952,1258153,1258181,1258184,1258222,1258232,1258234,1258237,1258245,1258249,1258252,1258256,1258258,1258259,1258272,1258273,1258276,1258277,1258279,1258286,1258289,1258290,1258297,1258298,1258299,1258303,1258304,1258308,1258309,1258313,1258317,1258321,1258323,1258324,1258326,1258331,1258338,1258349,1258354,1258355,1258358,1258374,1258376,1258377,1258379,1258389,1258394,1258395,1258397,1258411,1258415,1258419,1258421,1258422,1258424,1258429,1258430,1258442,1258455,1258461,1258464,1258465,1258468,1258469,1258483,1258484,1258489,1258517,1258518,1258519,1258520,1258524,1258544,1258660,1258672,1258824,1259329,CVE-2025-39753,CVE-2025-39964,CVE-2025-40099,CVE-2025-40103,CVE-2025-40230,CVE-2025-4674,CVE-2025-47906,CVE-2025-47907,CVE-2025-68173,CVE-2025-68186,CVE-2025-68292,CVE-2025-68295,CVE-2025-68329,CVE-2025-68371,CVE-2025-68745,CVE-2025-68785,CVE-2025-68810,CVE-2025-68818,CVE-2025-71071,CVE-2025-71104,CVE-2025-71125,CVE-2025-71134,CVE-2025-7116
 1,CVE-2025-71182,CVE-2025-71183,CVE-2025-71184,CVE-2025-71185,CVE-2025-71186,CVE-2025-71188,CVE-2025-71189,CVE-2025-71190,CVE-2025-71191,CVE-2025-71192,CVE-2025-71193,CVE-2025-71194,CVE-2025-71195,CVE-2025-71196,CVE-2025-71197,CVE-2025-71198,CVE-2025-71199,CVE-2025-71200,CVE-2025-71222,CVE-2025-71224,CVE-2025-71225,CVE-2025-71229,CVE-2025-71231,CVE-2025-71232,CVE-2025-71233,CVE-2025-71234,CVE-2025-71235,CVE-2025-71236,CVE-2026-22979,CVE-2026-22980,CVE-2026-22998,CVE-2026-23003,CVE-2026-23004,CVE-2026-23010,CVE-2026-23017,CVE-2026-23018,CVE-2026-23021,CVE-2026-23022,CVE-2026-23023,CVE-2026-23024,CVE-2026-23026,CVE-2026-23030,CVE-2026-23031,CVE-2026-23033,CVE-2026-23035,CVE-2026-23037,CVE-2026-23038,CVE-2026-23042,CVE-2026-23047,CVE-2026-23049,CVE-2026-23050,CVE-2026-23053,CVE-2026-23054,CVE-2026-23055,CVE-2026-23056,CVE-2026-23057,CVE-2026-23058,CVE-2026-23059,CVE-2026-23060,CVE-2026-23061,CVE-2026-23062,CVE-2026-23063,CVE-2026-23064,CVE-2026-23065,CVE-2026-23066,CVE-2026-23068,CVE-2
 026-23069,CVE-2026-23070,CVE-2026-23071,CVE-2026-23073,CVE-2026-23074,CVE-2026-23076,CVE-2026-23078,CVE-2026-23080,CVE-2026-23082,CVE-2026-23083,CVE-2026-23084,CVE-2026-23085,CVE-2026-23086,CVE-2026-23088,CVE-2026-23089,CVE-2026-23090,CVE-2026-23091,CVE-2026-23094,CVE-2026-23095,CVE-2026-23096,CVE-2026-23097,CVE-2026-23099,CVE-2026-23100,CVE-2026-23101,CVE-2026-23102,CVE-2026-23104,CVE-2026-23105,CVE-2026-23107,CVE-2026-23108,CVE-2026-23110,CVE-2026-23111,CVE-2026-23112,CVE-2026-23116,CVE-2026-23119,CVE-2026-23121,CVE-2026-23123,CVE-2026-23128,CVE-2026-23129,CVE-2026-23131,CVE-2026-23133,CVE-2026-23135,CVE-2026-23136,CVE-2026-23137,CVE-2026-23139,CVE-2026-23141,CVE-2026-23142,CVE-2026-23144,CVE-2026-23145,CVE-2026-23146,CVE-2026-23148,CVE-2026-23150,CVE-2026-23151,CVE-2026-23152,CVE-2026-23154,CVE-2026-23155,CVE-2026-23156,CVE-2026-23157,CVE-2026-23158,CVE-2026-23161,CVE-2026-23163,CVE-2026-23166,CVE-2026-23167,CVE-2026-23169,CVE-2026-23170,CVE-2026-23171,CVE-2026-23172,CVE-2026-231
 73,CVE-2026-23176,CVE-2026-23177,CVE-2026-23178,CVE-2026-23179,CVE-2026-23182,CVE-2026-23188,CVE-2026-23189,CVE-2026-23190,CVE-2026-23191,CVE-2026-23198,CVE-2026-23202,CVE-2026-23207,CVE-2026-23208,CVE-2026-23209,CVE-2026-23210,CVE-2026-23213,CVE-2026-23214,CVE-2026-23221,CVE-2026-23222,CVE-2026-23223,CVE-2026-23224,CVE-2026-23229,CVE-2026-23230

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues.

The following security issues were fixed:

- CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817).
- CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311).
- CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144).
- CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148).
- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).
- CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490).
- CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572).
- CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721).
- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).
- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732).
- CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174).
- CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635).
- CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686).
- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).
- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).
- CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
- CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581).
- CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556).
- CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572).
- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).
- CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705).
- CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).
- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
- CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726).
- CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745).
- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).
- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
- CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815).
- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).
- CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817).
- CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772).
- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).
- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).
- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).
- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289).
- CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290).
- CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355).
- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349).
- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).
- CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308).
- CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
- CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483).
- CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461).

The following non security issues were fixed:

- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455).
- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868).
- PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672)
- PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672)
- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
- Refresh and move upstreamed ath12k patch into sorted section
- Update 'drm/mgag200: fix mgag200_bmc_stop_scanout()' bug number (bsc#1258153)
- add bugnumber to existing mana change (bsc#1252266).
- arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329)
- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes).
- clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818).
- clocksource: Print durations for sync check unconditionally (bsc#1257818).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818).
- clocksource: Use pr_info() for 'Checking clocksource synchronization' message (bsc#1257818).
- dm: Fix deadlock when reloading a multipath table (bsc#1254928).
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).
- gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).
- modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563).
- sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634).
- sched/deadline: Fix race in push_dl_task() (bsc#1234634).
- sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634).
- sched/fair: Fix pelt clock sync when entering idle (bsc#1234634).
- sched/fair: Fix pelt lost idle time detection (bsc#1234634).
- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).

-----------------------------------------------------------------
Advisory ID: 452
Released:    Thu Mar 26 11:22:05 2026
Summary:     Recommended update for mozilla-nspr
Type:        recommended
Severity:    moderate
References:  1234449,CVE-2024-47606
This update for mozilla-nspr fixes the following issues:

Update to NSPR 4.36.2:

  * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1

Update to NSPR 4.36.1:

  * Incorrect time value produced by PR_ParseTimeString and
    PR_ParseTimeStringToExplodedTime if input string doesn't
    specify seconds.

-----------------------------------------------------------------
Advisory ID: 466
Released:    Mon Mar 30 16:59:16 2026
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1236217,1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:

- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
  (bsc#1259729).

-----------------------------------------------------------------
Advisory ID: 469
Released:    Tue Mar 31 11:11:58 2026
Summary:     Security update for gnome-online-accounts, gvfs
Type:        security
Severity:    important
References:  1241219,1258953,1258954,CVE-2025-3576,CVE-2026-28295,CVE-2026-28296
This update for gnome-online-accounts, gvfs fixes the following issues:

Changes for gvfs:

Update gvfs to 1.59.90:

- CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953).
- CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths
  (bsc#1258954).

Changelog:

Update to version 1.59.90:

 + client: Fix use-after-free when creating async proxy failed
 + udisks2: Emit changed signals from update_all()
 + daemon: Fix race on subscribers list when on thread
 + ftp: Validate fe_size when parsing symlink target
 + ftp: Check localtime() return value before use
 + gphoto2: Use g_try_realloc() instead of g_realloc()
 + cdda: Reject path traversal in mount URI host
 + client: Fail when URI has invalid UTF-8 chars
 + udisks2: Fix memory corruption with duplicate mount paths
 + build: Update GOA dependency to > 3.57.0
 + Some other fixes
 + ftp: Use control connection address for PASV data.
 + ftp: Reject paths containing CR/LF characters

Update to version 1.59.1:

 + mtp: replace Android extension checks with capability checks
 + dav: Add X-OC-Mtime header on push to preserve last modified
 time
 + udisks2: Use hash tables in the volume monitor to improve
 performance
 + onedrive: Check for identity instead of presentation identity
 + build: Disable google option and mark as deprecated

Update to version 1.58.2:

 + ftp: Use control connection address for PASV data
 + ftp: Reject paths containing CR/LF characters

Update to version 1.58.1:

 + cdda: Fix duration of last track for some media
 + build: Fix build when google option is disabled
 + Fix various memory leaks
 + Updated translations.

Update to version 1.58.0:

 + mtp: Allow cancelling ongoing folder enumerations
 + wsdd: Use socket-activated service if available
 + onedrive: Set emblem for remote data
 + fix: Add file rename support in MTP backend move operation
 + mtp: Fix -Wmaybe-uninitialized warning in pad_file
 + fuse: use fuse_(un)set_feature_flag for libfuse 3.17+
 + smbbrowse: Purge server cache for next auth try
 + metatree: Open files with O_CLOEXEC
 + cdda: Fix incorrect track duration for 99-track CDs
 + metadata: Fix journal file permissions inconsistency
 + dav: recognize 308 Permanent Redirect

Changes for gnome-online-accounts:

Update to version 3.58.0:

 + SMTP server without password cannot be configured
 + Remove unneeded SMTP password escaping
 + build: Disable google provider Files feature
 + MS365: Fix mail address and name
 + Google: Set mail name to presentation identity
 + Updated translations.

Update to version 3.57.1:

 + Default Microsoft 365 client is unverified
 + Microsoft 365: Make use of email for id
 + goadaemon: Allow manage system notifications
 + goamsgraphprovider: bump credentials generation
 + goaprovider: Allow to disable, instead of enable, selected
   providers

Changes from version 3.57.0:

 + Support for saving a Kerberos password to the keychain after
 the first login
 + changing expired kerberos password is not supported.
 + Provided Files URI does not override undiscovered endpoint
 + DAV client rejects 204 status in OPTIONS request handler
 + Include emblem-default-symbolic.svg
 + Connecting a Runbox CardDAV/CalDAV account hangs/freezes after
 sign in
 + i81n: fix translatable string
 + goaimapsmptprovider: fix accounts without SMTP or
   authentication-less SMTP
 + build: only install icons for the goabackend build
 + build: don't require goabackend to build documentation
 + ci: test the build without gtk4
 + DAV-client: Added short path for SOGo

Update to version 3.56.4:

 + Bugs fixed:
 - Unclear which part of 'IMAP+SMTP' account test failed
 - Adding nextcloud account which has a subfolder does not work
 - goadaemon: Handle broken account configs

Update to version 3.56.3:

 - Add DAV detection and configuration for SOGo
 - DAV discovery fails when certain SRV lookups fail

Update to version 3.56.1:

 - Support for saving a Kerberos password after the first login
 - Changing expired kerberos password is not supported
 - Provided Files URI does not override undiscovered endpoint
 - DAV client rejects 204 status in OPTIONS request handler

Update to version 3.56.0:

 + Code style and logging cleanups
 + Updated translations

Update to version 3.55.2:

 + goaoauth2provider: improve error handling for auth/token
   endpoints

Update to version 3.55.1:

 - Support Webflow authentication for Nextcloud
 - Rename dconf key in gnome-online-accounts settings
 - 'Account Name' GUI field is a bit ambiguous
 - Failed to generate a new POT file for the user interface of
   'gnome-online-accounts' (domain: 'po') and some missing files
    from POTFILES.in

Update to version 3.55.0:

 - Add progress spinner for OAuth2 dialogs
 - Remove Windows Live! option
 - Improve goa_oauth2_provider_ensure_credentials_sync
 - Authentication failure in goa IMAP accounts
 - Missing files from POTFILES.in
 - WebDAV not detected for mail.ru
 - goaoauth2provider: fix task chaining for subclasses
 - Always lowercase domains when looking up base
 - goadavclient: check Nextcloud fallback last
 - goabackend: add a composite widget for authflow links
 - goadavclient: fix the mailbox.org preconfig

Update to version 3.54.5:

 - Adding GOA account fails with sonic.net IMAP service
 - Cannot add a ProtonMail bridge with IMAP + TLS
 - Nextcloud login does not work anymore due to OPTIONS /login
   request
 - Linked online accounts no longer work
 - Invalid URI when adding Google account
 - goamsgraphprovider: ensure a valid PresentationIdentity
 - goadaemon: complete GTasks to avoid a scary debug warning

-----------------------------------------------------------------
Advisory ID: 472
Released:    Wed Apr  1 16:56:43 2026
Summary:     Recommended update for selinux-policy
Type:        recommended
Severity:    important
References:  1230267,1237375,1246912,1250343,1255024,1255725,1259438,1259704
This update for selinux-policy fixes the following issues:

Changes in selinux-policy:

Update to version 20250627+git355.5249ba7d5:

  * Revert 'Define file equivalency for /var/opt' (bsc#1259704)
  * Make stalld stalld_var_run_t labeling rules more generic (bsc#1259438)

Update to version 20250627+git351.529352149:

  * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725)
  * privoxy: account for openSUSE chroot configuration (bsc#1237375)

Update to version 20250627+git347.b8926451e:

  * Add support for 'mariadb at .service' (bsc#1255024).

-----------------------------------------------------------------
Advisory ID: 477
Released:    Thu Apr  2 17:36:23 2026
Summary:     Recommended update for rust1.94
Type:        recommended
Severity:    moderate
References:  1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for rust1.94 fixes the following issues:

This update adds rust1.94.

Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0 
-----------------------------------------------------------------
Advisory ID: 480
Released:    Tue Apr  7 13:57:38 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1084929,1260754,1260755,CVE-2026-33416,CVE-2026-33636
This update for libpng16 fixes the following issues:

- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
  execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
  crashes (bsc#1260755).

-----------------------------------------------------------------
Advisory ID: 484
Released:    Tue Apr  7 16:33:05 2026
Summary:     Security update for libtasn1
Type:        security
Severity:    moderate
References:  1242170,1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:

- CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in
  `asn1_expend_octet_string` (bsc#1256341).

-----------------------------------------------------------------
Advisory ID: 486
Released:    Tue Apr  7 16:58:07 2026
Summary:     Security update for tar
Type:        security
Severity:    important
References:  1228879,1246399,1246607,1249832,CVE-2025-45582
This update for tar fixes the following issue:

Security issue:

- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).

Non security issue:

- Fixes tar creating invalid tarballs when used with --delete (bsc#1246607)

-----------------------------------------------------------------
Advisory ID: 485
Released:    Tue Apr  7 17:17:05 2026
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1159103,1211721,1219038,1221763,1227117,1255326,1258344,1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:

Update to systemd v257.13:

Security issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697).

Non security issues:

- Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853).
- Sign systemd-boot EFI binary on aarch64 (bsc#1258344)
- terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326)

Changelog:

- 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
- 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111)
- fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326)

For a complete list of changes, visit:
 https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28

-----------------------------------------------------------------
Advisory ID: 491
Released:    Thu Apr  9 10:48:26 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1246974,1249375,1252036,1252689,1253404,1256780,1257238,1258051,1258183,1258784,CVE-2025-39973,CVE-2025-40018,CVE-2025-40159,CVE-2025-71120,CVE-2025-8114,CVE-2025-8277,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

-----------------------------------------------------------------
Advisory ID: 496
Released:    Thu Apr  9 13:07:42 2026
Summary:     Recommended update for umoci
Type:        recommended
Severity:    moderate
References:  1249450,1250232,1252025,CVE-2025-9230
This update for umoci fixes the following issues:

Update to umoci v0.6.0. Upstream changelog is available from
  <https://github.com/opencontainers/umoci/releases/tag/v0.6.0> bsc#1252025

  * umoci now has automatic SOURCE_DATE_EPOCH support, improving the
    reproducibility of generated images.
  * 'umoci stat' now provides more information about theimage.
  * 'umoci config' now supports --platform.variant (architecture variants)
	which resolves issues with images on ARM (on ARM systems, 'umoci new' will
	auto-fill the host CPU variant).

Update to umoci v0.5.1. Upstream changelog is available from

  <https://github.com/opencontainers/umoci/releases/tag/v0.5.1> bsc#1249450

  * For images with an empty index.json, umoci will no longer incorrectly set
    the manifests entry to null.
  * umoci will now produce an error for images with negative-sized descriptors,
    based on recent discussions in the upstream image-spec.
  * Use go:embed to fill umoci --version information from VERSION.
  * Stop using oci-image-tools for integration tests, instead use some smoke
    tests and the docker-library-maintained meta-scripts.

-----------------------------------------------------------------
Advisory ID: 500
Released:    Thu Apr  9 13:14:21 2026
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  1249584,CVE-2025-59375
This update for patterns-base fixes the following issues:

Changes in patterns-base:

- Drop biosdevname, this is being replaced by systemd predictable
  network interface naming (jsc#PED-262).

-----------------------------------------------------------------
Advisory ID: 502
Released:    Thu Apr  9 13:18:30 2026
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1216378,1250983,1258392,CVE-2023-45853,CVE-2025-11230,CVE-2026-27171
This update for zlib fixes the following issues:


- CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392)
- CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378)

-----------------------------------------------------------------
Advisory ID: 504
Released:    Thu Apr  9 14:27:13 2026
Summary:     Security update for pgvector
Type:        security
Severity:    important
References:  1248586,1252217,1258945,CVE-2026-3172
This update for pgvector fixes the following issue:

Update to pgvector 0.8.2:

- CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945).

Changelog:

 * Fixed Index Searches in EXPLAIN output for Postgres 18

-----------------------------------------------------------------
Advisory ID: 509
Released:    Thu Apr  9 14:29:14 2026
Summary:     Recommended update for quota
Type:        recommended
Severity:    moderate
References:  1246934,1254310
This update for quota fixes the following issues:

- Remove `PrivateDevices` systemd hardening from quotad.service because it
  needs access to block devices in /dev (bsc#1254310).

-----------------------------------------------------------------
Advisory ID: 510
Released:    Thu Apr  9 15:00:19 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1222465,1250562,1254666,1258859,CVE-2025-11021,CVE-2025-14104,CVE-2026-3184
This update for util-linux fixes the following issues:

Security issues:

- CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).

Non security issues:

- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing  (bsc#1222465).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

-----------------------------------------------------------------
Advisory ID: 516
Released:    Fri Apr 10 08:36:43 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1252025,1258319,1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

Security fixes:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

Other fixes:

- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).

-----------------------------------------------------------------
Advisory ID: 518
Released:    Fri Apr 10 13:48:27 2026
Summary:     Security update for cockpit-podman
Type:        security
Severity:    important
References:  1081723,1224113,1257836,1258641,CVE-2026-25547,CVE-2026-26996
This update for cockpit-podman fixes the following issues:

- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
  may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
  that doesn't appear in the test string (bsc#1258641).

-----------------------------------------------------------------
Advisory ID: 524
Released:    Fri Apr 10 14:55:29 2026
Summary:     Recommended update for read-only-root-fs
Type:        recommended
Severity:    moderate
References:  1231055,1252425,1252892
This update for read-only-root-fs fixes the following issues:

- Add patch to fix workaround for read-only / subvolumes (bsc#1252892)

-----------------------------------------------------------------
Advisory ID: 525
Released:    Fri Apr 10 15:02:04 2026
Summary:     Recommended update for kernel-firmware-bluetooth
Type:        recommended
Severity:    moderate
References:  1253029
This update for kernel-firmware-bluetooth fixes the following issues:

Changes in kernel-firmware-bluetooth:

- Update to version 20251202 (git commit 685171356137):

  * linux-firmware: Update firmware file for Intel Scorpius core
  * linux-firmware: Update firmware file for Intel BlazarIGfP core
  * linux-firmware: Update firmware file for Intel BlazarI core
  * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core
  * linux-firmware: Update firmware file for Intel BlazarU core

- Update to version 20251125 (git commit 23568a4b9420):

  * QCA: Add Bluetooth firmware for WCN685x uart interface

- Update to version 20251121 (git commit ff6418d18552):

  * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04

- Update to version 20251111 (git commit 6fc940781a01):

  * rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905

- Update to version 20251106 (git commit b055b3e24542):

  * linux-firmware: Update firmware file for Intel BlazarU core
  * linux-firmware: Update firmware file for Intel BlazarI core

- Update to version 20251029 (git commit bfc84303530a):

  * rtl_bt: Add firmware and config files for RTL8761CUV

- Update to version 20251024 (git commit 9b899c779b8a):

  * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00653 to 2.1.0-00659

- Update to version 20251010 (git commit fef0b3bbf494):

  * linux-firmware: Update firmware file for Intel Magnetar core
  * linux-firmware: Update firmware file for Intel BlazarU core
  * linux-firmware: Update firmware file for Intel BlazarI core

- Update to version 20251010 (git commit 49fafa182b23):

  * qca: Update Bluetooth WCN6750 1.1.3-00091 firmware to 1.1.3-00100

- Update to version 20251004 (git commit 757854f42d83):

  * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x3BAC_ADBA

- Update to version 20250903 (git commit c784990ba3d2):

  * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962

- Update to version 20250820 (git commit 70dda28e5098):

  * Link rtl8723b_config.bin to rtl8723bs

- Update to version 20250808 (git commit 8f1ce114de6c):

  * qca: Update Bluetooth WCN6750 1.1.3-00069 firmware to 1.1.3-00091

-----------------------------------------------------------------
Advisory ID: 528
Released:    Fri Apr 10 20:29:30 2026
Summary:     Security update for pcre2
Type:        security
Severity:    moderate
References:  1248842,1253741,CVE-2025-58050
This update for pcre2 fixes the following issue:

- CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS
  (bsc#1248842).

-----------------------------------------------------------------
Advisory ID: 529
Released:    Fri Apr 10 20:56:55 2026
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1248586,1252217,1253757,1254670,1259619,CVE-2025-11563,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:

Update sqlite3 to version 3.51.3:

Security issues:

- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).

Non security issue:

- sqlite3 won't build when using --with icu (bsc#1248586).

Changelog:

Update to version 3.51.3:
 * Fix the WAL-reset database corruption bug:
   https://sqlite.org/wal.html#walresetbug
 * Other minor bug fixes.

Update to version 3.51.2:

 * Fix an obscure deadlock in the new broken-posix-lock detection
   logic.
 * Fix multiple problems in the EXISTS-to-JOIN optimization.

Update to version 3.51.1:
 * Fix incorrect results from nested EXISTS queries caused by the
   optimization in item 6b in the 3.51.0 release.
 * Fix a latent bug in fts5vocab virtual table, exposed by new
   optimizations in the 3.51.0 release

Update to version 3.51.0:
 * New macros in sqlite3.h:
 - SQLITE_SCM_BRANCH -> the name of the branch from which the
 source code is taken.
 - SQLITE_SCM_TAGS -> space-separated list of tags on the source
 code check-in.
 - SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source
 * Two new JSON functions, jsonb_each() and jsonb_tree() work the
 same as the existing json_each() and json_tree() functions
 except that they return JSONB for the 'value' column when the
 'type' is 'array' or 'object'.
 * The carray and percentile extensions are now built into the
 amalgamation, though they are disabled by default and must be
 activated at compile-time using the -DSQLITE_ENABLE_CARRAY
 and/or -DSQLITE_ENABLE_PERCENTILE options, respectively.
 * Enhancements to TCL Interface:
 - Add the -asdict flag to the eval command to have it set the
 row data as a dict instead of an array.
 - User-defined functions may now break to return an SQL NULL.
 * CLI enhancements:
 - Increase the precision of '.timer' to microseconds.
 - Enhance the 'box' and 'column' formatting modes to deal with
 double-wide characters.
 - The '.imposter' command provides read-only imposter tables
 that work with VACUUM and do not require the --unsafe-testing
 option.
 - Add the --ifexists option to the CLI command-line option and
 to the .open command.
 - Limit columns widths set by the '.width' command to 30,000 or
 less, as there is not good reason to have wider columns, but
 supporting wider columns provides opportunity to malefactors.
 * Performance enhancements:
 - Use fewer CPU cycles to commit a read transaction.
 - Early detection of joins that return no rows due to one or
 more of the tables containing no rows.
 - Avoid evaluation of scalar subqueries if the result of the
 subquery does not change the result of the overall expression.
 - Faster window function queries when using
 'BETWEEN :x FOLLOWING AND :y FOLLOWING' with a large :y.
 * Add the PRAGMA wal_checkpoint=NOOP; command and the
 SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2().
 * Add the sqlite3_set_errmsg() API for use by extensions.
 * Add the sqlite3_db_status64() API, which works just like the
 existing sqlite3_db_status() API except that it returns 64-bit
 results.
 * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the
 sqlite3_db_status() and sqlite3_db_status64() interfaces.
 * In the session extension add the sqlite3changeset_apply_v3()
 interface.
 * For the built-in printf() and the format() SQL function, omit
 the leading '-' from negative floating point numbers if the '+'
 flag is omitted and the '#' flag is present and all displayed
 digits are '0'. Use '%#f' or similar to avoid outputs like
 '-0.00' and instead show just '0.00'.
 * Improved error messages generated by FTS5.
 * Enforce STRICT typing on computed columns.
 * Improved support for VxWorks
 * JavaScript/WASM now supports 64-bit WASM. The canonical builds
 continue to be 32-bit but creating one's own 64-bit build is
 now as simple as running 'make'.
 * Improved resistance to database corruption caused by an
 application breaking Posix advisory locks using close().

-----------------------------------------------------------------
Advisory ID: 531
Released:    Sat Apr 11 10:22:09 2026
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1253177,1253178,1258002,CVE-2025-59777,CVE-2025-62689
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.84 state (bsc#1258002):
    * Removed:
        + Baltimore CyberTrust Root
        + CommScope Public Trust ECC Root-01
        + CommScope Public Trust ECC Root-02
        + CommScope Public Trust RSA Root-01
        + CommScope Public Trust RSA Root-02
        + DigiNotar Root CA
    * Added:
        + e-Szigno TLS Root CA 2023
        + OISTE Client Root ECC G1
        + OISTE Client Root RSA G1
        + OISTE Server Root ECC G1
        + OISTE Server Root RSA G1
        + SwissSign RSA SMIME Root CA 2022 - 1
        + SwissSign RSA TLS Root CA 2022 - 1
        + TrustAsia SMIME ECC Root CA
        + TrustAsia SMIME RSA Root CA
        + TrustAsia TLS ECC Root CA
        + TrustAsia TLS RSA Root CA

-----------------------------------------------------------------
Advisory ID: 532
Released:    Mon Apr 13 04:14:56 2026
Summary:     Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1249055,1258051,1258183,1258784,CVE-2025-7039,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues

The following security issues were fixed:

- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

-----------------------------------------------------------------
Advisory ID: 537
Released:    Mon Apr 13 10:18:45 2026
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    important
References:  1224386,1244449,1245551,1248356,1248501,1254563,1258423
This update for systemd-presets-branding-SLE fixes the following issues:

Changes in systemd-presets-branding-SLE:

- Disable firewalld during migration if it was disabled before (bsc#1258423).

-----------------------------------------------------------------
Advisory ID: 536
Released:    Mon Apr 13 11:24:35 2026
Summary:     Recommended update for libzypp, zypper, libsolv
Type:        recommended
Severity:    important
References:  1158038,1247948,1252744,1253740,1254157,1254158,1254159,1254160,1254480,1257882,1258193,1259311,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libzypp, zypper, libsolv fixes the following issues:

Changes in libzypp:

- Update to version 17.38.5:
    * Fix preloader not caching packages from arch specific subrepos (bsc#1253740)
    * Deprioritize invalid mirrors
- Update to version 17.38.4:
    * Fix Product::referencePackage lookup (bsc#1259311)
      Use a provided autoproduct() as hint to the package name of the release package.
      It might be that not just multiple versions of the same release package provide
      the same product version, but also different release packages.
- Update to version 17.38.3:
    * specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined
      This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake.
    * Fall back to a writable location when precaching packages without root (bsc#1247948)

Changes in zypper:

- Update to version 1.14.95:
    * Report download progress for command line rpms
    * Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882)
    * Service: Allow 'zypper ls SERVICE ...' to test whether a service with this alias is defined (bsc#1252744)
      The command prints an abstract of all services passed on the command line.
      It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service.
    * Keep repo data when updating the service settings (bsc#1252744)
    * info: Enhance pattern content table (bsc#1158038)
      Alternatives are now listed as a single entry in the content table.
      The entry shows either the installed package which satisfies the requirement or
      the requirement itself as type 'Provides'.

Changes in libsolv:

- bump version to 0.7.36:
    * respect the 'default' attribute in environment optionlist in the comps parser
    * support suse namespace deps in boolean dependencies (bsc#1258193)
    * support for the Elbrus2000 (e2k) architecture
    * support language() suse namespace rewriting

-----------------------------------------------------------------
Advisory ID: 539
Released:    Mon Apr 13 11:41:21 2026
Summary:     Security update for python313
Type:        security
Severity:    important
References:  1255027,1257181,1259240,1259611,1259734,1259735,1259989,1260026,CVE-2025-13462,CVE-2026-1299,CVE-2026-2297,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519
This update for python313 fixes the following issues:

Update to version 3.13.13.

- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
  misinterpretation of tar archives (bsc#1259611).
- CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
  (bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
  command line option injection (bsc#1260026).

-----------------------------------------------------------------
Advisory ID: 541
Released:    Mon Apr 13 14:29:51 2026
Summary:     Security update for nodejs24
Type:        security
Severity:    important
References:  1205588,1247432,1254336,1254679,1256572,1256576,1260455,1260460,1260462,1260463,1260480,1260482,1260494,CVE-2024-2312,CVE-2025-59464,CVE-2026-21637,CVE-2026-21710,CVE-2026-21712,CVE-2026-21713,CVE-2026-21714,CVE-2026-21715,CVE-2026-21716,CVE-2026-21717
This update for nodejs24 fixes the following issues:

Update to version 24.14.1.

Security issues fixed:

- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
  performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
  permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
  filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
  on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
  potential MAC forgery (bsc#1260463).
- CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a
  malformed IDN (bsc#1260460).
- CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a
  header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455).
- CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or
  `ALPNCallback` are in use (bsc#1256576).
- CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client
  certificates (bsc#1256572).

Other updates and bugfixes:

- Version 24.14.0:
  * async_hooks: add trackPromises option to createHook()
  * build,deps: replace cjs-module-lexer with merve
  * deps: add LIEF as a dependency
  * events: repurpose events.listenerCount() to accept EventTargets
  * fs: add ignore option to fs.watch
  * http: add http.setGlobalProxyFromEnv()
  * module: allow subpath imports that start with #/
  * process: preserve AsyncLocalStorage in queueMicrotask only when needed
  * sea: split sea binary manipulation code
  * sqlite: enable defensive mode by default
  * sqlite: add sqlite prepare options args
  * src: add initial support for ESM in embedder API
  * stream: add bytes() method to node:stream/consumers
  * stream: do not pass readable.compose() output via Readable.from()
  * test: use fixture directories for sea tests
  * test_runner: add env option to run function
  * test_runner: support expecting a test-case to fail
  * util: add convertProcessSignalToExitCode utility
  * For details, see https://nodejs.org/en/blog/release/v24.14.0


-----------------------------------------------------------------
Advisory ID: 544
Released:    Mon Apr 13 15:10:32 2026
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    moderate
References:  1218879,1218880,1252696,1253025,CVE-2023-45229,CVE-2023-45230
This update for crypto-policies fixes the following issues:

- Fix the testsuite:
    * Port all the policy changes to the config files in the test suite.
    * Use the newly introduced SKIP_LINTING=1 option.
- Adapt the manpages to SUSE/openSUSE:
    * Add crypto policies SUSE manpages
    * Compress all the man pages for update-crypto-policies.8.gz,
      crypto-policies.7.gz, fips-finish-install.8.gz and
      fips-mode-setup.8.gz into man-crypto-policies.tar.xz
- Update to version 20250714.cd6043a: (bsc#1253025, bsc#1252696)
    * gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert
    * python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
    * FIPS: disable MLKEM768-X25519 for openssh (no-op)
    * FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
    * TEST-PQ: be more careful with the ordering
    * openssl: send one PQ and one classic key_share; prioritize PQ groups
    * sequoia: Generate AEAD policy
    * Do not include EdDSA in FIPS policy
    * sequoia: Add PQC algorithm
    * sequoia: Run tests against PQC capable policy-config-check
    * Revert 'openssl, policies: implement group_key_share option'
    * openssl, policies: implement group_key_share option
    * FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA
    * python/build-crypto-policies: output diffs on --test mismatches
    * sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
    * policies, alg_lists, openssl: remove KYBER from allowed values
    * openssl: stricter enabling of Ciphersuites
    * openssl: make use of -CBC and -AESGCM keywords
    * openssl: add TLS 1.3 Brainpool identifiers
    * fix warning on using experimental key_exchanges
    * update-crypto-policies: don't output FIPS warning in fips mode
    * openssh: map mlkem768x25519-sha256 to KEM-ECDH and MLKEM768-X25519 and SHA2-256
    * openssh, libssh: refactor kx maps to use tuples
    * alg_lists: mark MLKEM768/SNTRUP kex experimental
    * nss: revert enabling mlkem768secp256r1
    * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
    * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
    * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
    * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
    * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
    * LEGACY: enable 192-bit ciphers for nss pkcs12/smime
    * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
    * nss: be stricter with new purposes
    * python/update-crypto-policies: pacify pylint
    * fips-mode-setup: tolerate fips dracut module presence w/o FIPS
    * fips-mode-setup: small Argon2 detection fix
    * SHA1: add __openssl_block_sha1_signatures = 0
    * fips-mode-setup: block if LUKS devices using Argon2 are detected
    * update-crypto-policies: skip warning on --set=FIPS if bootc
    * fips-setup-helper: skip warning, BTW
    * fips-mode-setup: force --no-bootcfg when UKI is detected
    * fips-crypto-policy-overlay: automount FIPS policy
    * nss: rewrite backend for 3.101
    * cryptopolicies: parent scopes for dumping purposes
    * policygenerators: move scoping inside generators
    * openssh: make dss no longer enableble, support is dropped
    * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768
    * TEST-PQ: disable pure Kyber768
    * DEFAULT: switch to rh-allow-sha1-signatures = no...
    * java: drop unused javasystem backend
    * java: stop specifying jdk.tls.namedGroups in javasystem
    * ec_min_size: introduce and use in java, default to 256
    * java: use and include jdk.disabled.namedCurves
    * BSI: Update BSI policy for new 2024 minimum recommendations
    * fips-mode-setup: flashy ticking warning upon use
    * fips-mode-setup: add another scary 'unsupported'
    * BSI: switch to 3072 minimum RSA key size
    * java: make hash, mac and sign more orthogonal
    * java: specify jdk.tls.namedGroups system property
    * java: respect more key size restrictions
    * java: disable anon ciphersuites, tying them to NULL...
    * java: start controlling / disable DTLSv1.0
    * nss: wire KYBER768 to XYBER768D00
- Update to version 20250425.9267dee:
    * openssl: fix mistakes in integrity-only cipher definitions
    * NO-PQ, cryptopolicies: add experimental value suppression
    * nss: add mlkem768x25519 and mlkem768secp256r1
    * gnutls: 'allow-rsa-pkcs1-encrypt = false' everywhere but in LEGACY
    * TEST-PQ, openssh: add support for MLKEM768 key_exchange
    * LEGACY: drop cipher at pkcs12 = SEED-CBC
    * fips-crypto-policy-overlay: automount FIPS policy, follow-up fixes
    * nss: TLS-REQUIRE-EMS in FIPS
    * DEFAULT: disable RSA key exchange
    * LEGACY: disable sign = *-SHA1
    * nss: wire XYBER768D00 to X25519-KYBER768, not KYBER768
- Add the FIPS scripts fips-finish-install and fips-mode-setup as
  sources in the spec file as they have been removed upstream.
    * We will maintain these scripts downstream.
    * Update the man pages for update-crypto-policies.8.gz
    * Add crypto policies FIPS output
    * Add man pages in text file in compressed form in the file
      man-fips-scripts.tar.xz and add them to the Makefile.
- Update to version 20250324.3714354:
    * NO-PQ: introduce
    * LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA
    * _openssl_block_sha1_signatures: flip the default to 1
    * sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
    * sequoia: refactor a bit
    * openssl: specify default key size for req
    * gnutls: support P384-MLKEM1024
    * openssl: stop generating `openssl` in favour of `opensslcnf`
    * gnutls: drop kyber (switching to leancrypto took it away)
    * openssl: use both names for P384-MLKEM1024
    * Detect the presence of nss-policy-check
    * Don't use hardcoded python3 path
    * Make xsltproc settable as XSLTPROC
    * python/cryptopolicies/validation/scope.py: fix new ruff rule RUF021
    * Update the info in the README.SUSE file
    * Remove the FEDORA policies and directories

-----------------------------------------------------------------
Advisory ID: 546
Released:    Mon Apr 13 17:02:47 2026
Summary:     Recommended update for libnvidia-egl-wayland, libnvidia-egl-x11
Type:        recommended
Severity:    moderate
References:  1247907,1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for libnvidia-egl-wayland, libnvidia-egl-x11 fixes the following issues:

Changes in libnvidia-egl-wayland:

- update to version 1.1.22:
    * egl-wayland: remove extraneous call to wl_display_rou
- update to version 1.1.21:
    * fix loading libdrm when wl_drm is not available
    * add FP16 DRM format - requires some fixes to the core driver to fully work however
- fixed build against sle15-sp6/Leap 15.6
- update to version 1.1.20 (needed by 580.76.05 driver, bsc#1247907):
    * Add support for tegradisp-drm

Changes in libnvidia-egl-x11:

- bump version number to 1.0.5:
    * fix building on FreeBSD
    * rename a patch
- update to v1.0.4 tarball/version 1.0.5:
    * fix attribute handling for eglCreateWindowPixmapSur
    * handle eglQuerySurface EGL_RENDER_BUFFER
    * enable implicit sync if we re-talking to the NVIDIA
- updated to v1.0.2 tarball/version 1.0.3 (needed by 580.76.05 driver, bsc#1247907):
    * increment the version number to 1.0.3
    * egl-x11: add support for tegradisp drm

-----------------------------------------------------------------
Advisory ID: 547
Released:    Mon Apr 13 17:48:00 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1217877,1259652,1260441,1260442,1260443,1260444,1260445,1261678,CVE-2023-45866,CVE-2026-2673,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:

Security issues fixed:

- CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652).
- CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442).
- CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
  KeyTransportRecipientInfo (bsc#1261678).
- CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).

Other updates and bugfixes:

- Enable MD2 in legacy provider (jsc#PED-15724).

-----------------------------------------------------------------
Advisory ID: 550
Released:    Tue Apr 14 11:19:38 2026
Summary:     Recommended update for baseiso-containment
Type:        recommended
Severity:    moderate
References:  1248800,1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for baseiso-containment fixes the following issues:

Changes in baseiso-containment:

- 0.2.7
  * tftpboot: package s390x specific files
  * maintain the directory structure rather than putting everything inside
    the loader/ directory. Files are also symlinked into loader/ to
    keep old configurations working
  * add skelcd package that can be extracted in ftp-trees (bsc#1248800)

-----------------------------------------------------------------
Advisory ID: 551
Released:    Tue Apr 14 13:18:14 2026
Summary:     Security update for Botan
Type:        security
Severity:    critical
References:  1254441,1261880,CVE-2025-10158,CVE-2026-34582
This update for Botan fixes the following issues:

- CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation (bsc#1261880)

-----------------------------------------------------------------
Advisory ID: 553
Released:    Tue Apr 14 13:46:47 2026
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1255765,CVE-2025-11961
This update for elfutils fixes the following issues:

- Move debuginfod homedir creation to tmpfiles.d

-----------------------------------------------------------------
Advisory ID: 554
Released:    Tue Apr 14 14:02:42 2026
Summary:     Recommended update for gpg2
Type:        recommended
Severity:    moderate
References:  1216002,1219465,1236353,1251214,1255435,CVE-2023-3966,CVE-2023-5366,CVE-2024-2182,CVE-2025-0650
This update for gpg2 fixes the following issues:

Changes in gpg2:

- Fix Y2K38 FTBFS:
  * gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214)
  * Upstream issue: dev.gnupg.org/T8096

-----------------------------------------------------------------
Advisory ID: 556
Released:    Tue Apr 14 16:33:17 2026
Summary:     Security update for pam
Type:        security
Severity:    moderate
References:  1231494,1232234,1255372,CVE-2024-10041
This update for pam fixes the following issue:

- CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234).

-----------------------------------------------------------------
Advisory ID: 558
Released:    Tue Apr 14 17:02:17 2026
Summary:     Security update for plexus-utils
Type:        security
Severity:    important
References:  1256341,1260588,CVE-2025-13151,CVE-2025-67030
This update for plexus-utils fixes the following issue:

- CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588).

-----------------------------------------------------------------
Advisory ID: 560
Released:    Tue Apr 14 17:36:24 2026
Summary:     Security update for go1.26-openssl
Type:        security
Severity:    important
References:  1255111,1255715,1256243,1256244,1256246,1256390,1259264,1259265,1259266,1259267,1259268,CVE-2025-68973,CVE-2026-25679,CVE-2026-27137,CVE-2026-27138,CVE-2026-27139,CVE-2026-27142
This update for go1.26-openssl fixes the following issues:

Update to go 1.26.1 (bsc#1255111, jsc#SLE-18320):

- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).
- CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266).
- CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267).
- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).
- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).

Changelog:

 * Fix fips140only test in boring mode
 * Fix fips140 only test
 * Add GODEBUG=fips140=auto mode (#341)
 * go#77252 cmd/compile: miscompile of global array initialization
 * go#77407 os: Go 1.25.x regression on RemoveAll for windows
 * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in 
   pkg-config
 * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing 
   'buf.Bytes()' call
 * go#77532 net/smtp: expiry date of localhostCert for testing is too short
 * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA
 * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26
 * go#77623 cmd/compile: internal compiler error on : 'tried to free an already free register' with generic function 
   and type >= 192 bytes
 * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two 
   strings.Builders
 * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos
 * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range 
   expression, breaking other platforms
 * go#77780 reflect: breaking change for reflect.Value.Interface behaviour
 * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt
 * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into
   reflect.TypeFor[untyped nil]()
 * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements
 * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error
 * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple 
   times
 * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior
 * go#77860 cmd/go: change go mod init default go directive back to 1.N
 * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting
 * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration
  
- go1.26.0 (released 2026-02-10) is a major release of Go.
 go1.26.x minor releases will be provided through February 2027.
 https://github.com/golang/go/wiki/Go-Release-Cycle
 go1.26 arrives six months after Go 1.25. Most of its changes are
 in the implementation of the toolchain, runtime, and
 libraries. As always, the release maintains the Go 1 promise of
 compatibility. We expect almost all Go programs to continue to
 compile and run as before.
 * Language change: The built-in new function, which creates a new
 variable, now allows its operand to be an expression,
 specifying the initial value of the variable.
 * Language change: The restriction that a generic type may not
 refer to itself in its type parameter list has been lifted. It
 is now possible to specify type constraints that refer to the
 generic type being constrained.
 * go command: The venerable go fix command has been completely
 revamped and is now the home of Go's modernizers. It provides a
 dependable, push-button way to update Go code bases to the
 latest idioms and core library APIs. The initial suite of
 modernizers includes dozens of fixers to make use of modern
 features of the Go language and library, as well a source-level
 inliner that allows users to automate their own API migrations
 using //go:fix inline directives. These fixers should not
 change the behavior of your program, so if you encounter any
 issues with a fix performed by go fix, please report it.
 * go command: The rewritten go fix command builds atop the exact
 same Go analysis framework as go vet. This means the same
 analyzers that provide diagnostics in go vet can be used to
 suggest and apply fixes in go fix. The go fix command's
 historical fixers, all of which were obsolete, have been
 removed.
 * go command: Two upcoming Go blog posts will go into more detail
 on modernizers, the inliner, and how to get the most out of go
 fix.
 * go command: go mod init now defaults to a lower go version in
 new go.mod files. Running go mod init using a toolchain of
 version 1.N.X will create a go.mod file specifying the Go
 version go 1.(N-1).0. Pre-release versions of 1.N will create
 go.mod files specifying go 1.(N-2).0. For example, the Go 1.26
 release candidates will create go.mod files with go 1.24.0, and
 Go 1.26 and its minor releases will create go.mod files with go
 1.25.0. This is intended to encourage the creation of modules
 that are compatible with currently supported versions of
 Go. For additional control over the go version in new modules,
 go mod init can be followed up with go get go at version.
 * go command: cmd/doc, and go tool doc have been deleted. go doc
 can be used as a replacement for go tool doc: it takes the same
 flags and arguments and has the same behavior.
 * pprof: The pprof tool web UI, enabled with the -http flag, now
 defaults to the flame graph view. The previous graph view is
 available in the 'View -> Graph' menu, or via /ui/graph.
 * Runtime: The new Green Tea garbage collector, previously
 available as an experiment in Go 1.25, is now enabled by
 default after incorporating feedback. This garbage collector's
 design improves the performance of marking and scanning small
 objects through better locality and CPU scalability. Benchmark
 results vary, but we expect somewhere between a 10--40%
 reduction in garbage collection overhead in real-world programs
 that heavily use the garbage collector. Further improvements,
 on the order of 10% in garbage collection overhead, are
 expected when running on newer amd64-based CPU platforms (Intel
 Ice Lake or AMD Zen 4 and newer), as the garbage collector now
 leverages vector instructions for scanning small objects when
 possible. The new garbage collector may be disabled by setting
 GOEXPERIMENT=nogreenteagc at build time. This opt-out setting
 is expected to be removed in Go 1.27. If you disable the new
 garbage collector for any reason related to its performance or
 behavior, please file an issue.
 * Runtime: cgo: The baseline runtime overhead of cgo calls has
 been reduced by ~30%.
 * Runtime: Heap base address randomization: On 64-bit platforms,
 the runtime now randomizes the heap base address at
 startup. This is a security enhancement that makes it harder
 for attackers to predict memory addresses and exploit
 vulnerabilities when using cgo. This feature may be disabled by
 setting GOEXPERIMENT=norandomizedheapbase64 at build time. This
 opt-out setting is expected to be removed in a future Go
 release.
 * Runtime: Experimental goroutine leak profile: A new profile
 type that reports leaked goroutines is now available as an
 experiment. The new profile type, named goroutineleak in the
 runtime/pprof package, may be enabled by setting
 GOEXPERIMENT=goroutineleakprofile at build time. Enabling the
 experiment also makes the profile available as a net/http/pprof
 endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a
 goroutine blocked on some concurrency primitive (channels,
 sync.Mutex, sync.Cond, etc) that cannot possibly become
 unblocked. The runtime detects leaked goroutines using the
 garbage collector: if a goroutine G is blocked on concurrency
 primitive P, and P is unreachable from any runnable goroutine
 or any goroutine that those could unblock, then P cannot be
 unblocked, so goroutine G can never wake up. While it is
 impossible to detect permanently blocked goroutines in all
 cases, this approach detects a large class of such
 leaks. Because this technique builds on reachability, the
 runtime may fail to identify leaks caused by blocking on
 concurrency primitives reachable through global variables or
 the local variables of runnable goroutines. Special thanks to
 Vlad Saioc at Uber for contributing this work. The underlying
 theory is presented in detail in a publication by Saioc et
 al. The implementation is production-ready, and is only
 considered an experiment for the purposes of collecting
 feedback on the API, specifically the choice to make it a new
 profile. The feature is also designed to not incur any
 additional run-time overhead unless it is actively in-use. We
 encourage users to try out the new feature in the Go
 playground, in tests, in continuous integration, and in
 production. We welcome additional feedback on the proposal
 issue. We aim to enable goroutine leak profiles by default in
 Go 1.27.
 * Compiler: The compiler can now allocate the backing store for
 slices on the stack in more situations, which improves
 performance. If this change is causing trouble, the bisect tool
 can be used to find the allocation causing trouble using the
 -compile=variablemake flag. All such new stack allocations can
 also be turned off using -gcflags=all=-d=variablemakehash=n. If
 you encounter issues with this optimization, please file an
 issue.
 * Linker: On 64-bit ARM-based Windows (the windows/arm64 port),
 the linker now supports internal linking mode of cgo programs,
 which can be requested with the -ldflags=-linkmode=internal
 flag.
 * Linker: There are several minor changes to executable
 files. These changes do not affect running Go programs. They
 may affect programs that analyze Go executables, and they may
 affect people who use external linking mode with custom linker
 scripts.
 * Linker: The moduledata structure is now in its own section,
 named .go.module.
 * Linker: The moduledata cutab field, which is a slice, now has
 the correct length; previously the length was four times too
 large.
 * Linker: The pcHeader found at the start of the .gopclntab
 section no longer records the start of the text section. That
 field is now always zero.
 * Linker: That pcHeader change was made so that the .gopclntab
 section no longer contains any relocations. On platforms that
 support relro, the section has moved from the relro segment to
 the rodata segment.
 * Linker: The funcdata symbols and the findfunctab have moved
 from the .rodata section to the .gopclntab section.
 * Linker: The .gosymtab section has been removed. It was
 previously always present but empty.
 * Linker: When using internal linking, ELF sections now appear in
 the section header list sorted by address. The previous order
 was somewhat unpredictable.
 * Linker: The references to section names here use the ELF names
 as seen on Linux and other systems. The Mach-O names as seen on
 Darwin start with a double underscore and do not contain any
 dots.
 * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26
 now requires Go 1.24.6 or later for bootstrap. We expect that
 Go 1.28 will require a minor release of Go 1.26 or later for
 bootstrap.
 * Standard Library: New crypto/hpke package: The new crypto/hpke
 package implements Hybrid Public Key Encryption (HPKE) as
 specified in RFC 9180, including support for post-quantum
 hybrid KEMs.
 * Standard Library: New experimental simd/archsimd package: Go
 1.26 introduces a new experimental simd/archsimd package, which
 can be enabled by setting the environment variable
 GOEXPERIMENT=simd at build time. This package provides access
 to architecture-specific SIMD operations. It is currently
 available on the amd64 architecture and supports 128-bit,
 256-bit, and 512-bit vector types, such as Int8x16 and
 Float64x8, with operations such as Int8x16.Add. The API is not
 yet considered stable. We intend to provide support for other
 architectures in future versions, but the API intentionally
 architecture-specific and thus non-portable. In addition, we
 plan to develop a high-level portable SIMD package in the
 future.
 * Standard Library: New experimental runtime/secret package: The
 new runtime/secret package is available as an experiment, which
 GOEXPERIMENT=runtimesecret at build time. It provides a
 facility for securely erasing temporaries used in code that
 manipulates secret information--typically cryptographic in
 nature--such as registers, stack, new heap allocations. This
 package is intended to make it easier to ensure forward
 secrecy. It currently supports the amd64 and arm64
 architectures on Linux.
 * bytes: The new Buffer.Peek method returns the next n bytes from
 the buffer without advancing it.
 * crypto: The new Encapsulator and Decapsulator interfaces allow
 accepting abstract KEM encapsulation or decapsulation keys.
 * crypto/dsa: The random parameter to GenerateKey is now
 ignored. Instead, it now always uses a secure source of
 cryptographically random bytes. For deterministic testing, use
 the new testing/cryptotest.SetGlobalRandom function. The new
 GODEBUG setting cryptocustomrand=1 temporarily restores the old
 behavior.
 * crypto/ecdh: The random parameter to Curve.GenerateKey is now
 behavior. The new KeyExchanger interface, implemented by
 PrivateKey, makes it possible to accept abstract ECDH private
 keys, e.g. those implemented in hardware.
 * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey
 are now deprecated. The random parameter to GenerateKey,
 SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead,
 they now always use a secure source of cryptographically random
 bytes. For deterministic testing, use the new
 testing/cryptotest.SetGlobalRandom function. The new GODEBUG
 setting cryptocustomrand=1 temporarily restores the old
 * crypto/ed25519: If the random parameter to GenerateKey is nil,
 GenerateKey now always uses a secure source of
 cryptographically random bytes, instead of crypto/rand.Reader
 (which could have been overridden). The new GODEBUG setting
 cryptocustomrand=1 temporarily restores the old behavior.
 * crypto/fips140: The new WithoutEnforcement and Enforced
 functions now allow running in GODEBUG=fips140=only mode while
 selectively disabling the strict FIPS 140-3 checks. Version
 returns the resolved FIPS 140-3 Go Cryptographic Module version
 when building against a frozen module with GOFIPS140.
 * crypto/mlkem: The new DecapsulationKey768.Encapsulator and
 DecapsulationKey1024.Encapsulator methods implement the new
 crypto.Decapsulator interface.
 * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package
 exposes the Encapsulate768 and Encapsulate1024 functions which
 implement derandomized ML-KEM encapsulation, for use with
 known-answer tests.
 * crypto/rand: The random parameter to Prime is now
 * crypto/rsa: The new EncryptOAEPWithOptions function allows
 specifying different hash functions for OAEP padding and MGF1
 mask generation.
 * crypto/rsa: The random parameter to GenerateKey,
 GenerateMultiPrimeKey, and EncryptPKCS1v15 is now
 ignored. Instead, they now always use a secure source of
 * crypto/rsa: If PrivateKey fields are modified after calling
 PrivateKey.Precompute, PrivateKey.Validate now fails.
 * crypto/rsa: PrivateKey.D is now checked for consistency with
 precomputed values, even if it is not used.
 * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented
 by EncryptPKCS1v15, DecryptPKCS1v15, and
 DecryptPKCS1v15SessionKey) is now deprecated.
 * crypto/subtle: The WithDataIndependentTiming function no longer
 locks the calling goroutine to the OS thread while executing
 the passed function. Additionally, any goroutines which are
 spawned during the execution of the passed function and their
 descendants now inherit the properties of
 WithDataIndependentTiming for their lifetime. This change also
 affects cgo in the following ways:
 * crypto/subtle: Any C code called via cgo from within the
 function passed to WithDataIndependentTiming, or from a
 goroutine spawned by the function passed to
 WithDataIndependentTiming and its descendants, will also have
 data independent timing enabled for the duration of the
 call. If the C code disables data independent timing, it will
 be re-enabled on return to Go.
 * crypto/subtle: If C code called via cgo, from the function
 passed to WithDataIndependentTiming or elsewhere, enables or
 disables data independent timing then calling into Go will
 preserve that state for the duration of the call.
 * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024
 post-quantum key exchanges are now enabled by default. They can
 be disabled by setting Config.CurvePreferences or with the
 tlssecpmlkem=0 GODEBUG setting.
 * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field
 indicates if the ClientHello was sent in response to a
 HelloRetryRequest message. The new
 ConnectionState.HelloRetryRequest field indicates if the server
 sent a HelloRetryRequest, or if the client received a
 HelloRetryRequest, depending on connection role.
 * crypto/tls: The QUICConn type used by QUIC implementations
 includes a new event for reporting TLS handshake errors.
 * crypto/tls: If Certificate.PrivateKey implements
 crypto.MessageSigner, its SignMessage method is used instead of
 Sign in TLS 1.2 and later.
 * crypto/tls: The following GODEBUG settings introduced in Go
 1.22 and Go 1.23 will be removed in the next major Go
 release. Starting in Go 1.27, the new behavior will apply
 regardless of GODEBUG setting or go.mod language version.
 * crypto/tls: GODEBUG tlsunsafeekm:
 ConnectionState.ExportKeyingMaterial will require TLS 1.3 or
 Extended Master Secret.
 * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges
 without ECDH won't be enabled by default.
 * crypto/tls: GODEBUG tls10server: the default minimum TLS
 version for both clients and servers will be TLS 1.2.
 * crypto/tls: GODEBUG tls3des: the default cipher suites will not
 include 3DES.
 * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and
 LoadX509KeyPair will always populate the Certificate.Leaf
 field.
 * crypto/x509: The ExtKeyUsage and KeyUsage types now have String
 methods that return the corresponding OID names as defined in
 RFC 5280 and other registries.
 * crypto/x509: The ExtKeyUsage type now has an OID method that
 returns the corresponding OID for the EKU.
 * crypto/x509: The new OIDFromASN1OID function allows converting
 an encoding/asn1.ObjectIdentifier into an OID.
 * debug/elf: Additional R_LARCH_* constants from LoongArch ELF
 psABI v20250521 (global version v2.40) are defined for use with
 LoongArch systems.
 * errors: The new AsType function is a generic version of As. It
 is type-safe, faster, and, in most cases, easier to use.
 * fmt: For unformatted strings, fmt.Errorf('x') now allocates
 less and generally matches the allocations for errors.New('x').
 * go/ast: The new ParseDirective function parses directive
 comments, which are comments such as //go:generate. Source code
 tools can support their own directive comments and this new API
 should help them implement the conventional syntax.
 * go/ast: The new BasicLit.ValueEnd field records the precise end
 position of a literal so that the BasicLit.End method can now
 always return the correct answer. (Previously it was computed
 using a heuristic that was incorrect for multi-line raw string
 literals in Windows source files, due to removal of carriage
 returns.)
 * go/ast: Programs that update the ValuePos field of BasicLits
 produced by the parser may need to also update or clear the
 ValueEnd field to avoid minor differences in formatted output.
 * go/token: The new File.End convenience method returns the
 file's end position.
 * go/types: The gotypesalias GODEBUG setting introduced in Go
 1.22 will be removed in the next major Go release. Starting in
 Go 1.27, the go/types package will always produce an Alias type
 for the representation of type aliases regardless of GODEBUG
 setting or go.mod language version.
 * image/jpeg: The JPEG encoder and decoder have been replaced
 with new, faster, more accurate implementations. Code that
 expects specific bit-for-bit outputs from the encoder or
 decoder may need to be updated.
 * io: ReadAll now allocates less intermediate memory and returns
 a minimally sized final slice. It is often about two times
 faster while typically allocating around half as much total
 memory, with more benefit for larger inputs.
 * log/slog: The NewMultiHandler function creates a MultiHandler
 that invokes all the given Handlers. Its Enabled method reports
 whether any of the handlers' Enabled methods return true. Its
 Handle, WithAttrs and WithGroup methods call the corresponding
 method on each of the enabled handlers.
 * net: The new Dialer methods DialIP, DialTCP, DialUDP, and
 DialUnix permit dialing specific network types with context
 values.
 * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field
 controls whether a new connection should be opened if an
 existing HTTP/2 connection has exceeded its stream limit.
 * net/http: The new Transport.NewClientConn method returns a
 client connection to an HTTP server. Most users should continue
 to use Transport.RoundTrip to make requests, which manages a
 pool of connections. NewClientConn is useful for users who need
 to implement their own connection management.
 * net/http: Client now uses and sets cookies scoped to URLs with
 the host portion matching Request.Host when
 available. Previously, the connection address host was always
 used.
 * net/http/httptest: The HTTP client returned by Server.Client
 will now redirect requests for example.com and any subdomains
 to the server being tested.
 * net/http/httputil: The ReverseProxy.Director configuration
 field is deprecated in favor of ReverseProxy.Rewrite.
 * net/http/httputil: A malicious client can remove headers added
 by a Director function by designating those headers as
 hop-by-hop. Since there is no way to address this problem
 within the scope of the Director API, we added a new Rewrite
 hook in Go 1.20. Rewrite hooks are provided with both the
 unmodified inbound request received by the proxy and the
 outbound request which will be sent by the proxy. Since the
 Director hook is fundamentally unsafe, we are now deprecating
 it.
 * net/netip: The new Prefix.Compare method compares two prefixes.
 * net/url: Parse now rejects malformed URLs containing colons in
 the host subcomponent, such as http://::1/ or
 http://localhost:80:80/. URLs containing bracketed IPv6
 addresses, such as http://[::1]/ are still accepted. The new
 GODEBUG setting urlstrictcolons=0 restores the old behavior.
 * os: The new Process.WithHandle method provides access to an
 internal process handle on supported platforms (pidfd on Linux
 5.4 or later, Handle on Windows).
 * os: On Windows, the OpenFile flag parameter can now contain any
 combination of Windows-specific file flags, such as
 FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control
 of file or device caching behavior, access modes, and other
 special-purpose flags.
 * os/signal: NotifyContext now cancels the returned context with
 context.CancelCauseFunc and an error indicating which signal
 was received.
 * reflect: The new methods Type.Fields, Type.Methods, Type.Ins
 and Type.Outs return iterators for a type's fields (for a
 struct type), methods, inputs and outputs parameters (for a
 function type), respectively. Similarly, the new methods
 Value.Fields and Value.Methods return iterators over a value's
 fields or methods, respectively. Each iteration yields the type
 information (StructField or Method) of a field or method, along
 with the field or method Value.
 * runtime/metrics: Several new scheduler metrics have been added,
 including counts of goroutines in various states (waiting,
 runnable, etc.) under the /sched/goroutines prefix, the number
 of OS threads the runtime is aware of with
 /sched/threads:threads, and the total number of goroutines
 created by the program with
 /sched/goroutines-created:goroutines.
 * testing: The new methods T.ArtifactDir, B.ArtifactDir, and
 F.ArtifactDir return a directory in which to write test output
 files (artifacts).
 * testing: When the -artifacts flag is provided to go test, this
 directory will be located under the output directory (specified
 with -outputdir, or the current directory by
 default). Otherwise, artifacts are stored in a temporary
 directory which is removed after the test completes.
 * testing: The first call to ArtifactDir when -artifacts is
 provided writes the location of the directory to the test log.
 * testing: The B.Loop method no longer prevents inlining in the
 loop body, which could lead to unanticipated allocation and
 slower benchmarks. With this fix, we expect that all benchmarks
 can be converted from the old B.N style to the new B.Loop style
 with no ill effects. Within the body of a for b.Loop() { ... }
 loop, function call parameters, results, and assigned variables
 are still kept alive, preventing the compiler from optimizing
 away entire parts of the benchmark.
 * testing/cryptotest: The new SetGlobalRandom function configures
 a global, deterministic cryptographic randomness source for the
 duration of the test. It affects crypto/rand, and all implicit
 sources of cryptographic randomness in the crypto/... packages.
 * time: The asynctimerchan GODEBUG setting introduced in Go 1.23
 will be removed in the next major Go release. Starting in Go
 1.27, the time package will always use unbuffered (synchronous)
 channels for timers regardless of GODEBUG setting or go.mod
 language version.
 * Ports: Darwin: Go 1.26 is the last release that will run on
 macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or
 later.
 * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd
 GOARCH=riscv64) has been marked broken. See issue 76475 for
 details.
 * Ports: Windows: As announced in the Go 1.25 release notes, the
 broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has
 been removed.
 * Ports: PowerPC: Go 1.26 is the last release that supports the
 ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux
 (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in
 Go 1.27. As the port does not currently support linking against
 other ELF objects, we expect this change to be transparent to
 users.
 * Ports: RISC-V: The linux/riscv64 port now supports the race
 detector.
 * Ports: S390X: The s390x port now supports passing function
 arguments and results using registers.
 * Ports: WebAssembly: The compiler now unconditionally makes use
 of the sign extension and non-trapping floating-point to
 integer conversion instructions. These features have been
 standardized since at least Wasm 2.0. The corresponding GOWASM
 settings, signext and satconv, are now ignored.
 * Ports: WebAssembly: For WebAssembly applications, the runtime
 now manages chunks of heap memory in much smaller increments,
 leading to significantly reduced memory usage for applications
 with heaps less than around 16 MiB in size.
- go1.26rc3 (released 2026-02-04) is a release candidate version of
 go1.26 cut from the master branch at the revision tagged
 go1.26rc3.
- go1.26rc2 (released 2026-01-15) is a release candidate version of
 go1.26rc2.
 * go1.26 requires go1.24.6 or later for bootstrap.
- go1.26rc1 (released 2025-12-16) is a release candidate version of
 go1.26rc1.

-----------------------------------------------------------------
Advisory ID: 561
Released:    Tue Apr 14 21:29:51 2026
Summary:     Recommended update for libzypp-testsuite-tools
Type:        recommended
Severity:    moderate
References:  1241826,1241857,1251511,1251679,1253581,1253901,1254079,CVE-2025-22872,CVE-2025-47911,CVE-2025-47913,CVE-2025-47914,CVE-2025-58181,CVE-2025-58190
This update for libzypp-testsuite-tools fixes the following issues:

Changes in libzypp-testsuite-tools:

- Require CMake 3.5
- version 5.0.7

-----------------------------------------------------------------
Advisory ID: 568
Released:    Thu Apr 16 10:15:42 2026
Summary:     Recommended update for x3270
Type:        recommended
Severity:    moderate
References:  1249435,1257068
This update for x3270 fixes the following issues:

- Upgrade x3270 to version 4.5ga5:
    * 4.5ga5:
         + wc3270 now turns off Quick Edit mode at run-time,
           so it is no longer necessary to turn it off in the Console Properties.
         + The wc3270 OIA is the now same color (host color Blue) as the other emulators.
         + wc3270 now runs in a very limited way in a Windows Terminal window.
         + Mouse double-clicks in wc3270 are no longer confused by DBCS characters.
    * 4.5beta4:
         + PF keys 1 through 4 now work properly when running a curses-based application as a local process.
    * 4.5alpha3:
         + The X Inhibit state, which was never part of the behavior of a real 3270, has been removed.
         + The KeyboardLockDetail and ReplyMode queries have been added.
         + PrintText(html) has been enhanced to render APL underlined alphabetics accurately.
         + All APL characters are always returned to the host with a Graphic Escape (GE),
           regardless of the reply mode.
         + In a Read Modified reply sent to the host in character reply mode,
           extended field character set attributes are reported with a Set Attribute order.
         + Support for Ukrainian code pages (1123 and 1158) has been added.
         +  c3270 support for 256-color terminals has been added.
         + c3270 fixed screen elements (menus, OIA) no longer use separate curses colors.
         + The c3270 CursesColorForProtectedIntensified, CursesColorForProtected, CursesColorForIntensified and
           CursesColorForDefault resources have been deprecated.
         + The program name is no longer duplicated in trace file headers.
         + APL characters are now displayed correctly by the emulators and returned correctly by
           Ascii1(), Ascii(), PrintText() and ReadBuffer() when they occur inside APL extended fields
         + Non-APL characters are no longer accepted as input in APL extended fields.
         + APL underlined alphabetic characters are now displayed correctly by all of the emulators
           and returned correctly by Ascii1(), Ascii(), PrintText() and ReadBuffer().
         + Untranslatable characters are no longer returned incorrectly by ReadBuffer(ascii).
         + Wrapped DBCS characters and the text that follows them are no longer displayed incorrectly by x3270.
         + A buffer overrun bug in processing the Set Reply Mode structured field has been fixed.
         + DBCS operator error state is now displayed in the OIA by c3270 and wc3270.
         + x3270 no longer corrupts the screen display when a DBCS character
           is replaced with an SBCS character by keyboard input.
         + The c3270 and wc3270 on-screen keypad is no longer corrupted when DBCS text is on the screen.
         + The EraseEOF() action no longer clears the character set extended attributes in a field
           when the emulator is in field or extended field reply mode.
    * 4.5alpha2:
         + The build system has been overhauled for Windows cross-compilation.
         + Trace messages now have category headings.
         + x3270if now builds on BSD-based systems.
         + The SOURCE_DATA_EPOCH environment variable is now supported correctly by the build process.

    * 4.5alpha1:
         + Support for DBCS code pages 933 (korean) and 1364 has been added.
         + PageUp() and PageDown() actions have been added, and
           NVT-mode behaviors have been added to Home() and FieldEnd().
         + A -nomargin option has been added to the PasteString(), Paste() and
           insert-selection() actions, to disable automatic margin wrapping for a single operation.
         + x3270 now supports background color.
- Removed obsolete patches
- Amended the .spec file (jsc#PED-15247)
    * Removed the update-desktop-files dependencies
- Removed the 'x3270.desktop' file

-----------------------------------------------------------------
Advisory ID: 569
Released:    Thu Apr 16 10:36:38 2026
Summary:     Recommended update for AppStream
Type:        recommended
Severity:    moderate
References:  1239941,1256105,CVE-2025-14017
This update for AppStream fixes the following issues:

Changes in AppStream:

- Make qt6 the default qt flavor and qt5 the flavor built
  separately and disable the qt5 flavor in SLE16 where we don't
  want to have Qt5 libraries.

Update to 1.0.5:

  Features:

  * qt: Expose markup conversion utils
  * desktop-styles: Add android and iOS
  * validator: Check for xml:lang='en' being used on description
    template elements
  * validator: Flag cases of raw text in 'description' elements
  * metadata: Add more known extensions into
    as_metadata_file_guess_style()
  Specification:
  * docs: Clarify that the style segment of a screenshot
    environment is optional
  * docs: Explain consequences of defining an icon for
    desktop-app metainfo
  * docs: Clarify that description content must be in p/li
    elements
  Bugfixes:
  * validator: mark as_validator_issue_tag_list static
  * docs: Add workaround for gi-docgen misnaming devhelp files
  * compose: Do not permit SVG images as screenshots
  * compose: Don't 'forget' to scan remaining paths when
    re-encountering a dir
  * pool: Try explicit singular term match if we only have
    low-quality tokens
  * utils: Provide compatibility with Fedora icon tarballs when
    installing them
  * utils: Remove leftover g_chmod()
  * zstd-decompressor: Pass output/written data when decompression
    finished
  * utils: Expect a dash in icons file name
  * utils: Recognize .yml* and .yaml* file extension variants,
    and .zst extension
  * utils: Rename the appstream file when re-saving it on install

-----------------------------------------------------------------
Advisory ID: 570
Released:    Thu Apr 16 11:06:50 2026
Summary:     Security update for strongswan
Type:        security
Severity:    important
References:  1254666,1257359,1259472,CVE-2025-14104,CVE-2025-9615,CVE-2026-25075
This update for strongswan fixes the following issues:

Update to strongswan 6.0.4:

- CVE-2025-9615: NetworkManager File Access (bsc#1257359).
- CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472).

Changes for strongswan:

- Fixed a vulnerability in the NetworkManager plugin that potentially
 allows using credentials of other local users. This vulnerability
 has been registered as CVE-2025-9615.
- The maximum supported length for section names in swanctl.conf
 has been increased to the upper limit of 256 characters that's
 enforced by VICI.
- Prevent a crash if a confused peer rekeys a Child SA twice before
 sending a delete.
- Fixed a memory leak if a peer's self-signed certificate is untrusted.

-----------------------------------------------------------------
Advisory ID: 572
Released:    Thu Apr 16 12:03:54 2026
Summary:     Recommended update for rpmlint
Type:        recommended
Severity:    important
References:  1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1261696,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for rpmlint fixes the following issues:

- Update to version 2.7.0+git20260415.44ca4797:
    * Update openSUSE's licenses.toml
    * ZipCheck: fix utf8 decoding erros in jarfile manifest (bsc#1261696)

-----------------------------------------------------------------
Advisory ID: 574
Released:    Thu Apr 16 12:19:06 2026
Summary:     Recommended update for update-bootloader
Type:        recommended
Severity:    moderate
References:  1244485,1245878,1246013,1254227,1254430,1254431,1256816,1256817,1256818,1256819,1256820,1256821,CVE-2025-61726,CVE-2025-61727,CVE-2025-61728,CVE-2025-61729,CVE-2025-61730,CVE-2025-61731,CVE-2025-68119,CVE-2025-68121
This update for update-bootloader fixes the following issues:

- Upgrade to version 1.27:
    * adjust spec file for immutable mode: switch to using
    * systemd-tmpfiles (jsc#PED-14833)
- Upgrade to version 1.26:
    * adjust test cases
- Implement config for BLS (bsc#1246013)

-----------------------------------------------------------------
Advisory ID: 576
Released:    Thu Apr 16 15:10:27 2026
Summary:     Recommended update for opensm
Type:        recommended
Severity:    important
References:  1257144,1257496,1258143,CVE-2026-24515,CVE-2026-25210
This update for opensm fixes the following issue:

Change in opensm:

- Fix issue with NDR switches (bsc#1258143).
-----------------------------------------------------------------
Advisory ID: 582
Released:    Fri Apr 17 09:54:12 2026
Summary:     Recommended update for saptune
Type:        recommended
Severity:    important
References:  1235824,1256389,1257396,1259748,1260498,1261866,CVE-2026-24882
This update for saptune fixes the following issues:

- update package version of saptune to 3.2.3:
    * On Azure cloud systems fix a systemd ordering cycle conflict
      which prevents saptune to run on boot:
        + The reason for this conflict is an upcoming cloud-init update which will change
          the order by adding 'After=multi-user.target' to the cloud-final.service.
        + Since version 3.1.5 saptune has a dependency to cloud-final.service on Azure systems to fix (bsc#1235824).
        + We will now remove this dependency. (bsc#1260498, jsc#SAPSOL-1050)
    * Fix systemd service state revert problem. (bsc#1259748)
    * Fix output of 'saptune verify applied' in case of enabled notes, but nothing is applied. (jsc#SAPSOL-1051)
    * Add new tag 'kernel' to match the running kernel release.
      Valid values are extended regular expressions (RE2) that match the output of 'uname -r' (jsc#SAPSOL-810)
    * Support C-State names for parameter 'force_latency' additional to the already available latency value. (jsc#SAPSOL-806)
    * Support optional packages in the rpm section. (jsc#SAPSOL-791)
    * Warn about duplicate Notes/Solutions. (jsc#SAPSOL-948)
    * Fix kernel regex for HotFix000022286 (bsc#1261866)
    * Add condition (kernel tag) to HotFix000022286.
      As the final kernel patch is available for the problem the HotFix will only be active
      on systems currently not patched to the latest kernel patch.
    * SLE12/15/16 - deprecate Note 941735 (jsc#SAPSOL-1048)
    * SAP Note 2684254 updated to Version 27
      check that TSX is set to auto on systems running dedicated kernel releases. (jsc#SAPSOL-793)
    * SAP Note 1656250 updated to Version 71
      disable C-states higher than C1
    * SAP Note 2578899 updated to Version 55
      check for optional sssd package version
    * SAP Note 1275776 updated to Version 47
    * SLE 16 SAP Note 3577842 and 3565382 updated
- use versioned Provides/Obsoletes for sapconf
- use full path for commands used in pre/post scripts
- requires systemd-presets-branding-SLE-SAP (jsc#PED-15405)
- update package version of saptune to 3.2.2 - HOTFIX:
    * ship Note HotFix000022286 and add it to the Solutions 'HANA',
      'NETWEAVER+HANA', 'S4HANA-APP+DB' and 'S4HANA-DBSERVER'.
        + This HotFix addresses a problem described in the TID 22286
        + This HotFix is only available for SLES15SP5 to SLES15SP7 on x86_64 architecture.

-----------------------------------------------------------------
Advisory ID: 578
Released:    Fri Apr 17 09:57:12 2026
Summary:     Security update for google-cloud-sap-agent
Type:        security
Severity:    important
References:  1256805,1259816,1260265,CVE-2026-0989,CVE-2026-33186
This update for google-cloud-sap-agent fixes the following issue:

Update to google-cloud-sap-agent 3.12 (bsc#1259816):

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
  header (bsc#1260265).

Changes for google-cloud-sap-agent:

 * Collect WLM metric `saphanasr_angi_installed` for all OS types.
 * Failure handling: Remove attached disks from CG
 * OTE Status checks for Parameter Manager (SAP Agent)
 * Log command-line arguments in configureinstance.
 * Minor multiple reliability checks and fixes
 * Support custom names for restored disks in hanadiskrestore
 * Add newAttachedDisks to Restorer and detach them on restore failure.
 * Improve unit test coverage for hanadiskbackup and hanadiskrestore
 * Add support for refresh point tests.
 * Refactor HANA disk backup user validation and physical path parsing.
 * Auto updated compiled protocol buffers
 * Parameter Manager integration to SAP Agent
 * Modify collection logic for SAP HANA configuration files.
 * Update workloadagentplatform version and hash.
 * Update WLM Validation metrics to support SAPHanaSR-angi setups.
 * Increment agent version to 3.12.
 * SAP HANA Pacemaker failover settings can come from `SAPHanaController`.
 * Update collection for WLM metric `ha_sr_hook_configured`.
 * Refactor CheckTopology to accept instance number.
 * Use constant backoff with max retries for snapshot group operations.
 * Update workloadagentplatform dependency

-----------------------------------------------------------------
Advisory ID: 579
Released:    Fri Apr 17 10:18:30 2026
Summary:     Security update for freeipmi
Type:        security
Severity:    important
References:  1257049,1257353,1257354,1257355,1260414,CVE-2026-0988,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489,CVE-2026-33554
This update for freeipmi fixes the following issue:

- CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of
  malformed payloads/responses (bsc#1260414).

-----------------------------------------------------------------
Advisory ID: 585
Released:    Fri Apr 17 12:37:59 2026
Summary:     Feature update for libgcrypt, libgpg-error
Type:        feature
Severity:    moderate
References:  1255764,1256070,CVE-2024-2236,CVE-2025-15444,CVE-2025-69277
This update for libgcrypt, libgpg-error fixes the following issues:

Update libgcrypt to 1.12.1 (jsc#PED-15059):

* New and extended interfaces:
 - Allow access to the FIPS service indicator via the new
 GCRYCTL_FIPS_SERVICE_INDICATOR control code.
 - Make SHA-1 non-FIPS internally for the 1.12 API
 - Add Dilithium (ML-DSA) support
 - Support optional random-override and support byte string data

* Bug fixes:
 - Use secure MPI in _gcry_mpi_assign_limb_space.
 - Use CSIDL_COMMON_APPDATA instead of /etc on Windows.
 - Apply a Kyber patch from upstream.
 - Fix an edge case in Jent initialization.
 - mceliece6688128f: Fix stack overflow crash on win64/wine
 * Performance:
 - Many performance improvements, new AVX512 implementations for modern CPUs.
 - Add RISC-V Zbb+Zbc implementation of CRC.
 - Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512
 - Add AVX2 and AVX512 code paths to improve CRC.

For a full changelog, see:
https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0

Update libgpg-error to 1.58:

 * New src/gpg-error.c (main): New command 'fconcat'.
 * Rename src/spawn-posix.c (struct gpgrt_spawn_actions): Rename the field to
 ENVP.
 * argparse: Use SYSCONFDIR for /etc.
 * Update translations for Portugese, German
 * src/estream.c (parse_mode): Fix parsing of 'share'. Set sysopen
 flag.
 * syscfg: Add 64-bit Android arch.

-----------------------------------------------------------------
Advisory ID: 594
Released:    Mon Apr 20 16:02:24 2026
Summary:     Security update for go1.25
Type:        security
Severity:    important
References:  1244485,1258045,1258049,1258054,1258080,1258081,1261653,1261654,1261655,1261656,1261657,1261658,1261659,1261660,1261661,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-27140,CVE-2026-27143,CVE-2026-27144,CVE-2026-32280,CVE-2026-32281,CVE-2026-32282,CVE-2026-32283,CVE-2026-32288,CVE-2026-32289
This update for go1.25 fixes the following issues:

- Update to version go1.25.9 (bsc#1244485).
- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
- CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).
- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).
- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
- CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).

-----------------------------------------------------------------
Advisory ID: 593
Released:    Mon Apr 20 16:46:54 2026
Summary:     Security update for rust1.94
Type:        security
Severity:    moderate
References:  1256525,1256526,1257364,1257365,1258020,1259623,1261876,CVE-2025-28162,CVE-2025-28164,CVE-2026-22695,CVE-2026-22801,CVE-2026-25646,CVE-2026-31812
This update for rust1.94 fixes the following issues:

Changes in rust1.94:

- Don't force gcc-15 on SLE-16 and higher (bsc#1261876)

Update to rust1.94.1:

- Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.1

- Avoid unwrapping varint decoding during parameters parsing
  (bsc#1259623 CVE-2026-31812).

- Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0

-----------------------------------------------------------------
Advisory ID: 597
Released:    Mon Apr 20 17:50:21 2026
Summary:     Recommended update for the initial kernel livepatch
Type:        recommended
Severity:    important
References:  1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915


This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.


-----------------------------------------------------------------
Advisory ID: 596
Released:    Mon Apr 20 19:16:35 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1191256,1191270,1194778,1207184,1217845,1222768,1243208,1252073,1253129,1254214,1254306,1254307,1255084,1255687,1256647,1257183,1257511,1257708,1257773,1257777,1257908,1258175,1258280,1258293,1258301,1258305,1258330,1258337,1258340,1258414,1258447,1258476,1258849,1259188,1259461,1259484,1259485,1259580,1259707,1259759,1259795,1259797,1259870,1259886,1259891,1259955,1259997,1259998,1260005,1260009,1260347,1260459,1260464,1260471,1260481,1260486,1260490,1260497,1260500,1260522,1260527,1260544,1260550,1260606,1260730,1260732,1260735,1260799,1261496,1261498,1261506,1261507,1261669,CVE-2025-39998,CVE-2025-40253,CVE-2025-68794,CVE-2025-71239,CVE-2026-23072,CVE-2026-23103,CVE-2026-23120,CVE-2026-23125,CVE-2026-23138,CVE-2026-23140,CVE-2026-23187,CVE-2026-23193,CVE-2026-23201,CVE-2026-23204,CVE-2026-23215,CVE-2026-23216,CVE-2026-23231,CVE-2026-23239,CVE-2026-23240,CVE-2026-23242,CVE-2026-23243,CVE-2026-23255,CVE-2026-23262,CVE-2026-23270,CVE-2026-23272,CVE-2026-23274,CVE-2026-23
 277,CVE-2026-23278,CVE-2026-23281,CVE-2026-23292,CVE-2026-23293,CVE-2026-23297,CVE-2026-23304,CVE-2026-23319,CVE-2026-23326,CVE-2026-23335,CVE-2026-23343,CVE-2026-23361,CVE-2026-23379,CVE-2026-23381,CVE-2026-23383,CVE-2026-23386,CVE-2026-23393,CVE-2026-23398,CVE-2026-23413,CVE-2026-23414,CVE-2026-23419,CVE-2026-23425,CVE-2026-25727,CVE-2026-31788

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
- CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759).
- CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
- CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301).
- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
- CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
- CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).
- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490).
- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
- CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).
- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
- CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
- CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).

The following non security issues were fixed:

- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
- Revert 'drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).'
- Update config files (bsc#1254307).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
- bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
- btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459).
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
- drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
- drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).
- firmware: microchip: fail auto-update probe if no flash found (git-fixes).
- kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).
- nvme: expose active quirks in sysfs (bsc#1243208).
- nvme: fix memory leak in quirks_param_set() (bsc#1243208).
- powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
- powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).
- s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
- scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
- scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
- scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
- scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
- scsi: fnic: Add stats and related functionality (jsc#PED-15441).
- scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
- scsi: fnic: Code cleanup (jsc#PED-15441).
- scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441).
- scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441).
- scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
- scsi: fnic: Increment driver version (jsc#PED-15441).
- scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
- scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
- scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441).
- scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).
- scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
- scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
- scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).
- scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).
- scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).
- scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
- scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441).
- scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
- scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).
- scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).
- scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
- scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).
- scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042).
- selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
- tg3: Fix race for querying speed/duplex (bsc#1257183).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).

-----------------------------------------------------------------
Advisory ID: 603
Released:    Tue Apr 21 11:59:18 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1257325,1261957,CVE-2025-13465,CVE-2026-34757
This update for libpng16 fixes the following issue:

- CVE-2026-34757: libpng: Information disclosure and data corruption via use-after-free vulnerability (bsc#1261957).

-----------------------------------------------------------------
Advisory ID: 604
Released:    Tue Apr 21 12:26:17 2026
Summary:     Recommended update for gdb
Type:        recommended
Severity:    important
References:  1238724,1249147,1251213,1257111,1258002
This update for gdb fixes the following issues:

Changes in gdb:

- Re-enable ptype /o for flexible array member types (swo#33966, bsc#1249147).
- Fix TUI crash when encountering a debuginfod query while entering TUI (swo#31449, swo#33794).
- Fix a case on x86_64/-m32 where displaced stepping steps out of the displaced stepping buffer (swo#33997).
- Fix generation of core files using gcore for glibc 2.42 (swo#33855).
- Fix slow symbol lookup with dwz-compressed debuginfo (swo#33825, bsc#1257111).
- Fix failure to list source file with dwz-compressed debuginfo (brc#2403580).
- Fix slow symbol table reading with dwz-compressed debuginfo (swo#33777).
- Fix heap-use-after-free, reported by TSAN.
- Fix backtrace through signal trampoline on s390x (swo#33708).
- Work around recursively defined sle_version on openSUSE Leap 16.0 (bsc#1238724).

-----------------------------------------------------------------
Advisory ID: 608
Released:    Tue Apr 21 17:49:23 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1247850,1247858,1250553,1255066,1256804,1256805,1256807,1256808,1256809,1256810,1256811,1256812,1257593,1257594,1257595,1259859,CVE-2025-10911,CVE-2025-40309,CVE-2025-8732,CVE-2026-0989,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757,CVE-2026-23268

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859).

-----------------------------------------------------------------
Advisory ID: 610
Released:    Tue Apr 21 20:19:42 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1216378,1255066,1258392,1259859,CVE-2023-45853,CVE-2025-40309,CVE-2026-23268,CVE-2026-27171

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859).

-----------------------------------------------------------------
Advisory ID: 616
Released:    Wed Apr 22 11:56:41 2026
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1251214,1261420,CVE-2026-35535
This update for sudo fixes the following issues:

- CVE-2026-35535: unhandled failure of `setuid`, `setgid` or `setgroups` calls during a mailer privilege drop allows
  for local privilege escalation (bsc#1261420).

-----------------------------------------------------------------
Advisory ID: 617
Released:    Wed Apr 22 12:03:51 2026
Summary:     Security update for openexr
Type:        security
Severity:    important
References:  1259362,1259363,1259364,1259365,1261621,1261622,1261624,1261634,CVE-2026-1965,CVE-2026-34379,CVE-2026-34380,CVE-2026-34588,CVE-2026-34589,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for openexr fixes the following issues:

- CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service (bsc#1261621).
- CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding (bsc#1261622).
- CVE-2026-34588: crafted EXR file can lead to out of bound read and write (bsc#1261624).
- CVE-2026-34589: crafted scanline DWAA file can lead to arbitrary code execution or denial of service (bsc#1261634).

-----------------------------------------------------------------
Advisory ID: 625
Released:    Wed Apr 22 12:22:37 2026
Summary:     Security update for libcap
Type:        security
Severity:    important
References:  1259051,1261809,CVE-2026-28417,CVE-2026-4878
This update for libcap fixes the following issues:

- CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in
  `cap_set_file()` (bsc#1261809).

-----------------------------------------------------------------
Advisory ID: 621
Released:    Wed Apr 22 12:52:20 2026
Summary:     Security update for google-guest-agent
Type:        security
Severity:    important
References:  1234563,1236533,1239763,1239866,1243254,1243505,1246607,CVE-2023-45288,CVE-2024-45337
This update for google-guest-agent fixes the following issues:

Update to version 20250506.01 (bsc#1243254, bsc#1243505).

Security issues fixed:

- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to
  authorization bypass in applications (bsc#1234563).
- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an
  HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).

Other updates and bugfixes:

- Version 20250506.01:
  * Make sure agent added connections are activated by NM (#534)
- Version 20250506.00:
  * Wrap NSS cache refresh in a goroutine (#533)
- Version 20250502.01:
  * Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- Version 20250502.00:
  * Add AuthorizedKeysCompat to windows packaging (#530)
  * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
  * Update guest-logging-go dependency (#526)
  * Add 'created-by' metadata, and pass it as option to logging library (#508)
  * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523)
  * Re-enable disabled services if the core plugin was enabled (#522)
  * Enable guest services on package upgrade (#519)
  * oslogin: Correctly handle newlines at the end of modified files (#520)
  * Fix core plugin path (#518)
  * Fix package build issues (#517)
  * Fix dependencies ran go mod tidy -v (#515)
  * Fix debian build path (#514)
  * Bundle compat metadata script runner binary in package (#513)
  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
  * Update startup/shutdown services to launch compat manager (#503)
  * Bundle new gce metadata script runner binary in agent package (#502)
  * Revert 'Revert bundling new binaries in the package (#509)' (#511)
- Version 20250418.00:
  * Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250414.00:
  * Add AuthorizedKeysCompat to windows packaging (#530)
  * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
  * Update guest-logging-go dependency (#526)
  * Add 'created-by' metadata, and pass it as option to logging library (#508)
  * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523)
  * Re-enable disabled services if the core plugin was enabled (#522)
  * Enable guest services on package upgrade (#519)
  * oslogin: Correctly handle newlines at the end of modified files (#520)
  * Fix core plugin path (#518)
  * Fix package build issues (#517)
  * Fix dependencies ran go mod tidy -v (#515)
  * Fix debian build path (#514)
  * Bundle compat metadata script runner binary in package (#513)
  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
  * Update startup/shutdown services to launch compat manager (#503)
  * Bundle new gce metadata script runner binary in agent package (#502)
  * Revert 'Revert bundling new binaries in the package (#509)' (#511)
- Version 20250327.01 (bsc#1239763, bsc#1239866):
  * Remove error messages from gce_workload_cert_refresh and
    metadata script runner (#527)
- Version 20250327.00:
  * Update guest-logging-go dependency (#526)
  * Add 'created-by' metadata, and pass it as option to logging library (#508)
  * Revert 'oslogin: Correctly handle newlines at the end of
    modified files (#520)' (#523)
  * Re-enable disabled services if the core plugin was enabled (#522)
  * Enable guest services on package upgrade (#519)
  * oslogin: Correctly handle newlines at the end of modified files (#520)
  * Fix core plugin path (#518)
  * Fix package build issues (#517)
  * Fix dependencies ran go mod tidy -v (#515)
  * Fix debian build path (#514)
  * Bundle compat metadata script runner binary in package (#513)
  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
  * Update startup/shutdown services to launch compat manager (#503)
  * Bundle new gce metadata script runner binary in agent package (#502)
  * Revert 'Revert bundling new binaries in the package (#509)' (#511)
- Version 20250326.00:
  * Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250324.00:
  * Enable guest services on package upgrade (#519)
  * oslogin: Correctly handle newlines at the end of modified files (#520)
  * Fix core plugin path (#518)
  * Fix package build issues (#517)
  * Fix dependencies ran go mod tidy -v (#515)
  * Fix debian build path (#514)
  * Bundle compat metadata script runner binary in package (#513)
  * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
  * Update startup/shutdown services to launch compat manager (#503)
  * Bundle new gce metadata script runner binary in agent package (#502)
  * Revert 'Revert bundling new binaries in the package (#509)' (#511)
  * Revert bundling new binaries in the package (#509)
  * Fix typo in windows build script (#501)
  * Include core plugin binary for all packages (#500)
  * Start packaging compat manager (#498)
  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
  * scripts: introduce a wrapper to locally build deb package (#490)
  * Introduce compat-manager systemd unit (#497)
- Version 20250317.00:
  * Revert 'Revert bundling new binaries in the package (#509)' (#511)
  * Revert bundling new binaries in the package (#509)
  * Fix typo in windows build script (#501)
  * Include core plugin binary for all packages (#500)
  * Start packaging compat manager (#498)
  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
  * scripts: introduce a wrapper to locally build deb package (#490)
  * Introduce compat-manager systemd unit (#497)
- Version 20250312.00:
  * Revert bundling new binaries in the package (#509)
  * Fix typo in windows build script (#501)
  * Include core plugin binary for all packages (#500)
  * Start packaging compat manager (#498)
  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
  * scripts: introduce a wrapper to locally build deb package (#490)
  * Introduce compat-manager systemd unit (#497)
- Version 20250305.00:
  * Revert bundling new binaries in the package (#509)
  * Fix typo in windows build script (#501)
  * Include core plugin binary for all packages (#500)
  * Start packaging compat manager (#498)
  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
  * scripts: introduce a wrapper to locally build deb package (#490)
  * Introduce compat-manager systemd unit (#497)
- Version 20250304.01:
  * Fix typo in windows build script (#501)
- Version 20250214.01:
  * Include core plugin binary for all packages (#500)
- Version 20250212.00:
  * Start packaging compat manager (#498)
  * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- Version 20250211.00:
  * scripts: introduce a wrapper to locally build deb package (#490)
  * Introduce compat-manager systemd unit (#497)
- Version 20250207.00:
  * vlan: toggle vlan configuration in debian packaging (#495)
  * vlan: move config out of unstable section (#494)
  * Add clarification to comments regarding invalid NICs and the
    `invalid` tag. (#493)
  * Include interfaces in lists even if it has an invalid MAC. (#489)
  * Fix windows package build failures (#491)
  * vlan: don't index based on the vlan ID (#486)
  * Revert PR #482 (#488)
  * Remove Amy and Zach from OWNERS (#487)
  * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
  * Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250204.02:
  * force concourse to move version forward.
- Version 20250204.01:
  * vlan: toggle vlan configuration in debian packaging (#495)
- Version 20250204.00:
  * vlan: move config out of unstable section (#494)
  * Add clarification to comments regarding invalid NICs and the
    `invalid` tag. (#493)
- Version 20250203.01:
  * Include interfaces in lists even if it has an invalid MAC. (#489)
- Version 20250203.00:
  * Fix windows package build failures (#491)
  * vlan: don't index based on the vlan ID (#486)
  * Revert PR #482 (#488)
  * Remove Amy and Zach from OWNERS (#487)
  * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
  * Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250122.00:
  * networkd(vlan): remove the interface in addition to config (#468)
  * Implement support for vlan dynamic removal, update dhclient to
    remove only if configured (#465)
  * Update logging library (#479)
  * Remove Pat from owners file. (#478)

-----------------------------------------------------------------
Advisory ID: 631
Released:    Thu Apr 23 08:55:28 2026
Summary:     Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1254670,1255066,1259619,1259859,CVE-2025-40309,CVE-2025-70873,CVE-2025-7709,CVE-2026-23268

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859).

-----------------------------------------------------------------
Advisory ID: 637
Released:    Fri Apr 24 12:00:57 2026
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1221126,1259543,1259803,CVE-2026-30922
This update for grub2 fixes the following issues:

- Fix missing install device check in grub2-install on PowerPC which could lead
  to bootlist corruption (bsc#1221126)
    * add mandatoryminstallmdevicemcheckmformPowerPC
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
    * btrfs: add ability to boot from subvolumes
    * btrfs: get default subvolume

-----------------------------------------------------------------
Advisory ID: 638
Released:    Fri Apr 24 12:02:01 2026
Summary:     Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1228081,1254293,1256427,1259418,1259650,1259697,1259859,CVE-2026-23268,CVE-2026-29111,CVE-2026-4105

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes one security issue

The following security issue was fixed:

- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859).

-----------------------------------------------------------------
Advisory ID: 640
Released:    Fri Apr 24 12:09:33 2026
Summary:     Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1158038,1247948,1252744,1253740,1257882,1258193,1259311,1259859,CVE-2026-23268

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes one security issue

The following security issue was fixed:

- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859).

-----------------------------------------------------------------
Advisory ID: 642
Released:    Fri Apr 24 12:10:11 2026
Summary:     Recommended update for cryptsetup, s390-tools
Type:        recommended
Severity:    important
References:  1241612,1258506,1259616,1261772,1261824,1262221,CVE-2026-32597
This update for cryptsetup, s390-tools fixes the following issues:

Changes in cryptsetup:

- Update to 2.8.4: (jsc#PED-15889)
  * Fix integritysetup resize (grow) of the device if integrity bitmap
    mode is used. Increasing the integrity device in bitmap mode did
    not work as integritysetup incorrectly used journal settings that
    were not applicable.
  * Fix device size status reports in cryptsetup and integritysetup.
    If the device uses a sector size larger than 512 bytes, the newly
    reported byte sizes (introduced in 2.8.0) in the status report
    were incorrectly displayed.
  * BITLK: Fix unlocking BitLocker device with recovery passphrase.
    If the recovery passphrase was present in the first keyslot, the
    device failed to unlock. This bug was introduced in 2.8.2 with
    Clear Key support.

- Update to 2.8.3:
  * Stable bug-fix release with minor extensions.

- Update to 2.8.2:
  * BITLK: Fix for BitLocker metadata validation on big-endian systems.

- Update to 2.8.1:
  * Fix status and deactivation of TCRYPT (VeraCrypt compatible) devices that use chained ciphers.
  * Fix unlocking BITLK (BitLocker compatible) devices with multibyte UTF8 characters in the passphrase.
  * Do not allow activation of the LUKS2 device if the used keyslot is not encrypted (it uses a null cipher).
    - Such a configuration cannot be created by cryptsetup, but can be crafted outside of it.
    - Null cipher is sometimes used to create an empty container for later reencryption.
    - Only an empty passphrase can activate such a container (the same as in LUKS1).
  * Do not silently decrease PBKDF parallel cost (threads) if set by an option.
    - The maximum parallel cost is limited to 4 threads.
  * Fixes to configuration and installation scripts.
    - Meson and autoconf tools now properly support --prefix option for temporary directory installation.
    - Multiple fixes and cleanups to config.h for compatibility between Meson and autoconf.
    - Fix the luks2-external-tokens-path Meson option to work the same as in autoconf.
    - Fix Meson install for tool binaries, install fvault2Open man page and include test/fuzz/meson.build in release.
  * Major update to manual pages.
    - Try to explain the PBKDF hardcoded limits.
    - Add a better explanation for automatic integrity tag recalculation.
    - Mention crypt/verity/integritytab.
    - Remove or reformulate some misleading warnings present only with old and no longer supported kernels.
    - Clarify that some commands do not wipe data and unify OPAL reset wording.
    - Clarify the --label option.
    - There are also many other grammar and stylistic fixes to unify the man-page style.
  * Fixes for false-positive and annoying (optional) warnings added in recent compilers.

- Update to 2.8.0:
  * Full release notes in:
    - https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes
  * Introduce support for inline mode (use HW sectors with additional hardware
    metadata space).
  * Finalize use of keyslot context API.
  * Make all keyslot context types fully self-contained.
  * Add --key-description and --new-key-description cryptsetup options.
  * Support more precise keyslot selection in reencryption initialization.
  * Allow reencryption to resume using token and volume keys.
  * Cryptsetup repair command now tries to check LUKS keyslot areas for corruption.
  * Opal2 SED: PSID keyfile is now expected to be 32 alphanumeric characters.
  * Opal2: Avoid the Erase method and use Secure Erase for locking range.
  * Opal2: Fix some error description (in debug only).
  * Opal2: Do not allow deferred deactivation.
  * Allow --reduce-device-size and --device-size combination for reencryption
    (encrypt) action.
  * Fix the userspace storage backend to support kernel 'capi:' cipher specification format.
  * Disallow conversion from LUKS2 to LUKS1 if kernel 'capi:' cipher specification is used.
  * Explicitly disallow kernel 'capi:' cipher specification format for LUKS2
    keyslot encryption.
  * Do not allow conversion of LUKS2 to LUKS1 if an unbound keyslot is present.
  * cryptsetup: Adjust the XTS key size for kernel 'capi:' cipher specification.
  * Remove keyslot warning about possible failure due to low memory.
  * Do not limit Argon2 KDF memory cost on systems with more than 4GB of available memory.
  * Properly report out of memory error for cryptographic backends implementing Argon2.
  * Avoid KDF2 memory cost overflow on 32-bit platforms.
  * Do not use page size as a fallback for device block size.
  * veritysetup: Check hash device size in advance.
  * Print a better error message for unsupported LUKS2 AEAD device resize.
  * Optimize LUKS2 metadata writes.
  * veritysetup: support --error-as-corruption option.
  * Report all sizes in status and dump command output in the correct units.
  * Add --integrity-key-size option to cryptsetup.
  * Support trusted and encrypted keyrings for plain devices.
  * Support plain format resize with a keyring key.
  * TCRYPT: Clear mapping of system-encrypted partitions.
  * TCRYPT: Print all information from the decrypted metadata header in
    the tcryptDump command.
  * Always lock the volume key structure in memory.
  * Do not run direct-io read check on block devices.
  * Fix a possible segfault in deferred deactivation.
  * Exclude cipher allocation time from the cryptsetup benchmark.
  * Add Mbed-TLS optional crypto backend.
  * Fix the wrong preprocessor use of #ifdef for config.h processed by Meson.
  * Reorganize license files. The license text files are now in docs/licenses.
    The COPYING file in the root directory is the default license.
  * Remove cc-by-sa-4.0.txt as already shipped now in docs/licenses
    and named as COPYING.CC-BY-SA-4.0.
  * Libcryptsetup API extensions. The libcryptsetup API is backward compatible
    with all existing symbols. Due to the self-contained memory allocation,
    these symbols have the new version:
    - crypt_keyslot_context_init_by_passphrase;
    - crypt_keyslot_context_init_by_keyfile;
    - crypt_keyslot_context_init_by_token;
    - crypt_keyslot_context_init_by_volume_key;
    - crypt_keyslot_context_init_by_signed_key;
    - crypt_keyslot_context_init_by_keyring;
    - crypt_keyslot_context_init_by_vk_in_keyring;
  * New symbols:
    - crypt_format_inline
    - crypt_get_old_volume_key_size
    - crypt_reencrypt_init_by_keyslot_context
    - crypt_safe_memcpy
  * New defines:
    - CRYPT_ACTIVATE_HIGH_PRIORITY
    - CRYPT_ACTIVATE_ERROR_AS_CORRUPTION
    - CRYPT_ACTIVATE_INLINE_MODE
    - CRYPT_REENCRYPT_CREATE_NEW_DIGEST
  * New requirement flag:
    - CRYPT_REQUIREMENT_INLINE_HW_TAGS

- Add a dependency on device-mapper to libcryptsetup12 to install
  the required device-mapper udev rules. [bsc#1241612]

Changes in s390-tools:

- Applied a patch to remove phmac_s390 kernel module load from dracut
- Applied tools-combined modified patch (bsc#1262221)
- Amended SUSE's 'pkey.conf'
- Re-vendor-ed vendor.tar.zst

- Applied patches (bsc#1261824, bsc#1261772)
  * Replace sort_field option with sort
  * hyptop opts Fix long command line option abbreviations
- Refactored the spec file for transactional and immutable OS
  * Modernized the .spec file for transactional and immutable OS environments.
  * Removed legacy suse_version and sle_version conditionals, standardizing on UsrMerge paths.
  * Replaced manual %pre group creations with systemd-sysusers configuration for ts-shell, zkeyadm, and cpacfstats.
  * Replaced hardcoded /var/log directory management with systemd-tmpfiles configuration.
  * Removed obsolete systemctl daemon-reload calls and consolidate standard %service_* systemd macros.
  * Dropped brittle dynamic file list generation (find/grep) in favor of explicit and deterministic %files declarations.
  * Resolved 'File listed twice' conflicts between the main package and chreipl-fcp-mpath subpackage.
  * Added missing BuildRequires for systemd-rpm-macros and sysuser-tools.
  * Fixed unpackaged files errors for mdevctl callouts, shell completions, and root /lib helpers.
  * Changed BuildArch to noarch for the chreipl-fcp-mpath subpackage.
- Added files (renamed from *.opensuse)
  * 59-graf.rules
  * dasd_configure
  * dasd_reload
  * detach_disks.sh
  * iucv_configure
  * killcdl
  * mkdump.pl
  * README.SUSE
  * virtsetup.sh
  * vmlogrdr.service
- Removed obolete files
  * 59-graf.rules.opensuse
  * 59-graf.rules.suse
  * dasd_configure.opensuse
  * dasd_configure.suse
  * dasd_reload.opensuse
  * dasd_reload.suse
  * detach_disks.sh.opensuse
  * detach_disks.sh.suse
  * iucv_configure.opensuse
  * iucv_configure.suse
  * killcdl.opensuse
  * killcdl.suse
  * mkdump.pl.opensuse
  * mkdump.pl.suse
  * README.SUSE.opensuse
  * README.SUSE.suse
  * virtsetup.sh.opensuse
  * virtsetup.sh.suse
  * vmlogrdr.service.opensuse
  * vmlogrdr.service.suse

- Upgrade s390-tools to version 2.41.0 (jsc#PED-14586, jsc#PED-15488)
- Changes of existing tools:
  * chreipl: Make --bootparms work for ECKD re-IPL
  * cpacfstats: Add 'unauthorized' state to CPU-MF counters
  * cpictl: Detect RHCOS using VARIANT_ID
  * hsci: Automatically set appropriate MTU for HSCI
  * libutil: Add util_readlink() and util_readlinkat() helpers
  * libutil: Add util_startswith() to util_str
  * libutil: Add utility parsing functions
  * lschp: Add support for structured output (--format)
  * lsreipl: Suppress 'clear' output if not supported
  * pvimg: Add '--format text' support to 'pvimg info'
  * pvimg: Add '--print-schema ' option to 'pvimg info'
  * pvimg: Add '--show-secrets' flag to 'pvimg info'
  * pvimg: Provide improved JSON output to 'pvimg info --format json'
  * pvinfo: Improve User experience on non-SE enabled systems
  * zipl/ngdump: Ensure ext4 file system is used on dump partition
  * zkey: Add support for integrity protected disks using HMAC keys
- Bug Fixes:
  * cpumf/pai: Handle different size of perf_event_attr
  * lscss: Fix memory leak
  * zipl: Fix dump job on tape devices
- Amended the .spec file (bsc#1258506)
  * 'Installing' all shipped rules from etc/udev/rules.d to /usr/lib/udev/rules.d
  * BuildRequires:  cryptsetup-devel >= 2.8.2
- Updated the code for IBM z17 machine type 9176:
  * read_values.c
  * cputype
  * Renamed cputype.1 to cputype.8 and amended
  * Amended read_values.8
- 'Improved' the read_values.c:
  * Added functionalities for '-a' and '-L attributes'
- Reworked and combined all s390-tools patches (jsc#PED-14586)
- Applied new combined patches
- Removed obsolete patches

-----------------------------------------------------------------
Advisory ID: 644
Released:    Mon Apr 27 13:20:01 2026
Summary:     Security update for container-suseconnect
Type:        security
Severity:    moderate
References:  1259845,CVE-2026-27135
This update for container-suseconnect fixes the following issues:

Changes in container-suseconnect:

- switch to build with go 1.25

-----------------------------------------------------------------
Advisory ID: 648
Released:    Tue Apr 28 11:48:34 2026
Summary:     Recommended update for mozilla-nss
Type:        recommended
Severity:    moderate
References:  1259963
This update for mozilla-nss fixes the following issues:

Changes in mozilla-nss:

Update to NSS 3.112.5:

* reject DTLS 1.3 Server Hello after HVR without capping ss->vrange.max.
* update to version 2.84 of builtins module.

- Added 'Suggests: p11-kit-nss-trust' to favor over mozilla-nss-certs (Jira: PED-15633)

Update to NSS 3.112.4:

  * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  * Improving the allocation of S/MIME DecryptSymKey.
  * store email on subject cache_entry in NSS trust domain.
  * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
  * Improve size calculations in CMS content buffering.
  * avoid integer overflow while escaping RFC822 Names.
  * Reject excessively large ASN.1 SEQUENCE OF in quickder.
  * Deep copy profile data in CERT_FindSMimeProfile.
  * Improve input validation in DSAU signature decoding.
  * avoid integer overflow in RSA_EMSAEncodePSS.
  * RSA_EMSAEncodePSS should validate the length of mHash.
  * Add a maximum cert uncompressed len and tests.
  * Clarify extension negotiation mechanism for TLS Handshakes.
  * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
  * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  * Remove invalid PORT_Free().
  * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  * make ss->ssl3.hs.cookie an owned-copy of the cookie.

Update to NSS 3.112.3:

  * avoid integer overflow in platform-independent ghash

- Move NSS DB password hash away from SHA-1

Update to NSS 3.112.2:

  * Prevent leaks during pkcs12 decoding.
  * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates

Update to NSS 3.112.1:

  * restore support for finding certificates by decoded serial number.

-----------------------------------------------------------------
Advisory ID: 651
Released:    Tue Apr 28 18:18:32 2026
Summary:     Security update for glibc-livepatches
Type:        security
Severity:    important
References:  1258311,1259825,1261209,CVE-2026-4046
This update for glibc-livepatches fixes the following issue:

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209).

-----------------------------------------------------------------
Advisory ID: 650
Released:    Tue Apr 28 18:22:53 2026
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1246399,CVE-2025-45582
This update for xfsprogs fixes the following issues:

- update to 6.19.0:
    * xfs_io:
        + print more realtime subvolume related information in statfs
        + fix fsmap help
    * mkfs:
        + fix log sunit automatic configuration
        + fix protofile data corruption when in/out file block sizes don't match
        + remove unnecessary return value affectation
        + quiet down warning about insufficient write zones
        + set rtstart from user-specified dblocks
    * libxfs: fix data corruption bug in libxfs_file_write
    * misc: fix a few memory leaks
    * mkfs.xfs fix sunit size on 512e and 4kN disks.
    * xfs_scrub_all: fix non-service-mode arguments to xfs_scrub
    * xfs: use blkdev_report_zones_cached()
    * include blkzoned.h in platform_defs.h
    * xfs_mdrestore: fix restoration on filesystems with 4k sectors
    * xfs_logprint: print log data to the screen in host-endian order

-----------------------------------------------------------------
Advisory ID: 654
Released:    Wed Apr 29 11:45:23 2026
Summary:     Security update for PackageKit
Type:        security
Severity:    important
References:  1259711,1259726,1259729,1262220,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778,CVE-2026-41651
This update for PackageKit fixes the following issues:

- CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE
  (bsc#1262220).

-----------------------------------------------------------------
Advisory ID: 655
Released:    Wed Apr 29 13:20:23 2026
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1246974,1249375,1258045,1258049,1258054,1258080,1258081,1260589,CVE-2025-8114,CVE-2025-8277,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-25645
This update for libssh fixes the following issues:

- Update to version 0.11.4:
- CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
- CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045)
- CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
- CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
- CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
- CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974)
- CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375)

-----------------------------------------------------------------
Advisory ID: 657
Released:    Wed Apr 29 16:14:51 2026
Summary:     Recommended update for python-urllib3
Type:        recommended
Severity:    moderate
References:  1254867,1260441,1260442,1260443,1260444,1260445,CVE-2025-66471,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for python-urllib3 fixes the following issue:

- Fix regression in CVE-2025-66471.patch (bsc#1254867)

-----------------------------------------------------------------
Advisory ID: 659
Released:    Wed Apr 29 16:19:47 2026
Summary:     Security update for ntfs-3g_ntfsprogs
Type:        security
Severity:    important
References:  1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438
This update for ntfs-3g_ntfsprogs fixes the following issue:

- CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216).

-----------------------------------------------------------------
Advisory ID: 660
Released:    Wed Apr 29 16:35:24 2026
Summary:     Security update for openexr
Type:        security
Severity:    important
References:  1260754,1260755,1262425,1262426,CVE-2026-33416,CVE-2026-33636,CVE-2026-40244,CVE-2026-40250
This update for openexr fixes the following issues:

- CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (bsc#1262426).
- CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic (bsc#1262425).

-----------------------------------------------------------------
Advisory ID: 662
Released:    Thu Apr 30 17:39:30 2026
Summary:     Recommended update for sysctl-logger
Type:        recommended
Severity:    moderate
References:  1257359,CVE-2025-9615
This update for sysctl-logger fixes the following issues:

- Update to v0.0.7:
    * Add systemd hardenings
    * Make output directory visible
- Specify LLVM version to use for SLES 15 SP7

-----------------------------------------------------------------
Advisory ID: 666
Released:    Sat May  2 11:18:56 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1260876,1262573,CVE-2026-31431,CVE-2026-34073

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573).


-----------------------------------------------------------------
Advisory ID: 672
Released:    Mon May  4 12:45:50 2026
Summary:     Security update for php-composer2
Type:        security
Severity:    important
References:  1255768,1261678,1262254,1262255,CVE-2025-67746,CVE-2026-28390,CVE-2026-40176,CVE-2026-40261
This update for php-composer2 fixes the following issues:

- CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker
  controlled remote sources (bsc#1255768).
- CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition (bsc#1262254).
- CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url (bsc#1262255).

-----------------------------------------------------------------
Advisory ID: 675
Released:    Tue May  5 02:19:27 2026
Summary:     Security update for openssl-3-x86_64-v3-livepatches
Type:        security
Severity:    critical
References:  1250410,1256876,1256878,1256880,1259271,1261809,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-9230,CVE-2026-4878
This update for openssl-3-x86_64-v3-livepatches fixes the following issues:

Changes in openssl-3-x86_64-v3-livepatches:

- Add package for libopenssl3-x86-64-v3-3.5.0 (bsc#1259271).

Fixed:

- CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification  (bsc#1256878).
- CVE-2025-15467: Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).
- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).
- CVE-2025-9230: Fixed Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) (bsc#1250410).

-----------------------------------------------------------------
Advisory ID: 676
Released:    Tue May  5 02:33:21 2026
Summary:     Security update for mozjs128
Type:        security
Severity:    important
References:  1222465,1234736,1259713,1259728,1259731,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for mozjs128 fixes the following issues:

- CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259728).
- CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing (bsc#1259713).
- CVE-2026-32778: libexpat: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
  (bsc#1259731).

-----------------------------------------------------------------
Advisory ID: 680
Released:    Tue May  5 09:18:26 2026
Summary:     Security update for strongswan
Type:        security
Severity:    important
References:  1261705,1261706,1261708,1261712,1261717,1261718,1261720,1261957,CVE-2026-34757,CVE-2026-35328,CVE-2026-35329,CVE-2026-35330,CVE-2026-35331,CVE-2026-35332,CVE-2026-35333,CVE-2026-35334
This update for strongswan fixes the following issues:

Update to version 6.0.6 (jsc#PED-16145).

Security issued fixed:

- CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712).
- CVE-2026-35329: NULL pointer dereference when processing padding in PKCS#7 (bsc#1261717).
- CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705).
- CVE-2026-35331: acceptance of certificates violating X.509 name constraints (bsc#1261718).
- CVE-2026-35332: NULL pointer dereference when handling ECDH public value in TLS (bsc#1261708).
- CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706).
- CVE-2026-35334: possible NULL pointer dereference in RSA decryption (bsc#1261720).

Other updates and bugfixes:

- Version 6.0.6.
  * Enhancements and Optimizations
    * Added the unique ID to the log messages when creating an IKE SA as responder and when deleting such a half-open
      SA
    * The credential factory now enforces an upper limit of 10 when creating nested credentials.
    * Added Georgian translation to the NM plugin.
  * Fixes
    * IKEv2 fragments with a total fragment count lower than before are now dropped as mandated by the RFC .
    * Fixed a potential out-of-bounds read when parsing EAP-SIM/AKA attributes with actual length field.
    * Fixed a potential out-of-bounds read when enumerating hashes in OCSP CERTREQ payloads .
    * Fixed a potential crash in the vici plugin when parsing messages that encode the length of a VICI_LIST_ITEM
      incorrectly.
    * Avoid allocating a large buffer for TLS cipher suites on the stack using alloca().
    * Ensure TLS 1.3 CertificateRequest structures are valid on the client.
    * Prevent an infinite loop if the EAP-SIM version list on the client contains more than one entry .
    * Fixed a crash in the tnccs_11 plugin if TNCCS-ReasonStrings is empty or only contains empty nodes .
    * Fixed verification of RSA signatures with SHA3-224 via botan plugin.
    * Close the internal IPv6 socket when a tun_device_t is destroyed .
    * Update the address family in the SA selector when the addresses of a tunnel mode IPsec SA change in the
      kernel-netlink plugin.
- Version 6.0.5:
  * Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs that can lead to resource
    exhaustion or a crash.
  * The new `icmp` option enables the forwarding of certain ICMP error messages (e.g. Fragmentation Needed), even if
    their source address doesn't match the negotiated traffic selectors, when running on Linux kernels that support this
    (v6.9+).
  * charon-cmd now supports childless IKE SA initiation with the `--childless` option.
  * The dhcp plugin now keeps track of address leases across make-before-break reauthentications to avoid releasing the
    address when the old SA is terminated
  * Added support for `organizationIdentifier` RDNs, which are used in e.g. eIDAS certificates, when parsing ASN.1 DN
    identities from strings.

-----------------------------------------------------------------
Advisory ID: 681
Released:    Tue May  5 11:00:09 2026
Summary:     Recommended update for translate-suse-desktop
Type:        recommended
Severity:    moderate
References:  1259924,CVE-2025-69720
This update for translate-suse-desktop fixes the following issue:

- Provide translate-suse-desktop to released products (PED-13823)

-----------------------------------------------------------------
Advisory ID: 688
Released:    Tue May  5 19:30:28 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1261630,1261845,1262144,1263689,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431,CVE-2026-5958

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.28.1 fixes various security issues

The following security issues were fixed:

- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630).
- CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689).


-----------------------------------------------------------------
Advisory ID: 692
Released:    Tue May  5 21:51:56 2026
Summary:     Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1252048,1258005,1258655,1259126,1261630,1261845,1263689,1935995,1964722,2009552,2019224,2019357,2023207,2023209,2026089,2026156,2026311,2027345,2027365,2027378,2028001,2029323,2029425,2029462,2029752,2030135,2033783,2034185,CVE-2025-39977,CVE-2025-71066,CVE-2026-23004,CVE-2026-23204,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
  (bsc#1258005).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126).
- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630).
- CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689).


-----------------------------------------------------------------
Advisory ID: 695
Released:    Tue May  5 22:45:33 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1252048,1258005,1258655,1259126,1259362,1261630,1261845,1262631,1262632,1262635,1262636,1262638,1263689,CVE-2025-39977,CVE-2025-71066,CVE-2026-1965,CVE-2026-23004,CVE-2026-23204,CVE-2026-23437,CVE-2026-31406,CVE-2026-31431,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252048).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
  (bsc#1258005).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1258655).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126).
- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630).
- CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689).


-----------------------------------------------------------------
Advisory ID: 701
Released:    Wed May  6 02:05:54 2026
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1263366,1263367,CVE-2026-40355,CVE-2026-40356
This update for apparmor fixes the following issues:

Changes in apparmor:

- Use systemd-tmpfiles for path creation (jsc#PED-14916, jsc#PED-14917)
- Update to AppArmor 4.1.7
  - profile updates
  - minor fixes in parser and program utilities
  - update %files for new python LibAppArmor location
- Fix file list to match all possible LibAppArmor module names
- Updating kerberosclient utility
- Removed dovecot upstreamed patches

-----------------------------------------------------------------
Advisory ID: 708
Released:    Wed May  6 12:44:56 2026
Summary:     Recommended update for libselinux
Type:        recommended
Severity:    moderate
References:  1261639,1262223,CVE-2026-41035
This update for libselinux fixes the following issues:

- Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639)
    * otherwise we can not add equivalencies that overload each other in the policy
    * libselinux: retain LIFO order for path substitutions

-----------------------------------------------------------------
Advisory ID: 710
Released:    Wed May  6 14:43:17 2026
Summary:     Recommended update for python-hatchling
Type:        recommended
Severity:    moderate
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for python-hatchling fixes the following issues:

Changes in python-hatchling:

- Convert to libalternatives on SLE-16-based and newer systems only

-----------------------------------------------------------------
Advisory ID: 714
Released:    Wed May  6 20:19:25 2026
Summary:     Security update for libtpms
Type:        security
Severity:    moderate
References:  1204562,1234383,1243005,1244528,1248660,1254324,1260439,CVE-2024-58251,CVE-2025-49133,CVE-2026-21444
This update for libtpms fixes the following issues:

- CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528).
- CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector (IV) handling
  (bsc#1260439).

-----------------------------------------------------------------
Advisory ID: 715
Released:    Thu May  7 09:31:57 2026
Summary:     Security update for iproute2
Type:        security
Severity:    low
References:  1241316,1253044,1254324,CVE-2024-58251
This update for iproute2 fixes the following issues:

Security issues fixed:

- CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in `argv[0]` (bsc#1254324).

Other updates and bugfixes:

- Fix package for immutable mode (jsc#PED-14787).
- Add netshaper support (bsc#1253044).
- Add follow-up fixes included by upstream after the 6.12 release (bsc#1241316):
  * Parse FQ band weights correctly
  * bond: fix stack smash in xstats
  * ip: support setting multiple features
  * tc: gred: fix debug print

-----------------------------------------------------------------
Advisory ID: 720
Released:    Thu May  7 18:05:16 2026
Summary:     Recommended update for gtk-vnc
Type:        recommended
Severity:    moderate
References:  1201840,1202970,1204538,1234100,1234101,1234102,1234103,1234104,1235475,1251850,1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2022-29154,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for gtk-vnc fixes the following issues:

- Fixed that removal of spice led to a regression in functionality, specifically for graphical console copy paste (bsc#1251850)

-----------------------------------------------------------------
Advisory ID: 721
Released:    Thu May  7 18:13:26 2026
Summary:     Recommended update for elemental-toolkit
Type:        recommended
Severity:    moderate
References:  1261606,CVE-2026-27456
This update for elemental-toolkit fixes the following issues:

Changes in elemental-toolkit:

- Drop upstream reproducible build patch.

-----------------------------------------------------------------
Advisory ID: 723
Released:    Fri May  8 10:01:26 2026
Summary:     Recommended update for suseconnect-ng
Type:        recommended
Severity:    important
References:  1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155,1261280,CVE-2026-34743
This update for suseconnect-ng fixes the following issues:

- Update version to 1.21.1:
    * Fix nil token handling (bsc#1261155)
    * Switch to using go1.24-openssl as the default Go version to
      install to support building the package (jsc#SCC-585).
- Update version to 1.21:
    * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226).
    * Support new profile based metric collection
    * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667)
    * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260).
    * Removed backport patch
    * Add missing product id to allow yast2-registration to not break (bsc#1257825)
    * Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
    * Ignore product in announce call (bsc#1257490)
    * Registration to SMT server with failed (bsc#1257625)
- Update version to 1.20:
    * Update error message for Public Cloud instances with registercloudguest  installed.
      SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861)
    * Enhanced SAP detected. Take TREX into account and remove empty values when
      only /usr/sap but no installation exists (bsc#1241002)
    * Fixed modules and extension link to point to version less documentation. (bsc#1239439)
    * Fixed SAP instance detection (bsc#1244550)
    * Remove link to extensions documentation (bsc#1239439)
    * Migrate to the public library
- Version 1.14 public library release:
  This version is only available on Github as a tag to release the
  new golang public library which can be consumed without the need
  to interface with SUSEConnect directly.

-----------------------------------------------------------------
Advisory ID: 734
Released:    Tue May 12 17:13:15 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1264449,1264450,1265428,1265758,CVE-2026-33814,CVE-2026-41888,CVE-2026-43284,CVE-2026-43500

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

Dirty Frag fixes: 

- CVE-2026-43500: supported.conf: drop rxrpc completely (bsc#1264450)
- CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449).



-----------------------------------------------------------------
Advisory ID: 749
Released:    Thu May 14 18:43:27 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1254441,1262223,CVE-2025-10158,CVE-2026-41035
This update for rsync fixes the following issues

- CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441).
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).

-----------------------------------------------------------------
Advisory ID: 753
Released:    Fri May 15 18:52:59 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1264013,1265209,CVE-2025-54518,CVE-2026-46300

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013).
- CVE-2026-46300: net: skbuff: propagate shared-frag marker through pskb_copy() (bsc#1265209).

-----------------------------------------------------------------
Advisory ID: 761
Released:    Mon May 18 07:38:10 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

-----------------------------------------------------------------
Advisory ID: 780
Released:    Mon May 18 16:13:40 2026
Summary:     Recommended update for the Linux Kernel
Type:        recommended
Severity:    important
References:  1265308,CVE-2026-46333

The SUSE Linux Enterprise 16.0 kernel was updated to fix one issue

The following non security issue was fixed:

- CVE-2026-46333: Fixed logic bug in the Linux kernel's __ptrace_may_access() function (bsc#1265308).

-----------------------------------------------------------------
Advisory ID: 803
Released:    Tue May 26 14:14:16 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).

-----------------------------------------------------------------
Advisory ID: 808
Released:    Wed May 27 18:43:58 2026
Summary:     Recommended update for dbus-broker
Type:        recommended
Severity:    moderate
References:  1255678
This update for dbus-broker fixes the following issues:

- Fix timeout on ssh due to not handling ESRCH (bsc#1255678)

-----------------------------------------------------------------
Advisory ID: 814
Released:    Thu May 28 14:58:58 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1215199,1234634,1241259,1243603,1248754,1249104,1250951,1253471,1254518,1255160,1255360,1255459,1255752,1256288,1256865,1256867,1258518,1258718,1258826,1258849,1258850,1258854,1258855,1258856,1258857,1258933,1258961,1259186,1259199,1259222,1259420,1259461,1259535,1259672,1259799,1259806,1259857,1259865,1259868,1259869,1259871,1259873,1259878,1259889,1259994,1260010,1260012,1260018,1260428,1260468,1260483,1260484,1260485,1260489,1260504,1260505,1260507,1260514,1260523,1260526,1260528,1260529,1260530,1260531,1260532,1260533,1260536,1260537,1260538,1260541,1260546,1260549,1260551,1260552,1260555,1260561,1260562,1260566,1260571,1260572,1260573,1260576,1260580,1260581,1260593,1260613,1260728,1260729,1260731,1260798,1260800,1260801,1260807,1260811,1260996,1261020,1261149,1261287,1261288,1261295,1261348,1261410,1261503,1261504,1261505,1261550,1261555,1261581,1261582,1261584,1261585,1261592,1261601,1261602,1261617,1261618,1261629,1261632,1261635,1261636,1261637,1261638,1261641,1
 261644,1261645,1261648,1261679,1261685,1261686,1261687,1261692,1261694,1261700,1261702,1261703,1261707,1261710,1261713,1261714,1261719,1261738,1261750,1261751,1261752,1261768,1261778,1261779,1261780,1261781,1261786,1261788,1261789,1261796,1261797,1261896,1262019,1262053,1262054,1262055,1262061,1262063,1262074,1262078,1262086,1262087,1262099,1262100,1262101,1262179,1262181,1262245,1262250,1262480,1262601,1262616,1262617,1262627,1262662,1262665,1262671,1262673,1262709,1262725,1262731,1262750,1262752,1262758,1263001,1263012,1263018,1263044,1263048,1263052,1263064,1263074,1263077,1263085,1263093,1263095,1263104,1263107,1263131,1263135,1263138,1263140,1263141,1263165,1263176,1263255,1263556,1263562,1263582,1263592,1263593,1263595,1263596,1263604,1263668,1263815,1263882,1263901,1263931,1263933,1263942,1263995,1264014,1264059,1264082,1264097,1264183,1264233,1264427,1264469,1264586,1264674,1264837,1264848,1265085,1265116,1265119,1265144,1265308,1265421,1265449,1265456,1265626,1265846,126596
 0,CVE-2023-2058,CVE-2024-14027,CVE-2025-40181,CVE-2025-40219,CVE-2025-68265,CVE-2025-68310,CVE-2025-71238,CVE-2025-71268,CVE-2025-71269,CVE-2025-71302,CVE-2026-23168,CVE-2026-23209,CVE-2026-23236,CVE-2026-23237,CVE-2026-23245,CVE-2026-23246,CVE-2026-23253,CVE-2026-23260,CVE-2026-23261,CVE-2026-23264,CVE-2026-23266,CVE-2026-23268,CVE-2026-23269,CVE-2026-23271,CVE-2026-23273,CVE-2026-23276,CVE-2026-23279,CVE-2026-23290,CVE-2026-23291,CVE-2026-23298,CVE-2026-23300,CVE-2026-23307,CVE-2026-23312,CVE-2026-23313,CVE-2026-23315,CVE-2026-23316,CVE-2026-23317,CVE-2026-23318,CVE-2026-23321,CVE-2026-23324,CVE-2026-23325,CVE-2026-23334,CVE-2026-23336,CVE-2026-23339,CVE-2026-23340,CVE-2026-23346,CVE-2026-23347,CVE-2026-23351,CVE-2026-23354,CVE-2026-23357,CVE-2026-23360,CVE-2026-23362,CVE-2026-23363,CVE-2026-23365,CVE-2026-23367,CVE-2026-23368,CVE-2026-23369,CVE-2026-23370,CVE-2026-23372,CVE-2026-23373,CVE-2026-23374,CVE-2026-23375,CVE-2026-23378,CVE-2026-23382,CVE-2026-23387,CVE-2026-23391,CVE-20
 26-23392,CVE-2026-23395,CVE-2026-23396,CVE-2026-23397,CVE-2026-23399,CVE-2026-23401,CVE-2026-23403,CVE-2026-23404,CVE-2026-23405,CVE-2026-23406,CVE-2026-23407,CVE-2026-23408,CVE-2026-23409,CVE-2026-23410,CVE-2026-23411,CVE-2026-23417,CVE-2026-23418,CVE-2026-23420,CVE-2026-23426,CVE-2026-23434,CVE-2026-23436,CVE-2026-23437,CVE-2026-23440,CVE-2026-23441,CVE-2026-23442,CVE-2026-23443,CVE-2026-23445,CVE-2026-23446,CVE-2026-23447,CVE-2026-23448,CVE-2026-23449,CVE-2026-23450,CVE-2026-23452,CVE-2026-23454,CVE-2026-23455,CVE-2026-23456,CVE-2026-23457,CVE-2026-23458,CVE-2026-23460,CVE-2026-23461,CVE-2026-23462,CVE-2026-23463,CVE-2026-23464,CVE-2026-23465,CVE-2026-23466,CVE-2026-23468,CVE-2026-23470,CVE-2026-23472,CVE-2026-23473,CVE-2026-23474,CVE-2026-23475,CVE-2026-31389,CVE-2026-31392,CVE-2026-31393,CVE-2026-31394,CVE-2026-31395,CVE-2026-31400,CVE-2026-31402,CVE-2026-31403,CVE-2026-31405,CVE-2026-31406,CVE-2026-31407,CVE-2026-31408,CVE-2026-31411,CVE-2026-31412,CVE-2026-31415,CVE-2026-3141
 6,CVE-2026-31417,CVE-2026-31420,CVE-2026-31421,CVE-2026-31422,CVE-2026-31423,CVE-2026-31424,CVE-2026-31425,CVE-2026-31426,CVE-2026-31427,CVE-2026-31428,CVE-2026-31435,CVE-2026-31449,CVE-2026-31453,CVE-2026-31456,CVE-2026-31470,CVE-2026-31494,CVE-2026-31496,CVE-2026-31503,CVE-2026-31504,CVE-2026-31505,CVE-2026-31507,CVE-2026-31515,CVE-2026-31519,CVE-2026-31525,CVE-2026-31526,CVE-2026-31528,CVE-2026-31533,CVE-2026-31547,CVE-2026-31550,CVE-2026-31554,CVE-2026-31565,CVE-2026-31579,CVE-2026-31586,CVE-2026-31588,CVE-2026-31644,CVE-2026-31649,CVE-2026-31658,CVE-2026-31662,CVE-2026-31666,CVE-2026-31668,CVE-2026-31669,CVE-2026-31675,CVE-2026-31678,CVE-2026-31679,CVE-2026-31681,CVE-2026-31682,CVE-2026-31684,CVE-2026-31685,CVE-2026-31691,CVE-2026-31694,CVE-2026-31700,CVE-2026-31738,CVE-2026-31787,CVE-2026-43009,CVE-2026-43025,CVE-2026-43027,CVE-2026-43037,CVE-2026-43038,CVE-2026-43045,CVE-2026-43050,CVE-2026-43060,CVE-2026-43082,CVE-2026-43088,CVE-2026-43153,CVE-2026-43190,CVE-2026-43265,CVE-2
 026-43329,CVE-2026-43365,CVE-2026-43366,CVE-2026-43441,CVE-2026-43494,CVE-2026-43503,CVE-2026-46333

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
- CVE-2024-14027: xattr: switch to CLASS(fd) (bsc#1259420).
- CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP (bsc#1253471).
- CVE-2025-68265: nvme: fix admin request_queue lifetime (bsc#1255360).
- CVE-2025-68310: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (bsc#1255160).
- CVE-2025-71302: drm/panthor: fix for dma-fence safe access rules (bsc#1264837).
- CVE-2026-23168: flex_proportions: make fprop_new_period() hardirq safe (bsc#1258826).
- CVE-2026-23245: net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1259799).
- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).
- CVE-2026-23276: net: add xmit recursion limit to tunnel xmit functions (bsc#1260012).
- CVE-2026-23300: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (bsc#1260538).
- CVE-2026-23313: i40e: Fix preempt count leak in napi poll tracepoint (bsc#1260555).
- CVE-2026-23316: net: ipv4: fix ARM64 alignment fault in multipath hash seed (bsc#1260573).
- CVE-2026-23321: mptcp: pm: in-kernel: always mark signal+subflow endp as used (bsc#1260505).
- CVE-2026-23340: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (bsc#1260523).
- CVE-2026-23346: arm64: io: Rename ioremap_prot() to __ioremap_prot() (bsc#1260529).
- CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (bsc#1260526).
- CVE-2026-23354: x86/fred: Correct speculative safety in fred_extint() (bsc#1260801).
- CVE-2026-23368: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (bsc#1260530).
- CVE-2026-23374: blktrace: fix __this_cpu_read/write in preemptible context (bsc#1260811).
- CVE-2026-23375: mm: thp: deny THP for files on anonymous inodes (bsc#1260576).
- CVE-2026-23378: net/sched: act_ife: Fix metalist update behavior (bsc#1260546).
- CVE-2026-23391: netfilter: xt_CT: drop pending enqueued packets on template removal (bsc#1260566).
- CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).
- CVE-2026-23397: nfnetlink_osf: validate individual option lengths in fingerprints (bsc#1260728).
- CVE-2026-23399: nf_tables: nft_dynset: fix possible stateful expression memleak in error path (bsc#1261020).
- CVE-2026-23417: bpf: Fix constant blinding for PROBE_MEM32 stores (bsc#1261410).
- CVE-2026-23436: net: add helpers for lookup and walking netdevs under netdev_lock() (bsc#1261617).
- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261635).
- CVE-2026-23440: net/mlx5e: Fix race condition during IPSec ESN update (bsc#1261641).
- CVE-2026-23441: net/mlx5e: Prevent concurrent access to IPSec ASO context (bsc#1261768).
- CVE-2026-23442: ipv6: add NULL checks for idev in SRv6 paths (bsc#1261581).
- CVE-2026-23445: igc: fix page fault in XDP TX timestamps handling (bsc#1261702).
- CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit (bsc#1261779).
- CVE-2026-23450: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (bsc#1261584).
- CVE-2026-23455: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (bsc#1261687).
- CVE-2026-23456: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (bsc#1261703).
- CVE-2026-23457: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (bsc#1261686).
- CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (bsc#1261781).
- CVE-2026-23468: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (bsc#1261692).
- CVE-2026-23472: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (bsc#1261636).
- CVE-2026-23473: io_uring/poll: fix multishot recv missing EOF on wakeup race (bsc#1261694).
- CVE-2026-31392: smb: client: fix krb5 mount with username option (bsc#1261788).
- CVE-2026-31395: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler (bsc#1261786).
- CVE-2026-31400: sunrpc: fix cache_request leak in cache_release (bsc#1261645).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).
- CVE-2026-31403: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (bsc#1261796).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261629).
- CVE-2026-31407: netfilter: conntrack: add missing netlink policy validations (bsc#1261632).
- CVE-2026-31411: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (bsc#1261752).
- CVE-2026-31415: ipv6: avoid overflows in ip6_datagram_send_ctl() (bsc#1262099).
- CVE-2026-31416: netfilter: nfnetlink_log: account for netlink header size (bsc#1262100).
- CVE-2026-31420: bridge: mrp: reject zero test interval to avoid OOM panic (bsc#1262055).
- CVE-2026-31421: net/sched: cls_fw: fix NULL pointer dereference on shared blocks (bsc#1262061).
- CVE-2026-31422: net/sched: cls_flow: fix NULL pointer dereference on shared blocks (bsc#1262054).
- CVE-2026-31423: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (bsc#1262063).
- CVE-2026-31424: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (bsc#1262053).
- CVE-2026-31425: rds: ib: reject FRMR registration before IB connection is established (bsc#1262074).
- CVE-2026-31427: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (bsc#1262086).
- CVE-2026-31428: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (bsc#1262087).
- CVE-2026-31435: netfs: Fix read abandonment during retry (bsc#1262601).
- CVE-2026-31449: ext4: validate p_idx bounds in ext4_ext_correct_indexes (bsc#1262616).
- CVE-2026-31453: xfs: avoid dereferencing log items after push callbacks (bsc#1262617).
- CVE-2026-31456: mm/pagewalk: fix race between concurrent split and refault (bsc#1262627).
- CVE-2026-31494: net: cadence: macb: Synchronize stats calculations (bsc#1262671).
- CVE-2026-31496: netfilter: nf_conntrack_expect: skip expectations in other netns via proc (bsc#1262673).
- CVE-2026-31503: udp: Fix wildcard bind conflict check when using hash2 (bsc#1263077).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263085).
- CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (bsc#1263093).
- CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (bsc#1263095).
- CVE-2026-31515: af_key: validate families in pfkey_send_migrate() (bsc#1262752).
- CVE-2026-31519: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (bsc#1263012).
- CVE-2026-31525: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (bsc#1262725).
- CVE-2026-31526: bpf: Fix exception exit lock checking for subprogs (bsc#1262662).
- CVE-2026-31528: perf: Make sure to use pmu_ctx->pmu for groups (bsc#1263001).
- CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262758).
- CVE-2026-31547: drm/xe: Fix missing runtime PM reference in ccs_mode_store (bsc#1263018).
- CVE-2026-31550: pmdomain: bcm: bcm2835-power: Increase ASB control timeout (bsc#1263104).
- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263107).
- CVE-2026-31565: RDMA/irdma: Fix deadlock during netdev reset with active connections (bsc#1263064).
- CVE-2026-31579: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit (bsc#1263074).
- CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263176).
- CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small write values (bsc#1263165).
- CVE-2026-31644: net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (bsc#1263048).
- CVE-2026-31649: net: stmmac: fix integer underflow in chain mode (bsc#1263582).
- CVE-2026-31658: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (bsc#1263052).
- CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1263131).
- CVE-2026-31666: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (bsc#1263138).
- CVE-2026-31668: seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1263140).
- CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1263141).
- CVE-2026-31675: net/sched: sch_netem: fix out-of-bounds access in packet corruption (bsc#1263556).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31679: openvswitch: validate MPLS set/set_masked payload length (bsc#1263592).
- CVE-2026-31681: netfilter: xt_multiport: validate range encoding in checkentry (bsc#1263593).
- CVE-2026-31682: bridge: br_nd_send: linearize skb before parsing ND options (bsc#1263595).
- CVE-2026-31684: net: sched: act_csum: validate nested VLAN headers (bsc#1263596).
- CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).
- CVE-2026-31691: igb: remove napi_synchronize() in igb_down() (bsc#1263604).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
- CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (bsc#1263882).
- CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create (bsc#1264059).
- CVE-2026-31787: xen/privcmd: fix double free via VMA splitting (bsc#1262181).
- CVE-2026-43009: bpf: Fix incorrect pruning due to atomic fetch precision tracking (bsc#1264014).
- CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1263931).
- CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1263933).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (bsc#1264097).
- CVE-2026-43045: mshv: Refactor and rename memory region handling functions (bsc#1263942).
- CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable() (bsc#1264082).
- CVE-2026-43060: netfilter: nft_ct: drop pending enqueued packets on removal (bsc#1264183).
- CVE-2026-43082: net: txgbe: leave space for null terminators on property_entry (bsc#1264233).
- CVE-2026-43088: net: af_key: zero aligned sockaddr tail in PF_KEY exports (bsc#1264469).
- CVE-2026-43153: xfs: remove xfs_attr_leaf_hasname (bsc#1264586).
- CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).
- CVE-2026-43265: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (bsc#1264427).
- CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of actions (bsc#1265085).
- CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
- CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265116).
- CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1264674).
- CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-transfer helpers (bsc#1265960).

The following non security issues were fixed:

- accel/qaic: Add overflow check to remap_pfn_range during mmap (git-fixes).
- ACPI: AGDI: fix missing newline in error message (git-fixes).
- ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug (git-fixes).
- ACPI: scan: Use acpi_dev_put() in object add error paths (git-fixes).
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770 AIO (git-fixes).
- ACPI: video: force native backlight on HP OMEN 16 (8A44) (stable-fixes).
- ACPI: video: Move Lenovo Legion S7 15ACH6 quirk to the right section (git-fixes).
- ALSA: 6fire: Fix input volume change detection (git-fixes).
- ALSA: 6fire: fix use-after-free on disconnect (git-fixes).
- ALSA: aoa: i2sbus: clear stale prepared state (git-fixes).
- ALSA: aoa: i2sbus: fix OF node lifetime handling (git-fixes).
- ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (git-fixes).
- ALSA: aoa: Use guard() for mutex locks (stable-fixes).
- ALSA: asihpi: avoid write overflow check warning (stable-fixes).
- ALSA: caiaq: Don't abort when no input device is available (git-fixes).
- ALSA: caiaq: Fix control_put() result and cache rollback (git-fixes).
- ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (git-fixes).
- ALSA: caiaq: fix usb_dev refcount leak on probe failure (git-fixes).
- ALSA: caiaq: Handle probe errors properly (git-fixes).
- ALSA: caiaq: take a reference on the USB device in create_card() (git-fixes).
- ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (git-fixes).
- ALSA: core: Fix potential data race at fasync handling (git-fixes).
- ALSA: core: Serialize deferred fasync state checks (git-fixes).
- ALSA: core: Validate compress device numbers without dynamic minors (git-fixes).
- ALSA: ctxfi: Add fallback to default RSR for S/PDIF (git-fixes).
- ALSA: ctxfi: Fix missing SPDIFI1 index handling (stable-fixes).
- ALSA: ctxfi: Limit PTP to a single page (git-fixes).
- ALSA: firewire-tascam: Do not drop unread control events (git-fixes).
- ALSA: fireworks: bound device-supplied status before string array lookup (git-fixes).
- ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound update (git-fixes).
- ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (stable-fixes).
- ALSA: hda/realtek: add quirk for Framework F111:000F (stable-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (stable-fixes).
- ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}') (git-fixes).
- ALSA: hda: cs35l41: Put ACPI device on missing physical node (git-fixes).
- ALSA: hda: cs35l56: Propagate ASP TX source control errors (git-fixes).
- ALSA: hda: cs35l56: Put ACPI device after setting companion (git-fixes).
- ALSA: hda: Fix NULL pointer dereference in snd_hda_ctl_add() (git-fixes).
- ALSA: misc: Use guard() for spin locks (stable-fixes).
- ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (stable-fixes).
- ALSA: pcmtest: fix reference leak on failed device registration (git-fixes).
- ALSA: pcmtest: Fix resource leaks in module init error paths (git-fixes).
- ALSA: pcmtest: Return -EFAULT on pattern read copy failure (git-fixes).
- ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes).
- ALSA: scarlett2: Add missing error check when initialise Autogain Status (git-fixes).
- ALSA: scarlett2: Add missing sentinel initializer field (git-fixes).
- ALSA: seq: Notify client and port info changes (stable-fixes).
- ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (stable-fixes).
- ALSA: usb-audio: Avoid false E-MU sample-rate notifications (git-fixes).
- ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Evaluate packsize caps at the right place (git-fixes).
- ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (git-fixes).
- ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams (git-fixes).
- ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (stable-fixes).
- ALSA: usb-audio: Fix UAC3 cluster descriptor size check (git-fixes).
- ALSA: usb-audio: midi2: Restart output URBs on resume (git-fixes).
- ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (git-fixes).
- ALSA: virtio: drop an extaneous kernel-doc comment (git-fixes).
- amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2 (stable-fixes).
- ASoC: amd: acp: Add DMI quirk for Valve Steam Deck OLED (git-fixes).
- ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (stable-fixes).
- ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table (stable-fixes).
- ASoC: codecs: ab8500: Fix casting of private data (git-fixes).
- ASoC: cs35l56: Destroy workqueue in probe error path (git-fixes).
- ASoC: cs35l56: Don't use devres to unregister component (git-fixes).
- ASoC: cs35l56: Fix hibernate write in runtime resume error path (git-fixes).
- ASoC: fsl_easrc: Change the type for iec958 channel status controls (git-fixes).
- ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits() (git-fixes).
- ASoC: fsl_easrc: fix comment typo (git-fixes).
- ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits() (git-fixes).
- ASoC: fsl_micfil: Add access property for 'VAD Detected' (git-fixes).
- ASoC: fsl_micfil: Fix event generation in hwvad_put_enable() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in micfil_quality_set() (git-fixes).
- ASoC: fsl_xcvr: Fix event generation for cached controls (git-fixes).
- ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put() (git-fixes).
- ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put() (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error (git-fixes).
- ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop (git-fixes).
- ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens (git-fixes).
- ASoC: qcom: q6apm: move component registration to unmanaged version (git-fixes).
- ASoC: qcom: q6apm: remove child devices when apm is removed (git-fixes).
- ASoC: qcom: qdsp6: topology: check widget type before accessing data (git-fixes).
- ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (stable-fixes).
- ASoC: SOF: compress: return the configured codec from get_params (git-fixes).
- ASoC: SOF: Don't allow pointer operations on unconfigured streams (git-fixes).
- ASoC: SOF: Intel: hda: Place check before dereference (git-fixes).
- ASoC: SOF: topology: reject invalid vendor array size in token parser (stable-fixes).
- ASoC: sti: Return errors from regmap_field_alloc() (git-fixes).
- ASoC: sti: use managed regmap_field allocations (git-fixes).
- ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (stable-fixes).
- ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (stable-fixes).
- backlight: sky81452-backlight: Check return value of devm_gpiod_get_optional() in sky81452_bl_parse_dt() (git-fixes).
- batman-adv: bla: only purge non-released claims (git-fixes).
- batman-adv: bla: prevent use-after-free when deleting claims (git-fixes).
- batman-adv: bla: put backbone reference on failed claim hash insert (git-fixes).
- batman-adv: fix integer overflow on buff_pos (git-fixes).
- batman-adv: hold claim backbone gateways by reference (git-fixes).
- batman-adv: reject new tp_meter sessions during teardown (git-fixes).
- batman-adv: reject oversized global TT response buffers (git-fixes).
- batman-adv: stop caching unowned originator pointers in BAT IV (git-fixes).
- bitfield: Add FIELD_MODIFY() helper (jsc#PED-14238).
- Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (git-fixes).
- Bluetooth: btmtk: validate WMT event SKB length before struct access (git-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (bsc#1260996).
- Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (git-fixes).
- Bluetooth: hci_event: fix memset typo (git-fixes).
- Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt (git-fixes).
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (git-fixes).
- Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error (git-fixes).
- Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem (git-fixes).
- Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() (git-fixes).
- Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (git-fixes).
- Bluetooth: l2cap: fix MPS check in l2cap_ecred_reconf_req (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() (git-fixes).
- Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU (git-fixes).
- Bluetooth: RFCOMM: pull credit byte with skb_pull_data() (git-fixes).
- Bluetooth: SCO: check for codecs->num_codecs == 1 before assigning to sco_pi(sk)->codec (git-fixes).
- Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready (git-fixes).
- Bluetooth: SCO: hold sk properly in sco_conn_ready (git-fixes).
- Bluetooth: virtio_bt: clamp rx length before skb_put (git-fixes).
- Bluetooth: virtio_bt: validate rx pkt_type header length (git-fixes).
- bpf: Add third round of bounds deduction (git-fixes).
- bpf: Fix u32/s32 bounds when ranges cross min/max boundary (git-fixes).
- bpf: Improve bounds when s64 crosses sign boundary (git-fixes).
- bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI (git-fixes).
- btrfs: qgroup: update all parent qgroups when doing quick inherit (bsc#1258933).
- btrfs: reject root items with drop_progress and zero drop_level (git-fixes).
- btrfs: replace BUG() with error handling in __btrfs_balance() (git-fixes).
- bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays (git-fixes).
- bus: rifsc: fix RIF configuration check for peripherals (git-fixes).
- can: mcp251x: add error handling for power enable in open and resume (stable-fixes).
- can: raw: fix ro->uniq use-after-free in raw_rcv() (git-fixes).
- can: ucan: fix devres lifetime (git-fixes).
- cdc-acm: new quirk for EPSON HMD (stable-fixes).
- check-for-config-changes: Exclude CC_MS_EXTENSIONS.
- check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
- comedi: dt2815: add hardware detection to prevent crash (stable-fixes).
- cpufreq: intel_pstate: Drop Arrow Lake from 'scaling factor' list (bsc#1249104).
- crypto: af_alg - limit RX SG extraction by receive buffer budget (git-fixes).
- crypto: algif_aead - Fix minimum RX size check for decryption (git-fixes).
- crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (git-fixes).
- crypto: atmel-ecc - Release client on allocation failure (git-fixes).
- crypto: atmel-sha204a - Fix error codes in OTP reads (git-fixes).
- crypto: atmel-sha204a - Fix OTP sysfs read and error handling (git-fixes).
- crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (git-fixes).
- crypto: atmel-sha204a - Fix uninitialized data access on OTP read error (git-fixes).
- crypto: atmel-tdes - fix DMA sync direction (git-fixes).
- crypto: ccp - copy IV using skcipher ivsize (git-fixes).
- crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (git-fixes).
- crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (git-fixes).
- crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (git-fixes).
- crypto: ccree - fix a memory leak in cc_mac_digest() (git-fixes).
- crypto: drivers - Switch back to struct platform_driver::remove() (jsc#PED-14238).
- crypto: drivers - Use str_enable_disable-like helpers (jsc#PED-14238).
- crypto: hisilicon - Fix dma_unmap_single() direction (git-fixes).
- crypto: iaa - Adjust workqueue allocation type (jsc#PED-14238).
- crypto: iaa - fix per-node CPU counter reset in rebalance_wq_table() (git-fixes).
- crypto: iaa - Move compression CRC into request object (jsc#PED-14238).
- crypto: iaa - Optimize rebalance_wq_table() (jsc#PED-14238).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-14238).
- crypto: iaa - Remove unreachable pr_debug from iaa_crypto_cleanup_module (jsc#PED-14238).
- crypto: iaa - Remove unused disable_async argument from iaa_decompress (jsc#PED-14238).
- crypto: iaa - Replace sprintf with sysfs_emit in sysfs show functions (jsc#PED-14238).
- crypto: iaa - Simplify init_iaa_device() (jsc#PED-14238).
- crypto: jitterentropy - replace long-held spinlock with mutex (git-fixes).
- crypto: nx - Fix packed layout in struct nx842_crypto_header (git-fixes).
- crypto: pcrypt - Fix handling of MAY_BACKLOG requests (git-fixes).
- crypto: qat - #undef field_get() before local definition (jsc#PED-14238).
- crypto: qat - add adf_rl_get_num_svc_aes() in rate limiting (jsc#PED-14238).
- crypto: qat - add bank state save and restore for qat_420xx (jsc#PED-14238).
- crypto: qat - add command queue telemetry counters for GEN6 (jsc#PED-14238).
- crypto: qat - add compression slice count for rate limiting (jsc#PED-14238).
- crypto: qat - add decompression service for rate limiting (jsc#PED-14238).
- crypto: qat - add decompression service to telemetry (jsc#PED-14238).
- crypto: qat - add firmware headers for GEN6 devices (jsc#PED-14238).
- crypto: qat - add GEN6 firmware loader (jsc#PED-14238).
- crypto: qat - add get_svc_slice_cnt() in device data structure (jsc#PED-14238).
- crypto: qat - add live migration enablers for GEN6 devices (jsc#PED-14238).
- crypto: qat - add macro to write 64-bit values to registers (jsc#PED-14238).
- crypto: qat - add missing header inclusion (jsc#PED-14238).
- crypto: qat - add qat_6xxx driver (jsc#PED-14238).
- crypto: qat - add ring buffer idle telemetry counter for GEN6 (jsc#PED-14238).
- crypto: qat - add support for decompression service to GEN6 devices (jsc#PED-14238).
- crypto: qat - consolidate service enums (jsc#PED-14238).
- crypto: qat - Constify struct pm_status_row (jsc#PED-14238).
- crypto: qat - disable 4xxx AE cluster when lead engine is fused off (git-fixes).
- crypto: qat - disable 420xx AE cluster when lead engine is fused off (git-fixes).
- crypto: qat - do not export adf_cfg_services (jsc#PED-14238).
- crypto: qat - enable power management debugfs for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable RAS support for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable rate limiting feature for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable reporting of error counters for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable telemetry for GEN6 devices (jsc#PED-14238).
- crypto: qat - export adf_get_service_mask() (jsc#PED-14238).
- crypto: qat - export adf_init_admin_pm() (jsc#PED-14238).
- crypto: qat - expose configuration functions (jsc#PED-14238).
- crypto: qat - fix compression instance leak (git-fixes).
- crypto: qat - fix IRQ cleanup on 6xxx probe failure (git-fixes).
- crypto: qat - fix object goals in Makefiles (jsc#PED-14238.
- crypto: qat - fix type mismatch in RAS sysfs show functions (git-fixes).
- crypto: qat - Fix typo 'accelaration' (jsc#PED-14238).
- crypto: qat - fix virtual channel configuration for GEN6 devices (jsc#PED-14238).
- crypto: qat - include qat_common in top Makefile (jsc#PED-14238).
- crypto: qat - introduce fuse array (jsc#PED-14238).
- crypto: qat - make adf_dev_autoreset() static (jsc#PED-14238).
- crypto: qat - optimize allocations for fw authentication (jsc#PED-14238).
- crypto: qat - refactor compression template logic (jsc#PED-14238).
- crypto: qat - refactor FW signing algorithm (jsc#PED-14238).
- crypto: qat - refactor ring-related debug functions (jsc#PED-14238).
- crypto: qat - refactor service parsing logic (jsc#PED-14238).
- crypto: qat - relocate and rename bank state structure definition (jsc#PED-14238).
- crypto: qat - relocate bank state helper functions (jsc#PED-14238).
- crypto: qat - relocate power management debugfs helper APIs (jsc#PED-14238).
- crypto: qat - relocate service related functions (jsc#PED-14238).
- crypto: qat - remove BITS_IN_DWORD() (jsc#PED-14238).
- crypto: qat - Remove dst_null support (jsc#PED-14238).
- crypto: qat - remove duplicate masking for GEN6 devices (jsc#PED-14238).
- crypto: qat - remove initialization in device class (jsc#PED-14238).
- crypto: qat - remove redundant FW image size check (jsc#PED-14238).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-14238).
- crypto: qat - remove unused members in suof structure (jsc#PED-14238).
- crypto: qat - rename and relocate timer logic (jsc#PED-14238).
- crypto: qat - reorder objects in qat_common Makefile (jsc#PED-14238).
- crypto: qat - replace CHECK_STAT macro with static inline function (jsc#PED-14238).
- crypto: qat - Replace kzalloc() + copy_from_user() with memdup_user() (jsc#PED-14238).
- crypto: qat - restore ASYM service support for GEN6 devices (jsc#PED-14238).
- crypto: qat - Return pointer directly in adf_ctl_alloc_resources (jsc#PED-14238).
- crypto: qat - set command ids as reserved (jsc#PED-14238).
- crypto: qat - switch to standard pattern for PCI IDs (jsc#PED-14238).
- crypto: qat - update firmware api (jsc#PED-14238).
- crypto: qat - use pr_fmt() in adf_gen4_hw_data.c (jsc#PED-14238).
- crypto: qat - use pr_fmt() in qat uclo.c (jsc#PED-14238).
- crypto: qat - use simple_strtoull to improve qat_uclo_parse_num (jsc#PED-14238).
- crypto: qat - use swab32 macro (git-fixes).
- crypto: qat - validate service in rate limiting sysfs api (jsc#PED-14238).
- crypto: qat/qat_6xxx - Fix NULL vs IS_ERR() check in adf_probe() (jsc#PED-14238).
- crypto: sa2ul - Fix AEAD fallback algorithm names (git-fixes).
- crypto: simd - reject compat registrations without __ prefixes (git-fixes).
- crypto: talitos - fix SEC1 32k ahash request limitation (git-fixes).
- crypto: tegra - Disable softirqs before finalizing request (git-fixes).
- devres: fix missing node debug info in devm_krealloc() (git-fixes).
- dmaengine: dw-axi-dmac: fix Alignment should match open parenthesis (git-fixes).
- dmaengine: dw-axi-dmac: Remove unnecessary return statement from void function (git-fixes).
- dmaengine: mxs-dma: Fix missing return value from of_dma_controller_register() (git-fixes).
- dpll: zl3073x: Add support to adjust phase (bsc#1255752).
- dpll: zl3073x: Fix output pin phase adjustment sign (bsc#1255752).
- dpll: zl3073x: fix REF_PHASE_OFFSET_COMP register width for some chip IDs (bsc#1255752).
- dpll: zl3073x: Specify phase adjustment granularity for pins (bsc#1255752).
- drivers/base/memory: fix memory block reference leak in poison accounting (git-fixes).
- drm/amd/display: Add NULL check for integrated_info in clk_mgr_construct (git-fixes).
- drm/amd/display: Allow DCE link encoder without AUX registers (git-fixes).
- drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths (git-fixes).
- drm/amd/display: Change dither policy for 10 bpc output back to dithering (git-fixes).
- drm/amd/display: Correct logic check error for fastboot (git-fixes).
- drm/amd/display: Disable 10-bit truncation and dithering on DCE 6.x (git-fixes).
- drm/amd/display: Disable fastboot on DCE 6 too (stable-fixes).
- drm/amd/display: Read EDID from VBIOS embedded panel info (git-fixes).
- drm/amd/pm/ci: Clear EnabledForActivity field for memory levels (git-fixes).
- drm/amd/pm/ci: Disable MCLK DPM on problematic CI ASICs (git-fixes).
- drm/amd/pm/ci: Fill DW8 fields from SMC (git-fixes).
- drm/amd/pm/ci: Fix powertune defaults for Hawaii 0x67B0 (git-fixes).
- drm/amd/pm/ci: Use highest MCLK on CI when MCLK DPM is disabled (git-fixes).
- drm/amd/pm/smu7: Add SCLK cap for quirky Hawaii board (git-fixes).
- drm/amd/pm/smu7: Fix SMU7 voltage dependency on display clock (git-fixes).
- drm/amd/pm: fix incorrect FeatureCtrlMask setting on smu v14.0.x (git-fixes).
- drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs (v2) (git-fixes).
- drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in KIQ (stable-fixes).
- drm/amdgpu/gfx10: look at the right prop for gfx queue priority (git-fixes).
- drm/amdgpu/gfx11: look at the right prop for gfx queue priority (git-fixes).
- drm/amdgpu/gmc: Fix AMDGPU_GART_PLACEMENT_LOW to not overlap with VRAM (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.5 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v5.0.0 ring (git-fixes).
- drm/amdgpu/pm: add missing revision check for CI (git-fixes).
- drm/amdgpu/pm: align Hawaii mclk workaround with radeon (git-fixes).
- drm/amdgpu/pm: drop SMU driver if version not matched messages (stable-fixes).
- drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission (git-fixes).
- drm/amdgpu/vce: Prevent partial address patches (stable-fixes).
- drm/amdgpu/vcn3: Avoid overflow on msg bound check (git-fixes).
- drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg (stable-fixes).
- drm/amdgpu/vcn4: Avoid overflow on msg bound check (git-fixes).
- drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg (stable-fixes).
- drm/amdgpu/vcn4: Prevent OOB reads when parsing IB (stable-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0 enc ring (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0.5 enc ring (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v5.0.0 enc ring (git-fixes).
- drm/amdgpu: Add bounds checking to ib_{get,set}_value (stable-fixes).
- drm/amdgpu: Add default case in DVI mode validation (git-fixes).
- drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG (git-fixes).
- drm/amdgpu: fix zero-size GDS range init on RDNA4 (stable-fixes).
- drm/amdgpu: gate VM CPU HDP flush on reset lock (stable-fixes).
- drm/amdgpu: replace PASID IDR with XArray (git-fixes).
- drm/amdgpu: Use SMUIO 15.0.0 offsets for TSC upper and lower count (stable-fixes).
- drm/amdgpu: zero-initialize GART table on allocation (stable-fixes).
- drm/amdkfd: Add upper bound check for num_of_nodes (stable-fixes).
- drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (stable-fixes).
- drm/amdkfd: Make all TLB-flushes heavy-weight (stable-fixes).
- drm/amdkfd: validate SVM ioctl nattr against buffer size (stable-fixes).
- drm/arcpgu: fix device node leak (git-fixes).
- drm/bridge: cadence: cdns-mhdp8546-core: Add mode_valid hook to drm_bridge_funcs (git-fixes).
- drm/bridge: cadence: cdns-mhdp8546-core: Handle HDCP state in bridge atomic check (git-fixes).
- drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable() (git-fixes).
- drm/bridge: stm_lvds: Do not fail atomic_check on disabled connector (git-fixes).
- drm/etnaviv: Fix armed job not being pushed to the DRM scheduler (git-fixes).
- drm/exynos: remove bridge when component_add fails (git-fixes).
- drm/fb-helper: Fix clipping when damage area spans a single scanline (git-fixes).
- drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (git-fixes).
- drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup (git-fixes).
- drm/gma500/oaktrail_lvds: fix hang on init failure (git-fixes).
- drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init (git-fixes).
- drm/i915/dp: Fix VSC dynamic range signaling for RGB formats (git-fixes).
- drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (git-fixes).
- drm/i915/wm: Verify the correct plane DDB entry (git-fixes).
- drm/i915: skip __i915_request_skip() for already signaled requests (git-fixes).
- drm/imagination: Switch reset_reason fields from enum to u32 (git-fixes).
- drm/komeda: fix integer overflow in AFBC framebuffer size check (git-fixes).
- drm/loongson: Use managed KMS polling (git-fixes).
- drm/msm/a6xx: Fix dumping A650+ debugbus blocks (git-fixes).
- drm/msm/a6xx: Fix HLSQ register dumping (git-fixes).
- drm/msm/a6xx: Use barriers while updating HFI Q headers (git-fixes).
- drm/msm/dpu: fix mismatch between power and frequency (git-fixes).
- drm/msm/dsi: add the missing parameter description (git-fixes).
- drm/msm/dsi: fix bits_per_pclk (git-fixes).
- drm/msm/dsi: fix hdisplay calculation for CMD mode panel (git-fixes).
- drm/msm/dsi: rename MSM8998 DSI version from V2_2_0 to V2_0_0 (git-fixes).
- drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() (git-fixes).
- drm/msm/shrinker: Fix can_block() logic (git-fixes).
- drm/nouveau: fix nvkm_device leak on aperture removal failure (git-fixes).
- drm/nouveau: fix u32 overflow in pushbuf reloc bounds check (git-fixes).
- drm/panel: boe-tv101wum-nl6: restore MODE_LPM after sending disable cmds (git-fixes).
- drm/panel: himax-hx83102: restore MODE_LPM after sending disable cmds (git-fixes).
- drm/panel: sharp-ls043t1le01: make use of prepare_prev_first (git-fixes).
- drm/panel: simple: Correct G190EAN01 prepare timing (git-fixes).
- drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout() (git-fixes).
- drm/panthor: Fix outdated function documentation (git-fixes).
- drm/radeon: add missing revision check for CI (git-fixes).
- drm/sun4i: backend: fix error pointer dereference (git-fixes).
- drm/sun4i: Fix resource leaks (git-fixes).
- drm/v3d: Handle error from drm_sched_entity_init() (git-fixes).
- drm/vc4: Fix a memory leak in hang state error path (git-fixes).
- drm/vc4: Fix memory leak of BO array in hang state (git-fixes).
- drm/vc4: platform_get_irq_byname() returns an int (stable-fixes).
- drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock (git-fixes).
- drm/vc4: Release runtime PM reference after binding V3D (git-fixes).
- drm/vram: remove DRM_VRAM_MM_FILE_OPERATIONS from docs (git-fixes).
- drm/xe/bo: Fix bo leak on GGTT flag validation in xe_bo_init_locked() (git-fixes).
- drm/xe/bo: Fix bo leak on unaligned size validation in xe_bo_init_locked() (git-fixes).
- drm/xe/debugfs: Correct printing of register whitelist ranges (git-fixes).
- drm/xe/dma-buf: handle empty bo and UAF races (git-fixes).
- drm/xe/gsc: Fix BO leak on error in query_compatibility_version() (git-fixes).
- drm/xe/uapi: update used tracking kernel-doc (git-fixes).
- drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() (git-fixes).
- drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl() (git-fixes).
- dt-bindings: net: Fix Tegra234 MGBE PTP clock (git-fixes).
- efi/capsule-loader: fix incorrect sizeof in phys array reallocation (git-fixes).
- efi: pstore: Drop efivar lock when efi_pstore_open() returns with an error (git-fixes).
- erofs: add GFP_NOIO in the bio completion if needed (git-fixes).
- ext4: fix fsync(2) for nojournal mode (git-fixes).
- ext4: make recently_deleted() properly work with lazy itable initialization (git-fixes).
- ext4: reject mount if bigalloc with s_first_data_block != 0 (git-fixes).
- extcon: Fixed sysfs duplicate filename issue (git-fixes).
- extcon: ptn5150: handle pending IRQ events during system resume (git-fixes).
- fbdev: matroxfb: Mark variable with __maybe_unused to avoid W=1 build break (git-fixes).
- fbdev: offb: fix PCI device reference leak on probe failure (git-fixes).
- fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (stable-fixes).
- fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (git-fixes).
- firmware: arm_ffa: Use the correct buffer size during RXTX_MAP (git-fixes).
- firmware: dmi: Correct an indexing error in dmi.h (git-fixes).
- firmware: google: framebuffer: Do not mark framebuffer as busy (git-fixes).
- firmware: google: framebuffer: Do not unregister platform device (git-fixes).
- gpio: of: clear OF_POPULATED on hog nodes in remove path (git-fixes).
- gpio: tegra: fix irq_release_resources calling enable instead of disable (git-fixes).
- gtp: disable BH before calling udp_tunnel_xmit_skb() (git-fixes).
- HID: alps: fix NULL pointer dereference in alps_raw_event() (git-fixes).
- HID: amd_sfh: don't log error when device discovery fails with -EOPNOTSUPP (git-fixes).
- HID: apple: ensure the keyboard backlight is off if suspending (git-fixes).
- HID: asus: do not abort probe when not necessary (git-fixes).
- HID: asus: make asus_resume adhere to linux kernel coding standards (git-fixes).
- HID: core: clamp report_size in s32ton() to avoid undefined shift (stable-fixes).
- HID: logitech-hidpp: Enable MX Master 4 over bluetooth (stable-fixes).
- HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (stable-fixes).
- HID: multitouch: Check to ensure report responses match the request (stable-fixes).
- HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3 (stable-fixes).
- HID: roccat: fix use-after-free in roccat_report_event (stable-fixes).
- HID: usbhid: fix deadlock in hid_post_reset() (git-fixes).
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (stable-fixes).
- hisi_acc_vfio_pci: add eq and aeq interruption restore (git-fixes).
- hisi_acc_vfio_pci: bugfix cache write-back issue (git-fixes).
- hisi_acc_vfio_pci: bugfix the problem of uninstalling driver (git-fixes).
- hv_sock: fix ARM64 support (git-fixes).
- hv_sock: update outdated comment for renamed vsock_stream_recvmsg() (git-fixes).
- hwmon: (ads7871) Fix endianness bug in 16-bit register reads (git-fixes).
- hwmon: (corsair-psu) Close HID device on probe errors (git-fixes).
- hwmon: (lm63) Add locking to avoid TOCTOU (git-fixes).
- hwmon: (ltc2992) Clamp threshold writes to hardware range (git-fixes).
- hwmon: (ltc2992) Fix u32 overflow in power read path (git-fixes).
- hwmon: (ltc4286) Add missing MODULE_IMPORT_NS('PMBUS') (git-fixes).
- hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt (git-fixes).
- hwmon: (powerz) Fix use-after-free on USB disconnect (git-fixes).
- hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data() (git-fixes).
- i2c: s3c24xx: check the size of the SMBUS message before using it (stable-fixes).
- i2c: smbus: reject oversized block transfers in the common path (git-fixes).
- i2c: stm32f7: reinit_completion() per transfer not per msg (git-fixes).
- i2c: stub: Reject I2C block transfers with invalid length (git-fixes).
- i2c: tegra: Add HS mode support (bsc#1261550).
- i2c: tegra: Add Tegra256 support (bsc#1261550).
- i2c: tegra: Do not configure DMA if not supported (bsc#1261550).
- i2c: tegra: Don't mark devices with pins as IRQ safe (stable-fixes).
- i2c: tegra: Update Tegra256 timing parameters (bsc#1261550).
- i2c: tegra: Use separate variables for fast and fastplus (bsc#1261550).
- i3c: dw: Fix memory leak in dw_i3c_master_i3c_xfers() (git-fixes).
- i3c: master: Fix error codes at send_ccc_cmd (git-fixes).
- i3c: mipi-i3c-hci: fix IBI payload length calculation for final status (git-fixes).
- ibmveth: Disable GSO for packets with small MSS (bsc#1265144).
- iio: adc: ad7192: Revert 'properly check spi_get_device_match_data()' (stable-fixes).
- iio: adc: ad7768-1: fix one-shot mode data acquisition (git-fixes).
- iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned() (git-fixes).
- iio: frequency: admv1013: add dev variable (stable-fixes).
- iio: frequency: admv1013: fix NULL pointer dereference on str (git-fixes).
- Input: bcm5974 - recover from failed mode switch (stable-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: uinput - fix circular locking dependency with ff-core (git-fixes).
- Input: uinput - take event lock when submitting FF request 'event' (stable-fixes).
- Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode (stable-fixes).
- Input: xpad - add support for Razer Wolverine V3 Pro (stable-fixes).
- interconnect: debugfs: fix devm_kstrdup and kfree mismatch (git-fixes).
- io_uring/timeout: check unused sqe fields (git-fixes).
- iommu/amd: move wait_on_sem() out of spinlock (git-fixes bsc#1260593).
- iommu/amd: serialize sequence allocation under concurrent TLB invalidations (git-fixes bsc#1260593).
- iommu/vt-d: Remove LPIG from page group response descriptor (jsc#PED-16113).
- ipmi: Add limits to event and receive message requests (git-fixes).
- ipmi: Check event message buffer response for bad data (git-fixes).
- ipmi: ssif_bmc: change log level to dbg in irq callback (git-fixes).
- ipmi: ssif_bmc: fix message desynchronization after truncated response (git-fixes).
- ipmi: ssif_bmc: fix missing check for copy_to_user() partial failure (git-fixes).
- ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (git-fixes).
- KVM: arm64: Allow cacheable stage 2 mapping using VMA flags (git-fixes).
- KVM: arm64: Assume non-PFNMAP/MIXEDMAP VMAs can be mapped cacheable (git-fixes).
- KVM: arm64: Block cacheable PFNMAP mapping (git-fixes).
- KVM: arm64: Consolidate idreg callbacks (git-fixes).
- KVM: arm64: Discard PC update state on vcpu reset (git-fixes).
- KVM: arm64: Finalize ID registers only once per VM (git-fixes).
- KVM: arm64: Fix MTE flag initialization for protected VMs (git-fixes).
- KVM: arm64: Fix page leak in user_mem_abort() (git-fixes).
- KVM: arm64: Fix Trace Buffer trap polarity for protected VMs (git-fixes).
- KVM: arm64: Fix Trace Buffer trapping for protected VMs (git-fixes).
- KVM: arm64: Fix vma_shift staleness on nested hwpoison path (git-fixes).
- KVM: arm64: Hide S1POE from guests when not supported by the host (git-fixes).
- KVM: arm64: Limit clearing of ID_{AA64PFR0,PFR1}_EL1.GIC to userspace irqchip (git-fixes).
- KVM: arm64: Make all 32bit ID registers fully writable (git-fixes).
- KVM: arm64: nv: Add trap config for DBGWCR<15>_EL1 (git-fixes).
- KVM: arm64: nv: Return correct RES0 bits for FGT registers (git-fixes).
- KVM: arm64: pkvm: Fallback to level-3 mapping on host stage-2 fault (git-fixes).
- KVM: arm64: Read PMUVer as unsigned (git-fixes).
- KVM: arm64: Rename the device variable to s2_force_noncacheable (git-fixes).
- KVM: arm64: Return early from trace helpers when KVM isn't available (git-fixes).
- KVM: arm64: Set ID_{AA64PFR0,PFR1}_EL1.GIC when GICv3 is configured (git-fixes).
- KVM: arm64: vgic-v3: Release reserved slot outside of lpi_xa's lock (git-fixes).
- KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value (git-fixes).
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (git-fixes).
- KVM: nVMX: Add consistency check for TSC_MULTIPLIER=0 (git-fixes).
- KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (git-fixes).
- KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created (git-fixes).
- KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (git-fixes).
- KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish (git-fixes).
- KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock (git-fixes).
- KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (git-fixes).
- KVM: SVM: Disallow EFER.LMSLE when not supported by hardware (git-fixes).
- KVM: SVM: Fix a missing kunmap_local() in sev_gmem_post_populate() (git-fixes).
- KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (git-fixes).
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (git-fixes).
- KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN (git-fixes).
- KVM: SVM: Properly check RAX in the emulator for SVM instructions (git-fixes).
- KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (git-fixes).
- KVM: TDX: Explicitly set user-return MSRs that *may* be clobbered by the TDX-Module (git-fixes).
- KVM: x86/mmu: Fix UBSAN warning when reading nx_huge_pages parameter (git-fixes).
- KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (git-fixes).
- KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (git-fixes).
- KVM: x86: Advertise EferLmsleUnsupported to userspace (git-fixes).
- KVM: x86: check for nEPT/nNPT in slow flush hypercalls (git-fixes).
- KVM: X86: Fix array_index_nospec protection in __pv_send_ipi (git-fixes).
- KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (git-fixes).
- KVM: x86: hyper-v: Validate all GVAs during PV TLB flush (git-fixes).
- KVM: x86: Ignore cpuid faulting in SMM (git-fixes).
- leds: lgm-sso: Remove duplicate assignments for priv->mmap (git-fixes).
- leds: qcom-lpg: Check for array overflow when selecting the high resolution (stable-fixes).
- lib/hexdump: print_hex_dump_bytes() calls print_hex_dump_debug() (git-fixes).
- md/raid1: fix the comparing region of interval tree (bsc#1261555).
- md/raid1: serialize overlap io for writemostly disk (bsc#1261555).
- media: amphion: Fix race between m2m job_abort and device_run (git-fixes).
- media: as102: fix to not free memory after the device is registered in as102_usb_probe() (git-fixes).
- media: chips-media: wave5: add missing spinlock protection for handle_dynamic_resolution_change() (git-fixes).
- media: chips-media: wave5: add missing spinlock protection for send_eos_event() (git-fixes).
- media: chips-media: wave5: fix a potential memory leak in wave5_vdi_init() (git-fixes).
- media: dib8000: avoid division by 0 in dib8000_set_dds() (git-fixes).
- media: em28xx: fix use-after-free in em28xx_v4l2_open() (git-fixes).
- media: hackrf: fix to not free memory after the device is registered in hackrf_probe() (git-fixes).
- media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe() (git-fixes).
- media: i2c: imx283: Enter full standby when stopping streaming (git-fixes).
- media: i2c: imx283: Fix hang when going from large to small resolution (git-fixes).
- media: i2c: imx412: Assert reset GPIO during probe (git-fixes).
- media: i2c: ov08d10: fix image vertical start setting (git-fixes).
- media: i2c: ov8856: free control handler on error in ov8856_init_controls() (git-fixes).
- media: intel/ipu6: fix error pointer dereference (git-fixes).
- media: mtk-jpeg: fix use-after-free in release path due to uncancelled work (git-fixes).
- media: nxp: imx8-isi: Reduce minimum queued buffers from 2 to 0 (git-fixes).
- media: omap3isp: drop the use count of v4l2 pipeline (git-fixes).
- media: pci: zoran: fix potential memory leak in zoran_probe() (git-fixes).
- media: rc: streamzap: Error handling in probe (git-fixes).
- media: rc: xbox_remote: heed DMA restrictions (git-fixes).
- media: saa7164: add ioremap return checks and cleanups (git-fixes).
- media: staging: imx: configure src_mux in csi_start (git-fixes).
- media: staging: imx: request mbus_config in csi_start (git-fixes).
- media: uvcvideo: Enable VB2_DMABUF for metadata stream (git-fixes).
- media: videobuf2: Set vma_flags in vb2_dma_sg_mmap (git-fixes).
- media: vidtv: fix nfeeds state corruption on start_streaming failure (git-fixes).
- media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (git-fixes).
- media: vidtv: fix pass-by-value structs causing MSAN warnings (git-fixes).
- memory: tegra30-emc: Fix dll_change check (git-fixes).
- memory: tegra124-emc: Fix dll_change check (git-fixes).
- mfd: core: Preserve OF node when ACPI handle is present (git-fixes).
- mfd: mc13xxx-core: Fix memory leak in mc13xxx_add_subdevice_pdata() (git-fixes).
- mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused (git-fixes).
- mkspec: Add signature to source list only when it exists.
- mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration (git-fixes).
- mmc: vub300: fix NULL-deref on disconnect (git-fixes).
- modpost: Amend ppc64 save/restfpr symnames for -Os build (bsc#1215199).
- mtd: docg3: fix use-after-free in docg3_release() (git-fixes).
- mtd: parsers: ofpart: call of_node_get() for dedicated subpartitions (git-fixes).
- mtd: parsers: ofpart: call of_node_put() only in ofpart_fail path (git-fixes).
- mtd: physmap_of_gemini: Fix disabled pinctrl state check (git-fixes).
- mtd: rawnand: sunxi: fix sunxi_nfc_hw_ecc_read_extra_oob (git-fixes).
- mtd: spi-nor: core: correct the op.dummy.nbytes when check read operations (git-fixes).
- mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() (git-fixes).
- mtd: spi-nor: sst: Fix write enable before AAI sequence (git-fixes).
- mtd: spi-nor: swp: check SR_TB flag when getting tb_mask (git-fixes).
- net-shapers: don't free reply skb after genlmsg_reply() (git-fixes).
- net/mlx5: Fix HCA caps leak on notifier init failure (git-fixes).
- net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- net/sched: cls_fw: fix NULL dereference of 'old' filters before change() (git-fixes).
- net/sched: fix pedit partial COW leading to page cache corruption (bsc#1265421).
- net: gro: don't merge zcopy skbs (git-fixes).
- net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf (git-fixes).
- net: mana: Add MAC address to vPort logs and clarify error messages (git-fixes).
- net: mana: check xdp_rxq registration before unreg in mana_destroy_rxq() (git-fixes).
- net: mana: Don't overwrite port probe error with add_adev result (git-fixes).
- net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR (bsc#1265846).
- net: mana: Fix EQ leak in mana_remove on NULL port (git-fixes).
- net: mana: Fix RX skb truesize accounting (bsc#1248754).
- net: mana: Guard mana_remove against double invocation (git-fixes).
- net: mana: hardening: Validate adapter_mtu from MANA_QUERY_DEV_CONFIG (git-fixes).
- net: mana: hardening: Validate doorbell ID from GDMA_REGISTER_DEVICE response (git-fixes).
- net: mana: Init gf_stats_work before potential error paths in probe (git-fixes).
- net: mana: Init link_change_work before potential error paths in probe (git-fixes).
- net: mana: Move current_speed debugfs file to mana_init_port() (git-fixes).
- net: mana: remove double CQ cleanup in mana_create_rxq error path (git-fixes).
- net: mana: Set default number of queues to 16 (bsc#1261648).
- net: mana: Skip WQ object destruction for uninitialized RXQ (git-fixes).
- net: mana: Use at least SZ_4K in doorbell ID range check (git-fixes).
- net: mana: Use pci_name() for debugfs directory naming (git-fixes).
- net: phy: broadcom: Save PHY counters during suspend (git-fixes).
- net: phy: DP83TC811: add reading of abilities (git-fixes).
- net: phy: dp83869: fix setting CLK_O_SEL field (git-fixes).
- net: phy: fix a return path in get_phy_c45_ids() (git-fixes).
- net: phy: qcom: at803x: Use the correct bit to disable extended next page (git-fixes).
- net: stmmac: Fix PTP ref clock for Tegra234 (git-fixes).
- net: usb: asix: ax88772: re-add usbnet_link_change() in phylink callbacks (git-fixes).
- net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() (git-fixes).
- net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit() (git-fixes).
- net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit (git-fixes).
- net: wan: fsl_ucc_hdlc: fix ucc_hdlc_remove (git-fixes).
- net: wan: fsl_ucc_hdlc: fix uhdlc_memclean (git-fixes).
- net: wan: fsl_ucc_hdlc: free tx_skbuff in uhdlc_memclean (git-fixes).
- net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler (git-fixes).
- NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (git-fixes).
- nfc: llcp: add missing return after LLCP_CLOSED checks (git-fixes).
- nfc: pn533: allocate rx skb before consuming bytes (git-fixes).
- nfc: s3fwrn5: allocate rx skb before consuming bytes (git-fixes).
- NFC: trf7970a: Ignore antenna noise when checking for RF field (git-fixes).
- nvme-apple: drop invalid put of admin queue reference count (git-fixes).
- nvme-auth: Include SC_C in RVAL controller hash (bsc#1260428).
- nvme-loop: do not cancel I/O and admin tagset during ctrl reset/shutdown (bsc#1262709).
- nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4 (git-fixes).
- nvme: Allow reauth from sysfs (bsc#1259672).
- nvme: Expose the tls_configured sysfs for secure concat connections (bsc#1259672).
- nvme: expose TLS mode (bsc#1259672).
- nvme: fix admin queue leak on controller reset (git-fixes).
- nvme: fix PCIe subsystem reset controller state transition (bsc#1261738).
- nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers (git-fixes).
- ocfs2: fix possible deadlock between unlink and dio_end_io_write (bsc#1258718).
- ocfs2: split transactions in dio completion to avoid credit exhaustion (bsc#1258718).
- openvswitch: vport: fix self-deadlock on release of tunnel ports (git-fixes).
- panic/printk: replace other_cpu_in_panic() with panic_on_other_cpu() (bsc#1261149).
- panic/printk: replace this_cpu_in_panic() with panic_on_this_cpu() (bsc#1261149).
- panic: introduce helper functions for panic state (bsc#1261149).
- panic: use angle-bracket include for panic.h (bsc#1261149).
- PCI/AER: Clear only error bits in PCIe Device Status (git-fixes).
- PCI/AER: Stop ruling out unbound devices as error source (git-fixes).
- PCI/ASPM: Fix pci_clear_and_set_config_dword() usage (git-fixes).
- PCI/NPEM: Set LED_HW_PLUGGABLE for hotplug-capable ports (git-fixes).
- PCI/TPH: Allow TPH enable for RCiEPs (git-fixes).
- PCI: dwc: Apply ECRC workaround to DesignWare 5.00a as well (git-fixes).
- PCI: dwc: rcar-gen4: Change EPC BAR alignment to 4K as per the documentation (git-fixes).
- PCI: Enable AtomicOps only if Root Port supports them (git-fixes).
- PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup (git-fixes).
- PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete (git-fixes).
- PCI: hv: Set default NUMA node to 0 for devices without affinity info (bsc#1261648).
- PCI: mediatek-gen3: Prevent leaking IRQ domains when IRQ not found (git-fixes).
- PCI: qcom: Advertise Hotplug Slot Capability with no Command Completion support (git-fixes).
- PCI: tegra194: Allow system suspend when the Endpoint link is not up (git-fixes).
- PCI: tegra194: Disable direct speed change for Endpoint mode (git-fixes).
- PCI: tegra194: Disable LTSSM after transition to Detect on surprise link down (git-fixes).
- PCI: tegra194: Disable PERST# IRQ only in Endpoint mode (git-fixes).
- PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on (git-fixes).
- PCI: tegra194: Fix polling delay for L2 state (git-fixes).
- PCI: tegra194: Free up Endpoint resources during remove() (git-fixes).
- PCI: tegra194: Increase LTSSM poll time on surprise link down (git-fixes).
- PCI: tegra194: Set LTR message request before PCIe link up in Endpoint mode (git-fixes).
- PCI: tegra194: Use devm_gpiod_get_optional() to parse 'nvidia,refclk-select' (git-fixes).
- PCI: tegra194: Use DWC IP core version (git-fixes).
- pinctrl: abx500: Fix type of 'argument' variable (git-fixes).
- pinctrl: Fix spelling problem (git-fixes).
- pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer) (stable-fixes).
- pinctrl: pic32: change all cases of bare 'unsigned' to 'unsigned int' (git-fixes).
- pinctrl: pic32: use consistent spacing around '+' (git-fixes).
- pinctrl: pinctrl-pic32: Fix resource leak (git-fixes).
- pinctrl: realtek: Fix function signature for config argument (git-fixes).
- pinctrl: renesas: rzg2l: Fix save/restore of {IOLH,IEN,PUPD,SMT} registers (git-fixes).
- platform/chrome: chromeos_tbmc: Drop wakeup source on remove (git-fixes).
- platform/surface: surfacepro3_button: Drop wakeup source on remove (git-fixes).
- platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug (stable-fixes).
- platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (git-fixes).
- platform/x86: asus-wmi: adjust screenpad power/brightness handling (git-fixes).
- platform/x86: asus-wmi: fix screenpad brightness range (git-fixes).
- platform/x86: dell-wmi-sysman: bound enumeration string aggregation (git-fixes).
- platform/x86: dell_rbu: avoid uninit value usage in packet_size_write() (git-fixes).
- platform/x86: hp-wmi: Ignore backlight and FnLock events (stable-fixes).
- platform/x86: panasonic-laptop: Fix OPTD notifier registration and cleanup (git-fixes).
- power: supply: axp288_charger: Do not cancel work before initializing it (git-fixes).
- power: supply: max17042: avoid overflow when determining health (git-fixes).
- powerpc/crash: fix backup region offset update to elfcorehdr (bsc#1259535).
- powerpc/crash: Update backup region offset in elfcorehdr on memory hotplug (bsc#1259535).
- printk/nbcon/panic: Allow printk kthread to sleep when the system is in panic (bsc#1261149).
- printk/nbcon: Block printk kthreads when any CPU is in an emergency context (bsc#1261149).
- printk/nbcon: Release nbcon consoles ownership in atomic flush after each emitted record (bsc#1261149).
- printk/nbcon: Restore IRQ in atomic flush after each emitted record (bsc#1261149).
- printk/nbcon: use panic_on_this_cpu() helper (bsc#1261149).
- printk: Allow printk_trigger_flush() to flush all types (bsc#1262750).
- printk: Allow to use the printk kthread immediately even for 1st nbcon (jsc#PED-7912).
- printk: Avoid irq_work for printk_deferred() on suspend (bsc#1262750).
- printk: Avoid scheduling irq_work on suspend (bsc#1262750).
- printk: console_flush_one_record() code cleanup (bsc#1261149).
- printk: Introduce console_flush_one_record (bsc#1261149).
- printk: Use console_flush_one_record for legacy printer kthread (bsc#1261149).
- pwm: imx-tpm: Count the number of enabled channels in probe (git-fixes).
- qat: don't mess with ->d_name (jsc#PED-14238).
- r8152: fix incorrect register write to USB_UPHY_XTAL (git-fixes).
- RDMA/irdma: Fix double free related to rereg_user_mr (git-fixes).
- RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Validate rx_hash_key_len (git-fixes).
- RDMA/mana_ib: cleanup the usage of mana_gd_send_request() (git-fixes).
- RDMA/mana_ib: Disable RX steering on RSS QP destroy (git-fixes).
- RDMA/mana_ib: Support memory windows (git-fixes).
- regulator: act8945a: fix OF node reference imbalance (git-fixes).
- regulator: bd9571mwv: fix OF node reference imbalance (git-fixes).
- regulator: max77650: fix OF node reference imbalance (git-fixes).
- regulator: mt6357: fix OF node reference imbalance (git-fixes).
- regulator: rk808: fix OF node reference imbalance (git-fixes).
- remoteproc: xlnx: Fix sram property parsing (git-fixes).
- remoteproc: xlnx: Only access buffer information if IPI is buffered (git-fixes).
- Revert 'ALSA: usb: Increase volume range that triggers a warning' (git-fixes).
- Revert 'serial: 8250: Revert 'drop lockdep annotation from serial8250_clear_IER()'' (bsc#1262480).
- Revert 'serial: 8250: Switch to nbcon console' (bsc#1262480).
- rtc: abx80x: Disable alarm feature if no interrupt attached (git-fixes).
- rtc: ntxec: fix OF node reference imbalance (git-fixes).
- s390/dasd: Copy detected format information to secondary device (bsc#1259994).
- s390/dasd: Fix gendisk parent after copy pair swap (bsc#1259994).
- s390/dasd: Move quiesce state with pprc swap (bsc#1259994).
- sched/fair: Change likelyhood of nohz.nr_cpus (bsc#1234634 bsc#1258961).
- sched/fair: Move checking for nohz cpus after time check (bsc#1234634 bsc#1258961).
- sched/fair: Remove nohz.nr_cpus and use weight of cpumask instead (bsc#1234634 bsc#1258961).
- scsi: lpfc: Add clean up of aborted NVMe commands during PCI fcn reset (bsc#1262019).
- scsi: lpfc: Add log messages to fabric login error labels (bsc#1262019).
- scsi: lpfc: Add PCI ID support for LPe42100 series adapters (bsc#1262019).
- scsi: lpfc: Add REG_VFI mailbox cmd error handling (bsc#1262019).
- scsi: lpfc: Break out of IRQ affinity assignment when mask reaches nr_cpu_ids (bsc#1262019).
- scsi: lpfc: Check ASIC_ID register to aid diagnostics during failed fw updates (bsc#1262019).
- scsi: lpfc: Cleanup error exit paths in lpfc_fdmi_cmd() and associated messages (bsc#1262019).
- scsi: lpfc: ELIMINATE kernel-doc warnings in lpfc.h (bsc#1262019).
- scsi: lpfc: Fix incorrect txcmplq_cnt during cleanup in lpfc_sli_abort_ring() (bsc#1262019).
- scsi: lpfc: Introduce 128G link speed selection and support (bsc#1262019).
- scsi: lpfc: Log discarded and insufficient RQE buffer events (bsc#1262019).
- scsi: lpfc: Log MCQE contents for mbox commands with no context (bsc#1262019).
- scsi: lpfc: Properly set WC for DPP mapping (bsc#1262019).
- scsi: lpfc: Reduce pointer chasing when accessing vmid_flag (bsc#1262019).
- scsi: lpfc: Remove deprecated PBDE feature (bsc#1262019).
- scsi: lpfc: Remove unnecessary ndlp kref get in lpfc_check_nlp_post_devloss (bsc#1262019).
- scsi: lpfc: Restrict first burst to non-FCoE and SLI4 adapters only (bsc#1262019).
- scsi: lpfc: Select mailbox rq_create cmd version based on SLI4 if_type (bsc#1262019).
- scsi: lpfc: Update class of service bit field to 3 bits for WQE submissions (bsc#1262019).
- scsi: lpfc: Update construction of SGL when XPSGL is enabled (bsc#1262019).
- scsi: lpfc: Update copyright year string for 2026 (bsc#1262019).
- scsi: lpfc: Update log message when ndlp kref get is unsuccessful (bsc#1262019).
- scsi: lpfc: Update lpfc version to 14.4.0.14 (bsc#1262019).
- scsi: lpfc: Update lpfc version to 15.0.0.0 (bsc#1262019).
- scsi: lpfc: Update outdated comment for renamed lpfc_freenode() (bsc#1262019).
- scsi: lpfc: Use min_t() instead of min() in lpfc_sli4_driver_resource_setup (bsc#1262019).
- scsi: lpfc: Use the crc32c() function (bsc#1262019).
- scsi: mpi3mr: Add NULL checks when resetting request and reply queues (git-fixes).
- scsi: ses: Fix devices attaching to different hosts (git-fixes).
- scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (git-fixes).
- scsi: target: iscsi: validate CHAP_R length before base64 decode (bsc#1265449).
- scsi: ufs: ufs-pci: Add support for Intel Wildcat Lake (jsc#PED-13771).
- selftests/bpf: Test cross-sign 64bits range refinement (git-fixes).
- selftests/bpf: Test invariants on JSLT crossing sign (git-fixes).
- selftests/bpf: test refining u32/s32 bounds when ranges cross min/max boundary (git-fixes).
- selftests: net: build net/lib dependency in all target (bsc#1262245).
- selinux: don't reserve xattr slot when we won't fill it (stable-fixes).
- selinux: prune /sys/fs/selinux/disable (stable-fixes).
- selinux: shrink critical section in sel_write_load() (stable-fixes).
- serial: 8250: Add serial8250_handle_irq_locked() (bsc#1262480).
- serial: 8250: Protect LCR write in shutdown (bsc#1262480).
- serial: 8250_dw: Avoid unnecessary LCR writes (bsc#1262480).
- serial: 8250_dw: Ensure BUSY is deasserted (bsc#1262480).
- serial: 8250_dw: Rework dw8250_handle_irq() locking and IIR handling (bsc#1262480).
- serial: 8250_dw: Rework IIR_NO_INT handling to stop interrupt storm (bsc#1262480).
- Set CONFIG_INTEL_TSX_MODE to follow upstream AUTO default (bsc#1263044).
- soc/tegra: cbb: Set ERD on resume for err interrupt (git-fixes).
- soc: qcom: aoss: compare against normalized cooling state (git-fixes).
- soc: qcom: llcc: fix v1 SB syndrome register offset (git-fixes).
- soc: qcom: ocmem: make the core clock optional (git-fixes).
- soc: qcom: ocmem: register reasons for probe deferrals (git-fixes).
- soc: qcom: ocmem: return -EPROBE_DEFER is ocmem is not available (git-fixes).
- sound: ua101: fix division by zero at probe (git-fixes).
- soundwire: bus: demote UNATTACHED state warnings to dev_dbg() (git-fixes).
- soundwire: cadence: Clear message complete before signaling waiting thread (git-fixes).
- soundwire: debugfs: initialize firmware_file to empty string (git-fixes).
- spi: aspeed-smc: fix controller deregistration (git-fixes).
- spi: at91-usart: fix controller deregistration (git-fixes).
- spi: atmel: fix controller deregistration (git-fixes).
- spi: bcm63xx: fix controller deregistration (git-fixes).
- spi: bcmbca-hsspi: fix controller deregistration (git-fixes).
- spi: cadence: fix controller deregistration (git-fixes).
- spi: cadence: fix unclocked access on unbind (git-fixes).
- spi: ch341: fix memory leaks on probe failures (git-fixes).
- spi: coldfire-qspi: fix controller deregistration (git-fixes).
- spi: dln2: fix controller deregistration (git-fixes).
- spi: fix controller cleanup() documentation (git-fixes).
- spi: fix misleading controller deregistration kernel-doc (git-fixes).
- spi: fix misleading controller registration kernel-doc (git-fixes).
- spi: fsl-espi: fix controller deregistration (git-fixes).
- spi: fsl-qspi: Use reinit_completion() for repeated operations (git-fixes).
- spi: fsl: fix controller deregistration (git-fixes).
- spi: hisi-kunpeng: prevent infinite while() loop in hisi_spi_flush_fifo (git-fixes).
- spi: img-spfi: fix controller deregistration (git-fixes).
- spi: imx: fix runtime pm leak on probe deferral (git-fixes).
- spi: imx: fix use-after-free on unbind (git-fixes).
- spi: lantiq-ssc: fix controller deregistration (git-fixes).
- spi: meson-spicc: fix controller deregistration (git-fixes).
- spi: microchip-core-qspi: fix controller deregistration (git-fixes).
- spi: mpc52xx: fix controller deregistration (git-fixes).
- spi: mpc52xx: fix use-after-free on registration failure (git-fixes).
- spi: mpc52xx: fix use-after-free on unbind (git-fixes).
- spi: mtk-nor: fix controller deregistration (git-fixes).
- spi: mtk-snfi: fix memory leak in probe (git-fixes).
- spi: mtk-snfi: unregister ECC engine on probe failure and remove() callback (git-fixes).
- spi: mxic: fix controller deregistration (git-fixes).
- spi: mxs: fix controller deregistration (git-fixes).
- spi: npcm-pspi: fix controller deregistration (git-fixes).
- spi: omap2-mcspi: fix controller deregistration (git-fixes).
- spi: orion: fix clock imbalance on registration failure (git-fixes).
- spi: orion: fix controller deregistration (git-fixes).
- spi: orion: fix runtime pm leak on unbind (git-fixes).
- spi: pic32-sqi: fix controller deregistration (git-fixes).
- spi: pic32: fix controller deregistration (git-fixes).
- spi: pl022: fix controller deregistration (git-fixes).
- spi: qup: fix controller deregistration (git-fixes).
- spi: rockchip: fix controller deregistration (git-fixes).
- spi: rockchip: Read ISR, not IMR, to detect cs-inactive IRQ (git-fixes).
- spi: rspi: fix controller deregistration (git-fixes).
- spi: s3c64xx: fix controller deregistration (git-fixes).
- spi: s3c64xx: fix NULL-deref on driver unbind (git-fixes).
- spi: sh-hspi: fix controller deregistration (git-fixes).
- spi: sprd: fix controller deregistration (git-fixes).
- spi: st-ssc4: fix controller deregistration (git-fixes).
- spi: sun4i: fix controller deregistration (git-fixes).
- spi: sun6i: fix controller deregistration (git-fixes).
- spi: syncuacer: fix controller deregistration (git-fixes).
- spi: ti-qspi: fix controller deregistration (git-fixes).
- spi: topcliff-pch: fix controller deregistration (git-fixes).
- spi: topcliff-pch: fix use-after-free on unbind (git-fixes).
- spi: uniphier: fix controller deregistration (git-fixes).
- spi: uniphier: Simplify clock handling with devm_clk_get_enabled() (stable-fixes).
- spi: zynq-qspi: fix controller deregistration (git-fixes).
- spi: zynq-qspi: Simplify clock handling with devm_clk_get_enabled() (stable-fixes).
- spi: zynqmp-gqspi: fix controller deregistration (git-fixes).
- staging: media: atomisp: Disallow all private IOCTLs (git-fixes).
- staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() (git-fixes).
- staging: sm750fb: fix division by zero in ps_to_hz() (git-fixes).
- staging: vme_user: fix root device leak on init failure (git-fixes).
- tg3: replace placeholder MAC address with device property (git-fixes).
- thermal/drivers/spear: Fix error condition for reading st,thermal-flags (git-fixes).
- thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp (git-fixes).
- thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata (git-fixes).
- tools/power/turbostat: Fix microcode patch level output for AMD/Hygon (git-fixes).
- tools: hv: Fix cross-compilation (git-fixes).
- tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() (git-fixes).
- tpm: avoid -Wunused-but-set-variable (git-fixes).
- tpm: Fix auth session leak in tpm2_get_random() error path (git-fixes).
- tpm: tpm_tis: add error logging for data transfer (git-fixes).
- tpm: tpm_tis: stop transmit if retries are exhausted (git-fixes).
- tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (git-fixes).
- tty: serial: ip22zilog: Fix section mispatch warning (git-fixes).
- udp: Force compute_score to always inline (bsc#1241259).
- unshare: fix unshare_fs() handling (git-fixes).
- USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen (git-fixes).
- usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change (git-fixes).
- usb: chipidea: otg: not wait vbus drop if use role_switch (git-fixes).
- USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (stable-fixes).
- usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (stable-fixes).
- usb: gadget: f_hid: Add missing error code (git-fixes).
- usb: gadget: f_hid: don't call cdev_init while cdev in use (git-fixes).
- usb: gadget: f_hid: move list and spinlock inits from bind to alloc (stable-fixes).
- usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() (git-fixes).
- usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() (git-fixes).
- usb: gadget: f_uac1_legacy: validate control request size (stable-fixes).
- usb: gadget: renesas_usb3: validate endpoint index in standard request handlers (git-fixes).
- usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo (git-fixes).
- USB: omap_udc: DMA: Don't enable burst 4 mode (git-fixes).
- usb: port: add delay after usb_hub_set_port_power() (git-fixes).
- usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (stable-fixes).
- USB: serial: io_edgeport: add support for Blackbox IC135A (stable-fixes).
- USB: serial: option: add MeiG Smart SRM825WN (stable-fixes).
- USB: serial: option: add support for Rolling Wireless RW135R-GL (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A MBIM composition (git-fixes).
- USB: serial: option: add Telit Cinterion LE910Cx compositions (stable-fixes).
- usb: storage: Expand range of matched versions for VL817 quirks entry (git-fixes).
- usb: typec: tcpm: reset internal port states on soft reset AMS (git-fixes).
- usb: ulpi: fix memory leak on ulpi_register() error paths (git-fixes).
- usb: usblp: fix heap leak in IEEE 1284 device ID via short response (stable-fixes).
- usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl (stable-fixes).
- usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable() (git-fixes).
- usbip: validate number_of_packets in usbip_pack_ret_submit() (git-fixes).
- vfio/pci: Lock upstream bridge for vfio_pci_core_disable() (git-fixes).
- vfio/pds: Fix memory leak in pds_vfio_dirty_enable() (git-fixes).
- vfio/pds: Fix missing detach_ioas op (git-fixes).
- vfio/pds: replace bitmap_free with vfree (git-fixes).
- vfio/type1: Fix error unwind in migration dirty bitmap allocation (git-fixes).
- vfio: Fix unbalanced vfio_df_close call in no-iommu mode (git-fixes).
- vfio: Prevent open_count decrement to negative (git-fixes).
- virt: arm-cca-guest: fix error check for RSI_INCOMPLETE (git-fixes).
- virt: sev-guest: Do not use host-controlled page order in cleanup path (git-fixes).
- virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (git-fixes).
- virt: tdx-guest: Return error for GetQuote failures (git-fixes).
- wifi: ath5k: do not access array OOB (git-fixes).
- wifi: ath9k: Fix typo (git-fixes).
- wifi: ath10k: fix station lookup failure during disconnect (git-fixes).
- wifi: ath11k: fix memory leaks in beacon template setup (git-fixes).
- wifi: ath12k: fix leak in some ath12k_wmi_xxx() functions (git-fixes).
- wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions (git-fixes).
- wifi: b43: enforce bounds check on firmware key index in b43_rx() (git-fixes).
- wifi: b43legacy: enforce bounds check on firmware key index in RX path (git-fixes).
- wifi: brcmfmac: Fix error pointer dereference (git-fixes).
- wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task (git-fixes).
- wifi: brcmfmac: validate bsscfg indices in IF events (stable-fixes).
- wifi: brcmsmac: Fix dma_free_coherent() size (git-fixes).
- wifi: cw1200: Revert 'Fix locking in error paths' (git-fixes).
- wifi: libertas: notify firmware load wait on disconnect (git-fixes).
- wifi: mac80211: check ieee80211_rx_data_set_link return in pubsta MLO path (git-fixes).
- wifi: mac80211: check tdls flag in ieee80211_tdls_oper (stable-fixes).
- wifi: mac80211: drop stray 'static' from fast-RX rx_result (git-fixes).
- wifi: mac80211: handle VHT EXT NSS in ieee80211_determine_our_sta_mode() (git-fixes).
- wifi: mac80211: remove station if connection prep fails (git-fixes).
- wifi: mac80211: use safe list iteration in radar detect work (git-fixes).
- wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req() (git-fixes).
- wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (stable-fixes).
- wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (git-fixes).
- wifi: mt76: mt7615: fix use_cts_prot support (git-fixes).
- wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() (git-fixes).
- wifi: mt76: mt7915: fix use_cts_prot support (git-fixes).
- wifi: mt76: mt7921: fix 6GHz regulatory update on connection (git-fixes).
- wifi: mt76: mt7921: fix a potential clc buffer length underflow (git-fixes).
- wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work (git-fixes).
- wifi: mt76: mt7921: Place upper limit on station AID (git-fixes).
- wifi: mt76: mt7921: Reset ampdu_state state in case of failure in mt76_connac2_tx_check_aggr() (git-fixes).
- wifi: mt76: mt7925: fix AMPDU state handling in mt7925_tx_check_aggr (git-fixes).
- wifi: mt76: mt7925: fix incorrect length field in txpower command (git-fixes).
- wifi: mt76: mt7925: Fix incorrect MLO mode in firmware control (git-fixes).
- wifi: mt76: mt7925: fix incorrect TLV length in CLC command (git-fixes).
- wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() (git-fixes).
- wifi: mt76: mt7925: prevent NULL vif dereference in mt7925_mac_write_txwi (git-fixes).
- wifi: mt76: mt7996: fix FCS error flag check in RX descriptor (git-fixes).
- wifi: mt76: mt7996: fix struct mt7996_mcu_uni_event (git-fixes).
- wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work() (git-fixes).
- wifi: mwifiex: Fix memory leak in mwifiex_11n_aggregate_pkt() (git-fixes).
- wifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST usage (git-fixes).
- wifi: nl80211: require admin perm on SET_PMK / DEL_PMK (git-fixes).
- wifi: rsi: fix kthread lifetime race between self-exit and external-stop (git-fixes).
- wifi: rt2x00usb: fix devres lifetime (git-fixes).
- wifi: rtl8xxxu: fix potential use of uninitialized value (git-fixes).
- wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet (git-fixes).
- wifi: rtw88: Add additional USB IDs for RTL8812BU (bsc#1263135).
- wifi: rtw88: Add BUFFALO WI-U3-866DHP to the USB ID list (bsc#1263135).
- wifi: rtw88: Add support for Mercusys MA30N and D-Link DWA-T185 rev. A1 (bsc#1263135).
- wifi: rtw88: check for PCI upstream bridge existence (git-fixes).
- wifi: rtw88: fix device leak on probe failure (git-fixes).
- wifi: rtw88: rtw8822bu VID/PID for BUFFALO WI-U2-866DM (bsc#1263135).
- wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap() (git-fixes).
- wifi: wl1251: validate packet IDs before indexing tx_frames (stable-fixes).
- x86/acpi/boot: Correct acpi_is_processor_usable() check again (git-fixes).
- x86/boot/sev: Avoid shared GHCB page for early memory acceptance (git-fixes).
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM (git-fixes).
- x86/boot: Fix page table access in 5-level to 4-level paging transition (git-fixes).
- x86/CPU/AMD: Add X86_FEATURE_ZEN6 (bsc#1263255).
- x86/cpufeatures: Free up unused feature bits (bsc#1263255).
- x86/fred: Fix early boot failures on SEV-ES/SNP guests (git-fixes).
- x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (git-fixes).
- x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() (git-fixes).
- x86/sev: Do not touch VMSA pages during SNP guest memory kdump (git-fixes).
- x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero (git-fixes).
- x86/sev: Fix operator precedence in GHCB_MSR_VMPL_REQ_LEVEL macro (git-fixes).
- x86/sev: Improve handling of writes to intercepted TSC MSRs (git-fixes).
- x86/sev: Make sure pages are not skipped during kdump (git-fixes).
- x86/tsx: Get the tsx= command line parameter with early_param() (bsc#1250951 bsc#1263044).
- x86/tsx: Make tsx_ctrl_state static (bsc#1250951 bsc#1263044).
- x86/vmware: Parse MP tables for SEV-SNP enabled guests under VMware hypervisors (git-fixes).
- X.509: Fix out-of-bounds access when parsing extensions (git-fixes).
- Xarray: do not return sibling entries from xas_find_marked() (bsc#1263815).

-----------------------------------------------------------------
Advisory ID: 824
Released:    Fri May 29 11:59:18 2026
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    important
References:  1258311,1259825,1262315
This update for crypto-policies fixes the following issues:

Changes in crypto-policies:

- Allow X25519 as required for sntrup761x25519-sha512 at openssh.com
  and sntrup761x25519-sha512 in the DEFAULT policy again. (bsc#1259825)

- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
  * Enable sntrup761x25519-sha512 for OpenSSH by default

- Modify the output of fips-mode-setup to hint the user when
  setting the FIPS mode in transactional systems to use the
  command 'transactional-update setup-fips'. (bsc#1262315)

-----------------------------------------------------------------
Advisory ID: 861
Released:    Tue Jun  2 09:22:47 2026
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  
This update for aaa_base fixes the following issues:

- Update to version 84.87+git20260529.c4391e5:
    * $status to $?
    * Simplifying the sh part too
    * Addressing review comments and simplifying a bit
    * Handle javas managed by libalternatives and by update-alternatives alike

-----------------------------------------------------------------
Advisory ID: 867
Released:    Tue Jun  2 11:13:41 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues

- CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441).
- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (use chroot = no) (bsc#1264511).
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).


The following package changes have been done:

- system-user-root-20190513-160000.2.2 added
- filesystem-84.87-160000.2.2 added
- branding-SLE-16-160000.2.2 added
- crypto-policies-20250714.cd6043a-160000.2.1 added
- dbus-broker-block-restart-36-160000.3.1 added
- file-magic-5.46-160000.2.2 added
- glibc-2.40-160000.5.1 added
- libsemanage-conf-3.8.1-160000.2.2 added
- pkgconf-m4-2.2.0-160000.2.2 added
- systemd-default-settings-branding-upstream-0.10-160000.2.2 added
- terminfo-base-6.5.20250531-160000.2.2 added
- libncurses6-6.5.20250531-160000.2.2 added
- ncurses-utils-6.5.20250531-160000.2.2 added
- libzstd1-1.5.7-160000.2.2 added
- libz1-1.2.13-160000.3.1 added
- libuuid1-2.41.1-160000.3.1 added
- libunistring5-1.3-160000.3.2 added
- libtextstyle0-0.22.5-160000.2.2 added
- libtasn1-6-4.21.0-160000.1.1 added
- libsqlite3-0-3.51.3-160000.1.1 added
- libsmartcols1-2.41.1-160000.3.1 added
- libsepol2-3.8.1-160000.2.2 added
- libseccomp2-2.6.0-160000.2.2 added
- libpopt0-1.19-160000.2.2 added
- libpkgconf5-2.2.0-160000.2.2 added
- libpcre2-8-0-10.45-160000.3.1 added
- libnss_usrfiles2-2.27.1-160000.3.2 added
- liblzma5-5.8.1-160000.3.1 added
- liblz1-1.15-160000.2.2 added
- liblua5_4-5-5.4.7-160000.2.2 added
- libkbdfile1-2.7.1-160000.2.2 added
- libjson-c5-0.17-160000.2.2 added
- libjitterentropy3-3.6.3-160000.2.2 added
- libgpg-error0-1.58-160000.1.1 added
- libgmp10-6.3.0-160000.2.2 added
- libgcc_s1-15.2.0+git10201-160000.2.1 added
- libfuse3-3-3.16.2-160000.2.2 added
- libexpat1-2.7.1-160000.5.1 added
- libefivar1-38-160000.2.2 added
- libeconf0-0.7.9-160000.2.2 added
- libcrypt1-4.4.38-160000.3.2 added
- libcap2-2.73-160000.3.1 added
- libcap-ng0-0.8.5-160000.3.2 added
- libbz2-1-1.0.8-160000.2.2 added
- libbrotlicommon1-1.1.0-160000.2.2 added
- libaudit1-4.0-160000.2.2 added
- libattr1-2.5.2-160000.2.2 added
- libalternatives1-1.2+30.a5431e9-160000.2.2 added
- libacl1-2.3.2-160000.2.2 added
- fillup-1.42-160000.2.2 added
- envsubst-0.22.5-160000.2.2 added
- diffutils-3.12-160000.2.2 added
- libreadline8-8.2.13-160000.2.2 added
- pigz-2.8-160000.2.2 added
- libpng16-16-1.6.44-160000.7.1 added
- libelf1-0.192-160000.3.1 added
- libidn2-0-2.3.8-160000.2.2 added
- liblastlog2-2-2.41.1-160000.3.1 added
- pkgconf-2.2.0-160000.2.2 added
- libselinux1-3.8.1-160000.3.1 added
- netcfg-11.6-160000.2.2 added
- libxml2-2-2.13.8-160000.4.1 added
- libkfont0-2.7.1-160000.2.2 added
- libkeymap1-2.7.1-160000.2.2 added
- libgcrypt20-1.12.1-160000.1.1 added
- libmpfr6-4.2.1-160000.2.2 added
- libstdc++6-15.2.0+git10201-160000.2.1 added
- efibootmgr-18-160000.2.2 added
- libblkid1-2.41.1-160000.3.1 added
- perl-base-5.42.0-160000.2.2 added
- libudev1-257.13-160000.1.1 added
- libsystemd0-257.13-160000.1.1 added
- libmagic1-5.46-160000.2.2 added
- libbrotlidec1-1.1.0-160000.2.2 added
- alts-1.2+30.a5431e9-160000.2.2 added
- permctl-1699_20250120-160000.2.2 added
- bash-5.2.37-160000.2.2 added
- bash-sh-5.2.37-160000.2.2 added
- libdw1-0.192-160000.3.1 added
- sed-4.9-160000.2.2 added
- libsubid5-4.17.2-160000.2.2 added
- libsemanage2-3.8.1-160000.2.2 added
- findutils-4.10.0-160000.2.2 added
- libmount1-2.41.1-160000.3.1 added
- libfdisk1-2.41.1-160000.3.1 added
- file-5.46-160000.2.2 added
- libfreetype6-2.13.3-160000.3.1 added
- zstd-1.5.7-160000.2.2 added
- xz-5.8.1-160000.3.1 added
- pkgconf-pkg-config-2.2.0-160000.2.2 added
- login_defs-4.17.2-160000.2.2 added
- libdevmapper1_03-2.03.29_1.02.203-160000.3.1 added
- gzip-1.13-160000.2.2 added
- grep-3.11-160000.2.2 added
- gettext-runtime-0.22.5-160000.2.2 added
- gawk-5.3.2-160000.2.2 added
- cpio-2.15-160000.2.2 added
- coreutils-9.6-160000.2.2 added
- libasm1-0.192-160000.3.1 added
- libdevmapper-event1_03-2.03.29_1.02.203-160000.3.1 added
- grub2-common-2.12-160000.6.1 added
- thin-provisioning-tools-1.1.0-160000.2.2 added
- systemd-rpm-macros-26-160000.2.2 added
- systemd-presets-common-SUSE-15-160000.2.2 added
- rpm-config-SUSE-20250328-160000.2.2 added
- rpm-4.20.1-160000.2.2 added
- permissions-config-1699_20250120-160000.2.2 added
- libopenssl3-3.5.0-160000.7.1 added
- elfutils-0.192-160000.3.1 added
- grub2-x86_64-efi-2.12-160000.6.1 added
- grub2-i386-pc-2.12-160000.6.1 added
- device-mapper-2.03.29_1.02.203-160000.3.1 added
- systemd-presets-branding-Elemental-20240807-160000.2.2 added
- permissions-1699_20250120-160000.2.2 added
- libkmod2-34.2-160000.3.2 added
- grub2-2.12-160000.6.1 added
- libcryptsetup12-2.8.4-160000.1.1 added
- pam-1.7.1-160000.3.1 added
- iputils-20240905-160000.2.2 added
- util-linux-2.41.1-160000.3.1 added
- shadow-4.17.2-160000.2.2 added
- pam-extra-1.7.1-160000.3.1 added
- kbd-2.7.1-160000.2.2 added
- update-bootloader-1.27-160000.1.1 added
- sysuser-shadow-3.3-160000.2.2 added
- pam-config-2.13+git.20250715-160000.2.2 added
- shim-16.1-160000.1.1 added
- system-user-lp-20170617-160000.2.2 added
- system-group-kvm-20170617-160000.2.2 added
- system-group-hardware-20170617-160000.2.2 added
- dbus-1-common-1.14.10-160000.2.2 added
- libdbus-1-3-1.14.10-160000.2.2 added
- dbus-1-tools-1.14.10-160000.2.2 added
- SL-Micro-release-6.2-160000.18.1 added
- aaa_base-84.87+git20260602.e901e17e-160000.1.1 added
- systemd-257.13-160000.1.1 added
- dbus-broker-36-160000.3.1 added
- dbus-1-1.14.10-160000.2.2 added
- util-linux-systemd-2.41.1-160000.3.1 added
- suse-module-tools-16.0.64-160000.1.1 added
- kmod-34.2-160000.3.2 added
- udev-257.13-160000.1.1 added
- dracut-059+suse.720.g64cb9fbf-160000.1.1 added
- suse-module-tools-scriptlets-16.0.64-160000.1.1 added
- kernel-default-6.12.0-160000.34.1 added
- libbpf1-1.6.1-160000.1.2 added
- libcom_err2-1.47.0-160000.3.2 added
- libffi8-3.4.6-160000.2.2 added
- libfreebl3-3.112.5-160000.1.1 added
- libglib-2_0-0-2.84.4-160000.2.1 added
- libkeyutils1-1.6.3-160000.3.2 added
- libldap-data-2.6.10+10-160000.3.1 added
- liblz4-1-1.10.0-160000.3.1 added
- liblzo2-2-2.10-160000.3.2 added
- libmnl0-1.0.5-160000.2.2 added
- libndp0-1.8-160000.2.2 added
- libnghttp2-14-1.64.0-160000.3.1 added
- libnl-config-3.11.0-160000.2.2 added
- libpsl5-0.21.5-160000.3.2 added
- libsasl2-3-2.1.28-160000.3.1 added
- libssh-config-0.11.4-160000.1.1 added
- libverto1-0.3.2-160000.2.2 added
- libxtables12-1.8.11-160000.2.2 added
- logrotate-3.22.0-160000.2.2 added
- mozilla-nspr-4.36.2-160000.1.1 added
- tar-1.35-160000.3.1 added
- libp11-kit0-0.25.5-160000.2.2 added
- shared-mime-info-2.4-160000.2.2 added
- libgobject-2_0-0-2.84.4-160000.2.1 added
- libgmodule-2_0-0-2.84.4-160000.2.1 added
- squashfs-4.6.1-160000.2.2 added
- libnl3-200-3.11.0-160000.2.2 added
- libldap-2-2.6.10+10-160000.3.1 added
- krb5-1.21.3-160000.2.2 added
- iproute2-6.12-160000.3.1 added
- mozilla-nss-certs-3.112.5-160000.1.1 added
- p11-kit-0.25.5-160000.2.2 added
- p11-kit-tools-0.25.5-160000.2.2 added
- gio-branding-SLE-16-160000.2.3 added
- libgio-2_0-0-2.84.4-160000.2.1 added
- glib2-tools-2.84.4-160000.2.1 added
- wpa_supplicant-2.11-160000.3.1 added
- libssh4-0.11.4-160000.1.1 added
- mozilla-nss-3.112.5-160000.1.1 added
- libsoftokn3-3.112.5-160000.1.1 added
- ca-certificates-2+git20240805.fd24d50-160000.2.2 added
- ca-certificates-mozilla-2.84-160000.1.1 added
- libcurl4-8.14.1-160000.5.1 added
- libnm0-1.52.0-160000.4.1 added
- curl-8.14.1-160000.5.1 added
- NetworkManager-branding-SLE-42.1-160000.2.2 added
- NetworkManager-1.52.0-160000.4.1 added
- btrfsprogs-udev-rules-6.14-160000.2.2 added
- libauparse0-4.0-160000.2.2 added
- libext2fs2-1.47.0-160000.3.2 added
- libwrap0-7.6-160000.2.2 added
- system-group-audit-4.0-160000.2.2 added
- btrfsprogs-6.14-160000.2.2 added
- btrfsmaintenance-0.5-160000.2.2 added
- audit-rules-4.0-160000.2.2 added
- audit-4.0-160000.2.2 added
- dmidecode-3.6-160000.2.2 added
- libaio1-0.3.113-160000.3.2 added
- openssl-3.5.0-160000.2.2 added
- openssl-3-3.5.0-160000.7.1 added
- liblvm2cmd2_03-2.03.29-160000.3.1 added
- lvm2-2.03.29-160000.3.1 added
- boost-license1_86_0-1.86.0-160000.2.2 added
- dosfstools-4.2-160000.2.2 added
- e2fsprogs-1.47.0-160000.3.2 added
- elemental-register-1.9.2-160000.1.1 added
- elemental-support-1.9.2-160000.1.1 added
- elemental-system-agent-0.3.16-160000.1.1 added
- elemental-updater-2.3.0-160000.1.1 added
- glibc-gconv-modules-extra-2.40-160000.5.1 added
- glibc-locale-base-2.40-160000.5.1 added
- gptfdisk-1.0.10-160000.2.2 added
- libbtrfs0-6.14-160000.2.2 added
- libbtrfsutil1-6.14-160000.2.2 added
- libburn4-1.5.6-160000.2.2 added
- libedit0-20210910.3.1-160000.2.2 added
- libinih0-58-160000.2.2 added
- libjte2-1.22-160000.2.2 added
- libmpdec4-4.0.1-160000.2.2 added
- libparted-fs-resize0-3.6-160000.2.2 added
- libparted2-3.6-160000.2.2 added
- libproc2-1-4.0.5-160000.2.2 added
- liburcu8-0.14.0-160000.2.2 added
- libxxhash0-0.8.3-160000.2.2 added
- libzio1-1.09-160000.2.2 added
- libboost_thread1_86_0-1.86.0-160000.2.2 added
- mtools-4.0.45-160000.2.2 added
- libisofs6-1.5.6-160000.2.2 added
- python313-base-3.13.13-160000.1.1 added
- libpython3_13-1_0-3.13.13-160000.1.1 added
- parted-3.6-160000.2.2 added
- procps-4.0.5-160000.2.2 added
- rsync-3.4.1-160000.4.1 added
- info-7.1-160000.2.2 added
- libsnapper7-0.12.1-160000.2.2 added
- libisoburn1-1.5.6-160000.3.2 added
- xfsprogs-6.19.0-160000.1.1 added
- snapper-0.12.1-160000.2.2 added
- xorriso-1.5.6-160000.3.2 added
- elemental-toolkit-2.3.4-160000.1.1 added
- elemental-2.3.0-160000.1.1 added
- libassuan9-3.0.2-160000.2.2 added
- libfa1-1.14.1-160000.2.2 added
- libksba8-1.6.7-160000.2.2 added
- libnpth0-1.8-160000.2.3 added
- libsigc-2_0-0-2.12.1-160000.3.2 added
- libsolv-tools-base-0.7.36-160000.1.1 added
- libusb-1_0-0-1.0.28-160000.2.2 added
- compat-usrmerge-tools-84.87-160000.2.2 added
- libyaml-cpp0_8-0.8.0-160000.2.2 added
- libzck1-1.5.1-160000.2.2 added
- pinentry-1.3.1-160000.2.2 added
- libaugeas0-1.14.1-160000.2.2 added
- gpg2-2.5.5-160000.5.1 added
- libgpgme11-1.24.3-160000.3.1 added
- libzypp-17.38.5-160000.1.1 added
- zypper-1.14.95-160000.1.1 added
- container:bci-bci-base-16.0-862d21cd45a676dbdcc46b7575625cd0c75638ce0e492e125c62b31861d50746-0 updated


More information about the sle-container-updates mailing list