SUSE-CU-2026:6172-1: Security update of rancher/seedimage-builder

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 19 07:05:26 UTC 2026


SUSE Container Update Advisory: rancher/seedimage-builder
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6172-1
Container Tags        : rancher/seedimage-builder:1.8.2 , rancher/seedimage-builder:1.8.2-5.6
Container Release     : 5.6
Severity              : important
Type                  : security
References            : 1084929 1174091 1176053 1205042 1205462 1208690 1210638 1210938
                        1214285 1215199 1216320 1216378 1217782 1217783 1217826 1217877
                        1217885 1217885 1218879 1218880 1219559 1219666 1220763 1221126
                        1221812 1221854 1222121 1222465 1225660 1226412 1226447 1226448
                        1226529 1227322 1227378 1227999 1228081 1228086 1228086 1228165
                        1228184 1228659 1228728 1228780 1228879 1229007 1229122 1229122
                        1229238 1229339 1229596 1229685 1229704 1229822 1230052 1230078
                        1230227 1230468 1230551 1230552 1230906 1231185 1231185 1231284
                        1231328 1231328 1231373 1231463 1231476 1231494 1231565 1231589
                        1231714 1231727 1231792 1231792 1231795 1231986 1232024 1232063
                        1232063 1232234 1232241 1232921 1232931 1233282 1233313 1233529
                        1233593 1233594 1233668 1233773 1234563 1234765 1234959 1235695
                        1235784 1235905 1236045 1236046 1236151 1236217 1236217 1236632
                        1236664 1236705 1236801 1236976 1236977 1236978 1236982 1236982
                        1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020
                        1237021 1237042 1237096 1237137 1237695 1237695 1238450 1238572
                        1238848 1239092 1239210 1239334 1239623 1239632 1239718 1239763
                        1239866 1239944 1240031 1240550 1240623 1240870 1240897 1240897
                        1240919 1240919 1241020 1241020 1241078 1241078 1241114 1241612
                        1241680 1241802 1241826 1241857 1241897 1241957 1242170 1242505
                        1242844 1242974 1242986 1243254 1243254 1243452 1243505 1243505
                        1243507 1243662 1243756 1243760 1243923 1244156 1244156 1244157
                        1244157 1244158 1244263 1244325 1244449 1244485 1244485 1245274
                        1245275 1245636 1245738 1245759 1245953 1246184 1246231 1246282
                        1246360 1246399 1246472 1246481 1246486 1246504 1246597 1246597
                        1246974 1246974 1247030 1247105 1247114 1247117 1247240 1247242
                        1247292 1247539 1247712 1247819 1248093 1248166 1248175 1248178
                        1248179 1248185 1248188 1248196 1248206 1248208 1248209 1248211
                        1248212 1248213 1248214 1248216 1248217 1248222 1248227 1248228
                        1248229 1248232 1248234 1248240 1248356 1248360 1248366 1248384
                        1248501 1248586 1248586 1248626 1249088 1249191 1249307 1249348
                        1249367 1249375 1249375 1249385 1249609 1249895 1249998 1250032
                        1250082 1250388 1250399 1250562 1250562 1250632 1250655 1250664
                        1250705 1250738 1250748 1250983 1250983 1251253 1251254 1251255
                        1251256 1251257 1251258 1251259 1251260 1251261 1251262 1251275
                        1251276 1251277 1251511 1251679 1251679 1251794 1251795 1251827
                        1251981 1252025 1252036 1252217 1252217 1252689 1252696 1252712
                        1252752 1252752 1252773 1252784 1252891 1252900 1252930 1252931
                        1252932 1252933 1252934 1252935 1253001 1253025 1253029 1253029
                        1253029 1253049 1253078 1253079 1253087 1253177 1253178 1253193
                        1253344 1253404 1253491 1253500 1253581 1253584 1253584 1253679
                        1253739 1253757 1253889 1253901 1253960 1254041 1254041 1254079
                        1254157 1254158 1254159 1254160 1254244 1254264 1254266 1254299
                        1254308 1254415 1254441 1254447 1254480 1254563 1254666 1254670
                        1254670 1254839 1254842 1254845 1254873 1254928 1254977 1255052
                        1255053 1255066 1255102 1255111 1255128 1255157 1255164 1255172
                        1255216 1255232 1255241 1255245 1255266 1255268 1255269 1255319
                        1255326 1255327 1255346 1255372 1255378 1255402 1255403 1255417
                        1255459 1255482 1255506 1255526 1255527 1255529 1255530 1255536
                        1255537 1255542 1255544 1255547 1255569 1255593 1255622 1255678
                        1255694 1255695 1255703 1255708 1255731 1255732 1255733 1255734
                        1255764 1255765 1255811 1255858 1255895 1255930 1256070 1256105
                        1256341 1256389 1256427 1256483 1256525 1256526 1256579 1256582
                        1256584 1256586 1256591 1256592 1256593 1256594 1256597 1256605
                        1256607 1256608 1256609 1256610 1256611 1256612 1256613 1256616
                        1256617 1256619 1256622 1256623 1256624 1256625 1256627 1256628
                        1256630 1256632 1256638 1256641 1256643 1256644 1256645 1256646
                        1256650 1256651 1256653 1256654 1256655 1256656 1256659 1256660
                        1256661 1256664 1256665 1256667 1256668 1256674 1256677 1256680
                        1256682 1256683 1256688 1256689 1256716 1256726 1256728 1256730
                        1256733 1256737 1256741 1256742 1256744 1256748 1256749 1256752
                        1256754 1256755 1256756 1256757 1256759 1256760 1256761 1256763
                        1256770 1256773 1256774 1256777 1256779 1256780 1256781 1256785
                        1256792 1256793 1256794 1256829 1256830 1256831 1256832 1256833
                        1256834 1256835 1256836 1256837 1256838 1256839 1256840 1256864
                        1256865 1256867 1256975 1257010 1257015 1257035 1257053 1257144
                        1257154 1257155 1257158 1257159 1257163 1257164 1257167 1257168
                        1257179 1257180 1257202 1257204 1257207 1257208 1257215 1257217
                        1257218 1257220 1257221 1257225 1257227 1257232 1257234 1257236
                        1257238 1257243 1257245 1257274 1257276 1257277 1257279 1257282
                        1257296 1257309 1257325 1257359 1257364 1257365 1257396 1257463
                        1257473 1257496 1257504 1257603 1257669 1257908 1257912 1257955
                        1258002 1258020 1258022 1258045 1258045 1258049 1258049 1258051
                        1258054 1258054 1258080 1258080 1258081 1258081 1258183 1258311
                        1258319 1258392 1258506 1258784 1258859 1258945 1258960 1259051
                        1259362 1259363 1259364 1259365 1259543 1259616 1259619 1259619
                        1259652 1259706 1259711 1259726 1259729 1259767 1259803 1259825
                        1259842 1259859 1259963 1260078 1260082 1260264 1260264 1260277
                        1260441 1260442 1260443 1260444 1260445 1260589 1260754 1260755
                        1260876 1261206 1261280 1261420 1261653 1261654 1261655 1261656
                        1261657 1261658 1261659 1261660 1261661 1261678 1261772 1261809
                        1261822 1261824 1261938 1261957 1261970 1261998 1262134 1262221
                        1262223 1262315 1262464 1262465 1262631 1262632 1262635 1262636
                        1262638 1262926 1263254 1263366 1263367 1263704 1263705 1263707
                        1263708 1263709 1263710 1263711 1263712 1263713 1263714 1263715
                        1263716 1264511 1264512 1264513 1264514 1264515 1265296 1265413
                        1265762 1266187 1267168 1267423 619225 831629 CVE-2019-20907
                        CVE-2019-9947 CVE-2020-15523 CVE-2020-15801 CVE-2022-25236 CVE-2022-31022
                        CVE-2023-26154 CVE-2023-27043 CVE-2023-42818 CVE-2023-45229 CVE-2023-45230
                        CVE-2023-45853 CVE-2023-45866 CVE-2023-52425 CVE-2023-6597 CVE-2023-6917
                        CVE-2024-0397 CVE-2024-0450 CVE-2024-10041 CVE-2024-10524 CVE-2024-10975
                        CVE-2024-11595 CVE-2024-11596 CVE-2024-12678 CVE-2024-21820 CVE-2024-21853
                        CVE-2024-2236 CVE-2024-23918 CVE-2024-23984 CVE-2024-24968 CVE-2024-25131
                        CVE-2024-25133 CVE-2024-28892 CVE-2024-3019 CVE-2024-31068 CVE-2024-36293
                        CVE-2024-37020 CVE-2024-39355 CVE-2024-4030 CVE-2024-4032 CVE-2024-40897
                        CVE-2024-41311 CVE-2024-43374 CVE-2024-43790 CVE-2024-43802 CVE-2024-43803
                        CVE-2024-4467 CVE-2024-45306 CVE-2024-45336 CVE-2024-45337 CVE-2024-45338
                        CVE-2024-45341 CVE-2024-45387 CVE-2024-45769 CVE-2024-45770 CVE-2024-47814
                        CVE-2024-52533 CVE-2024-52804 CVE-2024-54031 CVE-2024-54148 CVE-2024-55196
                        CVE-2024-55947 CVE-2024-56362 CVE-2024-56513 CVE-2024-56514 CVE-2024-56738
                        CVE-2024-6232 CVE-2024-6923 CVE-2024-7409 CVE-2024-7592 CVE-2024-8088
                        CVE-2024-8508 CVE-2024-9287 CVE-2024-9632 CVE-2024-9779 CVE-2024-9781
                        CVE-2025-0840 CVE-2025-0913 CVE-2025-0913 CVE-2025-0913 CVE-2025-0938
                        CVE-2025-10148 CVE-2025-10158 CVE-2025-11021 CVE-2025-11021 CVE-2025-11083
                        CVE-2025-11187 CVE-2025-11230 CVE-2025-11230 CVE-2025-11412 CVE-2025-11413
                        CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494
                        CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153
                        CVE-2025-11561 CVE-2025-11563 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179
                        CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-11961 CVE-2025-1215
                        CVE-2025-1296 CVE-2025-13151 CVE-2025-13465 CVE-2025-14017 CVE-2025-14104
                        CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15444
                        CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-1795 CVE-2025-21609
                        CVE-2025-21613 CVE-2025-21614 CVE-2025-22130 CVE-2025-22134 CVE-2025-22866
                        CVE-2025-22868 CVE-2025-22869 CVE-2025-22870 CVE-2025-22871 CVE-2025-22872
                        CVE-2025-22872 CVE-2025-22874 CVE-2025-22874 CVE-2025-24014 CVE-2025-25207
                        CVE-2025-25208 CVE-2025-28162 CVE-2025-28164 CVE-2025-29087 CVE-2025-29087
                        CVE-2025-29088 CVE-2025-29088 CVE-2025-3198 CVE-2025-32462 CVE-2025-32463
                        CVE-2025-3360 CVE-2025-3360 CVE-2025-37744 CVE-2025-37751 CVE-2025-37841
                        CVE-2025-37845 CVE-2025-37904 CVE-2025-37955 CVE-2025-38243 CVE-2025-38262
                        CVE-2025-38297 CVE-2025-38298 CVE-2025-38379 CVE-2025-38423 CVE-2025-38488
                        CVE-2025-38505 CVE-2025-38507 CVE-2025-38510 CVE-2025-38511 CVE-2025-38512
                        CVE-2025-38513 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38521
                        CVE-2025-38529 CVE-2025-38530 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538
                        CVE-2025-38539 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38547
                        CVE-2025-38548 CVE-2025-38550 CVE-2025-38551 CVE-2025-38569 CVE-2025-38589
                        CVE-2025-38590 CVE-2025-38645 CVE-2025-39689 CVE-2025-39795 CVE-2025-39813
                        CVE-2025-39814 CVE-2025-39817 CVE-2025-39829 CVE-2025-39880 CVE-2025-39913
                        CVE-2025-39927 CVE-2025-39973 CVE-2025-40018 CVE-2025-40030 CVE-2025-40045
                        CVE-2025-40097 CVE-2025-40106 CVE-2025-40147 CVE-2025-40159 CVE-2025-40195
                        CVE-2025-40214 CVE-2025-40257 CVE-2025-40258 CVE-2025-40259 CVE-2025-40261
                        CVE-2025-40284 CVE-2025-40297 CVE-2025-40309 CVE-2025-40363 CVE-2025-4128
                        CVE-2025-4373 CVE-2025-44001 CVE-2025-44004 CVE-2025-45582 CVE-2025-4573
                        CVE-2025-46721 CVE-2025-4673 CVE-2025-4673 CVE-2025-4673 CVE-2025-47911
                        CVE-2025-47912 CVE-2025-47913 CVE-2025-47913 CVE-2025-47913 CVE-2025-47914
                        CVE-2025-47914 CVE-2025-47914 CVE-2025-47950 CVE-2025-48731 CVE-2025-49011
                        CVE-2025-49136 CVE-2025-49140 CVE-2025-49221 CVE-2025-50946 CVE-2025-5244
                        CVE-2025-5245 CVE-2025-52894 CVE-2025-52931 CVE-2025-53514 CVE-2025-53857
                        CVE-2025-53910 CVE-2025-54458 CVE-2025-54463 CVE-2025-54478 CVE-2025-54525
                        CVE-2025-54770 CVE-2025-54771 CVE-2025-55196 CVE-2025-55198 CVE-2025-55199
                        CVE-2025-55199 CVE-2025-58181 CVE-2025-58181 CVE-2025-58183 CVE-2025-58185
                        CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189 CVE-2025-58190
                        CVE-2025-59432 CVE-2025-59777 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663
                        CVE-2025-61664 CVE-2025-61723 CVE-2025-61724 CVE-2025-61725 CVE-2025-62689
                        CVE-2025-62725 CVE-2025-62725 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720
                        CVE-2025-65018 CVE-2025-66199 CVE-2025-66293 CVE-2025-68160 CVE-2025-68174
                        CVE-2025-68178 CVE-2025-68188 CVE-2025-68200 CVE-2025-68211 CVE-2025-68218
                        CVE-2025-68227 CVE-2025-68241 CVE-2025-68245 CVE-2025-68261 CVE-2025-68284
                        CVE-2025-68285 CVE-2025-68296 CVE-2025-68297 CVE-2025-68320 CVE-2025-68325
                        CVE-2025-68337 CVE-2025-68341 CVE-2025-68348 CVE-2025-68349 CVE-2025-68356
                        CVE-2025-68359 CVE-2025-68360 CVE-2025-68361 CVE-2025-68366 CVE-2025-68367
                        CVE-2025-68368 CVE-2025-68372 CVE-2025-68374 CVE-2025-68376 CVE-2025-68379
                        CVE-2025-68725 CVE-2025-68735 CVE-2025-68741 CVE-2025-68743 CVE-2025-68764
                        CVE-2025-68768 CVE-2025-68770 CVE-2025-68771 CVE-2025-68773 CVE-2025-68775
                        CVE-2025-68776 CVE-2025-68777 CVE-2025-68778 CVE-2025-68783 CVE-2025-68784
                        CVE-2025-68788 CVE-2025-68789 CVE-2025-68792 CVE-2025-68795 CVE-2025-68797
                        CVE-2025-68798 CVE-2025-68799 CVE-2025-68800 CVE-2025-68801 CVE-2025-68802
                        CVE-2025-68803 CVE-2025-68804 CVE-2025-68808 CVE-2025-68811 CVE-2025-68813
                        CVE-2025-68813 CVE-2025-68814 CVE-2025-68815 CVE-2025-68816 CVE-2025-68819
                        CVE-2025-68820 CVE-2025-68821 CVE-2025-68822 CVE-2025-69277 CVE-2025-69418
                        CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2025-6965 CVE-2025-6965
                        CVE-2025-70873 CVE-2025-70873 CVE-2025-71064 CVE-2025-71066 CVE-2025-71073
                        CVE-2025-71076 CVE-2025-71077 CVE-2025-71078 CVE-2025-71079 CVE-2025-71080
                        CVE-2025-71081 CVE-2025-71082 CVE-2025-71083 CVE-2025-71084 CVE-2025-71085
                        CVE-2025-71085 CVE-2025-71086 CVE-2025-71087 CVE-2025-71088 CVE-2025-71089
                        CVE-2025-71091 CVE-2025-71093 CVE-2025-71094 CVE-2025-71095 CVE-2025-71097
                        CVE-2025-71098 CVE-2025-71099 CVE-2025-71100 CVE-2025-71101 CVE-2025-71108
                        CVE-2025-71111 CVE-2025-71112 CVE-2025-71113 CVE-2025-71114 CVE-2025-71116
                        CVE-2025-71118 CVE-2025-71119 CVE-2025-71120 CVE-2025-71120 CVE-2025-71123
                        CVE-2025-71126 CVE-2025-71130 CVE-2025-71131 CVE-2025-71132 CVE-2025-71133
                        CVE-2025-71135 CVE-2025-71136 CVE-2025-71137 CVE-2025-71138 CVE-2025-71141
                        CVE-2025-71142 CVE-2025-71143 CVE-2025-71145 CVE-2025-71147 CVE-2025-71148
                        CVE-2025-71149 CVE-2025-71154 CVE-2025-71156 CVE-2025-71157 CVE-2025-71162
                        CVE-2025-71163 CVE-2025-7424 CVE-2025-7519 CVE-2025-7545 CVE-2025-7546
                        CVE-2025-7709 CVE-2025-7709 CVE-2025-8114 CVE-2025-8114 CVE-2025-8224
                        CVE-2025-8225 CVE-2025-8277 CVE-2025-8277 CVE-2025-8285 CVE-2025-9039
                        CVE-2025-9086 CVE-2025-9615 CVE-2026-0964 CVE-2026-0964 CVE-2026-0965
                        CVE-2026-0965 CVE-2026-0966 CVE-2026-0966 CVE-2026-0967 CVE-2026-0967
                        CVE-2026-0968 CVE-2026-0968 CVE-2026-1965 CVE-2026-22695 CVE-2026-22795
                        CVE-2026-22796 CVE-2026-22801 CVE-2026-22976 CVE-2026-22977 CVE-2026-22978
                        CVE-2026-22981 CVE-2026-22982 CVE-2026-22984 CVE-2026-22985 CVE-2026-22986
                        CVE-2026-22988 CVE-2026-22989 CVE-2026-22990 CVE-2026-22991 CVE-2026-22992
                        CVE-2026-22993 CVE-2026-22996 CVE-2026-22997 CVE-2026-22999 CVE-2026-22999
                        CVE-2026-23000 CVE-2026-23001 CVE-2026-23002 CVE-2026-23005 CVE-2026-23006
                        CVE-2026-23011 CVE-2026-23074 CVE-2026-23111 CVE-2026-23209 CVE-2026-23268
                        CVE-2026-24515 CVE-2026-24882 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646
                        CVE-2026-25727 CVE-2026-25727 CVE-2026-2673 CVE-2026-27140 CVE-2026-27143
                        CVE-2026-27144 CVE-2026-27171 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389
                        CVE-2026-28390 CVE-2026-28417 CVE-2026-29518 CVE-2026-30922 CVE-2026-3172
                        CVE-2026-31789 CVE-2026-31790 CVE-2026-3184 CVE-2026-32280 CVE-2026-32281
                        CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289 CVE-2026-32597
                        CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVE-2026-33186 CVE-2026-33186
                        CVE-2026-33186 CVE-2026-33416 CVE-2026-33636 CVE-2026-33814 CVE-2026-33845
                        CVE-2026-33846 CVE-2026-34073 CVE-2026-3446 CVE-2026-34743 CVE-2026-34757
                        CVE-2026-34986 CVE-2026-35206 CVE-2026-35535 CVE-2026-3783 CVE-2026-3784
                        CVE-2026-3805 CVE-2026-3833 CVE-2026-40355 CVE-2026-40356 CVE-2026-40393
                        CVE-2026-4046 CVE-2026-41035 CVE-2026-41066 CVE-2026-42009 CVE-2026-42010
                        CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014 CVE-2026-42015
                        CVE-2026-4271 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620
                        CVE-2026-4437 CVE-2026-4438 CVE-2026-45232 CVE-2026-45409 CVE-2026-4873
                        CVE-2026-4878 CVE-2026-5260 CVE-2026-5419 CVE-2026-5450 CVE-2026-5545
                        CVE-2026-5928 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429 
-----------------------------------------------------------------

The container rancher/seedimage-builder was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 26
Released:    Wed Nov 19 10:43:19 2025
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1229339,1233313,1237096,1238848,CVE-2024-21820,CVE-2024-21853,CVE-2024-23918,CVE-2024-23984,CVE-2024-24968,CVE-2024-31068,CVE-2024-36293,CVE-2024-37020,CVE-2024-39355
This update for dracut fixes the following issues:

- Additional fixes for PXE boot with filled-in NBFT (bsc#1238848):
    * fix (74nvmf): make sure autoconnect script is run at least once
    * fix (74nvmf): only set netroot if it's yet empty

-----------------------------------------------------------------
Advisory ID: 33
Released:    Wed Nov 19 11:14:36 2025
Summary:     Security update for ongres-scram
Type:        security
Severity:    important
References:  1208690,1217783,1217826,1222121,1226412,1226529,1230551,1230552,1250399,CVE-2023-6917,CVE-2024-3019,CVE-2024-45769,CVE-2024-45770,CVE-2025-59432
This update for ongres-scram fixes the following issues:

- CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399)

-----------------------------------------------------------------
Advisory ID: 57
Released:    Wed Nov 26 15:30:14 2025
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1231185,1231328,1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086
This update for curl fixes the following issues:

- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)

Other fixes:
- tool_operate: fix return code when --retry is used but not
  triggered (bsc#1249367)

-----------------------------------------------------------------
Advisory ID: 60
Released:    Wed Nov 26 15:34:50 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1221812,1227322,1229007,1233529,1235784,CVE-2024-4467,CVE-2024-7409
This update for cyrus-sasl fixes the following issues:

- Fixed Python3 error log upon importing pycurl (bsc#1233529)

-----------------------------------------------------------------
Advisory ID: 98
Released:    Fri Dec 12 16:58:27 2025
Summary:     Security update for binutils
Type:        security
Severity:    important
References:  1217885,1228086,1231476,1231792,1232063,1236632,1236976,1236977,1236978,1236982,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1237695,1239632,1240870,1240919,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2024-9781,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225
This update for binutils fixes the following issues:

Changes in binutils:

- Update to current 2.45 branch at 94cb1c075 to include fix
  for PR33584 (a problem related to LTO vs fortran COMMON
  blocks).

- Do not enable '-z gcs=implicit' on aarch64 for old codestreams.

Update to version 2.45:

  * New versioned release of libsframe.so.2
  * s390: tools now support SFrame format 2; recognize 'z17' as CPU
    name [bsc#1247105, jsc#IBM-1485]
  * sframe sections are now of ELF section type SHT_GNU_SFRAME.
  * sframe secions generated by the assembler have
    SFRAME_F_FDE_FUNC_START_PCREL set.
  * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0,
    Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0,
    ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0,
    sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0,
    zclsd v1.0, smrnmi v1.0;
    vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0;
    SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0;
    T-Head: xtheadvdot v1.0;
    MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0.
  * Support RISC-V privileged version 1.13, profiles 20/22/23, and
    .bfloat16 directive.
  * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS,
    AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX.
    Drop support for  AVX10.2 256 bit rounding.
  * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and
    extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui',
    '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2',
    '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'.
  * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)'
    are now being made available.
  * Add .errif and .warnif directives.
  * linker:
    - Add --image-base=<ADDR> option to the ELF linker to behave the same
      as -Ttext-segment for compatibility with LLD.
    - Add support for mixed LTO and non-LTO codes in relocatable output.
    - s390: linker generates .eh_frame and/or .sframe for linker
      generated .plt sections by default (can be disabled
      by --no-ld-generated-unwind-info).
    - riscv: add new PLT formats, and GNU property merge rules for zicfiss
      and zicfilp extensions.
- gold is no longer included

- Contains fixes for these non-CVEs (not security bugs per upstreams
  SECURITY.md):

  * bsc#1236632 aka CVE-2025-0840 aka PR32560
  * bsc#1236977 aka CVE-2025-1149 aka PR32576
  * bsc#1236978 aka CVE-2025-1148 aka PR32576
  * bsc#1236999 aka CVE-2025-1176 aka PR32636
  * bsc#1237000 aka CVE-2025-1153 aka PR32603
  * bsc#1237001 aka CVE-2025-1152 aka PR32576
  * bsc#1237003 aka CVE-2025-1151 aka PR32576
  * bsc#1237005 aka CVE-2025-1150 aka PR32576
  * bsc#1237018 aka CVE-2025-1178 aka PR32638
  * bsc#1237019 aka CVE-2025-1181 aka PR32643
  * bsc#1237020 aka CVE-2025-1180 aka PR32642
  * bsc#1237021 aka CVE-2025-1179 aka PR32640
  * bsc#1237042 aka CVE-2025-1182 aka PR32644
  * bsc#1240870 aka CVE-2025-3198 aka PR32716
  * bsc#1243756 aka CVE-2025-5244 aka PR32858
  * bsc#1243760 aka CVE-2025-5245 aka PR32829
  * bsc#1246481 aka CVE-2025-7545 aka PR33049
  * bsc#1246486 aka CVE-2025-7546 aka PR33050
  * bsc#1247114 aka CVE-2025-8224 aka PR32109
  * bsc#1247117 aka CVE-2025-8225 no PR
  * bsc#1236976 aka CVE-2025-1147 aka PR32556
  * bsc#1250632 aka CVE-2025-11083 aka PR33457
  * bsc#1251275 aka CVE-2025-11412 aka PR33452
  * bsc#1251276 aka CVE-2025-11413 aka PR33456
  * bsc#1251277 aka CVE-2025-11414 aka PR33450
  * bsc#1251794 aka CVE-2025-11494 aka PR33499
  * bsc#1251795 aka CVE-2025-11495 aka PR33502
  binutils-2.43-branch.diff.gz

-----------------------------------------------------------------
Advisory ID: 106
Released:    Mon Dec 15 13:52:50 2025
Summary:     Security update for grub2
Type:        security
Severity:    important
References:  1216320,1229122,1234959,1236045,1236046,1236801,1238572,1240550,1245636,1245738,1245953,1246231,1247242,1249088,1249385,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2024-45336,CVE-2024-45341,CVE-2024-56738,CVE-2025-22866,CVE-2025-22870,CVE-2025-22871,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for grub2 fixes the following issues:

Changes in grub2:

- CVE-2025-54771: Fixed grub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free  (bsc#1252930)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)

- Bump upstream SBAT generation to 6

- Fix 'sparse file not allowed' error after grub2-reboot (bsc#1245738)
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
- turn off page flipping for i386-pc using VBE video backend (bsc#1245636)
- Fix boot hangs in setting up serial console when ACPI SPCR table is present
  and redirection is disabled (bsc#1249088)
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
- Skip mount point in grub_find_device function (bsc#1246231)

- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)

-----------------------------------------------------------------
Advisory ID: 109
Released:    Tue Dec 16 15:14:02 2025
Summary:     Recommended update for freetype2
Type:        recommended
Severity:    moderate
References:  1233593,1233594,1233773,CVE-2024-10524,CVE-2024-11595,CVE-2024-11596
This update for freetype2 fixes the following issues:

Changes in freetype2:

- update to 2.13.3:
- Do not build the ft2demos flavor in SLE16 where Qt5 will not be
  available

-----------------------------------------------------------------
Advisory ID: 123
Released:    Thu Jan  8 10:27:55 2026
Summary:     Recommended update for elemental-register, elemental-toolkit, elemental-system-agent, elemental
Type:        recommended
Severity:    moderate
References:  1231284,1231714,1239623,1240623,CVE-2024-41311,CVE-2024-8508
This update for elemental-register, elemental-toolkit, elemental-system-agent, elemental fixes the following issues:

Changes in elemental-register:

- Upgrade to v1.8.0:
  Add policycoreutils-python-utils (bsc#1240623)
  Include an empty /etc/machine-id file (bsc#1239623)

-----------------------------------------------------------------
Advisory ID: 131
Released:    Mon Jan 12 12:14:46 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1231565,1254157,1254158,1254159,1254160,1254480,CVE-2024-9632,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:

- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
  (bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
  enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
  `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
  PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
  transparency and gamma correction (bsc#1254480).

-----------------------------------------------------------------
Advisory ID: 141
Released:    Wed Jan 14 11:56:00 2026
Summary:     Security update for haproxy
Type:        security
Severity:    moderate
References:  1233668,1241020,1241078,1250983,CVE-2024-52804,CVE-2025-11230,CVE-2025-29087,CVE-2025-29088
This update for haproxy fixes the following issues:

- CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with
  large exponents (bsc#1250983).

-----------------------------------------------------------------
Advisory ID: 140
Released:    Wed Jan 14 12:01:44 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1233282,1236217,1244156,1244157,1244158,1255731,1255732,1255733,1255734,1256105,CVE-2024-52533,CVE-2025-0913,CVE-2025-14017,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224,CVE-2025-22874,CVE-2025-4673
This update for curl fixes the following issues:

This update for curl fixes the following issues:

- CVE-2025-14017: broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).

-----------------------------------------------------------------
Advisory ID: 162
Released:    Thu Jan 22 09:15:08 2026
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1231185,1231328,1241802,1250655,1250664,1253679,1254264,1254928,CVE-2025-22872
This update for suse-module-tools fixes the following issues:

- Update to version 16.0.64:
  * udev rules: write block queue attributes only if necessary (bsc#1254928)
- Update to version 16.0.63:
    * 80-hotplug-cpu-mem.rules: remount tmpfs on 'online' uevents (bsc#1254264)
    * udev: use systemd service to remount tmpfs (bsc#1253679)
- Update to version 16.0.62:
    * spec file: remove %udev_rules_update call (bsc#1250664)
- Update to version 16.0.61:
    * weak-modules2: skip livepatch dir when checking for unresolved symbols (bsc#1250655)

-----------------------------------------------------------------
Advisory ID: 172
Released:    Thu Jan 22 15:29:42 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1231463,1240897,1242844,1256525,1256526,CVE-2025-3360,CVE-2025-4373,CVE-2026-22695,CVE-2026-22801
This update for libpng16 fixes the following issues:

- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).

-----------------------------------------------------------------
Advisory ID: 182
Released:    Fri Jan 23 09:24:13 2026
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1245274,1245275,1253029,1253960,1254873,CVE-2024-12678,CVE-2024-25131,CVE-2024-25133,CVE-2024-28892,CVE-2024-43803,CVE-2024-45338,CVE-2024-45387,CVE-2024-54148,CVE-2024-55196,CVE-2024-55947,CVE-2024-56362,CVE-2024-56513,CVE-2024-56514,CVE-2024-9779,CVE-2025-21609,CVE-2025-21613,CVE-2025-21614,CVE-2025-22130,CVE-2025-32462,CVE-2025-32463
This update for dracut fixes the following issues:

- Fix and update testsuite (bsc#1254873):
    * test (FULL-SYSTEMD):
        + ignore errors in systemd-vconsole-setup.service
        + use poweroff to shut down test
        + no need to include dbus to the target rootfs
    * test: move /failed to /run/failed as rootfs might be read-only
    * test: make the size of all test drives 512 MB
    * fix (systemd): move installation of libkmod to udev-rules module
    * test: switch to virtio for the QEMU drive
    * test: increase test VM memory from 512M to 1024M to avoid OOM killer
    * test: move more common test code to test-functions
    * test: upgrade to ext4
- fix (nfs): do not execute logic in nfs hooks if netroot is not nfs (bsc#1253960)
- fix (kernel-modules-extra): remove stray \ before / (bsc#1253029)

-----------------------------------------------------------------
Advisory ID: 217
Released:    Thu Jan 29 16:32:26 2026
Summary:     Security update for elemental-register, elemental-toolkit
Type:        security
Severity:    important
References:  1220763,1228879,1229238,1229685,1229822,1230078,1231373,1231727,1235695,1236151,1237137,1239092,1240031,1241826,1241857,1241897,1243923,1244263,1251511,1251679,1253581,1253901,1254079,CVE-2024-43374,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2024-47814,CVE-2025-1215,CVE-2025-22134,CVE-2025-22872,CVE-2025-24014,CVE-2025-47911,CVE-2025-47913,CVE-2025-47914,CVE-2025-58181,CVE-2025-58190
This update for elemental-register, elemental-toolkit fixes the following issues:

elemental-register was updated to 1.8.1:

Changes on top of v1.8.1:

  * Update headers to 2026
  * Update questions to include SL Micro 6.2

Update to v1.8.1:

  * Install yip config files in before-install step
  * Bump github.com/rancher-sandbox/go-tpm and its dependencies
    This includes few CVE fixes:
    * bsc#1241826 (CVE-2025-22872)
    * bsc#1241857 (CVE-2025-22872)
    * bsc#1251511 (CVE-2025-47911)
    * bsc#1251679 (CVE-2025-58190)

elemental-toolkit was updated to v2.3.2:

  * Bump golang.org/x/crypto library
    This includes few CVE fixes:
    * bsc#1241826 (CVE-2025-22872)
    * bsc#1241857 (CVE-2025-22872)
    * bsc#1251511 (CVE-2025-47911)
    * bsc#1251679 (CVE-2025-58190)
    * bsc#1253581 (CVE-2025-47913)
    * bsc#1253901 (CVE-2025-58181)
    * bsc#1254079 (CVE-2025-47914)

-----------------------------------------------------------------
Advisory ID: 237
Released:    Mon Feb  2 14:00:02 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1232024,1247539,1256829,1256830,1256831,1256832,1256833,1256834,1256835,1256836,1256837,1256838,1256839,1256840,1257274,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-15469,CVE-2025-66199,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:

Security fixes:

 - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).
 - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
 - CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).
 - CVE-2025-15469: 'openssl dgst' one-shot codepath silently truncates inputs >16MB (bsc#1256832).
 - CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).
 - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
 - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
 - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
 - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
 - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
 - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
 - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).

Other fixes:

- Enable livepatching support for ppc64le (bsc#1257274).

-----------------------------------------------------------------
Advisory ID: 240
Released:    Tue Feb  3 17:33:50 2026
Summary:     Recommended update for az-cli-cmd
Type:        recommended
Severity:    low
References:  1228086,1230468,1231792,1232063,1236982,1237695,1246472,1253491,CVE-2025-7519
This update for az-cli-cmd fixes the following issues:

- Update package summary (bsc#1253491)

-----------------------------------------------------------------
Advisory ID: 252
Released:    Wed Feb 11 12:13:17 2026
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1228081,1228184,1228659,1228728,1231986,1234765,1244449,1248356,1248501,1251981,1254563,1255326,1256427,CVE-2023-26154,CVE-2024-40897,CVE-2025-44001,CVE-2025-44004,CVE-2025-48731,CVE-2025-49221,CVE-2025-50946,CVE-2025-52894,CVE-2025-52931,CVE-2025-53514,CVE-2025-53857,CVE-2025-53910,CVE-2025-54458,CVE-2025-54463,CVE-2025-54478,CVE-2025-54525,CVE-2025-55196,CVE-2025-55198,CVE-2025-55199,CVE-2025-8285,CVE-2025-9039
This update for systemd fixes the following issues:

- terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326)
- core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- Name libsystemd-{shared,core} based on the major version of systemd and the
  package release number (bsc#1228081, bsc#1256427)
- systemd-update-helper: clean up the flags immediately after they have been consumed.
- systemd.spec: don't reexecute PID1 on transactional updates.
- Drop most of the workarounds contained in the fixlets.
- Drop %filetriggers build flag. It was introduced to ease backport of Base:System to SLE distros
  where file-triggers were unreliable but that is no longer the case on the latest SLE distros.
- Fix: systemd Tainted: unmerged-bin (bsc#1228728, bsc#1251981)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- main: switch explicitly to tty1 on soft-reboot (bsc#1231986)
- terminal-util: modernize vtnr_from_tty() a bit
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
  already available in %pre (bsc#1248501)
- core/cgroup: Properly handle aborting a pending freeze operation
- detect-virt: add bare-metal support for GCE (bsc#1244449)
- uki.conf is used by the ukify tool to create an Unified Kernel Image[...]
- Make sure that the ordering trick used to update the udev package as close as
  as possible to the update of the systemd package also works with zypper.
- Fix: Snapshot 20240730 - unbootable after transactional-update dup (bsc#1228659)
    * We also need to add 'Suggests: udev', which serves the same purpose as
      'OrderWithRequires: udev' but is part of the repository metadata.
      It should therefore hint zypper to install systemd and udev as close together as possible
- Fix systemd-network recommending libidn2-devel (bsc#1234765)

-----------------------------------------------------------------
Advisory ID: 253
Released:    Wed Feb 11 12:31:42 2026
Summary:     Recommended update for nvidia-open-driver-G06-signed
Type:        recommended
Severity:    moderate
References:  1174091,1210638,1219559,1219666,1221854,1225660,1226447,1226448,1227378,1227999,1228165,1228780,1229596,1229704,1230227,1230906,1231795,1232241,1236705,1238450,1239210,1246597,1255858,831629,CVE-2019-20907,CVE-2019-9947,CVE-2020-15523,CVE-2020-15801,CVE-2022-25236,CVE-2023-27043,CVE-2023-52425,CVE-2023-6597,CVE-2024-0397,CVE-2024-0450,CVE-2024-4030,CVE-2024-4032,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592,CVE-2024-8088,CVE-2024-9287,CVE-2025-0938,CVE-2025-1795,CVE-2025-6965
This update for nvidia-open-driver-G06-signed fixes the following issues:

- fixes build for sle15-sp4
- update non-CUDA variant to version 580.126.09 (bsc#1255858)

-----------------------------------------------------------------
Advisory ID: 314
Released:    Thu Feb 26 17:51:31 2026
Summary:     Recommended update for gcc15
Type:        recommended
Severity:    moderate
References:  1240897,1244485,1251253,1251254,1251255,1251256,1251257,1251258,1251259,1251260,1251261,1251262,CVE-2025-3360,CVE-2025-47912,CVE-2025-58183,CVE-2025-58185,CVE-2025-58186,CVE-2025-58187,CVE-2025-58188,CVE-2025-58189,CVE-2025-61723,CVE-2025-61724,CVE-2025-61725
This update for gcc15 fixes the following issues:

Update to GCC 15.2 release

  * the GCC 15.2 release contains regression fixes accumulated since
    the GCC 15.1 release

- Fixes PR120714, RISC-V: incorrect frame pointer CFA address for
  stack-clash protection loops

-----------------------------------------------------------------
Advisory ID: 323
Released:    Fri Feb 27 09:51:11 2026
Summary:     Recommended update for google-guest-configs
Type:        recommended
Severity:    important
References:  1241957,1248586,1252217,1254266
This update for google-guest-configs fixes the following issues:

- Install NetworkManager disptacher for SLE-16 and newer only
- Add NetworkManager-devel to BuildRequires
- Install NetworkManager dispatcher script (bsc#1254266)

-----------------------------------------------------------------
Advisory ID: 325
Released:    Fri Feb 27 14:03:55 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1205462,1214285,1215199,1235905,1241020,1241078,1242505,1242974,1242986,1243452,1243507,1243662,1246184,1246282,1247030,1247292,1247712,1248166,1248175,1248178,1248179,1248185,1248188,1248196,1248206,1248208,1248209,1248211,1248212,1248213,1248214,1248216,1248217,1248222,1248227,1248228,1248229,1248232,1248234,1248240,1248360,1248366,1248384,1248626,1249307,1249609,1249895,1249998,1250032,1250082,1250388,1250562,1250705,1250738,1250748,1252712,1252773,1252784,1252891,1252900,1253049,1253078,1253079,1253087,1253344,1253500,1253739,1254244,1254308,1254447,1254839,1254842,1254845,1254977,1255102,1255128,1255157,1255164,1255172,1255216,1255232,1255241,1255245,1255266,1255268,1255269,1255319,1255327,1255346,1255403,1255417,1255459,1255482,1255506,1255526,1255527,1255529,1255530,1255536,1255537,1255542,1255544,1255547,1255569,1255593,1255622,1255694,1255695,1255703,1255708,1255811,1255930,1256579,1256582,1256584,1256586,1256591,1256592,1256593,1256594,1256597,1256605,1256607,1
 256608,1256609,1256610,1256611,1256612,1256613,1256616,1256617,1256619,1256622,1256623,1256625,1256627,1256628,1256630,1256632,1256638,1256641,1256643,1256645,1256646,1256650,1256651,1256653,1256654,1256655,1256656,1256659,1256660,1256661,1256664,1256665,1256667,1256668,1256674,1256677,1256680,1256682,1256683,1256688,1256689,1256716,1256726,1256728,1256730,1256733,1256737,1256741,1256742,1256744,1256748,1256749,1256752,1256754,1256755,1256756,1256757,1256759,1256760,1256761,1256763,1256770,1256773,1256774,1256777,1256779,1256781,1256785,1256792,1256793,1256794,1256864,1256865,1256867,1256975,1257015,1257035,1257053,1257154,1257155,1257158,1257159,1257163,1257164,1257167,1257168,1257179,1257180,1257202,1257204,1257207,1257208,1257215,1257217,1257218,1257220,1257221,1257225,1257227,1257232,1257234,1257236,1257243,1257245,1257276,1257277,1257279,1257282,1257296,1257309,1257473,1257504,1257603,CVE-2024-54031,CVE-2025-11021,CVE-2025-29087,CVE-2025-29088,CVE-2025-37744,CVE-2025-37751,CVE-
 2025-37841,CVE-2025-37845,CVE-2025-37904,CVE-2025-37955,CVE-2025-38243,CVE-2025-38262,CVE-2025-38297,CVE-2025-38298,CVE-2025-38379,CVE-2025-38423,CVE-2025-38505,CVE-2025-38507,CVE-2025-38510,CVE-2025-38511,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38521,CVE-2025-38529,CVE-2025-38530,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38539,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38547,CVE-2025-38548,CVE-2025-38550,CVE-2025-38551,CVE-2025-38569,CVE-2025-38589,CVE-2025-38590,CVE-2025-38645,CVE-2025-39689,CVE-2025-39795,CVE-2025-39813,CVE-2025-39814,CVE-2025-39817,CVE-2025-39829,CVE-2025-39880,CVE-2025-39913,CVE-2025-39927,CVE-2025-40030,CVE-2025-40045,CVE-2025-40097,CVE-2025-40106,CVE-2025-40147,CVE-2025-40195,CVE-2025-40257,CVE-2025-40259,CVE-2025-40261,CVE-2025-40363,CVE-2025-68174,CVE-2025-68178,CVE-2025-68188,CVE-2025-68200,CVE-2025-68211,CVE-2025-68218,CVE-2025-68227,CVE-2025-68241,CVE-2025-68245,CVE-2025-68261,CVE-2025-68
 296,CVE-2025-68297,CVE-2025-68320,CVE-2025-68325,CVE-2025-68337,CVE-2025-68341,CVE-2025-68348,CVE-2025-68349,CVE-2025-68356,CVE-2025-68359,CVE-2025-68360,CVE-2025-68361,CVE-2025-68366,CVE-2025-68367,CVE-2025-68368,CVE-2025-68372,CVE-2025-68374,CVE-2025-68376,CVE-2025-68379,CVE-2025-68725,CVE-2025-68735,CVE-2025-68741,CVE-2025-68743,CVE-2025-68764,CVE-2025-68768,CVE-2025-68770,CVE-2025-68771,CVE-2025-68773,CVE-2025-68775,CVE-2025-68776,CVE-2025-68777,CVE-2025-68778,CVE-2025-68783,CVE-2025-68784,CVE-2025-68788,CVE-2025-68789,CVE-2025-68792,CVE-2025-68795,CVE-2025-68797,CVE-2025-68798,CVE-2025-68799,CVE-2025-68800,CVE-2025-68801,CVE-2025-68802,CVE-2025-68803,CVE-2025-68804,CVE-2025-68808,CVE-2025-68811,CVE-2025-68813,CVE-2025-68814,CVE-2025-68815,CVE-2025-68816,CVE-2025-68819,CVE-2025-68820,CVE-2025-68821,CVE-2025-68822,CVE-2025-71064,CVE-2025-71066,CVE-2025-71073,CVE-2025-71076,CVE-2025-71077,CVE-2025-71078,CVE-2025-71079,CVE-2025-71080,CVE-2025-71081,CVE-2025-71082,CVE-2025-71083,CVE
 -2025-71084,CVE-2025-71085,CVE-2025-71086,CVE-2025-71087,CVE-2025-71088,CVE-2025-71089,CVE-2025-71091,CVE-2025-71093,CVE-2025-71094,CVE-2025-71095,CVE-2025-71097,CVE-2025-71098,CVE-2025-71099,CVE-2025-71100,CVE-2025-71101,CVE-2025-71108,CVE-2025-71111,CVE-2025-71112,CVE-2025-71113,CVE-2025-71114,CVE-2025-71116,CVE-2025-71118,CVE-2025-71119,CVE-2025-71120,CVE-2025-71123,CVE-2025-71126,CVE-2025-71130,CVE-2025-71131,CVE-2025-71132,CVE-2025-71133,CVE-2025-71135,CVE-2025-71136,CVE-2025-71137,CVE-2025-71138,CVE-2025-71141,CVE-2025-71142,CVE-2025-71143,CVE-2025-71145,CVE-2025-71147,CVE-2025-71148,CVE-2025-71149,CVE-2025-71154,CVE-2025-71156,CVE-2025-71157,CVE-2025-71162,CVE-2025-71163,CVE-2026-22976,CVE-2026-22977,CVE-2026-22978,CVE-2026-22981,CVE-2026-22982,CVE-2026-22984,CVE-2026-22985,CVE-2026-22986,CVE-2026-22988,CVE-2026-22989,CVE-2026-22990,CVE-2026-22991,CVE-2026-22992,CVE-2026-22993,CVE-2026-22996,CVE-2026-22997,CVE-2026-22999,CVE-2026-23000,CVE-2026-23001,CVE-2026-23002,CVE-2026-2
 3005,CVE-2026-23006,CVE-2026-23011

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-40147: blk-throttle: fix access race during throttle policy activation (bsc#1253344).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
- CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
- CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
- CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
- CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
- CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
- CVE-2025-68211: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (bsc#1255319).
- CVE-2025-68218: nvme-multipath: fix lockdep WARN due to partition scan work (bsc#1255245).
- CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
- CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
- CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
- CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
- CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
- CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403).
- CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
- CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417).
- CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482).
- CVE-2025-68341: veth: reduce XDP no_direct return section to fix race (bsc#1255506).
- CVE-2025-68348: block: fix memory leak in __blkdev_issue_zero_pages (bsc#1255694).
- CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544).
- CVE-2025-68356: gfs2: Prevent recursive memory reclaim (bsc#1255593).
- CVE-2025-68359: btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542).
- CVE-2025-68360: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (bsc#1255536).
- CVE-2025-68361: erofs: limit the level of fs stacking for file-backed mounts (bsc#1255526).
- CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
- CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
- CVE-2025-68368: md: init bioset in mddev_init (bsc#1255527).
- CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
- CVE-2025-68376: coresight: ETR: Fix ETR buffer use-after-free issue (bsc#1255529).
- CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
- CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811).
- CVE-2025-68741: scsi: qla2xxx: Fix improper freeing of purex item (bsc#1255703).
- CVE-2025-68743: mshv: Fix create memory region overlap check (bsc#1255708).
- CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
- CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
- CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659).
- CVE-2025-68784: xfs: fix a UAF problem in xattr repair (bsc#1256793).
- CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
- CVE-2025-68792: tpm2-sessions: Fix out of range indexing in name_size (bsc#1256656).
- CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
- CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
- CVE-2025-68799: caif: fix integer underflow in cffrml_receive() (bsc#1256643).
- CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646).
- CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
- CVE-2025-68803: NFSD: NFSv4 file creation neglects setting ACL (bsc#1256770).
- CVE-2025-68811: svcrdma: use rc_pageoff for memcpy byte offset (bsc#1256677).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651).
- CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680).
- CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
- CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754).
- CVE-2025-68821: fuse: fix readahead reclaim deadlock (bsc#1256667).
- CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
- CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608).
- CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
- CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773).
- CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
- CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
- CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
- CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607).
- CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757).
- CVE-2025-71126: mptcp: avoid deadlock on fallback while reinjecting (bsc#1256755).
- CVE-2025-71132: smc91x: fix broken irq-context in PREEMPT_RT (bsc#1256737).
- CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733).
- CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761).
- CVE-2025-71137: octeontx2-pf: fix 'UBSAN: shift-out-of-bounds error' (bsc#1256760).
- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
- CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164).
- CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167).
- CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168).
- CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035).
- CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053).
- CVE-2026-22981: idpf: detach and close netdevs while handling a reset (bsc#1257225).
- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
- CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217).
- CVE-2026-22986: gpiolib: fix race condition for gdev->srcu (bsc#1257276).
- CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
- CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220).
- CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218).
- CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
- CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
- CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).

The following non security issues were fixed:

- ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
- Add bugnumber to an existing hv_netvsc change (bsc#1257473).
- Fix locking issue introduced by a CVE backport (bsc#1256975 bsc#1254977).
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- arm64: Update config files. Disable DEVPORT (bsc#1256792)
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
- btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes).
- drm/imagination: Wait for FW trace update command completion (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087).
- net: mana: Fix incorrect speed reported by debugfs (bsc#1255232).
- net: mana: Support HW link state events (bsc#1253049).
- nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015).
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes).
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864).
- scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346).
- slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes).
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154).
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes).
- smb: improve directory cache reuse for readdir operations (bsc#1252712).
- tsm-mr: Add TVM Measurement Register support (bsc#1257504).
- tsm-mr: Add tsm-mr sample code (bsc#1257504).
- virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504).
- virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504).
- virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes).
- x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504).
- x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504).

-----------------------------------------------------------------
Advisory ID: 334
Released:    Mon Mar  2 14:17:40 2026
Summary:     Recommended update for smc-tools
Type:        recommended
Severity:    important
References:  1205042,1217782,1230052,1231589,1236664,1253029
This update for smc-tools fixes the following issues:

- Upgrade smc-tools to v1.8.7 (jsc#PED-14601, bsc#1230052):
    * Bug fixes:
        + smc_rnics: fix regression when PFT not available
        + smcd/smcr: prevent DoS on statistics workfile present in /tmp/
- Upgrade smc-tools to v1.8.6 (jsc#PED-14601):
    * Bug fixes:
        + man pages: Update man page for smc_pnet
        + smc-tools: Display sndbuf/RMB stats only if supported by the kernel
- Upgrade smc-tools to v1.8.5:
    * Changes:
        + smc_rnics: Add support for Network Express RNIC in smc_rnics
        + smc_rnics: Add PFT and VF columns to smc_rnics output
    * Bug fixes:
        + libnetlink..: Fix function declaration to use a void prototype
        + smc_rnics: Update smc_chk to extract PNetID from column 9
        + man pages: Update man page for --rawids option and PFT and VF columns
        + smc_rnics: Fix missing PPrt values in smc_rnics -r output
- fix build with gcc15
- Makefile: Make sure to show the right release number

-----------------------------------------------------------------
Advisory ID: 338
Released:    Tue Mar  3 09:57:47 2026
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1217885,1240919,1253001,1254299,1254415,1258022
This update for grub2 fixes the following issues:

- Support dm multipath bootlist on PowerPC (bsc#1254415)
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
- Fix error 'grub-core/script/lexer.c:352:out of memory' after PowerPC CAS Reboot (bsc#1254299)
    * Fix PowerPC CAS reboot to evaluate menu context

-----------------------------------------------------------------
Advisory ID: 344
Released:    Tue Mar  3 17:13:34 2026
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1229122,1244156,1244157,1244325,1251827,1257144,1257496,CVE-2025-0913,CVE-2025-11561,CVE-2025-4673,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:

- CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL
  dereference (bsc#1257144).
- CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496).

-----------------------------------------------------------------
Advisory ID: 396
Released:    Tue Mar 17 15:49:10 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1256483,1257364,1257365,1258020,619225,CVE-2022-31022,CVE-2023-42818,CVE-2024-10975,CVE-2025-0913,CVE-2025-1296,CVE-2025-22874,CVE-2025-25207,CVE-2025-25208,CVE-2025-28162,CVE-2025-28164,CVE-2025-4128,CVE-2025-4573,CVE-2025-46721,CVE-2025-4673,CVE-2025-47950,CVE-2025-49011,CVE-2025-49136,CVE-2025-49140,CVE-2026-25646
This update for libpng16 fixes the following issues:

- CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
- CVE-2025-28162: Fixed a memory leaks when running `pngimage`. (bsc#1257364)
- CVE-2025-28164: Fixed a memory leaks when running `pngimage`. (bsc#1257365)

-----------------------------------------------------------------
Advisory ID: 407
Released:    Wed Mar 18 23:55:39 2026
Summary:     Recommended update for gcc15
Type:        recommended
Severity:    important
References:  1256389,1257396,1257463,CVE-2026-24882
This update for gcc15 fixes the following issues:

Changes in gcc15:

- Fixed bogus expression simplification (bsc#1257463)

-----------------------------------------------------------------
Advisory ID: 418
Released:    Fri Mar 20 10:36:45 2026
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1246360,1257908,1259362,1259363,1259364,1259365,CVE-2025-7424,CVE-2026-1965,CVE-2026-25727,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:

- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).

-----------------------------------------------------------------
Advisory ID: 428
Released:    Tue Mar 24 06:44:24 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1246597,1247240,1252752,1253584,1254041,1255052,1255053,1255378,1255402,1255895,1256624,1256644,1257669,CVE-2025-38488,CVE-2025-40214,CVE-2025-40258,CVE-2025-40284,CVE-2025-40297,CVE-2025-47913,CVE-2025-47914,CVE-2025-62725,CVE-2025-68284,CVE-2025-68285,CVE-2025-68813,CVE-2025-6965,CVE-2025-71085

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).

-----------------------------------------------------------------
Advisory ID: 436
Released:    Tue Mar 24 21:36:24 2026
Summary:     Security update for the initial kernel livepatch
Type:        security
Severity:    important
References:  1241114,1241680,1247819,1257912,CVE-2026-25727


This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.


-----------------------------------------------------------------
Advisory ID: 455
Released:    Fri Mar 27 11:04:45 2026
Summary:     Security update for docker-compose
Type:        security
Severity:    important
References:  1176053,1232921,1232931,1252752,1253584,1254041,1254670,1259619,CVE-2025-47913,CVE-2025-47914,CVE-2025-62725,CVE-2025-70873,CVE-2025-7709
This update for docker-compose fixes the following issues:

- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
  response to a key listing or signing request (bsc#1253584).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds
  read (bsc#1254041).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
  (bsc#1252752).

-----------------------------------------------------------------
Advisory ID: 466
Released:    Mon Mar 30 16:59:16 2026
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1236217,1259711,1259726,1259729,1259963,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:

- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
  declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
  (bsc#1259729).

-----------------------------------------------------------------
Advisory ID: 480
Released:    Tue Apr  7 13:57:38 2026
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1084929,1257359,1260754,1260755,CVE-2025-9615,CVE-2026-33416,CVE-2026-33636
This update for libpng16 fixes the following issues:

- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
  execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
  crashes (bsc#1260755).

-----------------------------------------------------------------
Advisory ID: 484
Released:    Tue Apr  7 16:33:05 2026
Summary:     Security update for libtasn1
Type:        security
Severity:    moderate
References:  1242170,1256341,1260876,CVE-2025-13151,CVE-2026-34073
This update for libtasn1 fixes the following issues:

- CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in
  `asn1_expend_octet_string` (bsc#1256341).

-----------------------------------------------------------------
Advisory ID: 491
Released:    Thu Apr  9 10:48:26 2026
Summary:     Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1246974,1249375,1252036,1252689,1253404,1256780,1257238,1258051,1258183,1258784,1261420,CVE-2025-39973,CVE-2025-40018,CVE-2025-40159,CVE-2025-71120,CVE-2025-8114,CVE-2025-8277,CVE-2026-22999,CVE-2026-23074,CVE-2026-23111,CVE-2026-23209,CVE-2026-35535

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

-----------------------------------------------------------------
Advisory ID: 502
Released:    Thu Apr  9 13:18:30 2026
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1216378,1234563,1239763,1239866,1243254,1243505,1250983,1258392,CVE-2023-45853,CVE-2024-45337,CVE-2025-11230,CVE-2026-27171
This update for zlib fixes the following issues:


- CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392)
- CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378)

-----------------------------------------------------------------
Advisory ID: 504
Released:    Thu Apr  9 14:27:13 2026
Summary:     Security update for pgvector
Type:        security
Severity:    important
References:  1248586,1252217,1258945,1261998,CVE-2026-3172,CVE-2026-40393
This update for pgvector fixes the following issue:

Update to pgvector 0.8.2:

- CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945).

Changelog:

 * Fixed Index Searches in EXPLAIN output for Postgres 18

-----------------------------------------------------------------
Advisory ID: 510
Released:    Thu Apr  9 15:00:19 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1222465,1250562,1254666,1258859,1261970,CVE-2025-11021,CVE-2025-14104,CVE-2026-3184,CVE-2026-3446
This update for util-linux fixes the following issues:

Security issues:

- CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).

Non security issues:

- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing  (bsc#1222465).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

-----------------------------------------------------------------
Advisory ID: 516
Released:    Fri Apr 10 08:36:43 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1239718,1246504,1252025,1253193,1258319,1259706,1259842,1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

Security fixes:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

Other fixes:

- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).

-----------------------------------------------------------------
Advisory ID: 525
Released:    Fri Apr 10 15:02:04 2026
Summary:     Recommended update for kernel-firmware-bluetooth
Type:        recommended
Severity:    moderate
References:  1248093,1253029,1261938,CVE-2025-55199,CVE-2026-35206
This update for kernel-firmware-bluetooth fixes the following issues:

Changes in kernel-firmware-bluetooth:

- Update to version 20251202 (git commit 685171356137):

  * linux-firmware: Update firmware file for Intel Scorpius core
  * linux-firmware: Update firmware file for Intel BlazarIGfP core
  * linux-firmware: Update firmware file for Intel BlazarI core
  * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core
  * linux-firmware: Update firmware file for Intel BlazarU core

- Update to version 20251125 (git commit 23568a4b9420):

  * QCA: Add Bluetooth firmware for WCN685x uart interface

- Update to version 20251121 (git commit ff6418d18552):

  * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04

- Update to version 20251111 (git commit 6fc940781a01):

  * rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905

- Update to version 20251106 (git commit b055b3e24542):

  * linux-firmware: Update firmware file for Intel BlazarU core
  * linux-firmware: Update firmware file for Intel BlazarI core

- Update to version 20251029 (git commit bfc84303530a):

  * rtl_bt: Add firmware and config files for RTL8761CUV

- Update to version 20251024 (git commit 9b899c779b8a):

  * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00653 to 2.1.0-00659

- Update to version 20251010 (git commit fef0b3bbf494):

  * linux-firmware: Update firmware file for Intel Magnetar core
  * linux-firmware: Update firmware file for Intel BlazarU core
  * linux-firmware: Update firmware file for Intel BlazarI core

- Update to version 20251010 (git commit 49fafa182b23):

  * qca: Update Bluetooth WCN6750 1.1.3-00091 firmware to 1.1.3-00100

- Update to version 20251004 (git commit 757854f42d83):

  * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x3BAC_ADBA

- Update to version 20250903 (git commit c784990ba3d2):

  * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962

- Update to version 20250820 (git commit 70dda28e5098):

  * Link rtl8723b_config.bin to rtl8723bs

- Update to version 20250808 (git commit 8f1ce114de6c):

  * qca: Update Bluetooth WCN6750 1.1.3-00069 firmware to 1.1.3-00091

-----------------------------------------------------------------
Advisory ID: 531
Released:    Sat Apr 11 10:22:09 2026
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1253177,1253178,1258002,1263254,CVE-2025-59777,CVE-2025-62689,CVE-2026-41066
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.84 state (bsc#1258002):
    * Removed:
        + Baltimore CyberTrust Root
        + CommScope Public Trust ECC Root-01
        + CommScope Public Trust ECC Root-02
        + CommScope Public Trust RSA Root-01
        + CommScope Public Trust RSA Root-02
        + DigiNotar Root CA
    * Added:
        + e-Szigno TLS Root CA 2023
        + OISTE Client Root ECC G1
        + OISTE Client Root RSA G1
        + OISTE Server Root ECC G1
        + OISTE Server Root RSA G1
        + SwissSign RSA SMIME Root CA 2022 - 1
        + SwissSign RSA TLS Root CA 2022 - 1
        + TrustAsia SMIME ECC Root CA
        + TrustAsia SMIME RSA Root CA
        + TrustAsia TLS ECC Root CA
        + TrustAsia TLS RSA Root CA

-----------------------------------------------------------------
Advisory ID: 544
Released:    Mon Apr 13 15:10:32 2026
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    moderate
References:  1218879,1218880,1252696,1253025,1263704,1263705,1263707,1263708,1263709,1263710,1263711,1263712,1263713,1263714,1263715,1263716,CVE-2023-45229,CVE-2023-45230,CVE-2026-33845,CVE-2026-33846,CVE-2026-3833,CVE-2026-42009,CVE-2026-42010,CVE-2026-42011,CVE-2026-42012,CVE-2026-42013,CVE-2026-42014,CVE-2026-42015,CVE-2026-5260,CVE-2026-5419
This update for crypto-policies fixes the following issues:

- Fix the testsuite:
    * Port all the policy changes to the config files in the test suite.
    * Use the newly introduced SKIP_LINTING=1 option.
- Adapt the manpages to SUSE/openSUSE:
    * Add crypto policies SUSE manpages
    * Compress all the man pages for update-crypto-policies.8.gz,
      crypto-policies.7.gz, fips-finish-install.8.gz and
      fips-mode-setup.8.gz into man-crypto-policies.tar.xz
- Update to version 20250714.cd6043a: (bsc#1253025, bsc#1252696)
    * gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert
    * python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
    * FIPS: disable MLKEM768-X25519 for openssh (no-op)
    * FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
    * TEST-PQ: be more careful with the ordering
    * openssl: send one PQ and one classic key_share; prioritize PQ groups
    * sequoia: Generate AEAD policy
    * Do not include EdDSA in FIPS policy
    * sequoia: Add PQC algorithm
    * sequoia: Run tests against PQC capable policy-config-check
    * Revert 'openssl, policies: implement group_key_share option'
    * openssl, policies: implement group_key_share option
    * FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA
    * python/build-crypto-policies: output diffs on --test mismatches
    * sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
    * policies, alg_lists, openssl: remove KYBER from allowed values
    * openssl: stricter enabling of Ciphersuites
    * openssl: make use of -CBC and -AESGCM keywords
    * openssl: add TLS 1.3 Brainpool identifiers
    * fix warning on using experimental key_exchanges
    * update-crypto-policies: don't output FIPS warning in fips mode
    * openssh: map mlkem768x25519-sha256 to KEM-ECDH and MLKEM768-X25519 and SHA2-256
    * openssh, libssh: refactor kx maps to use tuples
    * alg_lists: mark MLKEM768/SNTRUP kex experimental
    * nss: revert enabling mlkem768secp256r1
    * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
    * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
    * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
    * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
    * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
    * LEGACY: enable 192-bit ciphers for nss pkcs12/smime
    * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
    * nss: be stricter with new purposes
    * python/update-crypto-policies: pacify pylint
    * fips-mode-setup: tolerate fips dracut module presence w/o FIPS
    * fips-mode-setup: small Argon2 detection fix
    * SHA1: add __openssl_block_sha1_signatures = 0
    * fips-mode-setup: block if LUKS devices using Argon2 are detected
    * update-crypto-policies: skip warning on --set=FIPS if bootc
    * fips-setup-helper: skip warning, BTW
    * fips-mode-setup: force --no-bootcfg when UKI is detected
    * fips-crypto-policy-overlay: automount FIPS policy
    * nss: rewrite backend for 3.101
    * cryptopolicies: parent scopes for dumping purposes
    * policygenerators: move scoping inside generators
    * openssh: make dss no longer enableble, support is dropped
    * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768
    * TEST-PQ: disable pure Kyber768
    * DEFAULT: switch to rh-allow-sha1-signatures = no...
    * java: drop unused javasystem backend
    * java: stop specifying jdk.tls.namedGroups in javasystem
    * ec_min_size: introduce and use in java, default to 256
    * java: use and include jdk.disabled.namedCurves
    * BSI: Update BSI policy for new 2024 minimum recommendations
    * fips-mode-setup: flashy ticking warning upon use
    * fips-mode-setup: add another scary 'unsupported'
    * BSI: switch to 3072 minimum RSA key size
    * java: make hash, mac and sign more orthogonal
    * java: specify jdk.tls.namedGroups system property
    * java: respect more key size restrictions
    * java: disable anon ciphersuites, tying them to NULL...
    * java: start controlling / disable DTLSv1.0
    * nss: wire KYBER768 to XYBER768D00
- Update to version 20250425.9267dee:
    * openssl: fix mistakes in integrity-only cipher definitions
    * NO-PQ, cryptopolicies: add experimental value suppression
    * nss: add mlkem768x25519 and mlkem768secp256r1
    * gnutls: 'allow-rsa-pkcs1-encrypt = false' everywhere but in LEGACY
    * TEST-PQ, openssh: add support for MLKEM768 key_exchange
    * LEGACY: drop cipher at pkcs12 = SEED-CBC
    * fips-crypto-policy-overlay: automount FIPS policy, follow-up fixes
    * nss: TLS-REQUIRE-EMS in FIPS
    * DEFAULT: disable RSA key exchange
    * LEGACY: disable sign = *-SHA1
    * nss: wire XYBER768D00 to X25519-KYBER768, not KYBER768
- Add the FIPS scripts fips-finish-install and fips-mode-setup as
  sources in the spec file as they have been removed upstream.
    * We will maintain these scripts downstream.
    * Update the man pages for update-crypto-policies.8.gz
    * Add crypto policies FIPS output
    * Add man pages in text file in compressed form in the file
      man-fips-scripts.tar.xz and add them to the Makefile.
- Update to version 20250324.3714354:
    * NO-PQ: introduce
    * LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA
    * _openssl_block_sha1_signatures: flip the default to 1
    * sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
    * sequoia: refactor a bit
    * openssl: specify default key size for req
    * gnutls: support P384-MLKEM1024
    * openssl: stop generating `openssl` in favour of `opensslcnf`
    * gnutls: drop kyber (switching to leancrypto took it away)
    * openssl: use both names for P384-MLKEM1024
    * Detect the presence of nss-policy-check
    * Don't use hardcoded python3 path
    * Make xsltproc settable as XSLTPROC
    * python/cryptopolicies/validation/scope.py: fix new ruff rule RUF021
    * Update the info in the README.SUSE file
    * Remove the FEDORA policies and directories

-----------------------------------------------------------------
Advisory ID: 547
Released:    Mon Apr 13 17:48:00 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1217877,1259652,1260264,1260441,1260442,1260443,1260444,1260445,1261678,CVE-2023-45866,CVE-2026-2673,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789,CVE-2026-31790,CVE-2026-33186
This update for openssl-3 fixes the following issues:

Security issues fixed:

- CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652).
- CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442).
- CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
  KeyTransportRecipientInfo (bsc#1261678).
- CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).

Other updates and bugfixes:

- Enable MD2 in legacy provider (jsc#PED-15724).

-----------------------------------------------------------------
Advisory ID: 553
Released:    Tue Apr 14 13:46:47 2026
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1255765,1265413,CVE-2025-11961,CVE-2026-45409
This update for elfutils fixes the following issues:

- Move debuginfod homedir creation to tmpfiles.d

-----------------------------------------------------------------
Advisory ID: 556
Released:    Tue Apr 14 16:33:17 2026
Summary:     Security update for pam
Type:        security
Severity:    moderate
References:  1231494,1232234,1255372,1259767,CVE-2024-10041,CVE-2026-4271
This update for pam fixes the following issue:

- CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234).

-----------------------------------------------------------------
Advisory ID: 585
Released:    Fri Apr 17 12:37:59 2026
Summary:     Feature update for libgcrypt, libgpg-error
Type:        feature
Severity:    moderate
References:  1255764,1256070,CVE-2024-2236,CVE-2025-15444,CVE-2025-69277
This update for libgcrypt, libgpg-error fixes the following issues:

Update libgcrypt to 1.12.1 (jsc#PED-15059):

* New and extended interfaces:
 - Allow access to the FIPS service indicator via the new
 GCRYCTL_FIPS_SERVICE_INDICATOR control code.
 - Make SHA-1 non-FIPS internally for the 1.12 API
 - Add Dilithium (ML-DSA) support
 - Support optional random-override and support byte string data

* Bug fixes:
 - Use secure MPI in _gcry_mpi_assign_limb_space.
 - Use CSIDL_COMMON_APPDATA instead of /etc on Windows.
 - Apply a Kyber patch from upstream.
 - Fix an edge case in Jent initialization.
 - mceliece6688128f: Fix stack overflow crash on win64/wine
 * Performance:
 - Many performance improvements, new AVX512 implementations for modern CPUs.
 - Add RISC-V Zbb+Zbc implementation of CRC.
 - Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512
 - Add AVX2 and AVX512 code paths to improve CRC.

For a full changelog, see:
https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0

Update libgpg-error to 1.58:

 * New src/gpg-error.c (main): New command 'fconcat'.
 * Rename src/spawn-posix.c (struct gpgrt_spawn_actions): Rename the field to
 ENVP.
 * argparse: Use SYSCONFDIR for /etc.
 * Update translations for Portugese, German
 * src/estream.c (parse_mode): Fix parsing of 'share'. Set sysopen
 flag.
 * syscfg: Add 64-bit Android arch.

-----------------------------------------------------------------
Advisory ID: 594
Released:    Mon Apr 20 16:02:24 2026
Summary:     Security update for go1.25
Type:        security
Severity:    important
References:  1244485,1258045,1258049,1258054,1258080,1258081,1261653,1261654,1261655,1261656,1261657,1261658,1261659,1261660,1261661,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-27140,CVE-2026-27143,CVE-2026-27144,CVE-2026-32280,CVE-2026-32281,CVE-2026-32282,CVE-2026-32283,CVE-2026-32288,CVE-2026-32289
This update for go1.25 fixes the following issues:

- Update to version go1.25.9 (bsc#1244485).
- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
- CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658).
- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).
- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
- CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).

-----------------------------------------------------------------
Advisory ID: 603
Released:    Tue Apr 21 11:59:18 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1257325,1261957,CVE-2025-13465,CVE-2026-34757
This update for libpng16 fixes the following issue:

- CVE-2026-34757: libpng: Information disclosure and data corruption via use-after-free vulnerability (bsc#1261957).

-----------------------------------------------------------------
Advisory ID: 625
Released:    Wed Apr 22 12:22:37 2026
Summary:     Security update for libcap
Type:        security
Severity:    important
References:  1259051,1261809,CVE-2026-28417,CVE-2026-4878
This update for libcap fixes the following issues:

- CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in
  `cap_set_file()` (bsc#1261809).

-----------------------------------------------------------------
Advisory ID: 631
Released:    Thu Apr 23 08:55:28 2026
Summary:     Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)
Type:        security
Severity:    important
References:  1254670,1255066,1259619,1259859,CVE-2025-40309,CVE-2025-70873,CVE-2025-7709,CVE-2026-23268

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859).

-----------------------------------------------------------------
Advisory ID: 637
Released:    Fri Apr 24 12:00:57 2026
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1221126,1259543,1259803,CVE-2026-30922
This update for grub2 fixes the following issues:

- Fix missing install device check in grub2-install on PowerPC which could lead
  to bootlist corruption (bsc#1221126)
    * add mandatoryminstallmdevicemcheckmformPowerPC
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
    * btrfs: add ability to boot from subvolumes
    * btrfs: get default subvolume

-----------------------------------------------------------------
Advisory ID: 642
Released:    Fri Apr 24 12:10:11 2026
Summary:     Recommended update for cryptsetup, s390-tools
Type:        recommended
Severity:    important
References:  1241612,1258506,1259616,1261772,1261824,1262221,CVE-2026-32597
This update for cryptsetup, s390-tools fixes the following issues:

Changes in cryptsetup:

- Update to 2.8.4: (jsc#PED-15889)
  * Fix integritysetup resize (grow) of the device if integrity bitmap
    mode is used. Increasing the integrity device in bitmap mode did
    not work as integritysetup incorrectly used journal settings that
    were not applicable.
  * Fix device size status reports in cryptsetup and integritysetup.
    If the device uses a sector size larger than 512 bytes, the newly
    reported byte sizes (introduced in 2.8.0) in the status report
    were incorrectly displayed.
  * BITLK: Fix unlocking BitLocker device with recovery passphrase.
    If the recovery passphrase was present in the first keyslot, the
    device failed to unlock. This bug was introduced in 2.8.2 with
    Clear Key support.

- Update to 2.8.3:
  * Stable bug-fix release with minor extensions.

- Update to 2.8.2:
  * BITLK: Fix for BitLocker metadata validation on big-endian systems.

- Update to 2.8.1:
  * Fix status and deactivation of TCRYPT (VeraCrypt compatible) devices that use chained ciphers.
  * Fix unlocking BITLK (BitLocker compatible) devices with multibyte UTF8 characters in the passphrase.
  * Do not allow activation of the LUKS2 device if the used keyslot is not encrypted (it uses a null cipher).
    - Such a configuration cannot be created by cryptsetup, but can be crafted outside of it.
    - Null cipher is sometimes used to create an empty container for later reencryption.
    - Only an empty passphrase can activate such a container (the same as in LUKS1).
  * Do not silently decrease PBKDF parallel cost (threads) if set by an option.
    - The maximum parallel cost is limited to 4 threads.
  * Fixes to configuration and installation scripts.
    - Meson and autoconf tools now properly support --prefix option for temporary directory installation.
    - Multiple fixes and cleanups to config.h for compatibility between Meson and autoconf.
    - Fix the luks2-external-tokens-path Meson option to work the same as in autoconf.
    - Fix Meson install for tool binaries, install fvault2Open man page and include test/fuzz/meson.build in release.
  * Major update to manual pages.
    - Try to explain the PBKDF hardcoded limits.
    - Add a better explanation for automatic integrity tag recalculation.
    - Mention crypt/verity/integritytab.
    - Remove or reformulate some misleading warnings present only with old and no longer supported kernels.
    - Clarify that some commands do not wipe data and unify OPAL reset wording.
    - Clarify the --label option.
    - There are also many other grammar and stylistic fixes to unify the man-page style.
  * Fixes for false-positive and annoying (optional) warnings added in recent compilers.

- Update to 2.8.0:
  * Full release notes in:
    - https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.8/v2.8.0-ReleaseNotes
  * Introduce support for inline mode (use HW sectors with additional hardware
    metadata space).
  * Finalize use of keyslot context API.
  * Make all keyslot context types fully self-contained.
  * Add --key-description and --new-key-description cryptsetup options.
  * Support more precise keyslot selection in reencryption initialization.
  * Allow reencryption to resume using token and volume keys.
  * Cryptsetup repair command now tries to check LUKS keyslot areas for corruption.
  * Opal2 SED: PSID keyfile is now expected to be 32 alphanumeric characters.
  * Opal2: Avoid the Erase method and use Secure Erase for locking range.
  * Opal2: Fix some error description (in debug only).
  * Opal2: Do not allow deferred deactivation.
  * Allow --reduce-device-size and --device-size combination for reencryption
    (encrypt) action.
  * Fix the userspace storage backend to support kernel 'capi:' cipher specification format.
  * Disallow conversion from LUKS2 to LUKS1 if kernel 'capi:' cipher specification is used.
  * Explicitly disallow kernel 'capi:' cipher specification format for LUKS2
    keyslot encryption.
  * Do not allow conversion of LUKS2 to LUKS1 if an unbound keyslot is present.
  * cryptsetup: Adjust the XTS key size for kernel 'capi:' cipher specification.
  * Remove keyslot warning about possible failure due to low memory.
  * Do not limit Argon2 KDF memory cost on systems with more than 4GB of available memory.
  * Properly report out of memory error for cryptographic backends implementing Argon2.
  * Avoid KDF2 memory cost overflow on 32-bit platforms.
  * Do not use page size as a fallback for device block size.
  * veritysetup: Check hash device size in advance.
  * Print a better error message for unsupported LUKS2 AEAD device resize.
  * Optimize LUKS2 metadata writes.
  * veritysetup: support --error-as-corruption option.
  * Report all sizes in status and dump command output in the correct units.
  * Add --integrity-key-size option to cryptsetup.
  * Support trusted and encrypted keyrings for plain devices.
  * Support plain format resize with a keyring key.
  * TCRYPT: Clear mapping of system-encrypted partitions.
  * TCRYPT: Print all information from the decrypted metadata header in
    the tcryptDump command.
  * Always lock the volume key structure in memory.
  * Do not run direct-io read check on block devices.
  * Fix a possible segfault in deferred deactivation.
  * Exclude cipher allocation time from the cryptsetup benchmark.
  * Add Mbed-TLS optional crypto backend.
  * Fix the wrong preprocessor use of #ifdef for config.h processed by Meson.
  * Reorganize license files. The license text files are now in docs/licenses.
    The COPYING file in the root directory is the default license.
  * Remove cc-by-sa-4.0.txt as already shipped now in docs/licenses
    and named as COPYING.CC-BY-SA-4.0.
  * Libcryptsetup API extensions. The libcryptsetup API is backward compatible
    with all existing symbols. Due to the self-contained memory allocation,
    these symbols have the new version:
    - crypt_keyslot_context_init_by_passphrase;
    - crypt_keyslot_context_init_by_keyfile;
    - crypt_keyslot_context_init_by_token;
    - crypt_keyslot_context_init_by_volume_key;
    - crypt_keyslot_context_init_by_signed_key;
    - crypt_keyslot_context_init_by_keyring;
    - crypt_keyslot_context_init_by_vk_in_keyring;
  * New symbols:
    - crypt_format_inline
    - crypt_get_old_volume_key_size
    - crypt_reencrypt_init_by_keyslot_context
    - crypt_safe_memcpy
  * New defines:
    - CRYPT_ACTIVATE_HIGH_PRIORITY
    - CRYPT_ACTIVATE_ERROR_AS_CORRUPTION
    - CRYPT_ACTIVATE_INLINE_MODE
    - CRYPT_REENCRYPT_CREATE_NEW_DIGEST
  * New requirement flag:
    - CRYPT_REQUIREMENT_INLINE_HW_TAGS

- Add a dependency on device-mapper to libcryptsetup12 to install
  the required device-mapper udev rules. [bsc#1241612]

Changes in s390-tools:

- Applied a patch to remove phmac_s390 kernel module load from dracut
- Applied tools-combined modified patch (bsc#1262221)
- Amended SUSE's 'pkey.conf'
- Re-vendor-ed vendor.tar.zst

- Applied patches (bsc#1261824, bsc#1261772)
  * Replace sort_field option with sort
  * hyptop opts Fix long command line option abbreviations
- Refactored the spec file for transactional and immutable OS
  * Modernized the .spec file for transactional and immutable OS environments.
  * Removed legacy suse_version and sle_version conditionals, standardizing on UsrMerge paths.
  * Replaced manual %pre group creations with systemd-sysusers configuration for ts-shell, zkeyadm, and cpacfstats.
  * Replaced hardcoded /var/log directory management with systemd-tmpfiles configuration.
  * Removed obsolete systemctl daemon-reload calls and consolidate standard %service_* systemd macros.
  * Dropped brittle dynamic file list generation (find/grep) in favor of explicit and deterministic %files declarations.
  * Resolved 'File listed twice' conflicts between the main package and chreipl-fcp-mpath subpackage.
  * Added missing BuildRequires for systemd-rpm-macros and sysuser-tools.
  * Fixed unpackaged files errors for mdevctl callouts, shell completions, and root /lib helpers.
  * Changed BuildArch to noarch for the chreipl-fcp-mpath subpackage.
- Added files (renamed from *.opensuse)
  * 59-graf.rules
  * dasd_configure
  * dasd_reload
  * detach_disks.sh
  * iucv_configure
  * killcdl
  * mkdump.pl
  * README.SUSE
  * virtsetup.sh
  * vmlogrdr.service
- Removed obolete files
  * 59-graf.rules.opensuse
  * 59-graf.rules.suse
  * dasd_configure.opensuse
  * dasd_configure.suse
  * dasd_reload.opensuse
  * dasd_reload.suse
  * detach_disks.sh.opensuse
  * detach_disks.sh.suse
  * iucv_configure.opensuse
  * iucv_configure.suse
  * killcdl.opensuse
  * killcdl.suse
  * mkdump.pl.opensuse
  * mkdump.pl.suse
  * README.SUSE.opensuse
  * README.SUSE.suse
  * virtsetup.sh.opensuse
  * virtsetup.sh.suse
  * vmlogrdr.service.opensuse
  * vmlogrdr.service.suse

- Upgrade s390-tools to version 2.41.0 (jsc#PED-14586, jsc#PED-15488)
- Changes of existing tools:
  * chreipl: Make --bootparms work for ECKD re-IPL
  * cpacfstats: Add 'unauthorized' state to CPU-MF counters
  * cpictl: Detect RHCOS using VARIANT_ID
  * hsci: Automatically set appropriate MTU for HSCI
  * libutil: Add util_readlink() and util_readlinkat() helpers
  * libutil: Add util_startswith() to util_str
  * libutil: Add utility parsing functions
  * lschp: Add support for structured output (--format)
  * lsreipl: Suppress 'clear' output if not supported
  * pvimg: Add '--format text' support to 'pvimg info'
  * pvimg: Add '--print-schema ' option to 'pvimg info'
  * pvimg: Add '--show-secrets' flag to 'pvimg info'
  * pvimg: Provide improved JSON output to 'pvimg info --format json'
  * pvinfo: Improve User experience on non-SE enabled systems
  * zipl/ngdump: Ensure ext4 file system is used on dump partition
  * zkey: Add support for integrity protected disks using HMAC keys
- Bug Fixes:
  * cpumf/pai: Handle different size of perf_event_attr
  * lscss: Fix memory leak
  * zipl: Fix dump job on tape devices
- Amended the .spec file (bsc#1258506)
  * 'Installing' all shipped rules from etc/udev/rules.d to /usr/lib/udev/rules.d
  * BuildRequires:  cryptsetup-devel >= 2.8.2
- Updated the code for IBM z17 machine type 9176:
  * read_values.c
  * cputype
  * Renamed cputype.1 to cputype.8 and amended
  * Amended read_values.8
- 'Improved' the read_values.c:
  * Added functionalities for '-a' and '-L attributes'
- Reworked and combined all s390-tools patches (jsc#PED-14586)
- Applied new combined patches
- Removed obsolete patches

-----------------------------------------------------------------
Advisory ID: 650
Released:    Tue Apr 28 18:22:53 2026
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1246399,CVE-2025-45582
This update for xfsprogs fixes the following issues:

- update to 6.19.0:
    * xfs_io:
        + print more realtime subvolume related information in statfs
        + fix fsmap help
    * mkfs:
        + fix log sunit automatic configuration
        + fix protofile data corruption when in/out file block sizes don't match
        + remove unnecessary return value affectation
        + quiet down warning about insufficient write zones
        + set rtstart from user-specified dblocks
    * libxfs: fix data corruption bug in libxfs_file_write
    * misc: fix a few memory leaks
    * mkfs.xfs fix sunit size on 512e and 4kN disks.
    * xfs_scrub_all: fix non-service-mode arguments to xfs_scrub
    * xfs: use blkdev_report_zones_cached()
    * include blkzoned.h in platform_defs.h
    * xfs_mdrestore: fix restoration on filesystems with 4k sectors
    * xfs_logprint: print log data to the screen in host-endian order

-----------------------------------------------------------------
Advisory ID: 655
Released:    Wed Apr 29 13:20:23 2026
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1246974,1249375,1258045,1258049,1258054,1258080,1258081,1260589,CVE-2025-8114,CVE-2025-8277,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968,CVE-2026-25645
This update for libssh fixes the following issues:

- Update to version 0.11.4:
- CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
- CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045)
- CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
- CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
- CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
- CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974)
- CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375)

-----------------------------------------------------------------
Advisory ID: 701
Released:    Wed May  6 02:05:54 2026
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1263366,1263367,CVE-2026-40355,CVE-2026-40356
This update for apparmor fixes the following issues:

Changes in apparmor:

- Use systemd-tmpfiles for path creation (jsc#PED-14916, jsc#PED-14917)
- Update to AppArmor 4.1.7
  - profile updates
  - minor fixes in parser and program utilities
  - update %files for new python LibAppArmor location
- Fix file list to match all possible LibAppArmor module names
- Updating kerberosclient utility
- Removed dovecot upstreamed patches

-----------------------------------------------------------------
Advisory ID: 741
Released:    Wed May 13 11:32:25 2026
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    important
References:  1210938,1239334,1239944,1243254,1243505,1245759,1253889,1257010,1260264,1261822,1262134,1262926,1265762,CVE-2025-22868,CVE-2025-22869,CVE-2025-58181,CVE-2026-33186,CVE-2026-33814,CVE-2026-34986
This update for systemd-presets-branding-SLE fixes the following issues:

- change %pretrans script from shell to lua, as we cannot guarantee a shell on %pretrans at all (bsc#1261822)
- fix escaping for migration_flag (bsc#1262134)
- unify the presets between traditional and immutable modes (with some exceptions) (jsc#PED-16082)

-----------------------------------------------------------------
Advisory ID: 761
Released:    Mon May 18 07:38:10 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1255111,1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

-----------------------------------------------------------------
Advisory ID: 803
Released:    Tue May 26 14:14:16 2026
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1261280,CVE-2026-34743
This update for xz fixes the following issue

- CVE-2026-34743: buffer overflow in lzma_index_append() (bsc#1261280).

-----------------------------------------------------------------
Advisory ID: 808
Released:    Wed May 27 18:43:58 2026
Summary:     Recommended update for dbus-broker
Type:        recommended
Severity:    moderate
References:  1255678
This update for dbus-broker fixes the following issues:

- Fix timeout on ssh due to not handling ESRCH (bsc#1255678)

-----------------------------------------------------------------
Advisory ID: 824
Released:    Fri May 29 11:59:18 2026
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    important
References:  1258311,1259825,1262315
This update for crypto-policies fixes the following issues:

Changes in crypto-policies:

- Allow X25519 as required for sntrup761x25519-sha512 at openssh.com
  and sntrup761x25519-sha512 in the DEFAULT policy again. (bsc#1259825)

- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
  * Enable sntrup761x25519-sha512 for OpenSSH by default

- Modify the output of fips-mode-setup to hint the user when
  setting the FIPS mode in transactional systems to use the
  command 'transactional-update setup-fips'. (bsc#1262315)

-----------------------------------------------------------------
Advisory ID: 861
Released:    Tue Jun  2 09:22:47 2026
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  
This update for aaa_base fixes the following issues:

- Update to version 84.87+git20260529.c4391e5:
    * $status to $?
    * Simplifying the sh part too
    * Addressing review comments and simplifying a bit
    * Handle javas managed by libalternatives and by update-alternatives alike

-----------------------------------------------------------------
Advisory ID: 867
Released:    Tue Jun  2 11:13:41 2026
Summary:     Security update for rsync
Type:        security
Severity:    important
References:  1254441,1262223,1264511,1264512,1264513,1264514,1264515,1265296,CVE-2025-10158,CVE-2026-29518,CVE-2026-41035,CVE-2026-43617,CVE-2026-43618,CVE-2026-43619,CVE-2026-43620,CVE-2026-45232
This update for rsync fixes the following issues

- CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441).
- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (use chroot = no) (bsc#1264511).
- CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223).
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).

-----------------------------------------------------------------
Advisory ID: 885
Released:    Wed Jun  3 11:47:33 2026
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  
This update for aaa_base fixes the following issues:

- Fix a typo and follow symlinks in alljava

-----------------------------------------------------------------
Advisory ID: 889
Released:    Fri Jun  5 10:15:29 2026
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1257955,1258960
This update for dracut fixes the following issues:

- Always include a defined set of kernel modules for aarch64 (bsc#1257955):
    * fix(kernel-modules): always include arm/aarch64 specific modules in sloppy mode
    * fix(kernel-modules): make sure block modules are always included
- Other:
    * test(BTRFSRAID): simplify and rework to avoid intermittent errors (bsc#1258960)

-----------------------------------------------------------------
Advisory ID: 903
Released:    Mon Jun  8 16:12:20 2026
Summary:     Security update for elemental-toolkit
Type:        security
Severity:    important
References:  1251679,1260277,1266187,1267168,CVE-2026-33186
This update for elemental-toolkit fixes the following issue

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
  header (bsc#1260277).

Changes:

- Update to v2.3.4:
 * 974af043 Bump golang.org/x/net to v0.55.0 (bsc#1267168 bsc#1251679)
 * ae39c90f Bump golang.org/x/crypto to v0.52.0 (bsc#1266187)
- Update to v2.3.3:
 * 8b4af274 Avoid pulling binaries with curl
 * d46e30f4 Bump golangci/golangci-lint-action to v9
 * 02caf200 Bump github.com/spf13/cobra library
 * e29e1fbf Bump github.com/jaypipes/ghw library
 * 652654e1 Bump github.com/bramvdbogaerde/go-scp library
 * f94a0c58 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
 * dc1a2056 Bump github.com/ulikunitz/xz library
 * 337a986c Update headers to 2026
 * d6aac085 Switch from TW to Leap 16.0 for green flavor

-----------------------------------------------------------------
Advisory ID: 925
Released:    Fri Jun 12 14:46:46 2026
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1267423
This update for aaa_base fixes the following issues:

- Add missing '=' in alljava.csh (bsc#1267423)

-----------------------------------------------------------------
Advisory ID: 938
Released:    Wed Jun 17 10:47:34 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1262631,1262632,1262635,1262636,1262638,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:

- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).


The following package changes have been done:

- boost-license1_86_0-1.86.0-160000.2.2 added
- btrfsprogs-udev-rules-6.14-160000.2.2 updated
- compat-usrmerge-tools-84.87-160000.2.2 updated
- crypto-policies-20250714.cd6043a-160000.2.1 updated
- dbus-broker-block-restart-36-160000.3.1 added
- elemental-httpfy-1.8.2-160000.1.2 updated
- elemental-seedimage-hooks-1.8.2-160000.1.2 updated
- file-magic-5.46-160000.2.2 added
- libldap-data-2.6.10+10-160000.3.1 added
- libsemanage-conf-3.8.1-160000.2.2 updated
- pkgconf-m4-2.2.0-160000.2.2 updated
- system-user-root-20190513-160000.2.2 updated
- systemd-default-settings-branding-upstream-0.10-160000.2.2 added
- filesystem-84.87-160000.2.2 updated
- glibc-2.40-160000.5.1 updated
- glibc-gconv-modules-extra-2.40-160000.5.1 added
- terminfo-base-6.5.20250531-160000.2.2 updated
- libncurses6-6.5.20250531-160000.2.2 updated
- ncurses-utils-6.5.20250531-160000.2.2 updated
- libzstd1-1.5.7-160000.2.2 updated
- libz1-1.2.13-160000.3.1 updated
- libxxhash0-0.8.3-160000.2.2 updated
- libverto1-0.3.2-160000.2.2 updated
- libuuid1-2.41.1-160000.3.1 updated
- liburcu8-0.14.0-160000.2.2 updated
- libunistring5-1.3-160000.3.2 updated
- libtextstyle0-0.22.5-160000.2.2 updated
- libtasn1-6-4.21.0-160000.1.1 updated
- libsqlite3-0-3.51.3-160000.1.1 added
- libsmartcols1-2.41.1-160000.3.1 updated
- libsepol2-3.8.1-160000.2.2 updated
- libseccomp2-2.6.0-160000.2.2 updated
- libsasl2-3-2.1.28-160000.3.1 updated
- libpopt0-1.19-160000.2.2 updated
- libpkgconf5-2.2.0-160000.2.2 added
- libpcre2-8-0-10.45-160000.3.1 updated
- libparted-fs-resize0-3.6-160000.2.2 updated
- libnss_usrfiles2-2.27.1-160000.3.2 updated
- libnghttp2-14-1.64.0-160000.3.1 updated
- libmpdec4-4.0.1-160000.2.2 added
- liblzo2-2-2.10-160000.3.2 updated
- liblzma5-5.8.1-160000.3.1 updated
- liblz4-1-1.10.0-160000.3.1 updated
- liblz1-1.15-160000.2.2 added
- liblua5_4-5-5.4.7-160000.2.2 updated
- libkeyutils1-1.6.3-160000.3.2 updated
- libkbdfile1-2.7.1-160000.2.2 added
- libjson-c5-0.17-160000.2.2 updated
- libjitterentropy3-3.6.3-160000.2.2 updated
- libgpg-error0-1.58-160000.1.1 updated
- libgmp10-6.3.0-160000.2.2 updated
- libgcc_s1-15.2.0+git10201-160000.2.1 updated
- libfuse3-3-3.16.2-160000.2.2 added
- libffi8-3.4.6-160000.2.2 updated
- libexpat1-2.7.1-160000.5.1 updated
- libeconf0-0.7.9-160000.2.2 updated
- libcrypt1-4.4.38-160000.3.2 updated
- libcom_err2-1.47.0-160000.3.2 updated
- libcap2-2.73-160000.3.1 updated
- libcap-ng0-0.8.5-160000.3.2 updated
- libbz2-1-1.0.8-160000.2.2 updated
- libburn4-1.5.6-160000.2.2 updated
- libbtrfsutil1-6.14-160000.2.2 updated
- libbtrfs0-6.14-160000.2.2 updated
- libbrotlicommon1-1.1.0-160000.2.2 updated
- libaudit1-4.0-160000.2.2 updated
- libattr1-2.5.2-160000.2.2 updated
- libalternatives1-1.2+30.a5431e9-160000.2.2 updated
- libaio1-0.3.113-160000.3.2 updated
- libacl1-2.3.2-160000.2.2 updated
- glibc-locale-base-2.40-160000.5.1 updated
- fillup-1.42-160000.2.2 updated
- envsubst-0.22.5-160000.2.2 added
- dosfstools-4.2-160000.2.2 updated
- diffutils-3.12-160000.2.2 updated
- libreadline8-8.2.13-160000.2.2 updated
- libedit0-20210910.3.1-160000.2.2 updated
- pigz-2.8-160000.2.2 added
- libpng16-16-1.6.44-160000.7.1 updated
- libelf1-0.192-160000.3.1 added
- libidn2-0-2.3.8-160000.2.2 updated
- liblastlog2-2-2.41.1-160000.3.1 added
- pkgconf-2.2.0-160000.2.2 updated
- libselinux1-3.8.1-160000.3.1 updated
- netcfg-11.6-160000.2.2 updated
- libxml2-2-2.13.8-160000.4.1 updated
- squashfs-4.6.1-160000.2.2 updated
- libkfont0-2.7.1-160000.2.2 added
- libkeymap1-2.7.1-160000.2.2 added
- libgcrypt20-1.12.1-160000.1.1 updated
- libmpfr6-4.2.1-160000.2.2 added
- libstdc++6-15.2.0+git10201-160000.2.1 updated
- libp11-kit0-0.25.5-160000.2.2 updated
- libblkid1-2.41.1-160000.3.1 updated
- perl-base-5.42.0-160000.2.2 updated
- libext2fs2-1.47.0-160000.3.2 updated
- libudev1-257.13-160000.1.1 updated
- libsystemd0-257.13-160000.1.1 updated
- libzio1-1.09-160000.2.2 updated
- libmagic1-5.46-160000.2.2 added
- libjte2-1.22-160000.2.2 updated
- libbrotlidec1-1.1.0-160000.2.2 updated
- alts-1.2+30.a5431e9-160000.2.2 updated
- permctl-1699_20250120-160000.2.2 added
- bash-5.2.37-160000.2.2 updated
- bash-sh-5.2.37-160000.2.2 updated
- libdw1-0.192-160000.3.1 added
- libpsl5-0.21.5-160000.3.2 updated
- sed-4.9-160000.2.2 updated
- libsubid5-4.17.2-160000.2.2 added
- libsemanage2-3.8.1-160000.2.2 updated
- findutils-4.10.0-160000.2.2 updated
- libinih0-58-160000.2.2 updated
- libboost_thread1_86_0-1.86.0-160000.2.2 added
- gptfdisk-1.0.10-160000.2.2 updated
- p11-kit-0.25.5-160000.2.2 updated
- p11-kit-tools-0.25.5-160000.2.2 updated
- libmount1-2.41.1-160000.3.1 updated
- libfdisk1-2.41.1-160000.3.1 updated
- file-5.46-160000.2.2 added
- libisofs6-1.5.6-160000.2.2 updated
- libfreetype6-2.13.3-160000.3.1 updated
- zstd-1.5.7-160000.2.2 added
- xz-5.8.1-160000.3.1 updated
- pkgconf-pkg-config-2.2.0-160000.2.2 updated
- mtools-4.0.45-160000.2.2 updated
- login_defs-4.17.2-160000.2.2 updated
- libssh-config-0.11.4-160000.1.1 updated
- libdevmapper1_03-2.03.29_1.02.203-160000.3.1 updated
- gzip-1.13-160000.2.2 updated
- grep-3.11-160000.2.2 updated
- gettext-runtime-0.22.5-160000.2.2 updated
- gawk-5.3.2-160000.2.2 added
- cpio-2.15-160000.2.2 added
- coreutils-9.6-160000.2.2 updated
- ALP-dummy-release-0.1-160000.2.2 updated
- libasm1-0.192-160000.3.1 added
- libisoburn1-1.5.6-160000.3.2 updated
- libparted2-3.6-160000.2.2 updated
- libdevmapper-event1_03-2.03.29_1.02.203-160000.3.1 updated
- info-7.1-160000.2.2 updated
- thin-provisioning-tools-1.1.0-160000.2.2 updated
- systemd-rpm-macros-26-160000.2.2 updated
- systemd-presets-common-SUSE-15-160000.2.2 updated
- rpm-config-SUSE-20250328-160000.2.2 updated
- rpm-4.20.1-160000.2.2 updated
- permissions-config-1699_20250120-160000.2.2 updated
- e2fsprogs-1.47.0-160000.3.2 updated
- ca-certificates-2+git20240805.fd24d50-160000.2.2 updated
- ca-certificates-mozilla-2.84-160000.1.1 updated
- btrfsprogs-6.14-160000.2.2 updated
- elfutils-0.192-160000.3.1 added
- parted-3.6-160000.2.2 updated
- liblvm2cmd2_03-2.03.29-160000.3.1 updated
- xorriso-1.5.6-160000.3.2 updated
- device-mapper-2.03.29_1.02.203-160000.3.1 updated
- systemd-presets-branding-SLE-15.1-160000.4.1 added
- permissions-1699_20250120-160000.2.2 updated
- libopenssl3-3.5.0-160000.7.1 updated
- grub2-common-2.12-160000.6.1 added
- pam-1.7.1-160000.3.1 updated
- rsync-3.4.1-160000.4.1 updated
- python313-base-3.13.13-160000.1.1 added
- libpython3_13-1_0-3.13.13-160000.1.1 added
- libldap-2-2.6.10+10-160000.3.1 added
- libkmod2-34.2-160000.3.2 updated
- libcryptsetup12-2.8.4-160000.1.1 updated
- krb5-1.21.3-160000.2.2 updated
- grub2-i386-pc-2.12-160000.6.1 updated
- util-linux-2.41.1-160000.3.1 updated
- shadow-4.17.2-160000.2.2 updated
- pam-extra-1.7.1-160000.3.1 added
- kbd-2.7.1-160000.2.2 updated
- xfsprogs-6.19.0-160000.1.1 updated
- libssh4-0.11.4-160000.1.1 updated
- grub2-2.12-160000.6.1 updated
- libsnapper7-0.12.1-160000.2.2 updated
- sysuser-shadow-3.3-160000.2.2 updated
- pam-config-2.13+git.20250715-160000.2.2 updated
- libcurl4-8.14.1-160000.6.1 updated
- system-user-lp-20170617-160000.2.2 added
- system-group-kvm-20170617-160000.2.2 updated
- system-group-hardware-20170617-160000.2.2 updated
- dbus-1-common-1.14.10-160000.2.2 updated
- curl-8.14.1-160000.6.1 updated
- libdbus-1-3-1.14.10-160000.2.2 updated
- dbus-1-tools-1.14.10-160000.2.2 updated
- aaa_base-84.87+git20260610.3b5a868c-160000.1.1 updated
- systemd-257.13-160000.1.1 updated
- dbus-broker-36-160000.3.1 added
- dbus-1-1.14.10-160000.2.2 updated
- util-linux-systemd-2.41.1-160000.3.1 added
- suse-module-tools-16.0.64-160000.1.1 updated
- kmod-34.2-160000.3.2 updated
- udev-257.13-160000.1.1 updated
- dracut-059+suse.720.g64cb9fbf-160000.1.1 added
- snapper-0.12.1-160000.2.2 updated
- lvm2-2.03.29-160000.3.1 updated
- elemental-toolkit-2.3.4-160000.1.1 updated
- container:bci-bci-base-16.0-3327ce232ff17c6439252dbc165087dc6d05ddfe3a2cb938ebfc3785c4d4bc75-0 added
- boost-license1_84_0-1.84.0-slfo.1.1_1.4 removed
- chkstat-1600_20240206-slfo.1.1_1.5 removed
- container:suse-toolbox-image-1.0.0-5.68 removed
- dbus-1-daemon-1.14.10-slfo.1.1_1.2 removed
- libargon2-1-20190702-slfo.1.1_1.2 removed
- libboost_thread1_84_0-1.84.0-slfo.1.1_1.4 removed
- libfuse2-2.9.9-slfo.1.1_1.2 removed
- libip4tc2-1.8.9-slfo.1.1_2.1 removed
- libldap2-2.6.4-slfo.1.1_1.2 removed
- libpkgconf3-1.8.0-slfo.1.1_1.5 removed
- libsubid4-4.15.1-slfo.1.1_1.3 removed
- systemd-default-settings-0.7-slfo.1.1_1.2 removed
- systemd-default-settings-branding-openSUSE-0.7-slfo.1.1_1.2 removed
- systemd-presets-branding-ALP-transactional-20230214-slfo.1.1_1.2 removed


More information about the sle-container-updates mailing list