Packages changed: apache2 (2.4.66 -> 2.4.67) apache2-manual (2.4.66 -> 2.4.67) apache2-prefork (2.4.66 -> 2.4.67) apache2-utils (2.4.66 -> 2.4.67) apparmor container-selinux (2.247.0 -> 2.248.0) expat (2.7.5 -> 2.8.1) ffmpeg-8 gdm gpg2 (2.5.19 -> 2.5.20) kernel-source (7.0.6 -> 7.0.7) libapparmor libei (1.5.0 -> 1.6.0) libinput (1.31.1 -> 1.31.2) libmodulemd libselinux libselinux-bindings libstorage-ng (4.5.316 -> 4.5.320) openblas_openmp openblas_pthreads openssl-3 pipewire (1.6.4 -> 1.6.5) python-urllib3 (2.6.3 -> 2.7.0) salt selinux-policy (20260414 -> 20260508) suse-module-tools (16.1.4 -> 16.1.5) webkitgtk3 webkitgtk4 xen (4.21.1_04 -> 4.21.1_06) yast2-storage-ng (5.0.45 -> 5.0.48) === Details === ==== apache2 ==== Version update (2.4.66 -> 2.4.67) - Remove last remnants of update-alternatives. - version update to 2.4.67 * ) SECURITY: CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() [boo#1263950] Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) [boo#1263951] Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions [boo#1263952] Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line [boo#1263953] HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash [boo#1263954] A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack [boo#1263955] A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash [boo#1263956] A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock. * ) SECURITY: CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response [boo#1264150] Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() [boo#1264163] Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr [boo#1263935] An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset [boo#1263957] Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) mod_md: update to version 2.6.10 - Fix issue #420 by ignoring job.json files that claim to have completely finished a certificate renewal, but have not produced the necessary result files. * ) mod_http2: update to version 2.0.39 Remove streams own memory allocator after reports of memory problems with third party modules. * ) mod_http2: update to version 2.0.38 ... changelog too long, skipping 16 lines ... * ) mod_md: Use correct function name when compiling against APR < 1.6.0. ==== apache2-manual ==== Version update (2.4.66 -> 2.4.67) - Remove last remnants of update-alternatives. - version update to 2.4.67 * ) SECURITY: CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() [boo#1263950] Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) [boo#1263951] Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions [boo#1263952] Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line [boo#1263953] HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash [boo#1263954] A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack [boo#1263955] A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash [boo#1263956] A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock. * ) SECURITY: CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response [boo#1264150] Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() [boo#1264163] Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr [boo#1263935] An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset [boo#1263957] Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) mod_md: update to version 2.6.10 - Fix issue #420 by ignoring job.json files that claim to have completely finished a certificate renewal, but have not produced the necessary result files. * ) mod_http2: update to version 2.0.39 Remove streams own memory allocator after reports of memory problems with third party modules. * ) mod_http2: update to version 2.0.38 ... changelog too long, skipping 16 lines ... * ) mod_md: Use correct function name when compiling against APR < 1.6.0. ==== apache2-prefork ==== Version update (2.4.66 -> 2.4.67) - Remove last remnants of update-alternatives. - version update to 2.4.67 * ) SECURITY: CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() [boo#1263950] Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) [boo#1263951] Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions [boo#1263952] Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line [boo#1263953] HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash [boo#1263954] A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack [boo#1263955] A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash [boo#1263956] A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock. * ) SECURITY: CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response [boo#1264150] Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() [boo#1264163] Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr [boo#1263935] An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset [boo#1263957] Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) mod_md: update to version 2.6.10 - Fix issue #420 by ignoring job.json files that claim to have completely finished a certificate renewal, but have not produced the necessary result files. * ) mod_http2: update to version 2.0.39 Remove streams own memory allocator after reports of memory problems with third party modules. * ) mod_http2: update to version 2.0.38 ... changelog too long, skipping 16 lines ... * ) mod_md: Use correct function name when compiling against APR < 1.6.0. ==== apache2-utils ==== Version update (2.4.66 -> 2.4.67) - Remove last remnants of update-alternatives. - version update to 2.4.67 * ) SECURITY: CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() [boo#1263950] Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) [boo#1263951] Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions [boo#1263952] Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line [boo#1263953] HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash [boo#1263954] A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack [boo#1263955] A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash [boo#1263956] A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock. * ) SECURITY: CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response [boo#1264150] Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() [boo#1264163] Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) SECURITY: CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr [boo#1263935] An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. * ) SECURITY: CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset [boo#1263957] Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. * ) mod_md: update to version 2.6.10 - Fix issue #420 by ignoring job.json files that claim to have completely finished a certificate renewal, but have not produced the necessary result files. * ) mod_http2: update to version 2.0.39 Remove streams own memory allocator after reports of memory problems with third party modules. * ) mod_http2: update to version 2.0.38 ... changelog too long, skipping 16 lines ... * ) mod_md: Use correct function name when compiling against APR < 1.6.0. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - add wpa_supplicant.diff: fix wpa_supplicant profile (boo#1265377) ==== container-selinux ==== Version update (2.247.0 -> 2.248.0) - Update to version 2.248.0: * Condition ptrace permission on deny_ptrace boolean ==== expat ==== Version update (2.7.5 -> 2.8.1) Subpackages: libexpat1 - update to 2.8.1 (bsc#1264713, CVE-2026-45186, bsc#1262263, CVE-2026-41080): * Fix quadratic runtime from attribute name collision checks that allowed denial of service attacks through moderately sized crafted XML input (CWE-407). Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * CVE-2026-41080 -- The existing hash flooding protection only used 4 to 8 bytes of entropy for * a salt, when 16 bytes of salt are supported by the * implementation of SipHash used by Expat. Now full 16 bytes * of entropy are used to improve protection against hash * flooding attacks. * Existing API function XML_SetHashSalt is now deprecated * because of its limitations, and its use should be * considered a vulnerability. Please either use the new API * function XML_SetHashSalt16Bytes (with known-high-quality * entropy input only!) instead, or leave the derivation of * a 16-bytes hash salt from high quality entropy to Expat's * internal machinery (by *not* calling either of the two * XML_SetHashSalt* functions). ==== ffmpeg-8 ==== Subpackages: libavcodec62 libavfilter11 libavformat62 libavutil60 libswresample6 libswscale9 - Enable glslang filters ==== gdm ==== Subpackages: gdm-lang gdm-schema gdm-systemd gdm-xdm-integration libgdm1 typelib-1_0-Gdm-1_0 - Drop xdm-integration in SLE 16.1 to remove the update-alternatives dependency (bsc#1264389, jsc#PED-15673). ==== gpg2 ==== Version update (2.5.19 -> 2.5.20) Subpackages: dirmngr gpg2-lang - Update to 2.5.20: * gpgsm: Implement GCM encryption. Note that decryption works since version 2 * gpgsm: New option --attribute and server command SETATTR to include arbitrary signed or unsigned attributes into a signature. Enable only with libksba 1 * gpgsm: Introduce system attribute _signingCertificateV2. * gpg: Fix wrong assertion failure which could very rarely occur during key signature checking * gpg: Consider certify-only keys for revocation signature check. * gpgsm: Fix possible double free in the CMS parser * gpgsm: Fix possible too early removal of ephemeral keys * gpgsm: Avoid emitting a final FAILURE status line if --status-fd is not used * gpgsm: Fix a regression in 2.5.19 for password encrypted GCM data * agent: Fix not using cache for pinentry loopback * agent: Fix command PUT_SECRET by saving input line * keyboxd: Mark keys searched but not imported via LDAP correctly as ephemeral * scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA keys > 2k * dirmngr: Fix uninitialized use of the dns_any union in dns_rr_cmp ==== kernel-source ==== Version update (7.0.6 -> 7.0.7) - Update patches.kernel.org/7.0.2-014-f2fs-fix-to-avoid-uninit-value-access-in-f2fs_s.patch (bsc#1012628 CVE-2026-43349 bsc#1265131). - Update patches.kernel.org/7.0.2-024-smb-client-require-a-full-NFS-mode-SID-before-r.patch (bsc#1012628 CVE-2026-43350 bsc#1264985). - Update patches.kernel.org/7.0.2-042-mshv_vtl-Fix-vmemmap_shift-exceeding-MAX_FOLIO_.patch (bsc#1012628 CVE-2026-43348 bsc#1264981). - Update patches.kernel.org/7.0.7-306-ksmbd-validate-inherited-ACE-SID-length.patch (bsc#1012628 CVE-2026-43490). suse-add-cves - commit f1d450c - ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308). - commit 67ebcde - selftests/namespaces: Skip efault tests when listns() is not available (poo#196367). - selftests/namespaces: Fix waitpid race in listns_efault_test cleanup (poo#196367). - selftests/namespaces: Kill grandchild in nsid fixture teardown (poo#196367). - commit 37898a9 - Linux 7.0.7 (bsc#1012628). - scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() (bsc#1012628). - ipmi: Add limits to event and receive message requests (bsc#1012628). - ipmi: Check event message buffer response for bad data (bsc#1012628). - ipmi:si: Return state to normal if message allocation fails (bsc#1012628). - fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free (bsc#1012628). - ACPI: arm64: cpuidle: Tolerate platforms with no deep PSCI idle states (bsc#1012628). - ACPI: scan: Use acpi_dev_put() in object add error paths (bsc#1012628). - ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770 AIO (bsc#1012628). - ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug (bsc#1012628). - ACPI: video: force native backlight on HP OMEN 16 (8A44) (bsc#1012628). - tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (bsc#1012628). - iommufd: Fix a race with concurrent allocation and unmap (bsc#1012628). - ASoC: SOF: Don't allow pointer operations on unconfigured streams (bsc#1012628). - wifi: mt76: mt7925: fix incorrect TLV length in CLC command (bsc#1012628). - spi: rockchip: fix controller deregistration (bsc#1012628). - ksmbd: rewrite stop_sessions() with restartable iteration (bsc#1012628). - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (bsc#1012628). - flow_dissector: do not dissect PPPoE PFC frames (bsc#1012628). - smb: client/smbdirect: fix MR registration for coalesced SG lists (bsc#1012628). - net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked (bsc#1012628). - exit: prevent preemption of oopsing TASK_DEAD task (bsc#1012628). - wifi: mt76: mt7925: fix AMPDU state handling in mt7925_tx_check_aggr (bsc#1012628). - wifi: mt76: mt7925: fix incorrect length field in txpower command (bsc#1012628). - wifi: mt76: mt7921: fix a potential clc buffer length underflow (bsc#1012628). - wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work (bsc#1012628). - wifi: b43legacy: enforce bounds check on firmware key index in RX path (bsc#1012628). - wifi: mac80211: drop stray 'static' from fast-RX rx_result (bsc#1012628). - wifi: rsi: fix kthread lifetime race between self-exit and external-stop (bsc#1012628). - wifi: mac80211: use safe list iteration in radar detect work (bsc#1012628). - wifi: ath5k: do not access array OOB (bsc#1012628). - wifi: mac80211: remove station if connection prep fails (bsc#1012628). - wifi: b43: enforce bounds check on firmware key index in b43_rx() (bsc#1012628). - wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task (bsc#1012628). - usb: usblp: fix heap leak in IEEE 1284 device ID via short response (bsc#1012628). - usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl (bsc#1012628). - ALSA: usb-audio: midi2: Restart output URBs on resume (bsc#1012628). - ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() (bsc#1012628). - ALSA: usb-audio: Fix UAC3 cluster descriptor size check (bsc#1012628). - usb: dwc3: Move GUID programming after PHY initialization (bsc#1012628). ... changelog too long, skipping 623 lines ... - commit 96c854d ==== libapparmor ==== - add wpa_supplicant.diff: fix wpa_supplicant profile (boo#1265377) ==== libei ==== Version update (1.5.0 -> 1.6.0) - Update to release 1.6.0 * A new ei_text interface that provides the ei_text.keysym and ei_text.utf8 requests and events. These allow an emulating client to send keysyms or straight utf8, useful for situations where a keysym needs to be sent independent of the available keymap on the ei_keyboard device. * Preparatory work for future table support: * ei_device.ready is a request sent by compatible clients after ei_device.done to notify the EIS implementation that the client is done with any device-specific configuration. * ei_seat.request_device is a request sent by compatible clients to request a device with specific capabilities. The EIS implementation is not required to honor this request. ==== libinput ==== Version update (1.31.1 -> 1.31.2) Subpackages: libinput-udev libinput10 - Update to release 1.31.2 * A bunch of device-specific quirks * Fix for the new fast-swipe interaction during 3fg dragging. A wrong timestamp calculation could cause slow movements to be interpreted as swipes in some cases. * A fix for the Acer Swift SFX14-73G (and likely other devices with a similar touchpad) fixes a stuttering cursor caused by wrong SYN_REPORT handling in libinput. ==== libmodulemd ==== - Build different flavors for Python subpackages ==== libselinux ==== Subpackages: libselinux1 libselinux1-32bit selinux-tools - Change License from SUSE-Public-Domain to LicenseRef-SUSE-Public-Domain due to rpmlint invalid-license warning. ==== libselinux-bindings ==== - Change License from SUSE-Public-Domain to LicenseRef-SUSE-Public-Domain due to rpmlint invalid-license warning. ==== libstorage-ng ==== Version update (4.5.316 -> 4.5.320) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Spanish) (bsc#1149754) - 4.5.320 - merge gh#openSUSE/libstorage-ng#1073 - make parser for /proc/mdstat more robust - added test cases - 4.5.319 - Translated using Weblate (Chinese (China) (zh_CN)) (bsc#1149754) - 4.5.318 - Translated using Weblate (Chinese (Taiwan) (zh_TW)) (bsc#1149754) - merge gh#openSUSE/libstorage-ng#1072 - fixed logging empty lines - added test cases - 4.5.317 ==== openblas_openmp ==== - Run test_sbgemm only if it was built ==== openblas_pthreads ==== - Run test_sbgemm only if it was built ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - POWER performance enhancements * Optimized MLDSA NTT, supports p8 and above architectures (jsc#PED-14569) * Add patch: openssl-ppc64le-Optimized-MLKEM-NTT-supports-p8-ISA-2.07-and-above-architectures.patch ==== pipewire ==== Version update (1.6.4 -> 1.6.5) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.6.5: * This is a bugfix release that is API and ABI compatible with the previous 1.6.x releases. * Highlights - Fix muted output in some cases. - Removed the pipe filter in filter-graph. - More fixes and improvements. * PipeWire - Fix an issue in pw-filter where it could end up in a loop where buffers are stuck on a port and the port becomes silent. (#5249 (closed)) * Modules - Improve ROC receiver start/stop, fixes memory leaks. (#5250 (closed)) - Remove the pipe filter from filter-graph, it's broken by design and a security nightmare. - Fix the midi buffer size in jack-tunnel. * SPA - Rate limit out-of-buffers errors. (#5249 (closed)) - Partially revert the line-out mute patch, it seems to break things and leave audio muted when plugging-unplugging jacks. (#5246) - Improve renegotiation in audioconvert when the graph rate changes and the resampler was disabled. (#4933 (closed)). - Fix potential crash in alsa when logging. * Pulse-server - A whole bunch of extra security checks and hardening fixes. ==== python-urllib3 ==== Version update (2.6.3 -> 2.7.0) Subpackages: python311-urllib3 python313-urllib3 - Update to 2.7.0 (CVE-2026-44432, bsc#1265266, CVE-2026-44431, bsc#1265267): [#]# Security Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal. * Decompression-bomb safeguards of the streaming API were bypassed: See GHSA-mf9v-mfxr-j63j for details. * HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc) [#]# Deprecations and Removals * Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (#3763) * Removed support for end-of-life Python 3.9. (#3720) * Removed support for end-of-life PyPy3.10. (#4979) * Bumped the minimum supported pyOpenSSL version to 19.0.0. (#3777) [#]# Bugfixes * Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (#3636) * Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (#4967) * Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (#3793) * Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (#3798) * Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (#3352) * Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (#3764) ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Use non vendored tornado with Python 3.11 (bsc#1257583, bsc#1259700) - Added: * use-non-vendored-tornado-with-python-3.11.patch ==== selinux-policy ==== Version update (20260414 -> 20260508) Subpackages: selinux-policy-targeted - Update to version 20260508: * Add boolean ntp_refclock_access (bsc#1262711) * Add /var/log/ntp in ntp named filetrans interface (bsc#1262711) * Allow thump_t setattr on thumb_tmp_t lnk_files * Allow accounts-daemon read accountsd_share_t symlinks (bsc#1262502) * Label /usr/bin/sudo-rs and /usr/bin/su-rs * Allow pwupdd to read cracklib (bsc#1259138) * Allow pwupdd to log to audit log (bsc#1259138) * Move accountutils_pwaccessd_varlink_socket_connect from auth_use_pam (bsc#1259138) * Allow gpsd the setcap process capability * Add note about the process to merge template * Add mgetty_allow_sendfax boolean (bsc#1258666) * Do not backslash-escape underscores in file context specifications * Label /var/log/mgetty.* getty_log_t (bsc#1258666) * Allow systemd_homework_t to delete systemd_homed_record_t dirs (bsc#1261359) * Allow sshd-auth/sshd-session get attributes of their sshd parent * Allow systemd-tmpfiles to adjust resource limits * Allow logwatch to getattr nsfs files * Allow xdm dbus chat with rhsmcertd * Allow dhcpc_hook_t unix_dgram_socket and module_request * Allow accountsd list accountsd_share_t dirs ==== suse-module-tools ==== Version update (16.1.4 -> 16.1.5) Subpackages: suse-module-tools-scriptlets - Update to version 16.1.5: * Support XBOOTLDR (jsc#PED-16142) * modprobe.conf: split RNDIS blacklist, add interactive unblacklist support (boo#1262299, boo#1217268) * weak-modules2: don't remove symlinks in the rpm --reinstall case (bsc#1257055) ==== webkitgtk3 ==== Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - riscv-platformenable.patch: Fix build for riscv64 - Update constraints for riscv64 ==== webkitgtk4 ==== Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 webkitgtk-6_0-injected-bundles - riscv-platformenable.patch: Fix build for riscv64 - Update constraints for riscv64 ==== xen ==== Version update (4.21.1_04 -> 4.21.1_06) - bsc#1264066 - VUL-0: CVE-2025-54518: xen: AMD-SN-7052: CPU OP Cache Corruption 6a034fca-x86-mitigate-AMD-SN-7052.patch ==== yast2-storage-ng ==== Version update (5.0.45 -> 5.0.48) - Use the session keyring instead of the user one to communicate with sdbootutil (related to jsc#PED-10703). - 5.0.48 - Make sure to mount sys/kernel/security for the final steps of the installation (related to jsc#PED-10703). - 5.0.47 - Set BLS LEGACY bootloader as BLS (related to jsc#PED-10703). - 5.0.46