Packages changed: MicroOS-release (20260611 -> 20260612) glib-networking kernel-source (7.0.11 -> 7.0.12) less (702 -> 704) rsync sudo === Details === ==== MicroOS-release ==== Version update (20260611 -> 20260612) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== glib-networking ==== - Add CVE-2026-10028.patch: tls: detect cycles when setting issuer property (CVE-2026-10028, bsc#1267979, glgo#GNOME/glib-networking!279) ==== kernel-source ==== Version update (7.0.11 -> 7.0.12) - Linux 7.0.12 (bsc#1012628). - Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (bsc#1012628). - ACPI: button: Fix ACPI GPE handler leak during removal (bsc#1012628). - ACPI: button: Enable wakeup GPEs for ACPI buttons at probe time (bsc#1012628). - xfrm: move policy_bydst RCU sync from per-netns .exit to .pre_exit (bsc#1012628). - net/sched: sch_sfb: Replace direct dequeue call with peek and qdisc_dequeue_peeked (bsc#1012628). - nfc: llcp: Fix use-after-free in llcp_sock_release() (bsc#1012628). - nfc: llcp: Fix use-after-free race in nfc_llcp_recv_cc() (bsc#1012628). - xfrm: Check for underflow in xfrm_state_mtu (bsc#1012628). - nfc: nxp-nci: i2c: use rising-edge IRQ on ACPI systems (bsc#1012628). - tools/bootconfig: Fix buf leaks in apply_xbc (bsc#1012628). - HID: remove duplicate hid_warn_ratelimited definition (bsc#1012628). - kunit: fix use-after-free in debugfs when using kunit.filter (bsc#1012628). - accel/rocket: fix UAF via dangling GEM handle in create_bo (bsc#1012628). - netfilter: synproxy: refresh tcphdr after skb_ensure_writable (bsc#1012628). - netfilter: xt_cpu: prefer raw_smp_processor_id (bsc#1012628). - netfilter: ebtables: fix OOB read in compat_mtw_from_user (bsc#1012628). - netfilter: nf_tables: fix dst corruption in same register operation (bsc#1012628). - tun: free page on short-frame rejection in tun_xdp_one() (bsc#1012628). - tap: free page on error paths in tap_get_user_xdp() (bsc#1012628). - tun: free page on build_skb failure in tun_xdp_one() (bsc#1012628). - vsock: keep poll shutdown state consistent (bsc#1012628). - net: netlink: fix sending unassigned nsid after assigned one (bsc#1012628). - net: netlink: don't set nsid on local notifications (bsc#1012628). - net/smc: Do not re-initialize smc hashtables (bsc#1012628). - net/iucv: fix locking in .getsockopt (bsc#1012628). - scsi: core: Run queues for all non-SDEV_DEL devices from scsi_run_host_queues (bsc#1012628). - scsi: scsi_debug: Add missing newline in scsi_debug_device_reset() (bsc#1012628). - ipv4: free net->ipv4.sysctl_local_reserved_ports after unregister_net_sysctl_table() (bsc#1012628). - ALSA: hda: cs35l56: Fix system name string leaks (bsc#1012628). - ALSA: pcm: oss: Fix setup list UAF on proc write error (bsc#1012628). - ASoC: Intel: bytcht_es8316: Fix MCLK leak on init errors (bsc#1012628). - net/mlx5: HWS: Reject unsupported remove-header action (bsc#1012628). - net: hsr: fix potential OOB access in supervision frame handling (bsc#1012628). - accel/ivpu: prevent uninitialized data bug in debugfs (bsc#1012628). - gpio: mxc: fix irq_high handling (bsc#1012628). - drm/i915/aux: use polling when irqs are unavailable (bsc#1012628). - net: Avoid checksumming unreadable skb tail on trim (bsc#1012628). - ethtool: rss: avoid modifying the RSS context response (bsc#1012628). - ethtool: rss: add missing errno on RSS context delete (bsc#1012628). - ethtool: rss: fix falsely ignoring indir table updates (bsc#1012628). - ethtool: rss: fix indir_table and hkey leak on get_rxfh failure (bsc#1012628). - ethtool: rss: fix hkey leak when indir_size is 0 (bsc#1012628). - ethtool: rss: avoid device context leak on reply-build failure (bsc#1012628). - ethtool: module: call ethnl_ops_complete() on module flash errors (bsc#1012628). - ethtool: module: avoid leaking a netdev ref on module flash errors (bsc#1012628). - ethtool: module: avoid racy updates to dev->ethtool bitfield (bsc#1012628). - ethtool: module: check fw_flash_in_progress under rtnl_lock (bsc#1012628). - ethtool: module: fix cleanup if socket used for flashing multiple devices (bsc#1012628). - ethtool: cmis: require exact CDB reply length (bsc#1012628). - ethtool: cmis: fix u16-to-u8 truncation of msleep_pre_rpl (bsc#1012628). - ethtool: cmis: validate start_cmd_payload_size from module (bsc#1012628). - ethtool: cmis: validate fw->size against start_cmd_payload_size (bsc#1012628). - cxl/test: Update mock dev array before calling platform_device_add() (bsc#1012628). - tunnels: load network headers after skb_cow() in iptunnel_pmtud_build_icmp[v6]() (bsc#1012628). ... changelog too long, skipping 1174 lines ... - commit c8ca8cf ==== less ==== Version update (702 -> 704) - Update to 704: * Fix possibly passing unsafe options to man when opening an OSC 8 link * Fix possibly sending unsafe OSC sequence to terminal when file contains an unterminated OSC sequence * In Examine and Shell commands, expand % and # to shell-escaped filenames ==== rsync ==== - Add missing python3-base BR ==== sudo ==== - Fix missing %verify(not mode) %{_bindir}/sudo (bsc#1263098)