These are all security issues fixed in the arm-trusted-firmware-2.8.6-1.1 package on the GA media of openSUSE Tumbleweed.