Container summary for suse/git
SUSE-CU-2024:5230-1
| Container Advisory ID | SUSE-CU-2024:5230-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-30.5 , suse/git:2.43.0 , suse/git:2.43.0-30.5 , suse/git:latest |
| Container Release | 30.5 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3726-1
|
| Released | Fri Oct 18 11:56:40 2024 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1231051 |
Description:
This update for glibc fixes the following issue:
- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).
SUSE-CU-2024:5213-1
| Container Advisory ID | SUSE-CU-2024:5213-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-30.3 , suse/git:2.43.0 , suse/git:2.43.0-30.3 , suse/git:latest |
| Container Release | 30.3 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3659-1
|
| Released | Wed Oct 16 15:12:47 2024 |
| Summary | Recommended update for gcc14 |
| Type | recommended |
| Severity | moderate |
| References | 1188441,1210959,1214915,1219031,1220724,1221601 |
Description:
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
SUSE-CU-2024:5136-1
| Container Advisory ID | SUSE-CU-2024:5136-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-29.3 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 29.3 |
The following patches have been included in this update:
SUSE-CU-2024:5025-1
| Container Advisory ID | SUSE-CU-2024:5025-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-28.4 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 28.4 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3597-1
|
| Released | Fri Oct 11 10:39:52 2024 |
| Summary | Recommended update for bash |
| Type | recommended |
| Severity | moderate |
| References | 1227807 |
Description:
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
SUSE-CU-2024:4940-1
| Container Advisory ID | SUSE-CU-2024:4940-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-28.2 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 28.2 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3589-1
|
| Released | Thu Oct 10 16:39:07 2024 |
| Summary | Recommended update for cyrus-sasl |
| Type | recommended |
| Severity | moderate |
| References | 1230111 |
Description:
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
SUSE-CU-2024:4899-1
| Container Advisory ID | SUSE-CU-2024:4899-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-28.1 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 28.1 |
The following patches have been included in this update:
SUSE-CU-2024:4830-1
| Container Advisory ID | SUSE-CU-2024:4830-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-27.9 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 27.9 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3528-1
|
| Released | Fri Oct 4 15:31:43 2024 |
| Summary | Recommended update for e2fsprogs |
| Type | recommended |
| Severity | moderate |
| References | 1230145 |
Description:
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
SUSE-CU-2024:4765-1
| Container Advisory ID | SUSE-CU-2024:4765-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-27.8 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 27.8 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:3501-1
|
| Released | Tue Oct 1 16:03:34 2024 |
| Summary | Security update for openssl-3 |
| Type | security |
| Severity | important |
| References | 1230698,CVE-2024-41996 |
Description:
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
| Advisory ID | SUSE-RU-2024:3504-1
|
| Released | Tue Oct 1 16:22:27 2024 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1230638 |
Description:
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
| Advisory ID | SUSE-RU-2024:3512-1
|
| Released | Wed Oct 2 18:14:56 2024 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | important |
| References | 1226414,1228091,1228223,1228809,1229518 |
Description:
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd
SUSE-CU-2024:4660-1
| Container Advisory ID | SUSE-CU-2024:4660-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-27.3 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 27.3 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3476-1
|
| Released | Fri Sep 27 15:16:38 2024 |
| Summary | Recommended update for curl |
| Type | recommended |
| Severity | moderate |
| References | 1230516 |
Description:
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
SUSE-CU-2024:4596-1
| Container Advisory ID | SUSE-CU-2024:4596-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-27.1 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 27.1 |
The following patches have been included in this update:
SUSE-CU-2024:4535-1
| Container Advisory ID | SUSE-CU-2024:4535-1 |
| Container Tags | suse/git:2 , suse/git:2.43 , suse/git:2.43-25.1 , suse/git:2.43.0 , suse/git:latest |
| Container Release | 25.1 |
The following patches have been included in this update:
SUSE-CU-2024:4415-1
| Container Advisory ID | SUSE-CU-2024:4415-1 |
| Container Tags | suse/git:2 , suse/git:2-24.6 , suse/git:2.43 , suse/git:2.43-24.6 , suse/git:2.43.0 , suse/git:2.43.0-24.6 , suse/git:latest |
| Container Release | 24.6 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3300-1
|
| Released | Wed Sep 18 14:27:53 2024 |
| Summary | Recommended update for ncurses |
| Type | recommended |
| Severity | moderate |
| References | 1229028 |
Description:
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
SUSE-CU-2024:4383-1
| Container Advisory ID | SUSE-CU-2024:4383-1 |
| Container Tags | suse/git:2 , suse/git:2-24.3 , suse/git:2.43 , suse/git:2.43-24.3 , suse/git:2.43.0 , suse/git:2.43.0-24.3 , suse/git:latest |
| Container Release | 24.3 |
The following patches have been included in this update:
SUSE-CU-2024:4357-1
| Container Advisory ID | SUSE-CU-2024:4357-1 |
| Container Tags | suse/git:2 , suse/git:2-24.1 , suse/git:2.43 , suse/git:2.43-24.1 , suse/git:2.43.0 , suse/git:2.43.0-24.1 , suse/git:latest |
| Container Release | 24.1 |
The following patches have been included in this update:
SUSE-CU-2024:4280-1
| Container Advisory ID | SUSE-CU-2024:4280-1 |
| Container Tags | suse/git:2 , suse/git:2-23.5 , suse/git:2.43 , suse/git:2.43-23.5 , suse/git:2.43.0 , suse/git:2.43.0-23.5 , suse/git:latest |
| Container Release | 23.5 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:3216-1
|
| Released | Thu Sep 12 13:05:20 2024 |
| Summary | Security update for expat |
| Type | security |
| Severity | moderate |
| References | 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 |
Description:
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
SUSE-CU-2024:4211-1
| Container Advisory ID | SUSE-CU-2024:4211-1 |
| Container Tags | suse/git:2 , suse/git:2-23.3 , suse/git:2.43 , suse/git:2.43-23.3 , suse/git:2.43.0 , suse/git:2.43.0-23.3 , suse/git:latest |
| Container Release | 23.3 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:3204-1
|
| Released | Wed Sep 11 10:55:22 2024 |
| Summary | Security update for curl |
| Type | security |
| Severity | moderate |
| References | 1230093,CVE-2024-8096 |
Description:
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
SUSE-CU-2024:4138-1
| Container Advisory ID | SUSE-CU-2024:4138-1 |
| Container Tags | suse/git:2 , suse/git:2-23.2 , suse/git:2.43 , suse/git:2.43-23.2 , suse/git:2.43.0 , suse/git:2.43.0-23.2 , suse/git:latest |
| Container Release | 23.2 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:3166-1
|
| Released | Mon Sep 9 12:25:30 2024 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1228042 |
Description:
This update for glibc fixes the following issue:
- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).
SUSE-CU-2024:4009-1
| Container Advisory ID | SUSE-CU-2024:4009-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-22.4 , suse/git:latest |
| Container Release | 22.4 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2022:2796-1
|
| Released | Fri Aug 12 14:34:31 2022 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
| Advisory ID | SUSE-RU-2022:3328-1
|
| Released | Wed Sep 21 12:48:56 2022 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | 1202870 |
Description:
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
| Advisory ID | SUSE-RU-2023:617-1
|
| Released | Fri Mar 3 16:49:06 2023 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | 1207789 |
Description:
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
| Advisory ID | SUSE-RU-2024:2024-1
|
| Released | Thu Jun 13 16:15:18 2024 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | 1209627 |
Description:
This update for jitterentropy fixes the following issues:
- Fixed a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
Updated to 3.4.1
- add FIPS 140 hints to man page
- simplify the test tool to search for optimal configurations
- fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
- enhancement: add ARM64 assembler code to read high-res timer
| Advisory ID | SUSE-SU-2024:3106-1
|
| Released | Tue Sep 3 17:00:40 2024 |
| Summary | Security update for openssl-3 |
| Type | security |
| Severity | moderate |
| References | 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 |
Description:
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
Other fixes:
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).
SUSE-CU-2024:3601-1
| Container Advisory ID | SUSE-CU-2024:3601-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-22.3 , suse/git:latest |
| Container Release | 22.3 |
The following patches have been included in this update:
SUSE-CU-2024:3516-1
| Container Advisory ID | SUSE-CU-2024:3516-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-20.3 , suse/git:latest |
| Container Release | 20.3 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:2784-1
|
| Released | Tue Aug 6 14:58:38 2024 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1227888,1228535,CVE-2024-6197,CVE-2024-7264 |
Description:
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
SUSE-CU-2024:3452-1
| Container Advisory ID | SUSE-CU-2024:3452-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-20.2 , suse/git:latest |
| Container Release | 20.2 |
The following patches have been included in this update:
SUSE-CU-2024:3381-1
| Container Advisory ID | SUSE-CU-2024:3381-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-19.2 , suse/git:latest |
| Container Release | 19.2 |
The following patches have been included in this update:
SUSE-CU-2024:3310-1
| Container Advisory ID | SUSE-CU-2024:3310-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-18.6 , suse/git:latest |
| Container Release | 18.6 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:2635-1
|
| Released | Tue Jul 30 09:14:09 2024 |
| Summary | Security update for openssl-3 |
| Type | security |
| Severity | important |
| References | 1222899,1223336,1226463,1227138,CVE-2024-5535 |
Description:
This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)
| Advisory ID | SUSE-RU-2024:2641-1
|
| Released | Tue Jul 30 09:29:36 2024 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for systemd fixes the following issues:
systemd was updated from version 254.13 to version 254.15:
- Changes in version 254.15:
* boot: cover for hardware keys on phones/tablets
* Conditional PSI check to reflect changes done in 5.13
* core/dbus-manager: refuse SoftReboot() for user managers
* core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
* core/exec-invoke: use sched_setattr instead of sched_setscheduler
* core/unit: follow merged units before updating SourcePath= timestamp too
* coredump: correctly take tmpfs size into account for compression
* cryptsetup: improve TPM2 blob display
* docs: Add section to HACKING.md on distribution packages
* docs: fixed dead link to GNOME documentation
* docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
* Fixed typo in CAP_BPF description
* LICENSES/README: expand text to summarize state for binaries and libs
* man: fully adopt ~/.local/state/
* man/systemd.exec: list inaccessible files for ProtectKernelTunables
* man/tmpfiles: remove outdated behavior regarding symlink ownership
* meson: bpf: propagate 'sysroot' for cross compilation
* meson: Define __TARGET_ARCH macros required by bpf
* mkfs-util: Set sector size for btrfs as well
* mkosi: drop CentOS 8 from CI
* mkosi: Enable hyperscale-packages-experimental for CentOS
* mountpoint-util: do not assume symlinks are not mountpoints
* os-util: avoid matching on the wrong extension-release file
* README: add missing CONFIG_MEMCG kernel config option for oomd
* README: update requirements for signed dm-verity
* resolved: allow the full TTL to be used by OPT records
* resolved: correct parsing of OPT extended RCODEs
* sysusers: handle NSS errors gracefully
* TEST-58-REPART: reverse order of diff args
* TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
* test: fixed TEST-24-CRYPTSETUP on SUSE
* test: install /etc/hosts
* Use consistent spelling of systemd.condition_first_boot argument
* util: make file_read() 64bit offset safe
* vmm: make sure we can handle smbios objects without variable part
- Changes in version 254.14:
* analyze: show pcrs also in sha384 bank
* chase: Tighten '.' and './' check
* core/service: fixed accept-socket deserialization
* efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
* executor: check for all permission related errnos when setting up IPC namespace
* install: allow removing symlinks even for units that are gone
* json: use secure un{base64,hex}mem for sensitive variants
* man,units: drop 'temporary' from description of systemd-tmpfiles
* missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
* repart: fixed memory leak
* repart: Use CRYPT_ACTIVATE_PRIVATE
* resolved: permit dnssec rrtype questions when we aren't validating
* rules: Limit the number of device units generated for serial ttys
* run: do not pass the pty slave fd to transient service in a machine
* sd-dhcp-server: clear buffer before receive
* strbuf: use GREEDY_REALLOC to grow the buffer
SUSE-CU-2024:3236-1
| Container Advisory ID | SUSE-CU-2024:3236-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-18.5 , suse/git:latest |
| Container Release | 18.5 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:2579-1
|
| Released | Mon Jul 22 12:36:34 2024 |
| Summary | Security update for git |
| Type | security |
| Severity | important |
| References | 1219660,CVE-2024-24577 |
Description:
This update for git fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
| Advisory ID | SUSE-RU-2024:2587-1
|
| Released | Mon Jul 22 13:44:54 2024 |
| Summary | Recommended update for openssh |
| Type | recommended |
| Severity | moderate |
| References | 1227456 |
Description:
This update for openssh fixes the following issues:
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)
SUSE-CU-2024:3200-1
| Container Advisory ID | SUSE-CU-2024:3200-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-18.3 , suse/git:latest |
| Container Release | 18.3 |
The following patches have been included in this update:
SUSE-CU-2024:3101-1
| Container Advisory ID | SUSE-CU-2024:3101-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-17.10 , suse/git:latest |
| Container Release | 17.10 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:2393-1
|
| Released | Wed Jul 10 17:33:47 2024 |
| Summary | Security update for openssh |
| Type | security |
| Severity | moderate |
| References | 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 |
Description:
This update for openssh fixes the following issues:
Security fixes:
- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318).
Other fixes:
- Add obsoletes for openssh-server-config-rootlogin (bsc#1227350).
- Add #include in some files added by the ldap patch to
fix build with gcc14 (bsc#1225904).
- Remove the recommendation for openssh-server-config-rootlogin
from openssh-server (bsc#1224392).
SUSE-CU-2024:3064-1
| Container Advisory ID | SUSE-CU-2024:3064-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-17.9 , suse/git:latest |
| Container Release | 17.9 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:2307-1
|
| Released | Fri Jul 5 12:04:34 2024 |
| Summary | Security update for krb5 |
| Type | security |
| Severity | important |
| References | 1227186,1227187,CVE-2024-37370,CVE-2024-37371 |
Description:
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
SUSE-CU-2024:2972-1
| Container Advisory ID | SUSE-CU-2024:2972-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-17.8 , suse/git:latest |
| Container Release | 17.8 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:2275-1
|
| Released | Tue Jul 2 16:33:30 2024 |
| Summary | Security update for openssh |
| Type | security |
| Severity | important |
| References | 1226642,CVE-2024-6387 |
Description:
This update for openssh fixes the following issues:
- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642)
| Advisory ID | SUSE-SU-2024:2277-1
|
| Released | Tue Jul 2 17:03:49 2024 |
| Summary | Security update for git |
| Type | security |
| Severity | important |
| References | 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 |
Description:
This update for git fixes the following issues:
- CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170)
- CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171)
- CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173)
SUSE-CU-2024:2957-1
| Container Advisory ID | SUSE-CU-2024:2957-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-17.6 , suse/git:latest |
| Container Release | 17.6 |
The following patches have been included in this update:
SUSE-CU-2024:2947-1
| Container Advisory ID | SUSE-CU-2024:2947-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-17.5 , suse/git:latest |
| Container Release | 17.5 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:2239-1
|
| Released | Wed Jun 26 13:09:10 2024 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | critical |
| References | 1226415 |
Description:
This update for systemd contains the following fixes:
- testsuite: move a misplaced %endif
- Do not remove existing configuration files in /etc. If these files were
modified on the systemd, that may cause unwanted side effects (bsc#1226415).
- Import upstream commit (merge of v254.13)
Use the pty slave fd opened from the namespace when transient service is running in a container.
This revert the backport of the broken commit until a fix is released in the v254-stable tree.
- Import upstream commit (merge of v254.11)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc
SUSE-CU-2024:2935-1
| Container Advisory ID | SUSE-CU-2024:2935-1 |
| Container Tags | suse/git:2.43 , suse/git:2.43-17.4 , suse/git:latest |
| Container Release | 17.4 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2018:2607-1
|
| Released | Wed Nov 7 15:42:48 2018 |
| Summary | Optional update for gcc8 |
| Type | recommended |
| Severity | low |
| References | 1084812,1084842,1087550,1094222,1102564 |
Description:
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
| Advisory ID | SUSE-SU-2018:2861-1
|
| Released | Thu Dec 6 14:32:01 2018 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | important |
| References | 1103320,1115929,CVE-2018-19211 |
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
| Advisory ID | SUSE-SU-2019:571-1
|
| Released | Thu Mar 7 18:13:46 2019 |
| Summary | Security update for file |
| Type | security |
| Severity | moderate |
| References | 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 |
Description:
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
| Advisory ID | SUSE-SU-2019:1368-1
|
| Released | Tue May 28 13:15:38 2019 |
| Summary | Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root |
| Type | security |
| Severity | important |
| References | 1134524,CVE-2019-5021 |
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
| Advisory ID | SUSE-SU-2019:2997-1
|
| Released | Mon Nov 18 15:16:38 2019 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 |
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
| Advisory ID | SUSE-SU-2019:3061-1
|
| Released | Mon Nov 25 17:34:22 2019 |
| Summary | Security update for gcc9 |
| Type | security |
| Severity | moderate |
| References | 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 |
Description:
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
| Advisory ID | SUSE-SU-2019:3086-1
|
| Released | Thu Nov 28 10:02:24 2019 |
| Summary | Security update for libidn2 |
| Type | security |
| Severity | moderate |
| References | 1154884,1154887,CVE-2019-12290,CVE-2019-18224 |
Description:
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
| Advisory ID | SUSE-RU-2020:1226-1
|
| Released | Fri May 8 10:51:05 2020 |
| Summary | Recommended update for gcc9 |
| Type | recommended |
| Severity | moderate |
| References | 1149995,1152590,1167898 |
Description:
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
| Advisory ID | SUSE-SU-2020:1294-1
|
| Released | Mon May 18 07:38:36 2020 |
| Summary | Security update for file |
| Type | security |
| Severity | moderate |
| References | 1154661,1169512,CVE-2019-18218 |
Description:
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
| Advisory ID | SUSE-SU-2020:2947-1
|
| Released | Fri Oct 16 15:23:07 2020 |
| Summary | Security update for gcc10, nvptx-tools |
| Type | security |
| Severity | moderate |
| References | 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 |
Description:
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
| Advisory ID | SUSE-RU-2020:2983-1
|
| Released | Wed Oct 21 15:03:03 2020 |
| Summary | Recommended update for file |
| Type | recommended |
| Severity | moderate |
| References | 1176123 |
Description:
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
| Advisory ID | SUSE-RU-2020:3942-1
|
| Released | Tue Dec 29 12:22:01 2020 |
| Summary | Recommended update for libidn2 |
| Type | recommended |
| Severity | moderate |
| References | 1180138 |
Description:
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
| Advisory ID | SUSE-RU-2021:220-1
|
| Released | Tue Jan 26 14:00:51 2021 |
| Summary | Recommended update for keyutils |
| Type | recommended |
| Severity | moderate |
| References | 1180603 |
Description:
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
| Advisory ID | SUSE-RU-2021:924-1
|
| Released | Tue Mar 23 10:00:49 2021 |
| Summary | Recommended update for filesystem |
| Type | recommended |
| Severity | moderate |
| References | 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 |
Description:
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
| Advisory ID | SUSE-RU-2021:1861-1
|
| Released | Fri Jun 4 09:59:40 2021 |
| Summary | Recommended update for gcc10 |
| Type | recommended |
| Severity | moderate |
| References | 1029961,1106014,1178577,1178624,1178675,1182016 |
Description:
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
| Advisory ID | SUSE-RU-2021:3182-1
|
| Released | Tue Sep 21 17:04:26 2021 |
| Summary | Recommended update for file |
| Type | recommended |
| Severity | moderate |
| References | 1189996 |
Description:
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
| Advisory ID | SUSE-SU-2021:3490-1
|
| Released | Wed Oct 20 16:31:55 2021 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1190793,CVE-2021-39537 |
Description:
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
| Advisory ID | SUSE-RU-2021:3799-1
|
| Released | Wed Nov 24 18:07:54 2021 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1187153,1187273,1188623 |
Description:
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
| Advisory ID | SUSE-RU-2021:3891-1
|
| Released | Fri Dec 3 10:21:49 2021 |
| Summary | Recommended update for keyutils |
| Type | recommended |
| Severity | moderate |
| References | 1029961,1113013,1187654 |
Description:
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
- Revert the change notifications that were using /dev/watch_queue.
- Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
- Allow 'keyctl supports' to retrieve raw capability data.
- Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
- Allow 'keyctl new_session' to name the keyring.
- Allow 'keyctl add/padd/etc.' to take hex-encoded data.
- Add 'keyctl watch*' to expose kernel change notifications on keys.
- Add caps for namespacing and notifications.
- Set a default TTL on keys that upcall for name resolution.
- Explicitly clear memory after it's held sensitive information.
- Various manual page fixes.
- Fix C++-related errors.
- Add support for keyctl_move().
- Add support for keyctl_capabilities().
- Make key=val list optional for various public-key ops.
- Fix system call signature for KEYCTL_PKEY_QUERY.
- Fix 'keyctl pkey_query' argument passing.
- Use keyctl_read_alloc() in dump_key_tree_aux().
- Various manual page fixes.
Updated to 1.6:
- Apply various specfile cleanups from Fedora.
- request-key: Provide a command line option to suppress helper execution.
- request-key: Find least-wildcard match rather than first match.
- Remove the dependency on MIT Kerberos.
- Fix some error messages
- keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
- Fix doc and comment typos.
- Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
- Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
- Add keyring restriction support.
- Add KDF support to the Diffie-Helman function.
- DNS: Add support for AFS config files and SRV records
| Advisory ID | SUSE-SU-2021:3942-1
|
| Released | Mon Dec 6 14:46:05 2021 |
| Summary | Security update for brotli |
| Type | security |
| Severity | moderate |
| References | 1175825,CVE-2020-8927 |
Description:
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
| Advisory ID | SUSE-RU-2022:692-1
|
| Released | Thu Mar 3 15:46:47 2022 |
| Summary | Recommended update for filesystem |
| Type | recommended |
| Severity | moderate |
| References | 1190447 |
Description:
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
| Advisory ID | SUSE-RU-2022:936-1
|
| Released | Tue Mar 22 18:10:17 2022 |
| Summary | Recommended update for filesystem and systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | 1196275,1196406 |
Description:
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
| Advisory ID | SUSE-RU-2022:1409-1
|
| Released | Tue Apr 26 12:54:57 2022 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1195628,1196107 |
Description:
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
| Advisory ID | SUSE-RU-2022:1658-1
|
| Released | Fri May 13 15:40:20 2022 |
| Summary | Recommended update for libpsl |
| Type | recommended |
| Severity | important |
| References | 1197771 |
Description:
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
| Advisory ID | SUSE-RU-2022:2019-1
|
| Released | Wed Jun 8 16:50:07 2022 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1192951,1193659,1195283,1196861,1197065 |
Description:
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
- includes SLS hardening backport on x86_64. [bsc#1195283]
- includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
- fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
- use --with-cpu rather than specifying --with-arch/--with-tune
- Fix D memory corruption in -M output.
- Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
- fixes issue with debug dumping together with -o /dev/null
- fixes libgccjit issue showing up in emacs build [bsc#1192951]
- Package mwaitintrin.h
| Advisory ID | SUSE-SU-2022:2294-1
|
| Released | Wed Jul 6 13:34:15 2022 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 |
Description:
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
| Advisory ID | SUSE-SU-2022:2717-1
|
| Released | Tue Aug 9 12:54:16 2022 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1198627,CVE-2022-29458 |
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
| Advisory ID | SUSE-RU-2022:3262-1
|
| Released | Tue Sep 13 15:34:29 2022 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1199140 |
Description:
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
| Advisory ID | SUSE-SU-2022:3489-1
|
| Released | Sat Oct 1 13:35:24 2022 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1203438,CVE-2022-40674 |
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
| Advisory ID | SUSE-SU-2022:3884-1
|
| Released | Mon Nov 7 10:59:26 2022 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1204708,CVE-2022-43680 |
Description:
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
| Advisory ID | SUSE-RU-2022:4256-1
|
| Released | Mon Nov 28 12:36:32 2022 |
| Summary | Recommended update for gcc12 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
| Advisory ID | SUSE-RU-2023:776-1
|
| Released | Thu Mar 16 17:29:23 2023 |
| Summary | Recommended update for gcc12 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
| Advisory ID | SUSE-SU-2023:2111-1
|
| Released | Fri May 5 14:34:00 2023 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1210434,CVE-2023-29491 |
Description:
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
| Advisory ID | SUSE-RU-2023:2625-1
|
| Released | Fri Jun 23 17:16:11 2023 |
| Summary | Recommended update for gcc12 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
| Advisory ID | SUSE-SU-2023:2765-1
|
| Released | Mon Jul 3 20:28:14 2023 |
| Summary | Security update for libcap |
| Type | security |
| Severity | moderate |
| References | 1211418,1211419,CVE-2023-2602,CVE-2023-2603 |
Description:
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
| Advisory ID | SUSE-SU-2023:3661-1
|
| Released | Mon Sep 18 21:44:09 2023 |
| Summary | Security update for gcc12 |
| Type | security |
| Severity | important |
| References | 1214052,CVE-2023-4039 |
Description:
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
| Advisory ID | SUSE-RU-2023:3780-1
|
| Released | Tue Sep 26 10:58:21 2023 |
| Summary | Recommended update hidapi |
| Type | recommended |
| Severity | moderate |
| References | 1214535 |
Description:
This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4.
| Advisory ID | SUSE-SU-2023:4162-1
|
| Released | Mon Oct 23 15:33:03 2023 |
| Summary | Security update for gcc13 |
| Type | security |
| Severity | important |
| References | 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 |
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
- CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
| Advisory ID | SUSE-SU-2023:4215-1
|
| Released | Thu Oct 26 12:19:25 2023 |
| Summary | Security update for zlib |
| Type | security |
| Severity | moderate |
| References | 1216378,CVE-2023-45853 |
Description:
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
| Advisory ID | SUSE-SU-2023:4458-1
|
| Released | Thu Nov 16 14:38:48 2023 |
| Summary | Security update for gcc13 |
| Type | security |
| Severity | important |
| References | 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 |
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
- CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
| Advisory ID | SUSE-SU-2023:4891-1
|
| Released | Mon Dec 18 16:31:49 2023 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1201384,1218014,CVE-2023-50495 |
Description:
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
| Advisory ID | SUSE-SU-2024:1129-1
|
| Released | Mon Apr 8 09:12:08 2024 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1219559,1221289,CVE-2023-52425,CVE-2024-28757 |
Description:
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
| Advisory ID | SUSE-SU-2024:1133-1
|
| Released | Mon Apr 8 11:29:02 2024 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1220061,CVE-2023-45918 |
Description:
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
| Advisory ID | SUSE-RU-2024:1253-1
|
| Released | Fri Apr 12 08:15:18 2024 |
| Summary | Recommended update for gcc13 |
| Type | recommended |
| Severity | moderate |
| References | 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 |
Description:
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
| Advisory ID | SUSE-RU-2024:1954-1
|
| Released | Fri Jun 7 18:01:06 2024 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1221482 |
Description:
This update for glibc fixes the following issues:
- Also include stat64 in the 32-bit libc_nonshared.a workaround
(bsc#1221482)
| Advisory ID | SUSE-RU-2024:1997-1
|
| Released | Tue Jun 11 17:24:32 2024 |
| Summary | Recommended update for e2fsprogs |
| Type | recommended |
| Severity | moderate |
| References | 1223596 |
Description:
This update for e2fsprogs fixes the following issues:
- EA Inode handling fixes:
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
| Advisory ID | SUSE-SU-2024:2060-1
|
| Released | Tue Jun 18 13:11:47 2024 |
| Summary | Security update for less |
| Type | security |
| Severity | important |
| References | 1222849,CVE-2024-32487 |
Description:
This update for less fixes the following issues:
- CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849)
| Advisory ID | SUSE-SU-2024:2066-1
|
| Released | Tue Jun 18 13:16:09 2024 |
| Summary | Security update for openssl-3 |
| Type | security |
| Severity | important |
| References | 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 |
Description:
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
Other issues fixed:
- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456)
| Advisory ID | SUSE-RU-2024:2086-1
|
| Released | Wed Jun 19 11:48:24 2024 |
| Summary | Recommended update for gcc13 |
| Type | recommended |
| Severity | moderate |
| References | 1188441 |
Description:
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.