SUSE-CU-2024:1709-1: Security update of suse/sles/15.6/cdi-controller

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Apr 25 07:05:30 UTC 2024 

SUSE Container Update Advisory: suse/sles/15.6/cdi-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1709-1
Container Tags        : suse/sles/15.6/cdi-controller:1.58.0 , suse/sles/15.6/cdi-controller:1.58.0-150600.1.47 , suse/sles/15.6/cdi-controller:1.58.0.22.327
Container Release     : 22.327
Severity              : moderate
Type                  : security
References            : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520
                        1220061 1220724 1221239 CVE-2023-45918 
-----------------------------------------------------------------

The container suse/sles/15.6/cdi-controller was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released:    Tue Mar 19 06:36:24 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1219321
This update for coreutils fixes the following issues:

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released:    Mon Apr  8 11:29:02 2024
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1220061,CVE-2023-45918
This update for ncurses fixes the following issues:

- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released:    Fri Apr 12 08:15:18 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:

- Fix unwinding for JIT code.  [bsc#1221239] 
- Revert libgccjit dependency change.  [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]
- Add support for -fmin-function-alignment.  [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM.  [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686.  [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]


The following package changes have been done:

- glibc-2.38-150600.9.2 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- libopenssl3-3.1.4-150600.2.17 updated
- libopenssl-3-fips-provider-3.1.4-150600.2.17 updated
- coreutils-8.32-150400.9.3.1 updated
- containerized-data-importer-controller-1.58.0-150600.1.47 updated
- container:sles15-image-15.0.0-45.10 updated

More information about the sle-container-updates mailing list