SUSE-CU-2024:5166-1: Security update of bci/spack

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Oct 17 07:09:57 UTC 2024 

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5166-1
Container Tags        : bci/spack:0.21 , bci/spack:0.21-13.4 , bci/spack:0.21.2 , bci/spack:latest
Container Release     : 13.4
Severity              : important
Type                  : security
References            : 1188441 1210959 1214915 1219031 1220724 1221601 1231544 CVE-2024-48957
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released:    Wed Oct 16 15:12:47 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:

This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)

The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc14 compilers use:

- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out

	https://gcc.gnu.org/gcc-14/changes.html


- Add libquadmath0-devel-gcc14 sub-package to allow installing
  quadmath.h and SO link without installing the fortran frontend

- Avoid combine spending too much compile-time and memory doing nothing on s390x.  [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package.  [bsc#1221601]
- Revert libgccjit dependency change.  [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
  via __requires_exclude_from and __provides_exclude_from.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
  in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
  are linked against libstdc++6.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3675-1
Released:    Wed Oct 16 19:33:31 2024
Summary:     Security update for libarchive
Type:        security
Severity:    important
References:  1231544,CVE-2024-48957
This update for libarchive fixes the following issues:

- CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in archive_read_support_format_rar.c (bsc#1231544).


The following package changes have been done:

- libatomic1-14.2.0+git10526-150000.1.3.3 updated
- libgomp1-14.2.0+git10526-150000.1.3.3 updated
- libitm1-14.2.0+git10526-150000.1.3.3 updated
- liblsan0-14.2.0+git10526-150000.1.3.3 updated
- libquadmath0-14.2.0+git10526-150000.1.3.3 updated
- libarchive13-3.7.2-150600.3.6.1 updated

More information about the sle-container-updates mailing list