SUSE-CU-2025:9189-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-attestation
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Dec 19 08:28:21 UTC 2025
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-attestation
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9189-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.1.1.8.12.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:latest
Container Release : 8.12.1
Severity : important
Type : security
References : 1224386 1232526 1238491 1239566 1239938 1240788 1243794 1243991
1244050 1246806 1247985 1248501 1250399 1252148 1252160 1252414
1252417 1253043 CVE-2025-53057 CVE-2025-53066 CVE-2025-59432
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/server-attestation was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3877-1
Released: Fri Oct 31 05:29:41 2025
Summary: Recommended update for libselinux
Type: recommended
Severity: important
References: 1252160
This update for libselinux fixes the following issues:
- Ship license file (bsc#1252160)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3982-1
Released: Thu Nov 6 19:21:10 2025
Summary: Recommended update for lcms2
Type: recommended
Severity: moderate
References: 1247985
This update for lcms2 fixes the following issue:
- Enable threads support and avoid linker errors (bsc#1247985).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3997-1
Released: Fri Nov 7 16:50:17 2025
Summary: Security update for java-17-openjdk
Type: security
Severity: important
References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066
This update for java-17-openjdk fixes the following issues:
Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU):
- CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414).
- CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417).
Other bug fixes:
- Do not embed rebuild counter (bsc#1246806)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4054-1
Released: Tue Nov 11 15:04:28 2025
Summary: Security update for ongres-scram
Type: security
Severity: moderate
References: 1250399,CVE-2025-59432
This update for ongres-scram fixes the following issues:
- CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4118-1
Released: Mon Nov 17 09:06:55 2025
Summary: Recommended update for freetype2
Type: recommended
Severity: important
References: 1252148
This update for freetype2 fixes the following issues:
- Fix the %licence tag (bsc#1252148)
* package FTL.TXT and GPLv2.TXT as %license
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released: Wed Nov 19 11:15:12 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1224386,1248501
This update for systemd fixes the following issues:
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4179-1
Released: Mon Nov 24 08:27:54 2025
Summary: Recommended update for mozilla-nspr
Type: recommended
Severity: moderate
References:
This update for mozilla-nspr fixes the following issues:
- update to NSPR 4.36.2
* Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1
- update to NSPR 4.36.1
* Incorrect time value produced by PR_ParseTimeString and
PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
The following package changes have been done:
- libgcc_s1-15.2.0+git10201-150000.1.6.1 updated
- libstdc++6-15.2.0+git10201-150000.1.6.1 updated
- libselinux1-3.5-150600.3.3.1 updated
- liblcms2-2-2.15-150600.3.3.2 updated
- mozilla-nspr-4.36.2-150000.3.36.1 updated
- libsystemd0-254.27-150600.4.46.2 updated
- libfreetype6-2.10.4-150000.4.25.1 updated
- java-17-openjdk-headless-17.0.17.0-150400.3.60.2 updated
- ongres-scram-2.1-150400.8.5.1 updated
- ongres-scram-client-2.1-150400.8.5.1 updated
- container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated
More information about the sle-container-updates
mailing list