SUSE-RU-2025:1347-1: moderate: Recommended update for libseccomp, python-Cython

SLE-UPDATES null at suse.de
Fri Apr 18 08:30:06 UTC 2025 


# Recommended update for libseccomp, python-Cython

Announcement ID: SUSE-RU-2025:1347-1  
Release Date: 2025-04-18T03:33:36Z  
Rating: moderate  
References:

  * bsc#1062237
  * bsc#1118611
  * bsc#1196825
  * bsc#1209407

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server 12 SP5 LTSS
  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that has four fixes can now be installed.

## Description:

This update for libseccomp, python-Cython fixes the following issues:

python-Cython is included in version 0.29.14 to make libseccomp build.

Changes in libseccomp:

Update to release 2.5.3:

  * Update the syscall table for Linux v5.15
  * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
  * Document that seccomp_rule_add() may return -EACCES

Update to release 2.5.2:

  * Update the syscall table for Linux v5.14-rc7
  * Add a function, get_notify_fd(), to the Python bindings to get the
    nofication file descriptor.
  * Consolidate multiplexed syscall handling for all architectures into one
    location.
  * Add multiplexed syscall support to PPC and MIPS
  * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel.
    libseccomp's fd notification logic was modified to support the kernel's
    previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID.

Update to 2.5.1:

  * Fix a bug where seccomp_load() could only be called once
  * Change the notification fd handling to only request a notification fd if
  * the filter has a _NOTIFY action
  * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
  * Clarify the maintainers' GPG keys

Update to release 2.5.0:

  * Add support for the seccomp user notifications, see the
    seccomp_notify_alloc(3), seccomp_notify_receive(3),
    seccomp_notify_respond(3) manpages for more information
  * Add support for new filter optimization approaches, including a balanced
    tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
    more information
  * Add support for the 64-bit RISC-V architecture
  * Performance improvements when adding new rules to a filter thanks to the use
    of internal shadow transactions and improved syscall lookup tables
    (bsc#1209407)
  * Properly document the libseccomp API return values and include them in the
    stable API promise
  * Improvements to the s390 and s390x multiplexed syscall handling
  * Multiple fixes and improvements to the libseccomp manpages
  * Moved from manually maintained syscall tables to an automatically generated
    syscall table in CSV format
  * Update the syscall tables to Linux v5.8.0-rc5
  * Python bindings and build now default to Python 3.x
  * Improvements to the tests have boosted code coverage to over 93%

Update to release 2.4.3:

  * Add list of authorized release signatures to README.md
  * Fix multiplexing issue with s390/s390x shm* syscalls
  * Remove the static flag from libseccomp tools compilation
  * Add define for __SNR_ppoll
  * Fix potential memory leak identified by clang in the scmp_bpf_sim tool

Update to release 2.4.2:

  * Add support for io-uring related system calls

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1347=1

  * SUSE Linux Enterprise Server 12 SP5 LTSS  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1347=1

## Package List:

  * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
    * libseccomp-debugsource-2.5.3-11.9.1
    * libseccomp2-2.5.3-11.9.1
    * libseccomp2-32bit-2.5.3-11.9.1
    * libseccomp2-debuginfo-2.5.3-11.9.1
    * libseccomp2-debuginfo-32bit-2.5.3-11.9.1
    * libseccomp-devel-2.5.3-11.9.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
    * libseccomp-debugsource-2.5.3-11.9.1
    * libseccomp2-debuginfo-2.5.3-11.9.1
    * libseccomp2-2.5.3-11.9.1
    * libseccomp-devel-2.5.3-11.9.1
  * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64)
    * libseccomp2-debuginfo-32bit-2.5.3-11.9.1
    * libseccomp2-32bit-2.5.3-11.9.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1062237
  * https://bugzilla.suse.com/show_bug.cgi?id=1118611
  * https://bugzilla.suse.com/show_bug.cgi?id=1196825
  * https://bugzilla.suse.com/show_bug.cgi?id=1209407

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250418/5a9e30f2/attachment.htm>

More information about the sle-updates mailing list