SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2818-1 Container Tags : suse/sles12sp5:6.8.6 , suse/sles12sp5:latest Container Release : 6.8.6 Severity : moderate Type : security References : 1050625 1177583 1188441 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1223971 CVE-2017-9271 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2080-1 Released: Wed Jun 19 07:03:55 2024 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1177583,1223971,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: - CVE-2017-9271: Fixed proxy credentials written to log files (bsc#1050625). The following non-security bugs were fixed: - clean: Do not report an error if no repos are defined at all (bsc#1223971) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2087-1 Released: Wed Jun 19 11:50:01 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441,1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fixed unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Remove crypt and crypt_r interceptors in sanitizer. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Includes fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Includes fix for building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.3.0+git8781-1.13.1 updated - libstdc++6-13.3.0+git8781-1.13.1 updated - libzypp-16.22.13-65.3 updated - zypper-1.13.66-21.61.3 updated