SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2680-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.29
Severity              : important
Type                  : security
References            : 1189551 1191900 1195506 1197570 1202616 1202739 CVE-2022-41973
                        CVE-2022-41974 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3710-1
Released:    Mon Oct 24 16:23:25 2022
Summary:     Security update for multipath-tools
Type:        security
Severity:    important
References:  1189551,1191900,1195506,1197570,1202616,1202739,CVE-2022-41973,CVE-2022-41974
This update for multipath-tools fixes the following issues:

- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
    
- multipathd: add 'force_reconfigure' option (bsc#1189551)
    The command 'multipathd -kreconfigure' changes behavior: instead
    of reloading every map, it checks map configuration and reloads
    only modified maps. This speeds up the reconfigure operation 
    substantially. The old behavior can be reinstated by setting
    'force_reconfigure yes' in multipath.conf (not recommended).
    Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and
    beyond, which provide the command 'multipathd -k'reconfigure all''

- multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)


The following package changes have been done:

- kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1 updated
- libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1 updated
- multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1 updated