SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2668-1
Container Tags        : suse/sle-micro-rancher/5.3:latest
Container Release     : 7.2.17
Severity              : important
Type                  : security
References            : 1197570 1199342 1199345 1199346 1199347 1201483 1202616 1202739
                        CVE-2022-41973 CVE-2022-41974 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3711-1
Released:    Mon Oct 24 16:23:52 2022
Summary:     Security update for multipath-tools
Type:        security
Severity:    important
References:  1197570,1199342,1199345,1199346,1199347,1201483,1202616,1202739,CVE-2022-41973,CVE-2022-41974
This update for multipath-tools fixes the following issues:

- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483)
- multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)
- multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)
- Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for 'protocol' subsection in
'overrides' section to set certain config options by protocol.
- Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout
- Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use remove_map_callback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported dev_loss_tmo


The following package changes have been done:

- kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 updated
- libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1 updated
- multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1 updated