SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:695-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.106
Severity              : important
Type                  : security
References            : 1178233 1186449 1195175 1198438 1203248 1203249 1203331 1203332
                        1203715 1204356 1204548 1204662 1204956 1205200 1205554 1205570
                        1205636 1206103 1206351 1206949 1207051 1207575 1207773 1207780
                        1207795 1207845 1207875 1208023 1208153 1208212 1208700 1208741
                        1208776 1208816 1208828 1208837 1208845 1208957 1208959 1208971
                        CVE-2022-36280 CVE-2022-38096 CVE-2023-0045 CVE-2023-0512 CVE-2023-0590
                        CVE-2023-0597 CVE-2023-1118 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175
                        CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23006 CVE-2023-23559
                        CVE-2023-26545 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:776-1
Released:    Thu Mar 16 17:29:23 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.

SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes


This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:780-1
Released:    Thu Mar 16 18:06:30 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1186449,1195175,1198438,1203331,1203332,1204356,1204662,1206103,1206351,1207051,1207575,1207773,1207795,1207845,1207875,1208023,1208153,1208212,1208700,1208741,1208776,1208816,1208837,1208845,1208971,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0590,CVE-2023-0597,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23006,CVE-2023-23559,CVE-2023-26545

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of  per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).

The following non-security bugs were fixed:

- cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that.
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- update suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:781-1
Released:    Thu Mar 16 19:07:00 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175
This update for vim fixes the following issues:

- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).

Updated to version 9.0 with patch level 1386.

- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:784-1
Released:    Thu Mar 16 19:33:52 2023
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1205200,1205554
This update for grub2 fixes the following issues:

- Remove zfs modules (bsc#1205554)
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:786-1
Released:    Thu Mar 16 19:36:09 2023
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    important
References:  1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949
This update for libsolv, libzypp, zypper fixes the following issues:

libsolv:

- Do not autouninstall SUSE PTF packages
- Ensure 'duplinvolvedmap_all' is reset when a solver is reused
- Fix 'keep installed' jobs not disabling 'best update' rules
- New '-P' and '-W' options for `testsolv`
- New introspection interface for weak dependencies similar to ruleinfos
- Ensure special case file dependencies are written correctly in the testcase writer
- Support better info about alternatives
- Support decision reason queries
- Support merging of related decisions
- Support stringification of multiple solvables
- Support stringification of ruleinfo, decisioninfo and decision reasons

libzypp:

- Avoid calling getsockopt when we know the info already.
  This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when
  accepting new socket connections (bsc#1178233)
- Avoid redirecting 'history.logfile=/dev/null' into the target
- Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
- Enhance yaml-cpp detection
- Improve download of optional files
- MultiCurl: Make sure to reset the progress function when falling back.
- Properly reset range requests (bsc#1204548)
- Removing a PTF without enabled repos should always fail (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. 
  To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the
  installed PTF packages to theit latest version.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed.
  This optimisation only takes place if the repo does specify only downloading base urls.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed,
  relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar
  metric as the MirrorCache implementation on the server side.
- ProgressData: enforce reporting the INIT||END state (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems (bsc#1205636)

zypper:

- Allow to (re)add a service with the same URL (bsc#1203715)
- Bump dependency requirement to libzypp-devel 17.31.7 or greater
- Explain outdatedness of repositories
- patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
- Provide `removeptf` command (bsc#1203249)
  A remove command which prefers replacing dependant packages to removing them as well.
  A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
  packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the
  remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official
  update versions.
- Update man page and explain '.no_auto_prune' (bsc#1204956)


The following package changes have been done:

- grub2-i386-pc-2.04-150300.22.30.1 updated
- grub2-x86_64-efi-2.04-150300.22.30.1 updated
- grub2-2.04-150300.22.30.1 updated
- kernel-default-5.3.18-150300.59.115.2 updated
- libgcc_s1-12.2.1+git416-150000.1.7.1 updated
- libsolv-tools-0.7.23-150200.15.1 updated
- libstdc++6-12.2.1+git416-150000.1.7.1 updated
- libzypp-17.31.8-150200.50.1 updated
- vim-data-common-9.0.1386-150000.5.37.1 updated
- vim-small-9.0.1386-150000.5.37.1 updated
- zypper-1.14.59-150200.42.2 updated