SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1503-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.140
Severity              : important
Type                  : security
References            : 1202353 1205128 1206513 1206992 1207014 1207088 1209687 1209739
                        1209777 1209871 1210202 1210203 1210301 1210329 1210336 1210337
                        1210414 1210453 1210469 1210498 1210506 1210629 1210647 CVE-2020-36691
                        CVE-2022-2196 CVE-2022-43945 CVE-2023-1611 CVE-2023-1670 CVE-2023-1838
                        CVE-2023-1855 CVE-2023-1872 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998
                        CVE-2023-2008 CVE-2023-2124 CVE-2023-2162 CVE-2023-2176 CVE-2023-30772
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2131-1
Released:    Tue May  9 13:35:24 2023
Summary:     Recommended update for openssh
Type:        recommended
Severity:    important
References:  1207014
This update for openssh fixes the following issues:

- Remove some patches that cause invalid environment assignments (bsc#1207014).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2133-1
Released:    Tue May  9 13:37:10 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1206513
This update for zlib fixes the following issues:

- Add DFLTCC support for using inflate() with a small window (bsc#1206513)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2148-1
Released:    Tue May  9 17:05:48 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1202353,1205128,1206992,1207088,1209687,1209739,1209777,1209871,1210202,1210203,1210301,1210329,1210336,1210337,1210414,1210453,1210469,1210498,1210506,1210629,1210647,CVE-2020-36691,CVE-2022-2196,CVE-2022-43945,CVE-2023-1611,CVE-2023-1670,CVE-2023-1838,CVE-2023-1855,CVE-2023-1872,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2124,CVE-2023-2162,CVE-2023-2176,CVE-2023-30772
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).

The following non-security bugs were fixed:

- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- cifs: fix negotiate context parsing (bsc#1210301).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).


The following package changes have been done:

- kernel-default-5.3.18-150300.59.121.2 updated
- libz1-1.2.11-150000.3.42.1 updated
- openssh-clients-8.4p1-150300.3.18.2 updated
- openssh-common-8.4p1-150300.3.18.2 updated
- openssh-server-8.4p1-150300.3.18.2 updated
- openssh-8.4p1-150300.3.18.2 updated