SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:2099-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.160
Severity              : important
Type                  : security
References            : 1184208 1199636 1204405 1205756 1205758 1205760 1205762 1205803
                        1206024 1208474 1208604 1209287 1209779 1210695 1210715 1210783
                        1210940 1211037 1211043 1211105 1211131 1211186 1211203 1211590
                        1211592 1211596 1211622 1212143 CVE-2020-36694 CVE-2021-29650
                        CVE-2022-3566 CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886
                        CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1637
                        CVE-2023-20867 CVE-2023-2156 CVE-2023-2194 CVE-2023-23586 CVE-2023-2483
                        CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-32269
                        CVE-2023-33288 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2604-1
Released:    Thu Jun 22 09:48:53 2023
Summary:     Security update for open-vm-tools
Type:        security
Severity:    moderate
References:  1210695,1212143,CVE-2023-20867
This update for open-vm-tools fixes the following issues:

- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).

Bug fixes:

- Fixed build problem with grpc 1.54 (bsc#1210695).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2611-1
Released:    Thu Jun 22 09:55:10 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1184208,1199636,1204405,1205756,1205758,1205760,1205762,1205803,1206024,1208474,1208604,1209287,1209779,1210715,1210783,1210940,1211037,1211043,1211105,1211131,1211186,1211203,1211590,1211592,1211596,1211622,CVE-2020-36694,CVE-2021-29650,CVE-2022-3566,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1637,CVE-2023-2156,CVE-2023-2194,CVE-2023-23586,CVE-2023-2483,CVE-2023-2513,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-32269,CVE-2023-33288
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).

The following non-security bugs were fixed:

- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).


The following package changes have been done:

- kernel-default-5.3.18-150300.59.124.1 updated
- libvmtools0-12.2.0-150300.29.1 updated
- open-vm-tools-12.2.0-150300.29.1 updated