SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3691-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.234
Severity              : important
Type                  : security
References            : 1210778 1210853 1212051 1214842 1215095 1215467 1215518 1215745
                        1215858 1215860 1215861 1216046 1216051 1216134 CVE-2023-2163
                        CVE-2023-31085 CVE-2023-3111 CVE-2023-34324 CVE-2023-3777 CVE-2023-39189
                        CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-42754 CVE-2023-45862
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4348-1
Released:    Thu Nov  2 15:38:52 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1210778,1210853,1212051,1214842,1215095,1215467,1215518,1215745,1215858,1215860,1215861,1216046,1216051,1216134,CVE-2023-2163,CVE-2023-31085,CVE-2023-3111,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-42754,CVE-2023-45862

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).

The following non-security bugs were fixed:

- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).


The following package changes have been done:

- kernel-default-5.3.18-150300.59.141.2 updated