SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:567-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.282
Severity              : important
Type                  : security
References            : 1108281 1193285 1215275 1215698 1216702 1217987 1217988 1217989
                        1218713 1218730 1218752 1218757 1218768 1218782 1218804 1218831
                        1218832 1218836 1219053 1219120 1219412 1219434 1219442 CVE-2021-33631
                        CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-51043 CVE-2023-51780
                        CVE-2023-51782 CVE-2023-6040 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536
                        CVE-2023-6915 CVE-2024-0565 CVE-2024-0775 CVE-2024-1086 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:474-1
Released:    Wed Feb 14 18:00:29 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1108281,1193285,1215275,1216702,1217987,1217988,1217989,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1219053,1219120,1219412,1219434,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0565,CVE-2024-0775,CVE-2024-1086

The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).

The following non-security bugs were fixed:

- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:475-1
Released:    Wed Feb 14 19:08:44 2024
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    important
References:  1215698,1218782,1218831,1219442
This update for libsolv, libzypp fixes the following issues:

- build for multiple python versions [jsc#PED-6218]
- applydeltaprm: Create target directory if it does not exist (bsc#1219442)
- Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698)
- CheckAccessDeleted: fix running_in_container detection (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831)


The following package changes have been done:

- kernel-default-5.3.18-150300.59.150.1 updated
- libsolv-tools-0.7.28-150200.26.1 updated
- libzypp-17.31.31-150200.87.1 updated