SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:939-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.299
Severity              : important
Type                  : security
References            : 1200599 1207653 1212514 1213456 1215005 1216223 1217316 1217320
                        1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217589
                        1218195 1218232 1218689 1218866 1218915 1219127 1219128 1219146
                        1219295 1219581 1219653 1219827 1219835 1219915 1220009 1220140
                        1220187 1220238 1220240 1220241 1220243 1220250 1220253 1220255
                        1220328 1220330 1220344 1220398 1220409 1220416 1220418 1220421
                        1220436 1220444 1220459 1220469 1220482 1220526 1220538 1220570
                        1220572 1220599 1220627 1220641 1220649 1220660 1220689 1220700
                        1220735 1220736 1220737 1220742 1220745 1220767 1220796 1220825
                        1220826 1220831 1220845 1220860 1220863 1220870 1220917 1220918
                        1220930 1220931 1220932 1221039 1221040 CVE-2019-25162 CVE-2020-36777
                        CVE-2020-36784 CVE-2021-46904 CVE-2021-46905 CVE-2021-46906 CVE-2021-46915
                        CVE-2021-46924 CVE-2021-46929 CVE-2021-46932 CVE-2021-46934 CVE-2021-46953
                        CVE-2021-46964 CVE-2021-46966 CVE-2021-46968 CVE-2021-46974 CVE-2021-46989
                        CVE-2021-47005 CVE-2021-47012 CVE-2021-47013 CVE-2021-47054 CVE-2021-47060
                        CVE-2021-47061 CVE-2021-47069 CVE-2021-47076 CVE-2021-47078 CVE-2021-47083
                        CVE-2022-20154 CVE-2022-48627 CVE-2023-28746 CVE-2023-35827 CVE-2023-46343
                        CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234
                        CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-51042
                        CVE-2023-52340 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445
                        CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52463 CVE-2023-52475
                        CVE-2023-52478 CVE-2023-52482 CVE-2023-52502 CVE-2023-52530 CVE-2023-52531
                        CVE-2023-52532 CVE-2023-52569 CVE-2023-52574 CVE-2023-52597 CVE-2023-52605
                        CVE-2023-6817 CVE-2024-0340 CVE-2024-0607 CVE-2024-1151 CVE-2024-22667
                        CVE-2024-23849 CVE-2024-23851 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589
                        CVE-2024-26593 CVE-2024-26595 CVE-2024-26602 CVE-2024-26607 CVE-2024-26622
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:853-1
Released:    Tue Mar 12 17:20:28 2024
Summary:     Recommended update for qrencode
Type:        recommended
Severity:    moderate
References:  
This update for qrencode fixes the following issues:

- update to 4.1.1 (jsc#PED-7296):
  * Some minor bugs in Micro QR Code generation have been fixed.
  * The data capacity calculations are now correct. These bugs probably did not
    affect the Micro QR Code generation.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:857-1
Released:    Wed Mar 13 01:07:44 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1200599,1207653,1212514,1213456,1216223,1218195,1218689,1218915,1219127,1219128,1219146,1219295,1219653,1219827,1219835,1219915,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220253,1220255,1220328,1220330,1220344,1220398,1220409,1220416,1220418,1220421,1220436,1220444,1220459,1220469,1220482,1220526,1220538,1220570,1220572,1220599,1220627,1220641,1220649,1220660,1220689,1220700,1220735,1220736,1220737,1220742,1220745,1220767,1220796,1220825,1220826,1220831,1220845,1220860,1220863,1220870,1220917,1220918,1220930,1220931,1220932,1221039,1221040,CVE-2019-25162,CVE-2020-36777,CVE-2020-36784,CVE-2021-46904,CVE-2021-46905,CVE-2021-46906,CVE-2021-46915,CVE-2021-46924,CVE-2021-46929,CVE-2021-46932,CVE-2021-46934,CVE-2021-46953,CVE-2021-46964,CVE-2021-46966,CVE-2021-46968,CVE-2021-46974,CVE-2021-46989,CVE-2021-47005,CVE-2021-47012,CVE-2021-47013,CVE-2021-47054,CVE-2021-47060,CVE-2021-47061,CVE-2021-47069,CVE-2021-47076,CVE-2021-47078,CVE-2021-47083,CVE-2022-20154,CVE-2022-48627,CVE-2023-28746,CVE-2023-35827,CVE-2023-46343,CVE-2023-51042,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52463,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52502,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52569,CVE-2023-52574,CVE-2023-52597,CVE-2023-52605,CVE-2023-6817,CVE-2024-0340,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26593,CVE-2024-26595,CVE-2024-26602,CVE-2024-26607,CVE-2024-26622

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close  (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in  nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array  (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier  (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty  (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in  error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump  (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action  sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv  (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_  sync'ing SRCU (bsc#1220745).

The following non-security bugs were fixed:

- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk.
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released:    Wed Mar 13 09:12:30 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1218232
This update for aaa_base fixes the following issues:

- Silence the output in the case of broken symlinks (bsc#1218232)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released:    Wed Mar 13 13:05:14 2024
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1217445,1217589,1218866
This update for glibc fixes the following issues:

Security issues fixed:

- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

Other issues fixed:

- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:871-1
Released:    Wed Mar 13 13:07:46 2024
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667
This update for vim fixes the following issues:

- CVE-2023-48231: Fixed  Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).

Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated
- glibc-locale-base-2.31-150300.68.1 updated
- glibc-2.31-150300.68.1 updated
- kernel-default-5.3.18-150300.59.153.2 updated
- libqrencode4-4.1.1-150000.3.3.1 updated
- vim-data-common-9.1.0111-150000.5.60.1 updated
- vim-small-9.1.0111-150000.5.60.1 updated