SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2038-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 7.5.346 Severity : important Type : security References : 1190576 1192145 1200313 1201489 1203906 1203935 1204614 1211592 1218562 1218917 1219169 1219170 1219264 1220513 1220755 1220854 1221113 1221299 1221543 1221545 1222449 1222482 1222503 1222548 1222559 1222585 1222624 1222666 1222669 1222709 1222790 1222792 1222829 1222876 1222878 1222881 1222883 1222894 1222976 1223016 1223057 1223111 1223187 1223202 1223475 1223482 1223509 1223513 1223522 1223824 1223921 1223923 1223931 1223941 1223948 1223952 1223963 CVE-2021-46955 CVE-2021-47041 CVE-2021-47074 CVE-2021-47113 CVE-2021-47131 CVE-2021-47184 CVE-2021-47185 CVE-2021-47194 CVE-2021-47198 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47206 CVE-2021-47207 CVE-2021-47212 CVE-2021-47216 CVE-2022-48631 CVE-2022-48638 CVE-2022-48650 CVE-2022-48651 CVE-2022-48654 CVE-2022-48672 CVE-2022-48686 CVE-2022-48687 CVE-2022-48693 CVE-2022-48695 CVE-2022-48701 CVE-2022-48702 CVE-2023-2860 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-2511 CVE-2024-26610 CVE-2024-26688 CVE-2024-26689 CVE-2024-26733 CVE-2024-26739 CVE-2024-26744 CVE-2024-26816 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26898 CVE-2024-26903 CVE-2024-26906 CVE-2024-27043 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1642-1 Released: Tue May 14 15:38:24 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190576,1192145,1200313,1201489,1203906,1203935,1204614,1211592,1218562,1218917,1219169,1219170,1219264,1220513,1220755,1220854,1221113,1221299,1221543,1221545,1222449,1222482,1222503,1222559,1222585,1222624,1222666,1222669,1222709,1222790,1222792,1222829,1222876,1222878,1222881,1222883,1222894,1222976,1223016,1223057,1223111,1223187,1223202,1223475,1223482,1223509,1223513,1223522,1223824,1223921,1223923,1223931,1223941,1223948,1223952,1223963,CVE-2021-46955,CVE-2021-47041,CVE-2021-47074,CVE-2021-47113,CVE-2021-47131,CVE-2021-47184,CVE-2021-47185,CVE-2021-47194,CVE-2021-47198,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47206,CVE-2021-47207,CVE-2021-47212,CVE-2021-47216,CVE-2022-48631,CVE-2022-48638,CVE-2022-48650,CVE-2022-48651,CVE-2022-48654,CVE-2022-48672,CVE-2022-48686,CVE-2022-48687,CVE-2022-48693,CVE-2022-48695,CVE-2022-48701,CVE-2022-48702,CVE-2023-2860,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-26610,CVE-2024-26688,CVE-2024-26689,CVE-2024-26733,CVE-2024-26739,CVE-2024-26744,CVE-2024-26816,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26898,CVE-2024-26903,CVE-2024-26906,CVE-2024-27043 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). The following package changes have been done: - kernel-default-5.3.18-150300.59.161.1 updated - libopenssl1_1-1.1.1d-150200.11.88.1 updated - openssl-1_1-1.1.1d-150200.11.88.1 updated