SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2035-1
Container Tags        : suse/sle-micro-rancher/5.4:latest
Container Release     : 3.2.262
Severity              : important
Type                  : security
References            : 1192145 1209657 1210617 1215221 1216223 1218336 1218479 1218562
                        1219104 1219126 1219169 1219170 1219264 1220342 1220703 1220761
                        1220883 1221044 1221061 1221088 1221293 1221299 1221612 1221725
                        1221830 1222117 1222422 1222430 1222435 1222482 1222503 1222536
                        1222559 1222585 1222618 1222624 1222660 1222662 1222664 1222666
                        1222669 1222671 1222703 1222704 1222706 1222709 1222721 1222726
                        1222773 1222776 1222785 1222787 1222790 1222791 1222792 1222796
                        1222824 1222829 1222832 1222836 1222838 1222866 1222867 1222869
                        1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901
                        1223016 1223187 1223380 1223474 1223475 1223477 1223479 1223482
                        1223484 1223487 1223503 1223505 1223509 1223513 1223516 1223517
                        1223518 1223519 1223522 1223523 1223705 1223824 CVE-2021-47047
                        CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185
                        CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192
                        CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197
                        CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202
                        CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207
                        CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47215
                        CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631
                        CVE-2022-48637 CVE-2022-48638 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650
                        CVE-2022-48651 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656
                        CVE-2022-48657 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667
                        CVE-2022-48668 CVE-2023-0160 CVE-2023-30608 CVE-2023-4881 CVE-2023-52476
                        CVE-2023-52500 CVE-2023-52590 CVE-2023-52591 CVE-2023-52607 CVE-2023-52616
                        CVE-2023-52628 CVE-2023-6270 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841
                        CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-25742
                        CVE-2024-26601 CVE-2024-26610 CVE-2024-26614 CVE-2024-26642 CVE-2024-26687
                        CVE-2024-26688 CVE-2024-26689 CVE-2024-26704 CVE-2024-26727 CVE-2024-26733
                        CVE-2024-26739 CVE-2024-26764 CVE-2024-26766 CVE-2024-26773 CVE-2024-26792
                        CVE-2024-26816 CVE-2024-26898 CVE-2024-26903 CVE-2024-27043 CVE-2024-27389
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1637-1
Released:    Tue May 14 14:22:14 2024
Summary:     Recommended update for google-cloud SDK
Type:        recommended
Severity:    moderate
References:  1210617,CVE-2023-30608
This update for  google-cloud SDK fixes the following issues:

- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
    python311-google-resumable-media
    python311-google-api-core
    python311-google-cloud-storage
    python311-google-cloud-core
    python311-googleapis-common-protos

- Regular python311 updates (without Obsoletes):
    python-google-auth
    python-grpcio
    python-sqlparse

- New python311 packages:
    libcrc32c
    python-google-cloud-appengine-logging
    python-google-cloud-artifact-registry
    python-google-cloud-audit-log
    python-google-cloud-build
    python-google-cloud-compute
    python-google-cloud-dns
    python-google-cloud-domains
    python-google-cloud-iam
    python-google-cloud-kms-inventory
    python-google-cloud-kms
    python-google-cloud-logging
    python-google-cloud-run
    python-google-cloud-secret-manager
    python-google-cloud-service-directory
    python-google-cloud-spanner
    python-google-cloud-vpc-access
    python-google-crc32c
    python-grpc-google-iam-v1
    python-grpcio-status
    python-proto-plus

In python-sqlparse this security issue was fixed:

CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1641-1
Released:    Tue May 14 15:36:55 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1192145,1209657,1215221,1216223,1218336,1218479,1218562,1219104,1219126,1219169,1219170,1219264,1220342,1220703,1220761,1220883,1221044,1221061,1221088,1221293,1221299,1221612,1221725,1221830,1222117,1222422,1222430,1222435,1222482,1222503,1222536,1222559,1222585,1222618,1222624,1222660,1222662,1222664,1222666,1222669,1222671,1222703,1222704,1222706,1222709,1222721,1222726,1222773,1222776,1222785,1222787,1222790,1222791,1222792,1222796,1222824,1222829,1222832,1222836,1222838,1222866,1222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1223016,1223187,1223380,1223474,1223475,1223477,1223479,1223482,1223484,1223487,1223503,1223505,1223509,1223513,1223516,1223517,1223518,1223519,1223522,1223523,1223705,1223824,CVE-2021-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48637,CVE-2022-48638,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2023-0160,CVE-2023-4881,CVE-2023-52476,CVE-2023-52500,CVE-2023-52590,CVE-2023-52591,CVE-2023-52607,CVE-2023-52616,CVE-2023-52628,CVE-2023-6270,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-25742,CVE-2024-26601,CVE-2024-26610,CVE-2024-26614,CVE-2024-26642,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26704,CVE-2024-26727,CVE-2024-26733,CVE-2024-26739,CVE-2024-26764,CVE-2024-26766,CVE-2024-26773,CVE-2024-26792,CVE-2024-26816,CVE-2024-26898,CVE-2024-26903,CVE-2024-27043,CVE-2024-27389

The SUSE Linux Enterprise 15 SP4 LTSS kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). 
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot  creation failure (bsc#1219126).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource()  (bsc#1222660).

The following non-security bugs were fixed:

- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).


The following package changes have been done:

- kernel-default-5.14.21-150400.24.119.1 updated
- libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated