SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2909-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 7.5.364 Severity : important Type : security References : 1065729 1151927 1152472 1154353 1156395 1174585 1176447 1176774 1176869 1178134 1181147 1184631 1185570 1185589 1185902 1186885 1187357 1188616 1188772 1189883 1190795 1191452 1192107 1194288 1194591 1196956 1197760 1198029 1199304 1200619 1203389 1206646 1209657 1210335 1210629 1213476 1215420 1216702 1217169 1220137 1220144 1220754 1220877 1220960 1221044 1221113 1221829 1222251 1222619 1222838 1222867 1223084 1223138 1223384 1223390 1223512 1223932 1223934 1224099 1224174 1224438 1224482 1224511 1224592 1224816 1224826 1224830 1224831 1224832 1224834 1224841 1224842 1224843 1224844 1224846 1224849 1224852 1224853 1224854 1224859 1224882 1224886 1224888 1224889 1224891 1224892 1224893 1224899 1224904 1224907 1224909 1224916 1224917 1224922 1224923 1224924 1224926 1224928 1224953 1224954 1224955 1224957 1224961 1224963 1224965 1224966 1224968 1224981 1224982 1224983 1224984 1224987 1224990 1224993 1224996 1224997 1225026 1225030 1225058 1225060 1225083 1225084 1225091 1225112 1225113 1225128 1225140 1225143 1225148 1225155 1225164 1225177 1225178 1225181 1225192 1225193 1225198 1225201 1225206 1225207 1225208 1225214 1225223 1225224 1225230 1225232 1225233 1225237 1225238 1225243 1225244 1225247 1225251 1225252 1225256 1225261 1225262 1225263 1225301 1225303 1225316 1225318 1225320 1225321 1225322 1225326 1225327 1225328 1225330 1225333 1225336 1225341 1225346 1225351 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225369 1225370 1225372 1225374 1225384 1225386 1225387 1225390 1225393 1225400 1225404 1225405 1225409 1225411 1225424 1225427 1225435 1225437 1225438 1225439 1225446 1225447 1225448 1225450 1225453 1225455 1225468 1225499 1225500 1225508 1225534 CVE-2020-36788 CVE-2021-3743 CVE-2021-39698 CVE-2021-43056 CVE-2021-43527 CVE-2021-47104 CVE-2021-47192 CVE-2021-47200 CVE-2021-47220 CVE-2021-47227 CVE-2021-47228 CVE-2021-47229 CVE-2021-47230 CVE-2021-47231 CVE-2021-47235 CVE-2021-47236 CVE-2021-47237 CVE-2021-47239 CVE-2021-47240 CVE-2021-47241 CVE-2021-47246 CVE-2021-47252 CVE-2021-47253 CVE-2021-47254 CVE-2021-47255 CVE-2021-47258 CVE-2021-47259 CVE-2021-47260 CVE-2021-47261 CVE-2021-47263 CVE-2021-47265 CVE-2021-47267 CVE-2021-47269 CVE-2021-47270 CVE-2021-47274 CVE-2021-47275 CVE-2021-47276 CVE-2021-47280 CVE-2021-47281 CVE-2021-47284 CVE-2021-47285 CVE-2021-47288 CVE-2021-47289 CVE-2021-47296 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305 CVE-2021-47307 CVE-2021-47308 CVE-2021-47314 CVE-2021-47315 CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47329 CVE-2021-47330 CVE-2021-47332 CVE-2021-47333 CVE-2021-47334 CVE-2021-47337 CVE-2021-47338 CVE-2021-47340 CVE-2021-47341 CVE-2021-47343 CVE-2021-47344 CVE-2021-47347 CVE-2021-47348 CVE-2021-47350 CVE-2021-47353 CVE-2021-47354 CVE-2021-47356 CVE-2021-47369 CVE-2021-47375 CVE-2021-47378 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47387 CVE-2021-47388 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47395 CVE-2021-47396 CVE-2021-47399 CVE-2021-47402 CVE-2021-47404 CVE-2021-47405 CVE-2021-47409 CVE-2021-47413 CVE-2021-47416 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47428 CVE-2021-47431 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47451 CVE-2021-47456 CVE-2021-47458 CVE-2021-47460 CVE-2021-47464 CVE-2021-47465 CVE-2021-47468 CVE-2021-47473 CVE-2021-47478 CVE-2021-47480 CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47511 CVE-2021-47512 CVE-2021-47516 CVE-2021-47518 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47535 CVE-2021-47536 CVE-2021-47538 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47549 CVE-2021-47557 CVE-2021-47562 CVE-2021-47563 CVE-2021-47565 CVE-2022-1195 CVE-2022-20132 CVE-2022-48636 CVE-2022-48673 CVE-2022-48704 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-2176 CVE-2023-4244 CVE-2023-47233 CVE-2023-52433 CVE-2023-52581 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52686 CVE-2023-52840 CVE-2023-52871 CVE-2023-52880 CVE-2023-6531 CVE-2024-26581 CVE-2024-26643 CVE-2024-26828 CVE-2024-26921 CVE-2024-26925 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413 CVE-2024-35811 CVE-2024-35895 CVE-2024-35914 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2185-1 Released: Mon Jun 24 21:04:36 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1152472,1154353,1156395,1174585,1176447,1176774,1176869,1178134,1181147,1184631,1185570,1185589,1185902,1186885,1187357,1188616,1188772,1189883,1190795,1191452,1192107,1194288,1194591,1196956,1197760,1198029,1199304,1200619,1203389,1206646,1209657,1210335,1210629,1213476,1215420,1216702,1217169,1220137,1220144,1220754,1220877,1220960,1221044,1221113,1221829,1222251,1222619,1222838,1222867,1223084,1223138,1223384,1223390,1223512,1223932,1223934,1224099,1224174,1224438,1224482,1224511,1224592,1224816,1224826,1224830,1224831,1224832,1224834,1224841,1224842,1224843,1224844,1224846,1224849,1224852,1224853,1224854,1224859,1224882,1224886,1224888,1224889,1224891,1224892,1224893,1224899,1224904,1224907,1224909,1224916,1224917,1224922,1224923,1224924,1224926,1224928,1224953,1224954,1224955,1224957,1224961,1224963,1224965,1224966,1224968,1224981,1224982,1224983,1224984,1224987,1224990,1224993,1224996,1224997,1225026,1225030,1225058,1225060,1225083,1225084,1225091,1225112,1225113,1225128,1225140,1225143,1225148,1225155,1225164,1225177,1225178,1225181,1225192,1225193,1225198,1225201,1225206,1225207,1225208,1225214,1225223,1225224,1225230,1225232,1225233,1225237,1225238,1225243,1225244,1225247,1225251,1225252,1225256,1225261,1225262,1225263,1225301,1225303,1225316,1225318,1225320,1225321,1225322,1225326,1225327,1225328,1225330,1225333,1225336,1225341,1225346,1225351,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225369,1225370,1225372,1225374,1225384,1225386,1225387,1225390,1225393,1225400,1225404,1225405,1225409,1225411,1225424,1225427,1225435,1225437,1225438,1225439,1225446,1225447,1225448,1225450,1225453,1225455,1225468,1225499,1225500,1225508,1225534,CVE-2020-36788,CVE-2021-3743,CVE-2021-39698,CVE-2021-43056,CVE-2021-43527,CVE-2021-47104,CVE-2021-47192,CVE-2021-47200,CVE-2021-47220,CVE-2021-47227,CVE-2021-47228,CVE-2021-47229,CVE-2021-47230,CVE-2021-47231,CVE-2021-47235,CVE-2021-47236,CVE-2021-47237,CVE-2021-47239,CVE-2021-47240,CVE-2021-47241,CVE-2021-47246,CVE-2021-47252,CVE-2021-47253,CVE-2021-47254,CVE-2021-47255,CVE-2021-47258,CVE-2021-47259,CVE-2021-47260,CVE-2021-47261,CVE-2021-47263,CVE-2021-47265,CVE-2021-47267,CVE-2021-47269,CVE-2021-47270,CVE-2021-47274,CVE-2021-47275,CVE-2021-47276,CVE-2021-47280,CVE-2021-47281,CVE-2021-47284,CVE-2021-47285,CVE-2021-47288,CVE-2021-47289,CVE-2021-47296,CVE-2021-47301,CVE-2021-47302,CVE-2021-47305,CVE-2021-47307,CVE-2021-47308,CVE-2021-47314,CVE-2021-47315,CVE-2021-47320,CVE-2021-47321,CVE-2021-47323,CVE-2021-47324,CVE-2021-47329,CVE-2021-47330,CVE-2021-47332,CVE-2021-47333,CVE-2021-47334,CVE-2021-47337,CVE-2021-47338,CVE-2021-47340,CVE-2021-47341,CVE-2021-47343,CVE-2021-47344,CVE-2021-47347,CVE-2021-47348,CVE-2021-47350,CVE-2021-47353,CVE-2021-47354,CVE-2021-47356,CVE-2021-47369,CVE-2021-47375,CVE-2021-47378,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47387,CVE-2021-47388,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47395,CVE-2021-47396,CVE-2021-47399,CVE-2021-47402,CVE-2021-47404,CVE-2021-47405,CVE-2021-47409,CVE-2021-47413,CVE-2021-47416,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47428,CVE-2021-47431,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47451,CVE-2021-47456,CVE-2021-47458,CVE-2021-47460,CVE-2021-47464,CVE-2021-47465,CVE-2021-47468,CVE-2021-47473,CVE-2021-47478,CVE-2021-47480,CVE-2021-47482,CVE-2021-47483,CVE-2021-47485,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47511,CVE-2021-47512,CVE-2021-47516,CVE-2021-47518,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47535,CVE-2021-47536,CVE-2021-47538,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47549,CVE-2021-47557,CVE-2021-47562,CVE-2021-47563,CVE-2021-47565,CVE-2022-1195,CVE-2022-20132,CVE-2022-48636,CVE-2022-48673,CVE-2022-48704,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2176,CVE-2023-4244,CVE-2023-47233,CVE-2023-52433,CVE-2023-52581,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52686,CVE-2023-52840,CVE-2023-52871,CVE-2023-52880,CVE-2023-6531,CVE-2024-26581,CVE-2024-26643,CVE-2024-26828,CVE-2024-26921,CVE-2024-26925,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35895,CVE-2024-35914 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). The following package changes have been done: - kernel-default-5.3.18-150300.59.164.1 updated