SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3098-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.375
Severity              : important
Type                  : security
References            : 1156395 1171988 1176447 1176774 1181147 1191958 1195065 1195254
                        1195798 1202623 1218148 1219224 1219633 1222015 1223011 1223384
                        1224671 1224703 1224749 1224764 1224765 1224766 1224865 1225010
                        1225047 1225109 1225161 1225184 1225203 1225487 1225518 1225611
                        1225732 1225749 1225840 1225866 1226226 1226537 1226552 1226554
                        1226557 1226558 1226562 1226563 1226575 1226583 1226585 1226587
                        1226595 1226614 1226619 1226621 1226624 1226643 1226644 1226645
                        1226647 1226650 1226669 1226670 1226672 1226674 1226679 1226686
                        1226691 1226692 1226698 1226703 1226708 1226709 1226711 1226712
                        1226713 1226715 1226716 1226720 1226721 1226732 1226758 1226762
                        1226786 1226962 CVE-2021-3896 CVE-2021-43389 CVE-2021-4439 CVE-2021-47247
                        CVE-2021-47311 CVE-2021-47328 CVE-2021-47368 CVE-2021-47372 CVE-2021-47379
                        CVE-2021-47571 CVE-2021-47576 CVE-2021-47583 CVE-2021-47589 CVE-2021-47595
                        CVE-2021-47596 CVE-2021-47600 CVE-2021-47602 CVE-2021-47609 CVE-2021-47611
                        CVE-2021-47612 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620
                        CVE-2022-0435 CVE-2022-22942 CVE-2022-2938 CVE-2022-48711 CVE-2022-48715
                        CVE-2022-48717 CVE-2022-48722 CVE-2022-48724 CVE-2022-48726 CVE-2022-48728
                        CVE-2022-48730 CVE-2022-48732 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738
                        CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48752
                        CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760
                        CVE-2022-48767 CVE-2022-48768 CVE-2022-48771 CVE-2023-24023 CVE-2023-52707
                        CVE-2023-52752 CVE-2023-52881 CVE-2024-26822 CVE-2024-26923 CVE-2024-35789
                        CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35878 CVE-2024-35950
                        CVE-2024-36894 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964 CVE-2024-38541
                        CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2362-1
Released:    Tue Jul  9 16:02:10 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1156395,1171988,1176447,1176774,1181147,1191958,1195065,1195254,1195798,1202623,1218148,1219224,1219633,1222015,1223011,1223384,1224671,1224703,1224749,1224764,1224765,1224766,1224865,1225010,1225047,1225109,1225161,1225184,1225203,1225487,1225518,1225611,1225732,1225749,1225840,1225866,1226226,1226537,1226552,1226554,1226557,1226558,1226562,1226563,1226575,1226583,1226585,1226587,1226595,1226614,1226619,1226621,1226624,1226643,1226644,1226645,1226647,1226650,1226669,1226670,1226672,1226674,1226679,1226686,1226691,1226692,1226698,1226703,1226708,1226709,1226711,1226712,1226713,1226715,1226716,1226720,1226721,1226732,1226758,1226762,1226786,1226962,CVE-2021-3896,CVE-2021-43389,CVE-2021-4439,CVE-2021-47247,CVE-2021-47311,CVE-2021-47328,CVE-2021-47368,CVE-2021-47372,CVE-2021-47379,CVE-2021-47571,CVE-2021-47576,CVE-2021-47583,CVE-2021-47589,CVE-2021-47595,CVE-2021-47596,CVE-2021-47600,CVE-2021-47602,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2022-0435,CVE-2022-22942,CVE-2022-2938,CVE-2022-48711,CVE-2022-48715,CVE-2022-48717,CVE-2022-48722,CVE-2022-48724,CVE-2022-48726,CVE-2022-48728,CVE-2022-48730,CVE-2022-48732,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48767,CVE-2022-48768,CVE-2022-48771,CVE-2023-24023,CVE-2023-52707,CVE-2023-52752,CVE-2023-52881,CVE-2024-26822,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35878,CVE-2024-35950,CVE-2024-36894,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).

The following non-security bugs were fixed:

- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).


The following package changes have been done:

- kernel-default-5.3.18-150300.59.167.1 updated