SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3176-1 Container Tags : suse/sle-micro-rancher/5.3:latest Container Release : 7.2.414 Severity : important Type : security References : 1195775 1216124 1218148 1219224 1220492 1222015 1222254 1222678 1223384 1224020 1224679 1224696 1224703 1224749 1224764 1224765 1224766 1224935 1225098 1225467 1225487 1225518 1225611 1225732 1225737 1225749 1225840 1225866 1226145 1226211 1226212 1226270 1226587 1226595 1226634 1226758 1226785 1226786 1226789 1226953 1226962 CVE-2021-47555 CVE-2021-47571 CVE-2023-24023 CVE-2023-52670 CVE-2023-52752 CVE-2023-52837 CVE-2023-52846 CVE-2023-52881 CVE-2024-26745 CVE-2024-26923 CVE-2024-35789 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2495-1 Released: Tue Jul 16 09:29:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert 'build initrd without systemd' (bsc#1195775)' - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). The following package changes have been done: - kernel-default-5.14.21-150400.24.125.1 updated