SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3740-1 Container Tags : suse/sle-micro-rancher/5.3:latest Container Release : 7.2.429 Severity : important Type : security References : 1156395 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1207230 1209636 1213123 1215587 1216834 1217102 1218820 1220185 1220186 1220187 1221044 1222011 1222728 1222809 1222810 1223535 1223635 1223863 1224488 1224495 1224671 1225573 1225829 1226100 1226168 1226226 1226463 1226519 1226537 1226539 1226550 1226553 1226554 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226567 1226569 1226572 1226574 1226575 1226576 1226577 1226580 1226583 1226585 1226587 1226601 1226602 1226603 1226607 1226614 1226617 1226618 1226619 1226621 1226624 1226626 1226628 1226629 1226643 1226644 1226645 1226650 1226653 1226662 1226669 1226670 1226672 1226673 1226674 1226675 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226705 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226719 1226720 1226721 1226732 1226758 1226762 1226785 1227090 1227138 1227383 1227487 1227549 1227716 1227750 1227764 1227808 1227810 1227823 1227829 1227836 1227917 1227920 1227921 1227922 1227923 1227924 1227925 1227928 1227931 1227932 1227933 1227935 1227938 1227941 1227942 1227944 1227945 1227948 1227949 1227952 1227953 1227954 1227956 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227993 1227995 1227996 1227997 1228000 1228002 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228013 1228014 1228015 1228019 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228114 1228124 1228247 1228328 1228440 1228561 1228644 1228680 1228743 1228801 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847 CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-1582 CVE-2023-37453 CVE-2023-52591 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800 CVE-2023-52885 CVE-2023-52886 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26976 CVE-2024-35878 CVE-2024-35901 CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-38541 CVE-2024-38555 CVE-2024-38559 CVE-2024-39463 CVE-2024-39494 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 CVE-2024-5535 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2922-1 Released: Thu Aug 15 07:01:20 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1207230,1217102,1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2929-1 Released: Thu Aug 15 11:31:30 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1209636,1213123,1215587,1216834,1218820,1220185,1220186,1220187,1221044,1222011,1222728,1222809,1222810,1223635,1223863,1224488,1224495,1224671,1225573,1225829,1226168,1226226,1226519,1226537,1226539,1226550,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226567,1226569,1226572,1226574,1226575,1226576,1226577,1226580,1226583,1226585,1226587,1226601,1226602,1226603,1226607,1226614,1226617,1226618,1226619,1226621,1226624,1226626,1226628,1226629,1226643,1226644,1226645,1226650,1226653,1226662,1226669,1226670,1226672,1226673,1226674,1226675,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226705,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226719,1226720,1226721,1226732,1226758,1226762,1226785,1227090,1227383,1227487,1227549,1227716,1227750,1227764,1227808,1227810,1227823,1227829,1227836,1227917,1227920,1227921,1227922,1227923,1227924,1227925,1227928,1227931,1227932,1227933,1227935,1227938,1227941,1227942,1227944,1227945,1227948,1227949,1227952,1227953,1227954,1227956,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227993,1227995,1227996,1227997,1228000,1228002,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228013,1228014,1228015,1228019,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228114,1228247,1228328,1228440,1228561,1228644,1228680,1228743,1228801,CVE-2021-4439,CVE-2021-47534,CVE-2021-47576,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47624,CVE-2022-0854,CVE-2022-20368,CVE-2022-28748,CVE-2022-2964,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48715,CVE-2022-48717,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48771,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48847,CVE-2022-48849,CVE-2022-48851,CVE-2022-48853,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52591,CVE-2023-52762,CVE-2023-52766,CVE-2023-52800,CVE-2023-52885,CVE-2023-52886,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-26813,CVE-2024-26814,CVE-2024-26976,CVE-2024-35878,CVE-2024-35901,CVE-2024-35905,CVE-2024-36926,CVE-2024-36974,CVE-2024-38541,CVE-2024-38555,CVE-2024-38559,CVE-2024-39463,CVE-2024-39494,CVE-2024-40902,CVE-2024-40937,CVE-2024-40954,CVE-2024-40956,CVE-2024-40989,CVE-2024-40994,CVE-2024-41011,CVE-2024-41012,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42093,CVE-2024-42145,CVE-2024-42230 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). The following package changes have been done: - grub2-i386-pc-2.06-150400.11.46.1 updated - grub2-x86_64-efi-2.06-150400.11.46.1 updated - grub2-2.06-150400.11.46.1 updated - kernel-default-5.14.21-150400.24.128.1 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated