SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4963-1
Container Tags        : suse/sle-micro-rancher/5.2:latest
Container Release     : 7.5.425
Severity              : important
Type                  : security
References            : 1218668 1220826 1226145 1226666 1227487 1228466 1229555 1229633
                        1230015 1230245 1230326 1230398 1230434 1230519 1230767 CVE-2021-47069
                        CVE-2022-48911 CVE-2022-48945 CVE-2024-36971 CVE-2024-41087 CVE-2024-44946
                        CVE-2024-45003 CVE-2024-45021 CVE-2024-46695 CVE-2024-46774 
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3579-1
Released:    Thu Oct 10 08:34:47 2024
Summary:     Recommended update for wicked
Type:        recommended
Severity:    moderate
References:  1218668,1229555
This update for wicked fixes the following issue:

- compat-suse: fix dummy interfaces configuration with
  `INTERFACETYPE=dummy` (bsc#1229555).
- VLANs bonds didn't come up after reboot or wicked restart (bsc#1218668).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3585-1
Released:    Thu Oct 10 11:04:52 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1220826,1226145,1226666,1227487,1228466,1229633,1230015,1230245,1230326,1230398,1230434,1230519,1230767,CVE-2021-47069,CVE-2022-48911,CVE-2022-48945,CVE-2024-36971,CVE-2024-41087,CVE-2024-44946,CVE-2024-45003,CVE-2024-45021,CVE-2024-46695,CVE-2024-46774

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.  (bsc#1229633).
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx  hook (bsc#1230519).
- CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145).

The following non-security bugs were fixed:

- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326).
- ext4: add reserved GDT blocks check (bsc#1230326).
- ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326).


The following package changes have been done:

- kernel-default-5.3.18-150300.59.179.1 updated
- wicked-service-0.6.76-150300.4.38.7 updated
- wicked-0.6.76-150300.4.38.7 updated