SUSE Container Update Advisory: 
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4924-1
Container Tags        : suse/sle-micro-rancher/5.3:latest
Container Release     : 7.2.460
Severity              : important
Type                  : security
References            : 1216223 1223600 1223958 1225272 1227487 1228466 1229407 1229633
                        1229662 1229947 1230015 1230398 1230434 1230507 1230767 1231016
                        CVE-2022-48911 CVE-2022-48923 CVE-2022-48944 CVE-2022-48945 CVE-2024-41087
                        CVE-2024-42301 CVE-2024-44946 CVE-2024-45021 CVE-2024-46674 CVE-2024-46774
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3547-1
Released:    Tue Oct  8 16:06:05 2024
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1216223,1223600,1223958,1225272,1227487,1228466,1229407,1229633,1229662,1229947,1230015,1230398,1230434,1230507,1230767,1231016,CVE-2022-48911,CVE-2022-48923,CVE-2022-48944,CVE-2022-48945,CVE-2024-41087,CVE-2024-42301,CVE-2024-44946,CVE-2024-45021,CVE-2024-46674,CVE-2024-46774

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.  (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe  error path (bsc#1230507).

The following non-security bugs were fixed:

- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). 
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).


The following package changes have been done:

- kernel-default-5.14.21-150400.24.136.1 updated