SUSE-CU-2025:6202-1: Security update of suse/sle-micro-rancher/5.4

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Aug 19 07:16:29 UTC 2025 

SUSE Container Update Advisory: suse/sle-micro-rancher/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6202-1
Container Tags        : suse/sle-micro-rancher/5.4:5.4.4.5.41 , suse/sle-micro-rancher/5.4:latest
Container Release     : 4.5.41
Severity              : important
Type                  : security
References            : 1206051 1221829 1229334 1234863 1236104 1236333 1238160 1239644
                        1240185 1240799 1242414 1242780 1244309 1245217 1245431 1245506
                        1245711 1245986 1246000 1246029 1246037 1246045 1246073 1246186
                        1246781 1247314 1247347 1247348 1247349 1247437 CVE-2022-49138
                        CVE-2022-49770 CVE-2023-52923 CVE-2023-52927 CVE-2023-53117 CVE-2024-26643
                        CVE-2024-42265 CVE-2024-53164 CVE-2024-57947 CVE-2025-21881 CVE-2025-21971
                        CVE-2025-37798 CVE-2025-38079 CVE-2025-38088 CVE-2025-38120 CVE-2025-38177
                        CVE-2025-38181 CVE-2025-38200 CVE-2025-38206 CVE-2025-38212 CVE-2025-38213
                        CVE-2025-38257 CVE-2025-38350 CVE-2025-38468 CVE-2025-38477 CVE-2025-38494
                        CVE-2025-38495 CVE-2025-38497 
-----------------------------------------------------------------

The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2849-1
Released:    Mon Aug 18 17:56:40 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1206051,1221829,1229334,1234863,1236104,1236333,1238160,1239644,1240185,1240799,1242414,1242780,1244309,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2023-53117,CVE-2024-26643,CVE-2024-42265,CVE-2024-53164,CVE-2024-57947,CVE-2025-21881,CVE-2025-21971,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous  set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).

The following non-security bugs were fixed:

- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'


The following package changes have been done:

- kernel-default-5.14.21-150400.24.173.1 updated

More information about the sle-container-updates mailing list