SUSE-CU-2026:5363-1: Security update of suse/sle-micro-rancher/5.4

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jun 2 07:11:54 UTC 2026 

SUSE Container Update Advisory: suse/sle-micro-rancher/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:5363-1
Container Tags        : suse/sle-micro-rancher/5.4:5.4.4.5.118 , suse/sle-micro-rancher/5.4:latest
Container Release     : 4.5.118
Severity              : important
Type                  : security
References            : 1221010 1243603 1258248 1258518 1258718 1258849 1258850 1258854
                        1258855 1258856 1258857 1259484 1259485 1259857 1260010 1260018
                        1260522 1260526 1260983 1261287 1261295 1261638 1261710 1261779
                        1261781 1261796 1261797 1262179 1262181 1262602 1262734 1262758
                        1263065 1263085 1263095 1263131 1263141 1263165 1263170 1263176
                        1263582 1263600 1263668 1263723 1263882 1263901 1263931 1263933
                        1264059 1264082 1264450 1264482 1264634 1264651 1264848 1265085
                        1265090 1265119 1265126 1265308 1265456 1265626 1265960 CVE-2021-47103
                        CVE-2023-20585 CVE-2026-23209 CVE-2026-23239 CVE-2026-23240 CVE-2026-23268
                        CVE-2026-23269 CVE-2026-23271 CVE-2026-23273 CVE-2026-23351 CVE-2026-23393
                        CVE-2026-23403 CVE-2026-23404 CVE-2026-23405 CVE-2026-23406 CVE-2026-23407
                        CVE-2026-23408 CVE-2026-23409 CVE-2026-23410 CVE-2026-23411 CVE-2026-23449
                        CVE-2026-23458 CVE-2026-23462 CVE-2026-31402 CVE-2026-31403 CVE-2026-31408
                        CVE-2026-31436 CVE-2026-31504 CVE-2026-31507 CVE-2026-31512 CVE-2026-31533
                        CVE-2026-31570 CVE-2026-31586 CVE-2026-31588 CVE-2026-31602 CVE-2026-31607
                        CVE-2026-31649 CVE-2026-31656 CVE-2026-31662 CVE-2026-31669 CVE-2026-31685
                        CVE-2026-31694 CVE-2026-31700 CVE-2026-31738 CVE-2026-31787 CVE-2026-43025
                        CVE-2026-43027 CVE-2026-43050 CVE-2026-43110 CVE-2026-43126 CVE-2026-43190
                        CVE-2026-43214 CVE-2026-43329 CVE-2026-43334 CVE-2026-43365 CVE-2026-43437
                        CVE-2026-43494 CVE-2026-43500 CVE-2026-43503 CVE-2026-46333 
-----------------------------------------------------------------

The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2202-1
Released:    Mon Jun  1 12:01:33 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1221010,1243603,1258248,1258518,1258718,1258849,1258850,1258854,1258855,1258856,1258857,1259484,1259485,1259857,1260010,1260018,1260522,1260526,1260983,1261287,1261295,1261638,1261710,1261779,1261781,1261796,1261797,1262179,1262181,1262602,1262734,1262758,1263065,1263085,1263095,1263131,1263141,1263165,1263170,1263176,1263582,1263600,1263668,1263723,1263882,1263901,1263931,1263933,1264059,1264082,1264450,1264482,1264634,1264651,1264848,1265085,1265090,1265119,1265126,1265308,1265456,1265626,1265960,CVE-2021-47103,CVE-2023-20585,CVE-2026-23209,CVE-2026-23239,CVE-2026-23240,CVE-2026-23268,CVE-2026-23269,CVE-2026-23271,CVE-2026-23273,CVE-2026-23351,CVE-2026-23393,CVE-2026-23403,CVE-2026-23404,CVE-2026-23405,CVE-2026-23406,CVE-2026-23407,CVE-2026-23408,CVE-2026-23409,CVE-2026-23410,CVE-2026-23411,CVE-2026-23449,CVE-2026-23458,CVE-2026-23462,CVE-2026-31402,CVE-2026-31403,CVE-2026-31408,CVE-2026-31436,CVE-2026-31504,CVE-2026-31507,CVE-2026-31512,CVE-2026-31533,CVE-2026-31570,C
 VE-2026-31586,CVE-2026-31588,CVE-2026-31602,CVE-2026-31607,CVE-2026-31649,CVE-2026-31656,CVE-2026-31662,CVE-2026-31669,CVE-2026-31685,CVE-2026-31694,CVE-2026-31700,CVE-2026-31738,CVE-2026-31787,CVE-2026-43025,CVE-2026-43027,CVE-2026-43050,CVE-2026-43110,CVE-2026-43126,CVE-2026-43190,CVE-2026-43214,CVE-2026-43329,CVE-2026-43334,CVE-2026-43365,CVE-2026-43437,CVE-2026-43494,CVE-2026-43500,CVE-2026-43503,CVE-2026-46333

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2021-47103: inet: fully convert sk->sk_rx_dst to RCU rules (bsc#1221010).
- CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
- CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
- CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).
- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).
- CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (bsc#1260526).
- CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
- CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit (bsc#1261779).
- CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (bsc#1261781).
- CVE-2026-23462: Bluetooth: HIDP: Fix possible UAF (bsc#1261710).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).
- CVE-2026-31403: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (bsc#1261796).
- CVE-2026-31408: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (bsc#1261797).
- CVE-2026-31436: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (bsc#1262602).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263085).
- CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (bsc#1263095).
- CVE-2026-31512: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
  (bsc#1262734).
- CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262758).
- CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel() (bsc#1263065).
- CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263176).
- CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small write values (bsc#1263165).
- CVE-2026-31602: ALSA: ctxfi: Limit PTP to a single page (bsc#1263723).
- CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit() (bsc#1263600).
- CVE-2026-31649: net: stmmac: fix integer underflow in chain mode (bsc#1263582).
- CVE-2026-31656: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (bsc#1263170).
- CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1263131).
- CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1263141).
- CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
- CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (bsc#1263882).
- CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create (bsc#1264059).
- CVE-2026-31787: xen/privcmd: fix double free via VMA splitting (bsc#1262181).
- CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1263931).
- CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1263933).
- CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable() (bsc#1264082).
- CVE-2026-43110: wifi: brcmfmac: validate bsscfg indices in IF events (bsc#1264482).
- CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints (bsc#1264634).
- CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).
- CVE-2026-43214: KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (bsc#1264651).
- CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of actions (bsc#1265085).
- CVE-2026-43334: Bluetooth: SMP: force responder MITM requirements before building the pairing response (bsc#1265090).
- CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
- CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (bsc#1265126).
- CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- CVE-2026-43500: supported.conf: drop rxrpc and af_kfs (bsc#1264450).
- CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-transfer helpers (bsc#1265960).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).

The following non security issues were fixed:

- check-for-config-changes: Exclude CC_MS_EXTENSIONS.
- check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
- crypto: qat - fix ring to service map for QAT GEN4 (bsc#1258248).
- crypto: qat - refactor fw config related functions (bsc#1258248).
- crypto: qat - use masks for AE groups (bsc#1258248).
- dm init: ensure device probing has finished in dm-mod.waitfor= (git-fixes).
- mkspec: Add signature to source list only when it exists.
- net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- net: gro: don't merge zcopy skbs (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps (bsc#1260983).
- ocfs2: fix possible deadlock between unlink and dio_end_io_write (bsc#1258718).
- ocfs2: split transactions in dio completion to avoid credit exhaustion (bsc#1258718).
- xfrm: esp: avoid in-place decrypt on shared skb frags.


The following package changes have been done:

- kernel-default-5.14.21-150400.24.219.1 updated

More information about the sle-container-updates mailing list