SUSE-CU-2025:3713-1: Security update of rancher/elemental-operator
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue May 27 07:05:46 UTC 2025
SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:3713-1
Container Tags : rancher/elemental-operator:1.6.9 , rancher/elemental-operator:1.6.9-8.1 , rancher/elemental-operator:latest
Container Release : 8.1
Severity : critical
Type : security
References : 1010996 1199079 1229003 1234128 1234798 1239883 1240009 1240343
1242901 1243317 441356 CVE-2025-4802
-----------------------------------------------------------------
The container rancher/elemental-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 324
Released: Fri May 16 11:41:30 2025
Summary: Recommended update for elemental-operator
Type: recommended
Severity: moderate
References: 1242901
This update for elemental-operator fixes the following issues:
- Fix questions.yaml default tag
- operator: update RBAC for upgrade plans (bsc#1242901)
-----------------------------------------------------------------
Advisory ID: 328
Released: Wed May 21 13:04:20 2025
Summary: Security update for glibc
Type: security
Severity: critical
References: 1234128,1239883,1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317)
- pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
-----------------------------------------------------------------
Advisory ID: 331
Released: Wed May 21 17:40:23 2025
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: moderate
References: 1010996,1199079,1229003,1234798,1240009,1240343,441356
This update for ca-certificates-mozilla fixes the following issues:
- test for a concretely missing certificate rather than
just the directory, as the latter is now also provided by
openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
for reproducible builds (bsc#1229003)
- explicit remove distrusted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
The following package changes have been done:
- elemental-operator-1.6.9-1.1 updated
- glibc-2.38-9.1 updated
- ca-certificates-mozilla-2.74-1.1 updated
- container:suse-toolbox-image-1.0.0-8.7 updated
More information about the sle-container-updates
mailing list