SUSE-CU-2026:220-1: Security update of rancher/elemental-operator

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Jan 15 08:04:22 UTC 2026 

SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:220-1
Container Tags        : rancher/elemental-operator:1.7.3 , rancher/elemental-operator:1.7.3-3.38 , rancher/elemental-operator:latest
Container Release     : 3.38
Severity              : moderate
Type                  : security
References            : 1227052 1230262 1232526 1234820 1236270 1236507 1237442 1237641
                        1238491 1239566 1239938 1240788 1241549 1243767 1243991 1244050
                        1244079 1256341 CVE-2023-45288 CVE-2024-11218 CVE-2024-40896
                        CVE-2024-6104 CVE-2024-9407 CVE-2025-13151 CVE-2025-27144 CVE-2025-40909
                        CVE-2025-5278 
-----------------------------------------------------------------

The container rancher/elemental-operator was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 197
Released:    Thu Jul 31 13:53:17 2025
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1230262,1232526,1234820,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050,CVE-2024-40896
This update for gcc14 fixes the following issues:

- Exclude shared objects present for link editing in the GCC specific
  subdirectory from provides processing via __provides_exclude_from.
  [bsc#1244050][bsc#1243991]
- Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
  copy rather than the installed system runtime.  [bsc#1240788]
- cross-compiler builds with --enable-host-pie.
- Allow GCC executables to be built PIE.  [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string.  [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set
  [bsc#1238491]
- Update to gcc-14 branch head, 9ffecde121af883b60bbe60d0, git11321
  * fixes reported ICE in [bsc#1237442]
- Adjust cross compiler requirements to use %requires_ge
- Fix condition on whether to enable plugins or JIT support to
  not check sle_version which is not defined in SLFO but to check
  is_opensuse and suse_version instead.
- For cross compilers require the same or newer binutils, newlib
  or cross-glibc that was used at build time.  [bsc#1232526]
- Update to gcc-14 branch head, 4af44f2cf7d281f3e4f3957ef, git10750
  * includes libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]

-----------------------------------------------------------------
Advisory ID: 238
Released:    Thu Aug 28 17:15:06 2025
Summary:     Security update for coreutils
Type:        security
Severity:    moderate
References:  1227052,1236270,1236507,1237641,1243767,CVE-2023-45288,CVE-2024-11218,CVE-2024-6104,CVE-2024-9407,CVE-2025-27144,CVE-2025-5278
This update for coreutils fixes the following issues:

- CVE-2025-5278: Sort with key character offsets of SIZE_MAX, could induce a read of 1 byte before an allocated heap buffer (bsc#1243767).

-----------------------------------------------------------------
Advisory ID: 372
Released:    Tue Jan 13 14:25:46 2026
Summary:     Security update for libtasn1
Type:        security
Severity:    moderate
References:  1244079,1256341,CVE-2025-13151,CVE-2025-40909
This update for libtasn1 fixes the following issues:

- CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in
  `asn1_expend_octet_string` (bsc#1256341).


The following package changes have been done:

- compat-usrmerge-tools-84.87-slfo.1.1_1.5 updated
- elemental-operator-1.7.3-slfo.1.1_1.1 updated
- system-user-root-20190513-slfo.1.1_1.2 updated
- filesystem-84.87-slfo.1.1_1.2 updated
- glibc-2.38-slfo.1.1_4.1 updated
- libtasn1-6-4.19.0-slfo.1.1_3.1 updated
- libpcre2-8-0-10.42-slfo.1.1_1.4 updated
- libgmp10-6.3.0-slfo.1.1_1.5 updated
- libgcc_s1-14.3.0+git11799-slfo.1.1_1.1 updated
- libffi8-3.4.6-slfo.1.1_1.4 updated
- libcap2-2.69-slfo.1.1_1.3 updated
- libattr1-2.5.1-slfo.1.1_1.3 updated
- libacl1-2.3.1-slfo.1.1_1.3 updated
- libselinux1-3.5-slfo.1.1_1.3 updated
- libstdc++6-14.3.0+git11799-slfo.1.1_1.1 updated
- libp11-kit0-0.25.3-slfo.1.1_1.2 updated
- libncurses6-6.4.20240224-slfo.1.1_1.5 updated
- terminfo-base-6.4.20240224-slfo.1.1_1.5 updated
- p11-kit-0.25.3-slfo.1.1_1.2 updated
- p11-kit-tools-0.25.3-slfo.1.1_1.2 updated
- libreadline8-8.2-slfo.1.1_1.4 updated
- bash-5.2.15-slfo.1.1_1.6 updated
- bash-sh-5.2.15-slfo.1.1_1.6 updated
- coreutils-9.4-slfo.1.1_2.1 updated
- ca-certificates-2+git20240805.fd24d50-slfo.1.1_1.2 updated
- ca-certificates-mozilla-2.74-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-4.100 updated

More information about the sle-container-updates mailing list