SUSE-CU-2026:308-1: Security update of rancher/elemental-operator
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jan 20 08:04:53 UTC 2026
SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:308-1
Container Tags : rancher/elemental-operator:1.7.4 , rancher/elemental-operator:1.7.4-4.2
Container Release : 4.2
Severity : important
Type : security
References : 1241826 1241857 1242987 1251511 1251679 1253581 1253901 1254079
CVE-2025-22872 CVE-2025-47911 CVE-2025-47913 CVE-2025-47914 CVE-2025-58181
CVE-2025-58190
-----------------------------------------------------------------
The container rancher/elemental-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 375
Released: Thu Jan 15 10:23:45 2026
Summary: Security update for elemental-toolkit, elemental-operator
Type: security
Severity: important
References: 1241826,1241857,1242987,1251511,1251679,1253581,1253901,1254079,CVE-2025-22872,CVE-2025-47911,CVE-2025-47913,CVE-2025-47914,CVE-2025-58181,CVE-2025-58190
This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to v1.7.4:
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* Install yip config files in before-install step
* Revert 'Do not delete ManagedOSVersions by default'
* Set default channel variable names consistent with OS version
* Do not delete ManagedOSVersions by default
* Include -channel suffix to channel names
* OS channel: enable baremetal channel by default
elemental-toolkit:
- Update to v2.2.7:
* Bump toolkit build to go 1.24
* Bump golang.org/x/crypto library
This bumg includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
- Update to v2.2.5:
* Permissive mode for green selinux
* Adapt code and unit tests
* Minor change to lookup devices using blkid
The following package changes have been done:
- compat-usrmerge-tools-84.87-slfo.1.1_1.5 added
- elemental-operator-1.7.4-slfo.1.1_1.1 added
- system-user-root-20190513-slfo.1.1_1.2 added
- filesystem-84.87-slfo.1.1_1.2 added
- glibc-2.38-slfo.1.1_4.1 added
- libtasn1-6-4.19.0-slfo.1.1_3.1 added
- libpcre2-8-0-10.42-slfo.1.1_1.4 added
- libgmp10-6.3.0-slfo.1.1_1.5 added
- libgcc_s1-14.3.0+git11799-slfo.1.1_1.1 added
- libffi8-3.4.6-slfo.1.1_1.4 added
- libcap2-2.69-slfo.1.1_1.3 added
- libattr1-2.5.1-slfo.1.1_1.3 added
- libacl1-2.3.1-slfo.1.1_1.3 added
- libselinux1-3.5-slfo.1.1_1.3 added
- libstdc++6-14.3.0+git11799-slfo.1.1_1.1 added
- libp11-kit0-0.25.3-slfo.1.1_1.2 added
- libncurses6-6.4.20240224-slfo.1.1_1.5 added
- terminfo-base-6.4.20240224-slfo.1.1_1.5 added
- p11-kit-0.25.3-slfo.1.1_1.2 added
- p11-kit-tools-0.25.3-slfo.1.1_1.2 added
- libreadline8-8.2-slfo.1.1_1.4 added
- bash-5.2.15-slfo.1.1_1.6 added
- bash-sh-5.2.15-slfo.1.1_1.6 added
- coreutils-9.4-slfo.1.1_2.1 added
- ca-certificates-2+git20240805.fd24d50-slfo.1.1_1.2 added
- ca-certificates-mozilla-2.74-slfo.1.1_1.1 added
- container:suse-toolbox-image-1.0.0-4.101 added
- container:bci-bci-base-16.0-e0609980162bb2a2879a53a75182f374c8b5d93a0e4c3696772adc6f28dd79d4-0 removed
More information about the sle-container-updates
mailing list