SUSE-CU-2026:309-1: Security update of rancher/elemental-operator
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jan 20 08:04:55 UTC 2026
SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:309-1
Container Tags : rancher/elemental-operator:1.6.10 , rancher/elemental-operator:1.6.10-9.1
Container Release : 9.1
Severity : important
Type : security
References : 1241826 1241857 1251511 1251679 1253581 1253901 1254079 1256341
CVE-2025-13151 CVE-2025-22872 CVE-2025-47911 CVE-2025-47913 CVE-2025-47914
CVE-2025-58181 CVE-2025-58190
-----------------------------------------------------------------
The container rancher/elemental-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 558
Released: Mon Jan 12 13:00:27 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in
`asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: 561
Released: Thu Jan 15 12:08:38 2026
Summary: Security update for elemental-toolkit, elemental-operator
Type: security
Severity: important
References: 1241826,1241857,1251511,1251679,1253581,1253901,1254079,CVE-2025-22872,CVE-2025-47911,CVE-2025-47913,CVE-2025-47914,CVE-2025-58181,CVE-2025-58190
This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to version 1.6.10:
* Remove 'latest' tag as this overlaps with the latest branch
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes fixes to some CVEs:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit:
- Update to version 2.1.5:
* Update headers for new year 2026
* Disable selinux in installer media
- Update to version 2.1.4:
* Remove leftovers in installer integration test
* Bump to build against go 1.24
* Bump golang.org/x/crypto library
This bump includes fixes to some CVEs:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
The following package changes have been done:
- compat-usrmerge-tools-84.87-3.1 updated
- elemental-operator-1.6.10-1.1 updated
- system-user-root-20190513-2.208 updated
- filesystem-84.87-5.2 updated
- glibc-2.38-9.1 updated
- libtasn1-6-4.19.0-5.1 updated
- libpcre2-8-0-10.42-2.179 updated
- libgmp10-6.3.0-1.119 updated
- libgcc_s1-13.3.0+git8781-2.1 updated
- libffi8-3.4.4-3.1 updated
- libcap2-2.69-2.83 updated
- libattr1-2.5.1-3.1 updated
- libacl1-2.3.1-3.1 updated
- libselinux1-3.5-3.1 updated
- libstdc++6-13.3.0+git8781-2.1 updated
- libp11-kit0-0.25.3-1.6 updated
- libncurses6-6.4.20240224-10.2 updated
- terminfo-base-6.4.20240224-10.2 updated
- p11-kit-0.25.3-1.6 updated
- p11-kit-tools-0.25.3-1.6 updated
- libreadline8-8.2-2.180 updated
- bash-5.2.15-3.1 updated
- bash-sh-5.2.15-3.1 updated
- coreutils-9.4-5.1 updated
- ca-certificates-2+git20230406.2dae8b7-3.1 updated
- ca-certificates-mozilla-2.74-1.1 updated
- container:suse-toolbox-image-1.0.0-9.60 updated
More information about the sle-container-updates
mailing list