SUSE-CU-2026:6166-1: Security update of rancher/elemental-operator

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 19 07:05:03 UTC 2026


SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6166-1
Container Tags        : rancher/elemental-operator:1.6.11 , rancher/elemental-operator:1.6.11-10.1
Container Release     : 10.1
Severity              : important
Type                  : security
References            : 1251679 1260277 1261206 1262464 1262465 1264353 1264354 1264356
                        1265921 1266789 1267168 1267197 CVE-2025-58190 CVE-2026-25680
                        CVE-2026-25681 CVE-2026-27136 CVE-2026-33186 CVE-2026-33814 CVE-2026-39821
                        CVE-2026-4046 CVE-2026-41142 CVE-2026-42216 CVE-2026-42217 CVE-2026-42502
                        CVE-2026-42506 CVE-2026-5450 CVE-2026-5928 
-----------------------------------------------------------------

The container rancher/elemental-operator was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 710
Released:    Wed May  6 14:43:17 2026
Summary:     Recommended update for python-hatchling
Type:        recommended
Severity:    moderate
References:  1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for python-hatchling fixes the following issues:

Changes in python-hatchling:

- Convert to libalternatives on SLE-16-based and newer systems only

-----------------------------------------------------------------
Advisory ID: 750
Released:    Fri May 15 10:14:43 2026
Summary:     Security update for openexr
Type:        security
Severity:    important
References:  1251679,1260277,1264353,1264354,1264356,1265921,1266789,1267168,1267197,CVE-2025-58190,CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-33186,CVE-2026-33814,CVE-2026-39821,CVE-2026-41142,CVE-2026-42216,CVE-2026-42217,CVE-2026-42502,CVE-2026-42506
This update for openexr fixes the following issues

- CVE-2026-41142: integer overflow in `ImageChannel: resize` can lead to a heap out-of-bounds write via OpenEXRUtil
  public API (bsc#1264356).
- CVE-2026-42216: missing checks in `IDManifest: init()` can lead to out-of-bounds read during prefix expansion
  (bsc#1264354).
- CVE-2026-42217: missing bounds check for shift counter in `readVariableLengthInteger` can lead to shift exponent
  overflow and cause undefined behavior (bsc#1264353).


The following package changes have been done:

- compat-usrmerge-tools-84.87-3.1 added
- elemental-operator-1.6.11-1.1 added
- system-user-root-20190513-2.208 added
- filesystem-84.87-5.2 added
- glibc-2.38-13.1 added
- libtasn1-6-4.19.0-5.1 added
- libpcre2-8-0-10.42-2.179 added
- libgmp10-6.3.0-1.119 added
- libgcc_s1-13.3.0+git8781-2.1 added
- libffi8-3.4.4-3.1 added
- libcap2-2.69-3.1 added
- libattr1-2.5.1-3.1 added
- libacl1-2.3.1-3.1 added
- libselinux1-3.5-3.1 added
- libstdc++6-13.3.0+git8781-2.1 added
- libp11-kit0-0.25.3-1.6 added
- libncurses6-6.4.20240224-11.1 added
- terminfo-base-6.4.20240224-11.1 added
- p11-kit-0.25.3-1.6 added
- p11-kit-tools-0.25.3-1.6 added
- libreadline8-8.2-2.180 added
- bash-5.2.15-3.1 added
- bash-sh-5.2.15-3.1 added
- coreutils-9.4-5.1 added
- ca-certificates-2+git20230406.2dae8b7-3.1 added
- ca-certificates-mozilla-2.84-1.1 added
- container:suse-toolbox-image-1.0.0-9.125 added
- container:bci-bci-base-16.0-09f3129e830182403f5e00e5fb1ca84ff076335d4cadda06876d3a45324be0f3-0 removed


More information about the sle-container-updates mailing list