SUSE-CU-2026:6168-1: Security update of rancher/elemental-operator
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jun 19 07:05:06 UTC 2026
SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6168-1
Container Tags : rancher/elemental-operator:1.8.2 , rancher/elemental-operator:1.8.2-5.6
Container Release : 5.6
Severity : important
Type : security
References : 1219458 1229069 1229272 1230007 1230596 1234027 1236282 1239718
1242170 1242827 1243935 1246504 1247074 1252025 1253177 1253178
1253193 1255111 1256341 1256436 1256766 1256822 1257005 1258002
1258319 1259051 1259706 1259842 1260078 1260082 1260876 1261206
1261639 1261809 1262223 1262464 1262465 1263254 CVE-2023-31315
CVE-2025-0395 CVE-2025-13151 CVE-2025-15281 CVE-2025-4598 CVE-2025-59777
CVE-2025-62689 CVE-2026-0861 CVE-2026-0915 CVE-2026-28417 CVE-2026-34073
CVE-2026-4046 CVE-2026-41035 CVE-2026-41066 CVE-2026-4437 CVE-2026-4438
CVE-2026-4878 CVE-2026-5450 CVE-2026-5928
-----------------------------------------------------------------
The container rancher/elemental-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 218
Released: Thu Jan 29 18:44:57 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1219458,1229069,1229272,1230007,1230596,1234027,1236282,1242827,1243935,1247074,1256436,1256766,1256822,1257005,CVE-2023-31315,CVE-2025-0395,CVE-2025-15281,CVE-2025-4598,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)
-----------------------------------------------------------------
Advisory ID: 484
Released: Tue Apr 7 16:33:05 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1242170,1256341,1260876,CVE-2025-13151,CVE-2026-34073
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in
`asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: 516
Released: Fri Apr 10 08:36:43 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1239718,1246504,1252025,1253193,1258319,1259706,1259842,1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
Other fixes:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).
-----------------------------------------------------------------
Advisory ID: 531
Released: Sat Apr 11 10:22:09 2026
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1253177,1253178,1258002,1263254,CVE-2025-59777,CVE-2025-62689,CVE-2026-41066
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.84 state (bsc#1258002):
* Removed:
+ Baltimore CyberTrust Root
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ DigiNotar Root CA
* Added:
+ e-Szigno TLS Root CA 2023
+ OISTE Client Root ECC G1
+ OISTE Client Root RSA G1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
+ SwissSign RSA SMIME Root CA 2022 - 1
+ SwissSign RSA TLS Root CA 2022 - 1
+ TrustAsia SMIME ECC Root CA
+ TrustAsia SMIME RSA Root CA
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
-----------------------------------------------------------------
Advisory ID: 625
Released: Wed Apr 22 12:22:37 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1259051,1261809,CVE-2026-28417,CVE-2026-4878
This update for libcap fixes the following issues:
- CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in
`cap_set_file()` (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: 708
Released: Wed May 6 12:44:56 2026
Summary: Recommended update for libselinux
Type: recommended
Severity: moderate
References: 1261639,1262223,CVE-2026-41035
This update for libselinux fixes the following issues:
- Backport commit 'libselinux: retain LIFO order for path substitutions' (bsc#1261639)
* otherwise we can not add equivalencies that overload each other in the policy
* libselinux: retain LIFO order for path substitutions
-----------------------------------------------------------------
Advisory ID: 761
Released: Mon May 18 07:38:10 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1255111,1261206,1262464,1262465,CVE-2026-4046,CVE-2026-5450,CVE-2026-5928
This update for glibc fixes the following issues
- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).
The following package changes have been done:
- compat-usrmerge-tools-84.87-160000.2.2 updated
- elemental-operator-1.8.2-160000.1.2 updated
- system-user-root-20190513-160000.2.2 updated
- filesystem-84.87-160000.2.2 updated
- glibc-2.40-160000.5.1 updated
- terminfo-base-6.5.20250531-160000.2.2 updated
- libncurses6-6.5.20250531-160000.2.2 updated
- libtasn1-6-4.21.0-160000.1.1 updated
- libpcre2-8-0-10.45-160000.3.1 updated
- libgmp10-6.3.0-160000.2.2 updated
- libffi8-3.4.6-160000.2.2 updated
- libcap2-2.73-160000.3.1 updated
- libattr1-2.5.2-160000.2.2 updated
- libacl1-2.3.2-160000.2.2 updated
- libreadline8-8.2.13-160000.2.2 updated
- libselinux1-3.8.1-160000.3.1 updated
- libp11-kit0-0.25.5-160000.2.2 updated
- bash-5.2.37-160000.2.2 updated
- bash-sh-5.2.37-160000.2.2 updated
- p11-kit-0.25.5-160000.2.2 updated
- p11-kit-tools-0.25.5-160000.2.2 updated
- coreutils-9.6-160000.2.2 updated
- ca-certificates-2+git20240805.fd24d50-160000.2.2 updated
- ca-certificates-mozilla-2.84-160000.1.1 updated
- container:bci-bci-base-16.0-3327ce232ff17c6439252dbc165087dc6d05ddfe3a2cb938ebfc3785c4d4bc75-0 added
- container:suse-toolbox-image-1.0.0-5.68 removed
- libgcc_s1-14.3.0+git11799-slfo.1.1_1.1 removed
- libstdc++6-14.3.0+git11799-slfo.1.1_1.1 removed
More information about the sle-container-updates
mailing list