SUSE-CU-2026:4704-1: Security update of rancher/elemental-operator

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu May 7 07:17:01 UTC 2026 

SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:4704-1
Container Tags        : rancher/elemental-operator:1.6.10 , rancher/elemental-operator:1.6.10-9.48
Container Release     : 9.48
Severity              : important
Type                  : security
References            : 1238724 1246965 1249147 1250410 1251213 1256766 1256822 1256876
                        1256878 1256880 1257005 1257111 1258002 1259271 1259924 1260078
                        1260082 1261809 1262216 CVE-2025-11187 CVE-2025-15281 CVE-2025-15467
                        CVE-2025-15468 CVE-2025-69720 CVE-2025-8058 CVE-2025-9230 CVE-2026-0861
                        CVE-2026-0915 CVE-2026-40706 CVE-2026-4437 CVE-2026-4438 CVE-2026-4878
-----------------------------------------------------------------

The container rancher/elemental-operator was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 597
Released:    Thu Feb 26 12:33:53 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1246965,1256766,1256822,1257005,CVE-2025-15281,CVE-2025-8058,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:

- CVE-2026-0861: inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: uninitialized memory may cause the process abort (bsc#1257005).
- CVE-2025-8058: a malloc failure in regcomp function can lead to a double free (bsc#1246965).


-----------------------------------------------------------------
Advisory ID: 604
Released:    Wed Mar  4 09:37:59 2026
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    moderate
References:  1238724,1249147,1251213,1257111,1258002
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.84 state of Mozilla SSL root CAs (bsc#1258002)

  - Removed:
    - Baltimore CyberTrust Root
    - CommScope Public Trust ECC Root-01
    - CommScope Public Trust ECC Root-02
    - CommScope Public Trust RSA Root-01
    - CommScope Public Trust RSA Root-02
    - DigiNotar Root CA

  - Added: 
    - e-Szigno TLS Root CA 2023
    - OISTE Client Root ECC G1
    - OISTE Client Root RSA G1
    - OISTE Server Root ECC G1
    - OISTE Server Root RSA G1
    - SwissSign RSA SMIME Root CA 2022 - 1
    - SwissSign RSA TLS Root CA 2022 - 1
    - TrustAsia SMIME ECC Root CA
    - TrustAsia SMIME RSA Root CA
    - TrustAsia TLS ECC Root CA
    - TrustAsia TLS RSA Root CA

-----------------------------------------------------------------
Advisory ID: 659
Released:    Thu Apr  9 13:02:01 2026
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1260078,1260082,1262216,CVE-2026-40706,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

-----------------------------------------------------------------
Advisory ID: 675
Released:    Mon Apr 20 14:43:53 2026
Summary:     Security update for libcap
Type:        security
Severity:    important
References:  1250410,1256876,1256878,1256880,1259271,1261809,CVE-2025-11187,CVE-2025-15467,CVE-2025-15468,CVE-2025-9230,CVE-2026-4878
This update for libcap fixes the following issues:

- CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in
  `cap_set_file()` (bsc#1261809).

-----------------------------------------------------------------
Advisory ID: 681
Released:    Tue Apr 21 10:57:05 2026
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1259924,CVE-2025-69720
This update for ncurses fixes the following issue:

- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).


The following package changes have been done:

- compat-usrmerge-tools-84.87-3.1 added
- elemental-operator-1.6.10-1.1 added
- system-user-root-20190513-2.208 added
- filesystem-84.87-5.2 added
- glibc-2.38-12.1 added
- libtasn1-6-4.19.0-5.1 added
- libpcre2-8-0-10.42-2.179 added
- libgmp10-6.3.0-1.119 added
- libgcc_s1-13.3.0+git8781-2.1 added
- libffi8-3.4.4-3.1 added
- libcap2-2.69-3.1 added
- libattr1-2.5.1-3.1 added
- libacl1-2.3.1-3.1 added
- libselinux1-3.5-3.1 added
- libstdc++6-13.3.0+git8781-2.1 added
- libp11-kit0-0.25.3-1.6 added
- libncurses6-6.4.20240224-11.1 added
- terminfo-base-6.4.20240224-11.1 added
- p11-kit-0.25.3-1.6 added
- p11-kit-tools-0.25.3-1.6 added
- libreadline8-8.2-2.180 added
- bash-5.2.15-3.1 added
- bash-sh-5.2.15-3.1 added
- coreutils-9.4-5.1 added
- ca-certificates-2+git20230406.2dae8b7-3.1 added
- ca-certificates-mozilla-2.84-1.1 added
- container:suse-toolbox-image-1.0.0-9.105 added
- container:bci-bci-base-16.0-6dac57506c189189476aff26919b9d9bd02d27b746266a8ef6fcadfa1d47a922-0 removed

More information about the sle-container-updates mailing list