SUSE-SU-2026:22050-1: important: Security update for elemental-register
SLE-SECURITY-UPDATES
null at suse.de
Tue Jun 9 20:30:43 UTC 2026
# Security update for elemental-register
Announcement ID: SUSE-SU-2026:22050-1
Release Date: 2026-06-08T14:20:14Z
Rating: important
References:
* bsc#1251679
* bsc#1260277
* bsc#1265921
* bsc#1266789
* bsc#1267168
* bsc#1267197
Cross-References:
* CVE-2026-33186
CVSS scores:
* CVE-2026-33186 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* SUSE Linux Micro 6.2
An update that solves one vulnerability and has five fixes can now be installed.
## Description:
This update for elemental-register fixes the following issue
* CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper
validation of the HTTP/2: path pseudo- header (bsc#1260277).
Changes:
* Update to v1.9.2:
* 71d1fb9c Local node labels (#984)
* ce6acda9 Bump golang.org/x/net to v0.55.0 includes fixes for:
* bsc#1266789 bsc#1265921 bsc#1267197 bsc#1267168 bsc#1251679
* 060958b7 Bump golangci/golangci-lint-action
* 3b4b6699 use a real UUID for the machine registration ID
* d33faa01 Bump google.golang.org/grpc library (bsc#1260277 CVE-2026-33186)
* 6dceb411 Deterministic endpoints for MachineRegistrations (#975)
* Update to v1.9.1:
* b42116d4 Ensure the machine inventory selector keeps looking for a match
* Update to v1.9.0:
* Update to v1.9.0-rc1:
* 9952ebe1 Update libraries based on dependency scan
* 5e128c5d Adapt OBS packages to a 1.9 version to coexist with 1.8 version
* f88219af Fix cluster api version in test environment
* ad937279 Run 'make generate' to recreate generated code and vendor folder
* 15bb505f Bump to cluster API libraries to v1.12.x
* 63369022 Bump test environment tools in Makefile
* 7b464802 Run 'make vendor' to recreate vendor folder
* 879b3464 Bump yip
* aeda10ac Fix unit tests after bumping libraries
* 33dcb61a Run 'make vendor' to recreate vendor folder
* 0ccd96af Bump wrangler from v2 to v3
* ff0190c4 Run 'make generate' to renew all generated code and config files
* b28d2f08 Bump controller generator to version 0.19
* 0bf7dc32 Update controller runtime options
* 549e720d Run 'make vendor' to recreate vendor folder
* 3f0f27e0 Updated cluster-api, steve, rancher/apis, client-go and k8s/api to
the level they were at rancher v2.13
* 49ebf0b7 Update headers to 2026
* fd13ba92 Update questions to include SL Micro 6.2
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.2
zypper in -t patch SUSE-SL-Micro-6.2-902=1
## Package List:
* SUSE Linux Micro 6.2 (aarch64 x86_64)
* elemental-register-1.9.2-160000.1.1
* elemental-support-1.9.2-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251679
* https://bugzilla.suse.com/show_bug.cgi?id=1260277
* https://bugzilla.suse.com/show_bug.cgi?id=1265921
* https://bugzilla.suse.com/show_bug.cgi?id=1266789
* https://bugzilla.suse.com/show_bug.cgi?id=1267168
* https://bugzilla.suse.com/show_bug.cgi?id=1267197
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260609/601bcc22/attachment.htm>
More information about the sle-security-updates
mailing list