SUSE-SU-2026:20357-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-202620357-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20357-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:20357-1
- Upstream
- Related
- Published
- 2026-01-15T09:23:45Z
- Modified
- 2026-03-11T07:31:46.692222Z
- Summary
- Security update for elemental-toolkit, elemental-operator
- Details
-
This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
Update to v1.7.4:
- Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes few CVE fixes:
- bsc#1241826 (CVE-2025-22872)
- bsc#1241857 (CVE-2025-22872)
- bsc#1251511 (CVE-2025-47911)
- bsc#1251679 (CVE-2025-58190)
- Install yip config files in before-install step
- Revert "Do not delete ManagedOSVersions by default"
- Set default channel variable names consistent with OS version
- Do not delete ManagedOSVersions by default
- Include -channel suffix to channel names
- OS channel: enable baremetal channel by default
- Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes few CVE fixes:
elemental-toolkit:
Update to v2.2.7:
- Bump toolkit build to go 1.24
- Bump golang.org/x/crypto library
This bumg includes few CVE fixes:
- bsc#1241826 (CVE-2025-22872)
- bsc#1241857 (CVE-2025-22872)
- bsc#1251511 (CVE-2025-47911)
- bsc#1251679 (CVE-2025-58190)
- bsc#1253581 (CVE-2025-47913)
- bsc#1253901 (CVE-2025-58181)
- bsc#1254079 (CVE-2025-47914)
Update to v2.2.5:
- Permissive mode for green selinux
- Adapt code and unit tests
- Minor change to lookup devices using blkid
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-202620357-1/
- https://bugzilla.suse.com/1241826
- https://bugzilla.suse.com/1241857
- https://bugzilla.suse.com/1251511
- https://bugzilla.suse.com/1251679
- https://bugzilla.suse.com/1253581
- https://bugzilla.suse.com/1253901
- https://bugzilla.suse.com/1254079
- https://www.suse.com/security/cve/CVE-2025-22872
- https://www.suse.com/security/cve/CVE-2025-47911
- https://www.suse.com/security/cve/CVE-2025-47913
- https://www.suse.com/security/cve/CVE-2025-47914
- https://www.suse.com/security/cve/CVE-2025-58181
- https://www.suse.com/security/cve/CVE-2025-58190
Affected packages
SUSE:Linux Micro 6.1 / elemental-operator
Package
- Name
- elemental-operator
- Purl
- pkg:rpm/suse/elemental-operator&distro=SUSE%20Linux%20Micro%206.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.4-slfo.1.1_1.1
SUSE:Linux Micro 6.1 / elemental-toolkit
Package
- Name
- elemental-toolkit
- Purl
- pkg:rpm/suse/elemental-toolkit&distro=SUSE%20Linux%20Micro%206.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.7-slfo.1.1_1.1