{"affected":[{"ecosystem_specific":{"binaries":[{"elemental-register":"1.7.4-slfo.1.1_1.1","elemental-support":"1.7.4-slfo.1.1_1.1","elemental-toolkit":"2.2.7-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"elemental-operator","purl":"pkg:rpm/suse/elemental-operator&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.7.4-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"elemental-register":"1.7.4-slfo.1.1_1.1","elemental-support":"1.7.4-slfo.1.1_1.1","elemental-toolkit":"2.2.7-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"elemental-toolkit","purl":"pkg:rpm/suse/elemental-toolkit&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.7-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for elemental-toolkit, elemental-operator fixes the following issues:\n\nelemental-operator:\n\n  - Update to v1.7.4:\n\n    * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n               This bump includes few CVE fixes:\n               * bsc#1241826 (CVE-2025-22872)\n               * bsc#1241857 (CVE-2025-22872)\n               * bsc#1251511 (CVE-2025-47911)\n               * bsc#1251679 (CVE-2025-58190)\n    * Install yip config files in before-install step\n    * Revert \"Do not delete ManagedOSVersions by default\"\n    * Set default channel variable names consistent with OS version\n    * Do not delete ManagedOSVersions by default\n    * Include -channel suffix to channel names\n    * OS channel: enable baremetal channel by default\n\nelemental-toolkit:\n\n  - Update to v2.2.7:\n\n    * Bump toolkit build to go 1.24\n    * Bump golang.org/x/crypto library\n               This bumg includes few CVE fixes:\n                * bsc#1241826 (CVE-2025-22872)\n                * bsc#1241857 (CVE-2025-22872)\n                * bsc#1251511 (CVE-2025-47911)\n                * bsc#1251679 (CVE-2025-58190)\n                * bsc#1253581 (CVE-2025-47913)\n                * bsc#1253901 (CVE-2025-58181)\n                * bsc#1254079 (CVE-2025-47914)\n\n  - Update to v2.2.5:\n\n    * Permissive mode for green selinux\n    * Adapt code and unit tests\n    * Minor change to lookup devices using blkid\n\n","id":"SUSE-SU-2026:20357-1","modified":"2026-01-15T09:23:45Z","published":"2026-01-15T09:23:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620357-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241826"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241857"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251511"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251679"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253581"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253901"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254079"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47914"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58190"}],"related":["CVE-2025-22872","CVE-2025-47911","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181","CVE-2025-58190"],"summary":"Security update for elemental-toolkit, elemental-operator","upstream":["CVE-2025-22872","CVE-2025-47911","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181","CVE-2025-58190"]}