Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2026:20132-1

Опубликовано: 29 янв. 2026
Источник: suse-cvrf

Описание

Security update for elemental-register, elemental-toolkit

This update for elemental-register, elemental-toolkit fixes the following issues:

elemental-register was updated to 1.8.1:

Changes on top of v1.8.1:

  • Update headers to 2026
  • Update questions to include SL Micro 6.2

Update to v1.8.1:

  • Install yip config files in before-install step
  • Bump github.com/rancher-sandbox/go-tpm and its dependencies This includes few CVE fixes:
    • bsc#1241826 (CVE-2025-22872)
    • bsc#1241857 (CVE-2025-22872)
    • bsc#1251511 (CVE-2025-47911)
    • bsc#1251679 (CVE-2025-58190)

elemental-toolkit was updated to v2.3.2:

  • Bump golang.org/x/crypto library This includes few CVE fixes:
    • bsc#1241826 (CVE-2025-22872)
    • bsc#1241857 (CVE-2025-22872)
    • bsc#1251511 (CVE-2025-47911)
    • bsc#1251679 (CVE-2025-58190)
    • bsc#1253581 (CVE-2025-47913)
    • bsc#1253901 (CVE-2025-58181)
    • bsc#1254079 (CVE-2025-47914)

Список пакетов

openSUSE Leap 16.0
elemental-register-1.8.1-160000.1.1
elemental-support-1.8.1-160000.1.1
elemental-toolkit-2.3.2-160000.1.1

Ссылки

Описание

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

Затронутые продукты
openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1
Ссылки

Описание

unknown

Затронутые продукты
openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1
Ссылки

Описание

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Затронутые продукты
openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1
Ссылки

Описание

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Затронутые продукты
openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1
Ссылки

Описание

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Затронутые продукты
openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1
Ссылки

Описание

unknown

Затронутые продукты
openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1
openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1
Ссылки