Security updates¶
This page lists the list of fixed CVEs for this release.
List of fixed CVEs¶
The following table lists the Common Vulnerabilities and Exposures (CVE) fixes included in this release.
| CVE number | Bug IDs | Image names | Package name |
|---|---|---|---|
| CVE-2025-0167 | 2289133 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-10148 | 2289149 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-11563 | 2289161 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-13034 | 2289181 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-14017 | 2289197 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-14524 | 2289201 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-14819 | 2289205 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-15079 | 2289209 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-15224 | 2289213 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2025-31648 | 2289249 | HostOS | intel-microcode |
| CVE-2025-61984 | 2289293 | HostOS | openssh-client, openssh-server, openssh-sftp-server |
| CVE-2025-61985 | 2289297 | HostOS | openssh-client, openssh-server, openssh-sftp-server |
| CVE-2025-7519 | 2289317 | HostOS | libpolkit-agent-1-0, libpolkit-gobject-1-0, polkitd |
| CVE-2025-9086 | 2289325 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2026-0994 | 2289341 | HostOS | libprotobuf32t64, libprotoc32t64 |
| CVE-2026-1519 | 2289349 | HostOS | bind9-dnsutils, bind9-host, bind9-libs |
| CVE-2026-1965 | 2289357 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2026-22184 | 2277997, 2278093, 2278225, 2278297, 2278393, 2278441, 2278505, 2278637 | clickhouse, curl, postgresql, vault, vault-unsealer, victoriametrics, vmagent, vmalert | zlib |
| CVE-2026-23865 | 2289365 | HostOS | libfreetype6 |
| CVE-2026-25679 | 2278001, 2278301, 2278641, 2278781 | baseos, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-25749 | 2289373 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-26007 | 2289377 | HostOS | python3-cryptography |
| CVE-2026-26269 | 2289381 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-2673 | 2278069, 2278129, 2278369, 2278429, 2278617, 2278709, 2289385 | HostOS, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-27137 | 2278005, 2278305, 2278645 | victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-27138 | 2278073, 2278373, 2278713 | victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-27139 | 2278077, 2278377, 2278717, 2278829 | baseos, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-27142 | 2278029, 2278329, 2278669, 2278797 | baseos, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-27171 | 2278033, 2278105, 2278253, 2278333, 2278405, 2278465, 2278577, 2278673 | clickhouse, curl, postgresql, vault, vault-unsealer, victoriametrics, vmagent, vmalert | zlib |
| CVE-2026-27456 | 2278581 | postgresql | libuuid |
| CVE-2026-28387 | 2278081, 2278133, 2278381, 2278433, 2278625, 2278721, 2278833, 2289397 | HostOS, baseos, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-28388 | 2278037, 2278109, 2278337, 2278409, 2278585, 2278677, 2278837, 2289401 | HostOS, baseos, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-28389 | 2278041, 2278113, 2278341, 2278413, 2278589, 2278681, 2278841, 2289405 | HostOS, baseos, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-28390 | 2278009, 2278097, 2278309, 2278397, 2278513, 2278649, 2278845, 2289409 | HostOS, baseos, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-28417 | 2289413 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-28418 | 2289417 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-28419 | 2289421 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-28420 | 2289425 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-28421 | 2289429 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-28422 | 2289433 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-29111 | 2278801, 2289437 | HostOS, baseos | libpam-systemd, libsystemd-shared, libsystemd0, libudev1, systemd, systemd-dev, systemd-resolved, systemd-sysv, udev |
| CVE-2026-3104 | 2289441 | HostOS | bind9-dnsutils, bind9-host, bind9-libs |
| CVE-2026-3119 | 2289445 | HostOS | bind9-dnsutils, bind9-host, bind9-libs |
| CVE-2026-31789 | 2278045, 2278117, 2278345, 2278417, 2278593, 2278685, 2278849, 2289449 | HostOS, baseos, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-31790 | 2278049, 2278121, 2278349, 2278421, 2278597, 2278689, 2278805, 2289453 | HostOS, baseos, clickhouse, curl, postgresql, victoriametrics, vmagent, vmalert | libcrypto3, libssl3t64, openssl |
| CVE-2026-32249 | 2289457 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-32280 | 2278013, 2278137, 2278193, 2278313, 2278653, 2278785 | baseos, linkerd-proxy, linkerd-proxy-init, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-32281 | 2278053, 2278145, 2278201, 2278353, 2278693, 2278809 | baseos, linkerd-proxy, linkerd-proxy-init, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-32282 | 2278017, 2278141, 2278197, 2278317, 2278657, 2278789 | baseos, linkerd-proxy, linkerd-proxy-init, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-32283 | 2278085, 2278161, 2278217, 2278385, 2278725, 2278853 | baseos, linkerd-proxy, linkerd-proxy-init, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-32286 | 2278233, 2278445 | vault, vault-unsealer | github.com/jackc/pgproto3/v2 |
| CVE-2026-32288 | 2278057, 2278149, 2278205, 2278357, 2278697, 2278813 | baseos, linkerd-proxy, linkerd-proxy-init, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-32289 | 2278061, 2278153, 2278209, 2278361, 2278701, 2278817 | baseos, linkerd-proxy, linkerd-proxy-init, victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-32597 | 2289461 | HostOS | python3-jwt |
| CVE-2026-33186 | 2278221, 2278437 | vault, vault-unsealer | google.golang.org/grpc |
| CVE-2026-33412 | 2289465 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-33810 | 2278021, 2278321, 2278661 | victoriametrics, vmagent, vmalert | stdlib |
| CVE-2026-33997 | 2278273, 2278469 | vault, vault-unsealer | github.com/docker/docker |
| CVE-2026-34040 | 2278237, 2278449 | vault, vault-unsealer | github.com/docker/docker |
| CVE-2026-3497 | 2289469 | HostOS | openssh-client, openssh-server, openssh-sftp-server |
| CVE-2026-34982 | 2289473 | HostOS | vim, vim-common, vim-runtime, vim-tiny, xxd |
| CVE-2026-34986 | 2278173, 2278241, 2278453 | otel-collector, vault, vault-unsealer | github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4 |
| CVE-2026-35206 | 2278189, 2278389 | linkerd-controller, linkerd-policy-controller | helm.sh/helm/v3 |
| CVE-2026-3591 | 2289477 | HostOS | bind9-dnsutils, bind9-host, bind9-libs |
| CVE-2026-3731 | 2289481 | HostOS | libssh-4 |
| CVE-2026-3783 | 2289485 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2026-3784 | 2289489 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2026-3805 | 2289493 | HostOS | curl, libcurl3t64-gnutls, libcurl4t64 |
| CVE-2026-39883 | 2278245, 2278457 | vault, vault-unsealer | go.opentelemetry.io/otel/sdk |
| CVE-2026-40200 | 2278025, 2278101, 2278325, 2278401, 2278461, 2278525, 2278665 | clickhouse, curl, postgresql, vault-unsealer, victoriametrics, vmagent, vmalert | musl |
| CVE-2026-4878 | 2278277, 2278473, 2289497 | HostOS, vault, vault-unsealer | libcap, libcap2, libcap2-bin |
| CVE-2026-4897 | 2289501 | HostOS | libpolkit-agent-1-0, libpolkit-gobject-1-0, polkitd |
| CVE-2026-6042 | 2278065, 2278125, 2278365, 2278425, 2278477, 2278613, 2278705 | clickhouse, curl, postgresql, vault-unsealer, victoriametrics, vmagent, vmalert | musl |
| GHSA-XMRV-PMRH-HHX2 | 2278285, 2278481 | vault, vault-unsealer | github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream |