OESA-2026-2893

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2893
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2893.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2026-2893
Upstream
Published
2026-07-09T12:49:34Z
Modified
2026-07-09T13:00:10.293322645Z
Summary
containerd security update
Details

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.

Security Fix(es):

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.(CVE-2026-47262)

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.(CVE-2026-53488)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / containerd

Package

Name
containerd
Purl
pkg:rpm/openEuler/containerd&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-225.oe2003sp4

Ecosystem specific

{
    "src": [
        "containerd-1.2.0-225.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "containerd-1.2.0-225.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "containerd-1.2.0-225.oe2003sp4.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2893.json"