{"schema_version":"1.7.2","id":"OESA-2026-2893","modified":"2026-07-09T12:49:34Z","published":"2026-07-09T12:49:34Z","upstream":["CVE-2026-47262","CVE-2026-53488"],"summary":"containerd security update","details":"containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability.  It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\n\ncontainerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.(CVE-2026-47262)\n\ncontainerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.(CVE-2026-53488)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"containerd","purl":"pkg:rpm/openEuler/containerd&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-225.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["containerd-1.2.0-225.oe2003sp4.aarch64.rpm"],"src":["containerd-1.2.0-225.oe2003sp4.src.rpm"],"x86_64":["containerd-1.2.0-225.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2893"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47262"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53488"}],"database_specific":{"severity":"High"}}
