#1140385 containerd: CVE-2026-50195 CVE-2026-53488 CVE-2026-53492 CVE-2026-53489 CVE-2026-47262

Package:
src:containerd
Source:
src:containerd
Submitter:
Salvatore Bonaccorso
Date:
2026-06-19 17:51:01 UTC
Severity:
normal
Tags:
#1140385#5
Date:
2026-06-19 12:35:07 UTC
From:
To:
Hi,

The following vulnerabilities were published for containerd.

CVE-2026-50195[0], CVE-2026-53488[1], CVE-2026-53492[2],
CVE-2026-53489[3] and CVE-2026-47262[4].

They are described in the post in [5] and have references to the
GHSA's.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-50195
https://www.cve.org/CVERecord?id=CVE-2026-50195
[1] https://security-tracker.debian.org/tracker/CVE-2026-53488
https://www.cve.org/CVERecord?id=CVE-2026-53488
[2] https://security-tracker.debian.org/tracker/CVE-2026-53492
https://www.cve.org/CVERecord?id=CVE-2026-53492
[3] https://security-tracker.debian.org/tracker/CVE-2026-53489
https://www.cve.org/CVERecord?id=CVE-2026-53489
[4] https://security-tracker.debian.org/tracker/CVE-2026-47262
https://www.cve.org/CVERecord?id=CVE-2026-47262
[5] https://www.openwall.com/lists/oss-security/2026/06/19/2

Regards,
Salvatore
#1140385#10
Date:
2026-06-19 17:49:15 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
containerd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1140385@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated containerd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 19 Jun 2026 13:29:03 -0400
Source: containerd
Architecture: source
Version: 2.1.9+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 1136486 1140385
Changes:
 containerd (2.1.9+ds1-1) unstable; urgency=medium
 .
   * New upstream release
   * Address CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-
     53489, and CVE-2026-47262. (Closes: #1140385)
   * Fix lintian copyright warnings (DEP-5 formatting).
   * Override containerd-shim-runc-v2 no-manual-page warning.
   * Add procps to integration and cri-integration test dependencies.
     (Closes: #1136486)
   * Bump Standards version
Checksums-Sha1:
 6cc578e9165ae7bc936352fd9d283b3da14c7222 5859 containerd_2.1.9+ds1-1.dsc
 8b30b40688088511ab59194090a4767cbbf1a086 1767768 containerd_2.1.9+ds1.orig.tar.xz
 437093b78cdb2baf24e03dd9374d87a06ebeaaf1 797096 containerd_2.1.9+ds1-1.debian.tar.xz
 6390bad0796c84d81b87f24297b50a3253f1a506 15429912 containerd_2.1.9+ds1-1.git.tar.xz
 a996779dd558c7e6a8eef9381cb25fa0ac3c3ee6 17516 containerd_2.1.9+ds1-1_source.buildinfo
Checksums-Sha256:
 d2416f9f98973edcb4f47c08abe7859f58b5090486a03177750607d323ee6602 5859 containerd_2.1.9+ds1-1.dsc
 ac1b1f90e9f56a8980b20bf610d401c77232ba1eb240b5570fcad36df760eb3e 1767768 containerd_2.1.9+ds1.orig.tar.xz
 6b57cea6020f1e75746c7aa7effc38b60e53acca537c6a8d2d9fc27ea283c1bc 797096 containerd_2.1.9+ds1-1.debian.tar.xz
 81c1a90b7fdd9deffeebce641c3f71e2df0641a8e2b270ff84534716817d6d3b 15429912 containerd_2.1.9+ds1-1.git.tar.xz
 c8dc56aa5ebed731e96ee86ce4ceb7cc85a44bae98b8794b41360217aa333ab0 17516 containerd_2.1.9+ds1-1_source.buildinfo
Files:
 0d81f6d60b6dfcb131245ca1d9e3c3a1 5859 admin optional containerd_2.1.9+ds1-1.dsc
 54826a5729b9b9126de724544d416d34 1767768 admin optional containerd_2.1.9+ds1.orig.tar.xz
 c726c6d759c49dadadc70ec6ebc969ec 797096 admin optional containerd_2.1.9+ds1-1.debian.tar.xz
 e450a48c184b1142c8a1dddfb2a52c72 15429912 admin None containerd_2.1.9+ds1-1.git.tar.xz
 c559d472b01f8655ade2e767ab8fa936 17516 admin optional containerd_2.1.9+ds1-1_source.buildinfo
Git-Tag-Info: tag=1b479671e981b259a4571cd3f4d1d3086cba4a96 fp=30de7d1763ab9452c7e0825049a76977942826cb
Git-Tag-Tagger: Reinhard Tartler <siretart@tauware.de>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmo1fNIACgkQYG0ITkaD
wHlIBhAAy+aT9JtjQlLjE+oqbXC+3532Ov2bx/xxSyHGKE0Behmu7c0lHkV6cPtj
HxT0mG+UWfJYQ7N2c9XTg4bdCgS+FNBP4Sc17fAJCKhusG/fiH1wlum82Uawy+AA
S6XImrY2y8sIidJUBuXjdoUlrURDCUPstnMRgC86kvTHUPPAW0DaNH/hPchonhD1
zUI9VVz3XQBrpEc3EmfTVo9IHKl0lnCnDVa5b/Q8SJVL6+GFFwmUpzZC2SIgdUzg
sTYxxM5485dT8bHl1mt8J+M7Rv/2PXwH0XyR8nR8JYuGz30BT9EPC2pcinjtSIYr
YRVycdTzKoS2T05dgf8VSICvCE8dakwPtIy2nnRLi6q8NjeVTP01zafC0ZVtskcc
nDu2AEVFisoihoASAYj8bBVWAFR5rb4/AvJvsraT9Q0LEtVYBMTPMq6RrkInLh5g
YUG7xsQvAvQzBw4UswTVSPZ/RL83q2BJ2JsxIw34LhN1wXfmJLgeUjEo78kFMrOI
jmmrjwJEHrU8dad3tWxPp8IEVhJL1HabEIT54gn7azXB/HN192uxoG312jNunNgG
GtKJQnCtKEXzfQOwqo7FvMzTjVsxNGlLtV2P9eGlLeNCDh4baIhf4iZ6tcyXFRaL
ZMxKF1O7LAEjUabl1DCk+pDYJtXqSjJ8F7VLS0HWSwGJVtQsBBI=
=YQA4
-----END PGP SIGNATURE-----