PostgreSQL 16

locked

Full version: 16.11 Analyzed: 2026-02-12

Size Reduction 50% 458.0 MB to 230.8 MB (227.2 MB saved)

Component Reduction 67% 146 to 48 packages (98 removed)

Vulnerability Reduction 98% 55 to 1 vulnerabilities (54 eliminated)

Image Comparison

Property	upstream	locked
Image	docker.io/library/postgres:16.11	ghcr.io/armorred/postgresql:16.11-locked
Size	458.0 MB	230.8 MB
Layers	14	53
Components	146	48
Vulnerabilities	55	1
Runtime User	root	999:999

Vulnerability Analysis

upstream 55 total

1critical

10high

21medium

6low

locked 1 total

1high

Upstream vulnerability details (55)

CVE ID	Severity	Package	Version	Fixed In
DEBIAN-CVE-2011-3374	low	apt	3.0.3	unfixed
DEBIAN-CVE-2022-3715	high	bash	5.2.37-2+b7	5.2-1
DEBIAN-CVE-2016-2781	medium	coreutils	9.7-3	9.4-1
DEBIAN-CVE-2017-18018	medium	coreutils	9.7-3	unfixed
DEBIAN-CVE-2025-5278	medium	coreutils	9.7-3	unfixed
DEBIAN-CVE-2025-6297	high	dpkg	1.22.21	1.22.21
DEBIAN-CVE-2018-6829	high	libgcrypt20	1.11.0-7	unfixed
DEBIAN-CVE-2021-33560	high	libgcrypt20	1.11.0-7	1.9.4-2
DEBIAN-CVE-2024-2236	medium	libgcrypt20	1.11.0-7	unfixed
DEBIAN-CVE-2025-13151	high	libtasn1-6	4.20.0-2	4.21.0-2
DEBIAN-CVE-2025-8732	low	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2025-9714	medium	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	2.9.10+dfsg-6.7+deb11u9
DEBIAN-CVE-2026-0989	low	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2026-0990	medium	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2026-0992	low	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2026-1757	medium	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2025-11187	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-15467	critical	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-15468	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-15469	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-27587	medium	openssl	3.5.4-1~deb13u2	3.5.0-1
DEBIAN-CVE-2025-66199	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-68160	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69418	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69419	high	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69420	high	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69421	high	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-9230	high	openssl	3.5.4-1~deb13u2	1.1.1w-0+deb11u4
DEBIAN-CVE-2025-9231	medium	openssl	3.5.4-1~deb13u2	3.5.1-1+deb13u1
DEBIAN-CVE-2025-9232	medium	openssl	3.5.4-1~deb13u2	3.0.17-1~deb12u3
DEBIAN-CVE-2026-22795	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2026-22796	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2011-4116	low	perl	5.40.1-6	unfixed
DEBIAN-CVE-2023-31486	high	perl	5.40.1-6	0.088-1
DEBIAN-CVE-2025-40909	medium	perl	5.40.1-6	5.36.0-7+deb12u3
DEBIAN-CVE-2023-4016	low	procps	2:4.0.4-9	2:4.0.4-1
GO-2025-4006	unknown	stdlib	1.24.6	1.24.8
GO-2025-4007	unknown	stdlib	1.24.6	1.24.9
GO-2025-4008	unknown	stdlib	1.24.6	1.24.8
GO-2025-4009	unknown	stdlib	1.24.6	1.24.8
GO-2025-4010	unknown	stdlib	1.24.6	1.24.8
GO-2025-4011	unknown	stdlib	1.24.6	1.24.8
GO-2025-4012	unknown	stdlib	1.24.6	1.24.8
GO-2025-4013	unknown	stdlib	1.24.6	1.24.8
GO-2025-4014	unknown	stdlib	1.24.6	1.24.8
GO-2025-4015	unknown	stdlib	1.24.6	1.24.8
GO-2025-4155	unknown	stdlib	1.24.6	1.24.11
GO-2025-4175	unknown	stdlib	1.24.6	1.24.11
GO-2026-4337	unknown	stdlib	1.24.6	1.24.13
GO-2026-4340	unknown	stdlib	1.24.6	1.24.12
GO-2026-4341	unknown	stdlib	1.24.6	1.24.12
GO-2026-4342	unknown	stdlib	1.24.6	1.24.12
DEBIAN-CVE-2005-2541	unknown	tar	1.35+dfsg-3.1	unfixed
DEBIAN-CVE-2022-0563	medium	util-linux	2.41-5	unfixed
DEBIAN-CVE-2025-14104	medium	util-linux	2.41-5	2.41.3-1

Locked vulnerability details (1)

CVE ID	Severity	Package	Version	Fixed In
OSV-2021-777	high	libxml2	2.13.8	unfixed

Software Bill of Materials

upstream components (146)

adduser 3.152
apt 3.0.3
base-files 13.8+deb13u3
base-passwd 3.6.7
bash 5.2.37-2+b7
bsdutils 1:2.41-5
coreutils 9.7-3
dash 0.5.12-12
debconf 1.5.91
debian-archive-keyring 2025.1
debianutils 5.23.2
diffutils 1:3.10-4
dirmngr 2.4.7-21+deb13u1+b1
dpkg 1.22.21
findutils 4.10.0-3
gcc-14-base 14.2.0-19
github.com/moby/sys/user v0.1.0
github.com/tianon/gosu v1.19.0
gnupg 2.4.7-21+deb13u1
gnupg-l10n 2.4.7-21+deb13u1
golang.org/x/sys v0.1.0
gpg 2.4.7-21+deb13u1+b1
gpg-agent 2.4.7-21+deb13u1+b1
gpgconf 2.4.7-21+deb13u1+b1
gpgsm 2.4.7-21+deb13u1+b1
grep 3.11-4
gzip 1.13-1
hostname 3.25
init-system-helpers 1.69~deb13u1
less 668-1
libacl1 2.3.2-2+b1
libapt-pkg7.0 3.0.3
libassuan9 3.0.2-2
libattr1 1:2.5.2-3
libaudit-common 1:4.0.2-2
libaudit1 1:4.0.2-2+b2
libblkid1 2.41-5
libbsd0 0.12.2-2
libbz2-1.0 1.0.8-6
libc-bin 2.41-12+deb13u1
libc-l10n 2.41-12+deb13u1
libc6 2.41-12+deb13u1
libcap-ng0 0.8.5-4+b1
libcap2 1:2.75-10+b3
libcom-err2 1.47.2-3+b7
libcrypt1 1:4.4.38-1
libdb5.3t64 5.3.28+dfsg2-9
libdebconfclient0 0.280
libedit2 3.1-20250104-1
libffi8 3.4.8-2
libgcc-s1 14.2.0-19
libgcrypt20 1.11.0-7
libgdbm-compat4t64 1.24-2
libgdbm6t64 1.24-2
libgmp10 2:6.3.0+dfsg-3
libgnutls30t64 3.8.9-3+deb13u1
libgpg-error0 1.51-4
libgssapi-krb5-2 1.21.3-5
libhogweed6t64 3.10.1-1
libicu76 76.1-4
libidn2-0 2.3.8-2
libjson-perl 4.10000-1
libk5crypto3 1.21.3-5
libkeyutils1 1.6.3-6
libkrb5-3 1.21.3-5
libkrb5support0 1.21.3-5
libksba8 1.6.7-2+b1
liblastlog2-2 2.41-5
libldap2 2.6.10+dfsg-1
libllvm19 1:19.1.7-3+b1
liblz4-1 1.10.0-4
liblzma5 5.8.1-1
libmd0 1.1.0-2+b1
libmount1 2.41-5
libncursesw6 6.5+20250216-2
libnettle8t64 3.10.1-1
libnpth0t64 1.8-3
libnss-wrapper 1.1.16-1
libp11-kit0 0.25.5-3
libpam-modules 1.7.0-5
libpam-modules-bin 1.7.0-5
libpam-runtime 1.7.0-5
libpam0g 1.7.0-5
libpcre2-8-0 10.46-1~deb13u1
libperl5.40 5.40.1-6
libpq5 18.1-1.pgdg13+2
libproc2-0 2:4.0.4-9
libreadline8t64 8.2-6
libsasl2-2 2.1.28+dfsg1-9
libsasl2-modules-db 2.1.28+dfsg1-9
libseccomp2 2.6.0-2
libselinux1 3.8.1-1
libsemanage-common 3.8.1-1
libsemanage2 3.8.1-1
libsepol2 3.8.1-1
libsmartcols1 2.41-5
libsqlite3-0 3.46.1-7
libssl3t64 3.5.4-1~deb13u2
libstdc++6 14.2.0-19
libsystemd0 257.9-1~deb13u1
libtasn1-6 4.20.0-2
libtext-charwidth-perl 0.04-11+b4
libtext-wrapi18n-perl 0.06-10
libtinfo6 6.5+20250216-2
libudev1 257.9-1~deb13u1
libunistring5 1.3-2
libuuid1 2.41-5
libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
libxslt1.1 1.1.35-1.2+deb13u2
libxxhash0 0.8.3-2
libz3-4 4.13.3-1
libzstd1 1.5.7+dfsg-1
locales 2.41-12+deb13u1
login 1:4.16.0-2+really2.41-5
login.defs 1:4.17.4-2
mawk 1.3.4.20250131-1
mount 2.41-5
ncurses-base 6.5+20250216-2
ncurses-bin 6.5+20250216-2
netbase 6.5
openssl 3.5.4-1~deb13u2
openssl-provider-legacy 3.5.4-1~deb13u2
passwd 1:4.17.4-2
perl 5.40.1-6
perl-base 5.40.1-6
perl-modules-5.40 5.40.1-6
pinentry-curses 1.3.1-2
postgresql-16 16.11-1.pgdg13+1
postgresql-client-16 16.11-1.pgdg13+1
postgresql-client-common 287.pgdg13+1
postgresql-common 287.pgdg13+1
procps 2:4.0.4-9
readline-common 8.2-6
sed 4.9-2
sensible-utils 0.0.25
sqv 1.3.0-3+b2
ssl-cert 1.1.3
stdlib go1.24.6
sysvinit-utils 3.14-4
tar 1.35+dfsg-3.1
tzdata 2025b-4+deb13u1
ucf 3.0052
util-linux 2.41-5
xz-utils 5.8.1-1
zlib1g 1:1.3.dfsg+really1.3.1-1+b1
zstd 1.5.7+dfsg-1

locked components (48)

acl 2.3.2
attr 2.5.2
audit 4.0
bash 5.2p37
bison 3.8.2
coreutils 9.5
db 4.8.30
flex 2.6.4
gcc 13.3.0
gcc 13.3.0
glibc 2.40-66
gmp-with-cxx 6.3.0
gnugrep 3.11
gnum4 1.4.19
gnutar 1.35
icu4c 74.2
icu4c 74.2
libidn2 2.3.7
libunistring 1.2
libxcrypt 4.4.36
libxml2 2.13.8
libxml2 2.13.8
libxml2 2.13.8
libxslt 1.1.42
libxslt 1.1.42
libxslt 1.1.42
linux-pam 1.6.1
lz4 1.10.0
lz4 1.10.0
lz4 1.10.0
ncurses 6.4.20221231
ncurses 6.4.20221231
ncurses 6.4.20221231
openssl 3.3.3
openssl 3.3.3
openssl 3.3.3
pcre2 10.44
perl 5.40.0
postgresql 16.11
readline 8.2p13
readline 8.2p13
tzdata 2025b
xgcc 13.3.0
zlib 1.3.1
zlib 1.3.1
zstd 1.5.6
zstd 1.5.6
zstd 1.5.6

Download SBOMs

Upstream SBOM Locked SBOM

Usage

$
podman pull ghcr.io/armorred/postgresql:16-locked

Verify Signature

$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/postgresql:16-locked