Product Release Advisory - VMware Tanzu for Postgres on Kubernetes 4.2.1

VMware Tanzu Data Services

7 more products

35935

11 July 2025

11 July 2025

CLOSED

HIGH

Product Release Advisory

Advisory ID:

TNZ-2025-0045

Severity:

High

Issue Date:

2025-07-10

Updated on:

2025-07-10

Synopsys

Migrated base image from Rocky Linux 9 to UBI9-minimal, which resulted in 144 CVEs remediated in this release.

 

Product Version Release Advisory

 

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

tanzu-postgres-kubernetes

CVE-2021-31535 (high)

CVE-2021-33430 (high)

CVE-2021-3927 (high)

CVE-2021-3928  (high)

CVE-2021-3973 (high)

CVE-2021-4166 (high)

CVE-2021-4173 (high)

CVE-2021-4187 (high)

CVE-2022-1616 (high)

CVE-2022-1619 (high)

CVE-2022-1620 (high)

CVE-2022-2042 (high)

CVE-2022-2124 (high)

CVE-2022-2125 (high)

CVE-2022-2126 (high)

CVE-2022-2129 (high)

CVE-2022-2175 (high)

CVE-2022-2182 (high)

CVE-2022-2206 (high)

CVE-2022-2207 (high)

CVE-2022-2210 (high)

CVE-2022-2257 (high)

CVE-2022-2284 (high)

CVE-2022-2285 (high)

CVE-2022-2286 (high)

CVE-2022-2287 (high)

CVE-2022-2304 (high)

CVE-2022-2343 (high)

CVE-2022-2344 (high)

CVE-2022-2345 (high)

CVE-2022-2522 (high)

CVE-2022-2817 (high)

CVE-2022-2819 (high)

CVE-2022-2862 (high)

CVE-2022-2889 (high)

CVE-2022-2946 (high)

CVE-2022-2982 (high)

CVE-2022-3016 (high)

CVE-2022-3037 (high)

CVE-2022-3099 (high)

CVE-2022-3134 (high)

CVE-2022-3234 (high)

CVE-2022-3235 (high)

CVE-2022-3256 (high)

CVE-2022-3296 (high)

CVE-2022-3297 (high)

CVE-2022-3324 (high)

CVE-2022-3352 (high)

CVE-2022-3705 (high)

CVE-2022-4141 (high)

CVE-2022-4292 (high)

CVE-2023-0049 (high)

CVE-2023-0051 (high)

CVE-2023-0054 (high)

CVE-2023-0288 (high)

CVE-2023-0433 (high)

CVE-2023-0512 (high)

CVE-2023-1127 (high)

CVE-2023-4504 (high)

CVE-2023-4734 (high)

CVE-2023-4735 (high)

CVE-2023-4738 (high)

CVE-2023-4751 (high)

CVE-2023-4781 (high)

CVE-2024-12718 (high)

CVE-2024-22667 (high)

CVE-2024-53920 (high)

CVE-2025-4138 (high)

CVE-2025-4330 (high)

CVE-2025-4435 (high)

CVE-2025-4517 (high)

CVE-2025-6020 (high)

CVE-2017-1000383 (medium)

CVE-2017-6519 (medium)

CVE-2020-12413 (medium)

CVE-2021-4136 (medium)

CVE-2021-45261 (medium)

CVE-2022-0213 (medium)

CVE-2022-0351 (medium)

CVE-2022-1674 (medium)

CVE-2022-1720 (medium)

CVE-2022-1725 (medium)

CVE-2022-2874 (medium)

CVE-2022-2923 (medium)

CVE-2022-2980 (medium)

CVE-2022-3153 (medium)

CVE-2022-3278 (medium)

CVE-2022-4293 (medium)

CVE-2023-1170 (medium)

CVE-2023-1175 (medium)

CVE-2023-1264 (medium)

CVE-2023-2609 (medium)

CVE-2023-2610 (medium)

CVE-2023-46246 (medium)

CVE-2023-48231 (medium)

CVE-2023-48232 (medium)

CVE-2023-48233 (medium)

CVE-2023-48234 (medium)

CVE-2023-48235 (medium)

CVE-2023-48236 (medium)

CVE-2023-48237 (medium)

CVE-2023-48706 (medium)

CVE-2023-5344 (medium)

CVE-2023-5441 (medium)

CVE-2023-7207 (medium)

CVE-2023-7216 (medium)

CVE-2024-29040 (medium)

CVE-2024-41957 (medium)

CVE-2024-41965 (medium)

CVE-2024-43802 (medium)

CVE-2024-45306 (medium)

CVE-2024-52615 (medium)

CVE-2025-22134 (medium)

CVE-2025-24014 (medium)

CVE-2025-25724 (medium)

CVE-2025-26603 (medium)

CVE-2025-29768 (medium)

CVE-2025-31344 (medium)

CVE-2025-3576 (medium)

CVE-2025-4565 (medium)

CVE-2025-47268 (medium)

CVE-2025-5702 (medium)

CVE-2024-37891 (medium)

CVE-2024-47081  (medium)

CVE-2024-35195 (medium)

CVE-2023-45803 (medium)

CVE-2023-32681 (medium)

CVE-2024-3651 (medium)

CVE-2023-43804  (medium)

CVE-2015-1197 (low)

CVE-2021-25317 (low)

CVE-2021-34141 (low)

CVE-2021-3968 (low)

CVE-2021-3974 (low)

CVE-2022-2183 (low)

CVE-2022-2208 (low)

CVE-2022-2845 (low)

CVE-2022-2849 (low)

CVE-2023-5535 (low)

CVE-2024-43374 (low)

CVE-2024-47814 (low)

CVE-2024-7531 (low)

CVE-2025-1215 (low)

CVE-2025-52968 (low)

 

History

2025-07-10: Initial vulnerability report published.

 

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories: https://tanzu.vmware.com/security