promtail
Patched Monitoring & Observability
from
mirror.gcr.io/grafana/promtail
Pull Reference
ghcr.io/verity-org/grafana/promtail
docker pull ghcr.io/verity-org/grafana/promtail
Available Versions
3.6.11
latest
11 CVEs fixed
23 remaining
3.6.10 12 CVEs fixed
46 remaining
3.6.9 12 CVEs fixed
46 remaining
Copa-Patched Image
Patched in-place from the upstream image using Copa . OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance details
Signed
SLSA L3
SBOM
Rekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/grafana/promtail:3.6.11
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/grafana/promtail:3.6.11 \ --owner verity-org
Vulnerability Scan
Found 34 vulnerabilit ies in the original image. 11 fixed by Copa. 23 remaining after patching.
8HIGH23MEDIUM3LOW
Fix available — pending patch
These vulnerabilities have upstream fixes but could not be automatically patched.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-34040 | github.com/docker/docker | v28.5.2+incompatible | 29.3.1 | HIGH |
| CVE-2026-33997 | github.com/docker/docker | v28.5.2+incompatible | 29.3.1 | MEDIUM |
Awaiting upstream fix
No fix is available yet for these vulnerabilities.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-41567 | github.com/docker/docker | v28.5.2+incompatible | HIGH | |
| CVE-2026-42306 | github.com/docker/docker | v28.5.2+incompatible | HIGH | |
| CVE-2026-27456 | bsdutils | 1:2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | libblkid1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-4046 | libc-bin | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4437 | libc-bin | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4438 | libc-bin | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4046 | libc6 | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4437 | libc6 | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-4438 | libc6 | 2.39-0ubuntu8.7 | MEDIUM | |
| CVE-2026-27456 | libmount1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | libsmartcols1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | libuuid1 | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-27456 | mount | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2025-45582 | tar | 1.35+dfsg-3build1 | MEDIUM | |
| CVE-2026-5704 | tar | 1.35+dfsg-3build1 | MEDIUM | |
| CVE-2026-27456 | util-linux | 2.39.3-9ubuntu6.5 | MEDIUM | |
| CVE-2026-41568 | github.com/docker/docker | v28.5.2+incompatible | MEDIUM | |
| CVE-2024-2236 | libgcrypt20 | 1.10.3-2build1 | LOW | |
| CVE-2024-56433 | login | 1:4.13+dfsg1-4ubuntu3.2 | LOW | |
| CVE-2024-56433 | passwd | 1:4.13+dfsg1-4ubuntu3.2 | LOW |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
mirror.gcr.io/grafana/promtail
Version
3.6.11