July 14th, 2026
A Qlustar security update bundle is a cumulative update of packages that are taken from upstream Debian/Ubuntu and/or AlmaLinux without modification. Only packages that are used in a typical HPC/Storage cluster installation are mentioned in Qlustar Security Advisories. Other non-HPC related updates also enter the Qlustar repository, but their functionality is not separately verified by the Qlustar team. To track these updates subscribe to the general security mailing lists of Debian/Ubuntu and/or AlmaLinux.
Package(s) : see upstream description of individual package
Qlustar releases : 14
Affected versions: All versions prior to this update
Vulnerability : see upstream description of individual package
Problem type : see upstream description of individual package
Qlustar-specific : no
CVE Id(s) : see upstream description of individual package
This update includes several security related package updates from AlmaLinux only. In particular it includes fixes for the two critical kernel bugs GhostLock (CVE-2026-43499) and Januscape (CVE-2026-53359). Note that Qlustar 14/Ubuntu already received fixes for both of these with the release 14.1.5 from July 4th.
Important: The Qlustar 13 kernel 5.15.x is still vulnerable to both GhostLock and Januscape. It seems kernel developers are heavily overloaded and have decided to focus on the most recent LTS kernels for security fixes. In the light of this, we highly recommend to update Qlustar 13 systems to Qlustar 14 as soon as possible. Nevertheless, we will provide patched Qlustar 13 kernels as soon as they are available from upstream.
Please check the AlmaLinux Errata site for details about AlmaLinux 8 updates that entered this release (everything from July 3rd until July 14th exluding ALSA-2026:39083 and instead having the kernel packages with version 4.18.0-553.141.2).
The problem can be corrected by updating your system to the following or more recent package versions:
qlustar-module-core-centos8-amd64-14.1 14.1.5.1-b589f1634