ALSA-2025:19566

[ALSA-2025:19566] Moderate: osbuild-composer security update

Type:

security

Severity:

moderate

Release date:

2025-11-07

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  

Security Fix(es):  

  * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-worker-134.1-3.el10_0.alma.1.aarch64.rpm	478e47c81542edd57ece1942c0a9889d7fb846ea478e1ea2ea841dc4d1db0813
aarch64	osbuild-composer-core-134.1-3.el10_0.alma.1.aarch64.rpm	7c545cdf924d1e00a66b4d7e165c3e112bc5a3e49fe643c76fb33e829ab4ea21
aarch64	osbuild-composer-134.1-3.el10_0.alma.1.aarch64.rpm	8da6ddb2dcba67a97a86b3e05a092f1d0a6c0ed001e273c4dfc1e1b7b11f4231
ppc64le	osbuild-composer-core-134.1-3.el10_0.alma.1.ppc64le.rpm	043cae513df4d88e271c6aef34e72bb05261abefcb2841fdced8a311d5216a95
ppc64le	osbuild-composer-worker-134.1-3.el10_0.alma.1.ppc64le.rpm	1e06a231f1b636321e963ca7dbb263879259e40945f4a787f539b0799d5049f9
ppc64le	osbuild-composer-134.1-3.el10_0.alma.1.ppc64le.rpm	b43ff9fbef268c4af91fd84f126bee1ebd354ed292202f7171d9280e8bf354a7
s390x	osbuild-composer-core-134.1-3.el10_0.alma.1.s390x.rpm	19b8471ae208e8d64c67e58b66dc708b8072df7a068501e20d4ed4e3dcc7c30e
s390x	osbuild-composer-134.1-3.el10_0.alma.1.s390x.rpm	6a9ecc3bc66ff7cb8f6b0682563342b0e6d975a8a09dde87b8469e9099e86139
s390x	osbuild-composer-worker-134.1-3.el10_0.alma.1.s390x.rpm	6e08cdcc2673871494f118169a7b6761360b94874b2c8708aec00e447bc17a42
x86_64	osbuild-composer-core-134.1-3.el10_0.alma.1.x86_64.rpm	3317974f5646e20a2f4cf834e65f4e46e8f08108d0abb2323e836991245cbe8c
x86_64	osbuild-composer-134.1-3.el10_0.alma.1.x86_64.rpm	4714b27de97a5a00bd966fe7955dfd0aae0d0b46990bd713b2248ed38e832977
x86_64	osbuild-composer-worker-134.1-3.el10_0.alma.1.x86_64.rpm	aecac9bef52284e0d3bab524cb2d09aa9d3993867bd2f8991423e208885fae39
x86_64_v2	osbuild-composer-134.1-3.el10_0.alma.1.x86_64_v2.rpm	0aee62e9ce3bf33a52236eadb96e76d21c4c1549f62d54c9a6ce19f85144ebd1
x86_64_v2	osbuild-composer-worker-134.1-3.el10_0.alma.1.x86_64_v2.rpm	3327d671fe4187de1ced614f272f0fb0b6571aa421f377731ca367faa177aac2
x86_64_v2	osbuild-composer-core-134.1-3.el10_0.alma.1.x86_64_v2.rpm	cc85fdff91de20028eae952a624249987e0cc2abe72255a369b238868470ff14

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.