ALSA-2025:9623

[ALSA-2025:9623] Moderate: osbuild-composer security update

Type:

security

Severity:

moderate

Release date:

2025-07-28

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  

Security Fix(es):  

  * net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-worker-134.1-2.el10_0.alma.1.aarch64.rpm	4526a1281e8ddde42f294241706c1c9dd6b73be5e7991b504465a913ef2af11c
aarch64	osbuild-composer-134.1-2.el10_0.alma.1.aarch64.rpm	5a072543a8afbc3711c622422781518e4a594798e9bfb04b7b65f7df5a4d1e09
aarch64	osbuild-composer-core-134.1-2.el10_0.alma.1.aarch64.rpm	bdd8a7f2c7a43fe3107bf0eb1315ba8d0286fa38da291c6ac94c0c5259532b19
ppc64le	osbuild-composer-worker-134.1-2.el10_0.alma.1.ppc64le.rpm	249837d3abdec82a5933d44605d1b3a1b9f7d99fd1e57be6107c3b094ab914ca
ppc64le	osbuild-composer-134.1-2.el10_0.alma.1.ppc64le.rpm	94905813a1b41f3c00b7b7822b88b07ffac6dba99da79d1c28fc2b3b7c355e98
ppc64le	osbuild-composer-core-134.1-2.el10_0.alma.1.ppc64le.rpm	acd77aa20dedce5a72b4bef2a3f0aecb2c30d507a02b883653c68d74bd95e4d0
s390x	osbuild-composer-134.1-2.el10_0.alma.1.s390x.rpm	929691b170c87ac5a165897317ccc84f0046098c4d5f2eb36a38ed4128a6d88d
s390x	osbuild-composer-core-134.1-2.el10_0.alma.1.s390x.rpm	e56da0163ef1fbdbc39cf7f8e73ab3b265b18db2b4d60a8492b387e516f6afce
s390x	osbuild-composer-worker-134.1-2.el10_0.alma.1.s390x.rpm	eed7f19ccc7f9544a08248e18e5d57106e07c6da751dbe622890141e6d1d1b8a
x86_64	osbuild-composer-core-134.1-2.el10_0.alma.1.x86_64.rpm	17ae24d15d401a20ce71ae128dd74c3bc1ea711e837d4cc075c0332bee2978b3
x86_64	osbuild-composer-134.1-2.el10_0.alma.1.x86_64.rpm	2782d7b700016d076f8df5d95ac0c7c68c5cb644bcab06de0a3888a66e3cd106
x86_64	osbuild-composer-worker-134.1-2.el10_0.alma.1.x86_64.rpm	abf5475283dc2ea4c728fe818ce2631a0f43ff1f7576978daecc3684935aa887
x86_64_v2	osbuild-composer-core-134.1-2.el10_0.alma.1.x86_64_v2.rpm	024440d05cb05fbb297f17c63270d67dc830658615132bf51b9c9d4a28c8bf1b
x86_64_v2	osbuild-composer-134.1-2.el10_0.alma.1.x86_64_v2.rpm	5bcaf857b3de799458c0f719263c43c60ea07028dd639e1bfc004608fa54628b
x86_64_v2	osbuild-composer-worker-134.1-2.el10_0.alma.1.x86_64_v2.rpm	befd52feb55a9e5ff4bbd78ca6e0d79e9aa8d62144fdb028c9927029918fdb2e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.