ALSA-2026:1837

[ALSA-2026:1837] Moderate: osbuild-composer security update

Type:

security

Severity:

moderate

Release date:

2026-02-06

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  

Security Fix(es):  

  * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-core-149-4.el10_1.alma.3.aarch64.rpm	16d40e49eee8d0a57823ef36507eac1bd7d77f6f1c4d931e34a878e165a418ce
aarch64	osbuild-composer-149-4.el10_1.alma.3.aarch64.rpm	9bfb028dc06ce884fd9c2ec8147c3c9d878b38f5e1e3e7f130450efd2601c641
aarch64	osbuild-composer-worker-149-4.el10_1.alma.3.aarch64.rpm	c68a9de52186c0c99f98b8effcda0ef50a2478dc3da0a9882863b2ebbd898810
ppc64le	osbuild-composer-core-149-4.el10_1.alma.3.ppc64le.rpm	209e44bb7fae570c3ee41e9ae7d3bf1c39903e291ba8ce65c3da1ccbf551f53d
ppc64le	osbuild-composer-worker-149-4.el10_1.alma.3.ppc64le.rpm	3029bc0add54851ab5f6215a96d4545842f17bc4774866f4d626e706f3408f07
ppc64le	osbuild-composer-149-4.el10_1.alma.3.ppc64le.rpm	44e6b447a928d7afbc5f3701b63bc3bac88f6a1d1ff678a39098445d68211ca4
s390x	osbuild-composer-core-149-4.el10_1.alma.3.s390x.rpm	aa00f86390060a1b318f412e19f7d533c3e8421fc56d1c42d7571ada5447907d
s390x	osbuild-composer-worker-149-4.el10_1.alma.3.s390x.rpm	ad098f10bab52cd76177aacfec54e245d231c9d76585a8ee8c7855e01ddffced
s390x	osbuild-composer-149-4.el10_1.alma.3.s390x.rpm	ef78a23a29e8c6a8d1847eedb1be66456954f70f8c667ab2c7739bc1630c9a7d
x86_64	osbuild-composer-worker-149-4.el10_1.alma.3.x86_64.rpm	00fe1f97283c9e7b95f484fae9380ce80044ef0132fd25371bbedb03377ffaff
x86_64	osbuild-composer-149-4.el10_1.alma.3.x86_64.rpm	42695aea02cc715c7b282da6cddb0394062843c63b966f164c7bd4875b81ea65
x86_64	osbuild-composer-core-149-4.el10_1.alma.3.x86_64.rpm	800fedd6a1e26ba30a44ce205cf1f0aa02219949facce60fbc58aa0120ef961b
x86_64_v2	osbuild-composer-core-149-4.el10_1.alma.3.x86_64_v2.rpm	2d4740c47d6df62fb13585f08e63eecfa862c8ee58520a55eea44627fb59ecb4
x86_64_v2	osbuild-composer-149-4.el10_1.alma.3.x86_64_v2.rpm	62692e9900fcd930146607ee46b49e22935230c5ff843238472742b6b2a9b5eb
x86_64_v2	osbuild-composer-worker-149-4.el10_1.alma.3.x86_64_v2.rpm	b42430b4a57c4c29e6579587bd913ae5a59c5cd66d561838fd8a59f45164697a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.