[ALSA-2026:1838] Moderate: image-builder security update
Type:
security
Severity:
moderate
Release date:
2026-05-05
Description:
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fix(es): * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 image-builder-31-3.el10_1.aarch64.rpm e4341fd5e08ab47e066e3f000d5bb34a17cb63e841d87c75c85a7fddb1901bf8
ppc64le image-builder-31-3.el10_1.ppc64le.rpm 697f36306770df109fa42214cf62ba13a86ba8c3230f5303398c888703ac9f05
s390x image-builder-31-3.el10_1.s390x.rpm 84b8cabcce3beb4c11871cea4f4186110c0547434e73afb596a4692502de1079
x86_64 image-builder-31-3.el10_1.x86_64.rpm d8d1eab8e3767ff5ab68f3b47b9b02d9a47a4ef0a752343950c54cd714cbc452
x86_64_v2 image-builder-31-3.el10_1.x86_64_v2.rpm 7f5a7af1eb45906d0412a295bbc24acb91dc66c6327bfee0818df750658f9987
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.