[ALSA-2026:3840] Important: image-builder security update
Type:
security
Severity:
important
Release date:
2026-05-05
Description:
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fix(es): * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 image-builder-31-4.el10_1.aarch64.rpm 40039ec7aeaef663e8a1047747bfc68d82505116afabbac7b93dd11cb24c2f55
ppc64le image-builder-31-4.el10_1.ppc64le.rpm f0f4cd671fb60f525587b9647631eaf34e3f41dbd0dbab8af73c9fe7007d14da
s390x image-builder-31-4.el10_1.s390x.rpm c8afc5481269d2932c4e302561b0543af8efe2892758b905dd7e97123147fbc8
x86_64 image-builder-31-4.el10_1.x86_64.rpm 124063b85a46484d470a12eacc19593fd08072844a9dbec4519d34933fec989a
x86_64_v2 image-builder-31-4.el10_1.x86_64_v2.rpm e2d85b3375de45f6356816fb41fad69033fc4367b632f97ef5b54d466745d803
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.