ALSA-2024:7262

[ALSA-2024:7262] Important: osbuild-composer security update

Type:

security

Severity:

important

Release date:

2024-09-27

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud.  It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-worker-101-2.el8_10.alma.1.aarch64.rpm	4afadd3b82532c3ddb369a8590541487183b7fb5a9f2aff715f7318ff00a84cc
aarch64	osbuild-composer-101-2.el8_10.alma.1.aarch64.rpm	ea0ce67ff07516aa2dfd60a6c6b11f49046f4ce6e348ea159faa87e026703708
aarch64	osbuild-composer-core-101-2.el8_10.alma.1.aarch64.rpm	f86712f6a4bc02915c3f28fc332019cdddc33a7e548381d71685e031a2800fa5
ppc64le	osbuild-composer-core-101-2.el8_10.alma.1.ppc64le.rpm	01e9ba3c60f9b47a465b3e9efb808730c0cf6866e524923129771dd08d332002
ppc64le	osbuild-composer-101-2.el8_10.alma.1.ppc64le.rpm	3559542d3c956939fc3dbbf6053a32f0403eb15bae9d609e7311b7decf3948da
ppc64le	osbuild-composer-worker-101-2.el8_10.alma.1.ppc64le.rpm	96af5266147e3257eb0d18d2d2474a889c62223ddf7f6b0141973b814a5919bc
s390x	osbuild-composer-101-2.el8_10.alma.1.s390x.rpm	7a3da68cc80177c0b21d9a6a3962d7c279bd7fe35fcfeff3ff32bd7e790d0340
s390x	osbuild-composer-core-101-2.el8_10.alma.1.s390x.rpm	a74e674a812c18f514f20357b559e2e6146db92b2ad85b531c257b8edcc198a3
s390x	osbuild-composer-worker-101-2.el8_10.alma.1.s390x.rpm	ca33670ee372f769b7fcd4ba798b0a6975959fd44f0015e86fb0c744d25e48b4
x86_64	osbuild-composer-worker-101-2.el8_10.alma.1.x86_64.rpm	53bf4dde60319e0d87ea2cdd7292ac1751f5f913069a5b50b09ba99370072ba1
x86_64	osbuild-composer-101-2.el8_10.alma.1.x86_64.rpm	89c471ee154f5ef4d18e499886be63737825687ecb90bdb527cc1db1c301735a
x86_64	osbuild-composer-core-101-2.el8_10.alma.1.x86_64.rpm	c7584ebd5636dda676eb316acb22ba21cd4db7bdf3c19a2196f95ad6a5d360f2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.