ALSA-2025:7967

[ALSA-2025:7967] Important: osbuild-composer security update

Type:

security

Severity:

important

Release date:

2025-05-19

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  

Security Fix(es):  

  * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-worker-101-3.el8_10.alma.1.aarch64.rpm	2dab745a51c7889270d13fb41630e48349bd9246e0fc164bf9dd8b0d55ed5b84
aarch64	osbuild-composer-core-101-3.el8_10.alma.1.aarch64.rpm	76742d64359a09d31bfdf67e0b74577f917329aa098b78bc3568d4f09e1eb109
aarch64	osbuild-composer-101-3.el8_10.alma.1.aarch64.rpm	de8d4062758e4fcdee802fe1b69a0b0c3cbdad205a593def66a2f9231f7547b7
ppc64le	osbuild-composer-worker-101-3.el8_10.alma.1.ppc64le.rpm	06a72fdcc99f6fee231bf6813c68351d0b84c2c6bae77233badf6f415572bd15
ppc64le	osbuild-composer-core-101-3.el8_10.alma.1.ppc64le.rpm	706f1614064b71677789e05f937cb354f7e0607157fe5ef55ef42513590d6c05
ppc64le	osbuild-composer-101-3.el8_10.alma.1.ppc64le.rpm	cc8784a12e10145baac39dae0078824520f0b3ed2295efc4b117a6108fd3c232
s390x	osbuild-composer-101-3.el8_10.alma.1.s390x.rpm	048b18829905d6e320333910c8e5056bf7b7848fa0b7302dfea6eb4f81f38ffa
s390x	osbuild-composer-worker-101-3.el8_10.alma.1.s390x.rpm	3dd87f230d5f2c5bdc91f95737d02e49869d404999b4a49d55f39c25d350fbae
s390x	osbuild-composer-core-101-3.el8_10.alma.1.s390x.rpm	64c74e54b54a0675ca80a898c6ef922b8a0a16af6df6462c3320215c4d480150
x86_64	osbuild-composer-worker-101-3.el8_10.alma.1.x86_64.rpm	6fd364ab5dedba592ce51f417da9c883b68005d7b4e673767edc630192ffebc6
x86_64	osbuild-composer-core-101-3.el8_10.alma.1.x86_64.rpm	b3f30efd9d079003a5d7f3d58c6afb77e77eca7fb91f7ba2a841d4d077eb2263
x86_64	osbuild-composer-101-3.el8_10.alma.1.x86_64.rpm	c43109726e4008dded09ff4261bd03b4f2644da728cf27e72e38f7f654f19206

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.