[ALSA-2025:9844] Moderate: osbuild-composer security update
Type:
security
Severity:
moderate
Release date:
2025-06-30
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-core-101-4.el8_10.alma.1.aarch64.rpm 0821d23bc523f0a38d91f3a2418377154c0786b5a1a90d36da29226f0e4e99a6
aarch64 osbuild-composer-worker-101-4.el8_10.alma.1.aarch64.rpm 8b2876c5e76db62ac7ad4ca62f4d5112c6c02c8990ec7aecaa6b13283231d38f
aarch64 osbuild-composer-101-4.el8_10.alma.1.aarch64.rpm cca7769cc2757e45924519506319402e830a174868311ce67b4d4590f32322ef
ppc64le osbuild-composer-worker-101-4.el8_10.alma.1.ppc64le.rpm 24d518d2d3f6904525fe92c9821b4bd9edd4e43557881bf979186c23c0bc0dbb
ppc64le osbuild-composer-101-4.el8_10.alma.1.ppc64le.rpm 4232700330b2e9467fa6e8e7d4d604f0aac80b11e45dad48e116fdaf84aa9a50
ppc64le osbuild-composer-core-101-4.el8_10.alma.1.ppc64le.rpm 9dc79621aa2672529b77eab1b7dbb416100043295a038c5c0f6b7e586c5689a4
s390x osbuild-composer-core-101-4.el8_10.alma.1.s390x.rpm 0b3500a1256fa2fe4d3488c2d0f84cdf635d4cc3e8d3709421927c78a49e66ce
s390x osbuild-composer-worker-101-4.el8_10.alma.1.s390x.rpm cbc5f89b06a5d35c940a6e7435d6f8ca969095e2b280b0b6eeeeab98e57604e0
s390x osbuild-composer-101-4.el8_10.alma.1.s390x.rpm ef9064633fe42aef4a43add61fa96a7bd007a41194b6cb17d6b526b5628bccf1
x86_64 osbuild-composer-101-4.el8_10.alma.1.x86_64.rpm 287f5ab929c4b14fa90979f04257fb145db2bdc0fc608e8d0d28fa83a088554f
x86_64 osbuild-composer-worker-101-4.el8_10.alma.1.x86_64.rpm 72bd33ec7abfe29187674b9f25aa7fc52df3abd245631936aa07c9552ae36c30
x86_64 osbuild-composer-core-101-4.el8_10.alma.1.x86_64.rpm e3dac86515cce07e4e0ab1b81deb8043e38e6902a51e83e09f3123f0ef92f735
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.