ALSA-2026:1380

[ALSA-2026:1380] Moderate: osbuild-composer security update

Type:

security

Severity:

moderate

Release date:

2026-01-29

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  

Security Fix(es):  

  * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-worker-101.4-2.el8_10.alma.1.aarch64.rpm	4c59cf78a97a38a0760e42798c30709322d4032d4a3a38d8ba5ba2650f6c7447
aarch64	osbuild-composer-core-101.4-2.el8_10.alma.1.aarch64.rpm	5c737b606046c1663214353abcdc36d192ca350d8ef2eefdbbb4b5775678d9df
aarch64	osbuild-composer-101.4-2.el8_10.alma.1.aarch64.rpm	d9ff06fb9566e52cd5631af8ddf92577c2aa6f7bbf46d91c746bee4242cb9754
ppc64le	osbuild-composer-core-101.4-2.el8_10.alma.1.ppc64le.rpm	63419d5cdf1fd436488aa19363850377f6c9c86c2b57e2f439fad900dfc4d360
ppc64le	osbuild-composer-worker-101.4-2.el8_10.alma.1.ppc64le.rpm	a1ed97578b4859b494e516a594dfc40b3b4abb49444b926ee96c24c4e7d155c9
ppc64le	osbuild-composer-101.4-2.el8_10.alma.1.ppc64le.rpm	f526d07b1e9f2d6ec322b2690391ee5d9eeed086e7b86167feecec27f2b7cc71
s390x	osbuild-composer-101.4-2.el8_10.alma.1.s390x.rpm	20bdc625a2a251ac8273b09ed1d0d8b31f53173ca16b0ea3e55a6130ffaa16f5
s390x	osbuild-composer-worker-101.4-2.el8_10.alma.1.s390x.rpm	410b7312eb5685e48b71f780107d35f1741ed6c2a13f6924221a10e591bb125a
s390x	osbuild-composer-core-101.4-2.el8_10.alma.1.s390x.rpm	58849c9be3549efa60a050f8ee89b6df92d7fc92963887a75d5fa302f0e5ef5e
x86_64	osbuild-composer-worker-101.4-2.el8_10.alma.1.x86_64.rpm	25fbf4ddb654f7716c38fc328c6a5bcfe1364afe5a5326a4f1c5855f1dcfc753
x86_64	osbuild-composer-core-101.4-2.el8_10.alma.1.x86_64.rpm	7fd2862ddc2e575289f1bf9c0f8d1015f5e200b30003df51c46e9b9f7507fb37
x86_64	osbuild-composer-101.4-2.el8_10.alma.1.x86_64.rpm	faeefc81082f95b730bf0de34a064d5eb16f3368727c70a04f47eef1ed90d76b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.