[ALSA-2026:3898] Important: osbuild-composer security update
Type:
security
Severity:
important
Release date:
2026-03-11
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-101.4-4.el8_10.alma.1.aarch64.rpm 9ce15a2ba6eb4526a1bae6f344ea2af422727c33dc9e3737cfc27d3fd22a1778
aarch64 osbuild-composer-core-101.4-4.el8_10.alma.1.aarch64.rpm b568a8e66594558c7401c677e0bbf628e0a08741e6eaf1c7e0ee08d08a454cdd
aarch64 osbuild-composer-worker-101.4-4.el8_10.alma.1.aarch64.rpm b9177c6dbac5b7a291770ecc0fe46fc0eae38dd299b40ba55ae7496b6efdb8be
ppc64le osbuild-composer-core-101.4-4.el8_10.alma.1.ppc64le.rpm 0798f2aff569da35164cbf0c754f62b91a3aaa37d84aa8eff5bd365766f31b84
ppc64le osbuild-composer-worker-101.4-4.el8_10.alma.1.ppc64le.rpm 40fdb8b7c7c6f654b0b1beb7a2b241be5101c3bd74b8f8a4d6592801cdb1b8b1
ppc64le osbuild-composer-101.4-4.el8_10.alma.1.ppc64le.rpm 4903e86cec55926210aad12c628bf502f8e0c55cffca1e124af2e6740b787c83
s390x osbuild-composer-worker-101.4-4.el8_10.alma.1.s390x.rpm 260e395489036c80a75b9b5b786919bbc4e3031b3e6411e1d1794765a2f0ad84
s390x osbuild-composer-101.4-4.el8_10.alma.1.s390x.rpm 2f697b5d16ad989468c3f81ef385e8e229582f6b1987c4e9f334ec6b20ab5d31
s390x osbuild-composer-core-101.4-4.el8_10.alma.1.s390x.rpm 811b6ca2e16dbaf37d27f66d790c841f2a67a52dc68e67e5b0a8b5df25684788
x86_64 osbuild-composer-101.4-4.el8_10.alma.1.x86_64.rpm 7c8b8f591813b98833ab6af9345ce537a2f2520ac4afddd6b4e6c327dd77c8ce
x86_64 osbuild-composer-worker-101.4-4.el8_10.alma.1.x86_64.rpm 8b51dedb62fec11ca5e57d0ec27b50aafdc917c2fd80f078af05e9b30bcdbec3
x86_64 osbuild-composer-core-101.4-4.el8_10.alma.1.x86_64.rpm bdc97934cb1a05bd40d2d4b4c439a6ae8e6bbb24039b1b2e47150cf19f447a3b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.