ALSA-2024:2119

[ALSA-2024:2119] Moderate: Image builder components bug fix, enhancement and security update

Type:

security

Severity:

moderate

Release date:

2024-05-07

Description:

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

Security Fix(es):

* osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-core-101-1.el9.alma.1.aarch64.rpm	10fe27e526def2575c3d5c168620cbc446ce9023462be1b1626bfbce4204c4ad
aarch64	osbuild-composer-101-1.el9.alma.1.aarch64.rpm	2793db29bbfa45f6ea4504cd1ccdc28ec4919adb0d09f6eb0a849635b44f0d23
aarch64	osbuild-composer-worker-101-1.el9.alma.1.aarch64.rpm	69ba7fea4f20730abedd30869225d7f683fed8e4c3cae4360134c0b626884681
ppc64le	osbuild-composer-core-101-1.el9.alma.1.ppc64le.rpm	0cc1942ee03487875ed9dced176b2cb146ea9203ae92b4c9e2f69238c676616d
ppc64le	osbuild-composer-worker-101-1.el9.alma.1.ppc64le.rpm	1e61bb16d86af6146b14c913de578a7479f40d7860fcd0f404c23746247bc22f
ppc64le	osbuild-composer-101-1.el9.alma.1.ppc64le.rpm	c65feef05c90605509e385fb90d24aa0dafac71ab8299a913425a154815e2841
s390x	osbuild-composer-worker-101-1.el9.alma.1.s390x.rpm	13e57603eb082040dbb4e401fe2dd897899341f45129b5965a4e5169a7629b41
s390x	osbuild-composer-core-101-1.el9.alma.1.s390x.rpm	e3fb112aac95393659f8e39ac967ee44cf66054342090acdd73d5eecf6221e10
s390x	osbuild-composer-101-1.el9.alma.1.s390x.rpm	fc32118d8dcb3dfa5ee7ed8da621a2bc9fe436ed8a3fb73b5b6d63b69bd71dae
x86_64	osbuild-composer-core-101-1.el9.alma.1.x86_64.rpm	6bc113de8646aa75a02e62da7f5db29229a3718506ccbe32068e025a0ee62971
x86_64	osbuild-composer-101-1.el9.alma.1.x86_64.rpm	a52a35562ad929a5e492a84cb7d696a8c08058531062563bbab56db5f16a18a5
x86_64	osbuild-composer-worker-101-1.el9.alma.1.x86_64.rpm	b418a4541b03e35dd757436d2409cb7eed635ed579b17a31dbc0a4a8cf75821e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.