[ALSA-2024:7204] Important: osbuild-composer security update
Type:
security
Severity:
important
Release date:
2024-09-27
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-core-101-2.el9_4.alma.1.aarch64.rpm 88ad31d386f4bf2fd28a0225eb8a3f3fe48bfe0fcd10e7be1872482bb8e43c87
aarch64 osbuild-composer-worker-101-2.el9_4.alma.1.aarch64.rpm 8ac5881f02a0fcd9c463c236b5211dba7865071b95be4176bbd4d9d1d9daf2b0
aarch64 osbuild-composer-101-2.el9_4.alma.1.aarch64.rpm d5ec22726c9025d14c7dd6c10a460154c268e611355930defe9fa79788190075
ppc64le osbuild-composer-core-101-2.el9_4.alma.1.ppc64le.rpm 355a5dec3dbb79fdcd53414813ec32b7bba8c019b7d4d91afc23cf97ae599614
ppc64le osbuild-composer-101-2.el9_4.alma.1.ppc64le.rpm 5bc87ac44f5fa61c31d40b8c04a03fcfa1c646da48af3bcb57157d92a31260f4
ppc64le osbuild-composer-worker-101-2.el9_4.alma.1.ppc64le.rpm 68af675cf5662e1c610d7bbe373b2f53cd516252db7f72480900d355a76b9266
s390x osbuild-composer-101-2.el9_4.alma.1.s390x.rpm 1c2380dd9749dfdfcaa62aa5e4e01f5aac91d17006b4f68f1d09e3bcc2fc0368
s390x osbuild-composer-worker-101-2.el9_4.alma.1.s390x.rpm 2eb097661000e6d8adc6e02f1479bc9998c3564afdd36655cf74775e16f2d525
s390x osbuild-composer-core-101-2.el9_4.alma.1.s390x.rpm d7e766b82e4a79ff9a4dd8705db8fcdb5ef8b650597fab02e9a65514b7006363
x86_64 osbuild-composer-core-101-2.el9_4.alma.1.x86_64.rpm 0e547f08fdc08d5f4c1c45581e04d700efc03bcf6f26d9096220f79b56577564
x86_64 osbuild-composer-101-2.el9_4.alma.1.x86_64.rpm 1233e97c1b405dc97d3b7ce2eba1d2f839f459f59532801c038af14c3b76945c
x86_64 osbuild-composer-worker-101-2.el9_4.alma.1.x86_64.rpm 2244cab161af3dc57be574354a12a4eca2c0bc32f44e5d7c8400dc3dcbeb1ae7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.