[ALSA-2024:9456] Important: osbuild-composer security update
Type:
security
Severity:
important
Release date:
2024-11-18
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-core-118-2.el9_5.alma.1.aarch64.rpm ae5b6fa9c03be4f698e64933484688fa1a0009f2028098f960bead4060944b19
aarch64 osbuild-composer-worker-118-2.el9_5.alma.1.aarch64.rpm b623ce03d0f3db3cb4384e3b58af47ac8aa17cde3f0108570e246d7a33ab2eb7
aarch64 osbuild-composer-118-2.el9_5.alma.1.aarch64.rpm f51c79547353dd5e19a0f1969bcc4f62c9b5e67b76d7b6abe9b6b34a4c33e71f
ppc64le osbuild-composer-worker-118-2.el9_5.alma.1.ppc64le.rpm b9c28d27e7138b326338e24e2710b5e7e501084721ad3bd74c60c626a2e96f7b
ppc64le osbuild-composer-118-2.el9_5.alma.1.ppc64le.rpm cfabfe9818162c11d76e214373ecbe4832c8be2b1b014cc62dc0615d1a9ebdfe
ppc64le osbuild-composer-core-118-2.el9_5.alma.1.ppc64le.rpm f4812517902b00664bed39e30de213d1989c9c41407eee1a2ffce281aee7fea2
s390x osbuild-composer-worker-118-2.el9_5.alma.1.s390x.rpm 3e7d2086fae183a0880450a9e7056840f0df7ad791940399669f1fef9a4ad0c9
s390x osbuild-composer-118-2.el9_5.alma.1.s390x.rpm 9472033c13b7b81090e5b611ec19a6f4b83026098c8e2be5c5532452bf21e75a
s390x osbuild-composer-core-118-2.el9_5.alma.1.s390x.rpm fee25ecb26c4b61296ba17900f46d34143717df060066565a300350326a4f32e
x86_64 osbuild-composer-core-118-2.el9_5.alma.1.x86_64.rpm 27ef88d6b198347ee23e533c7a97ef5edaa9d294fa270c1426c2df75f9fe1a84
x86_64 osbuild-composer-118-2.el9_5.alma.1.x86_64.rpm 440611e469fa29d96300733bb12c701595fb294a725690ffc5727544f538a9d1
x86_64 osbuild-composer-worker-118-2.el9_5.alma.1.x86_64.rpm b793a0678125ec39d653d8895b4f4f1a0acc707d575d463ea7d32d11c83be0b7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.