[ALSA-2025:4669] Important: osbuild-composer security update
Type:
security
Severity:
important
Release date:
2025-05-12
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-worker-118.2-1.el9_5.alma.1.aarch64.rpm 12a24129924e6d7ea6815d73fa2653c22a8eed8cd16285c6ad83c608970b0a3c
aarch64 osbuild-composer-core-118.2-1.el9_5.alma.1.aarch64.rpm 746c57cbb159a2ad9add8ef5820f9e4d3ef95a219a68254e049a5bfa35fc7713
aarch64 osbuild-composer-118.2-1.el9_5.alma.1.aarch64.rpm 811c27b619359e0409a4207fd2612adf8e86db3fff56cb4aa32e3c8b4aa3d189
ppc64le osbuild-composer-core-118.2-1.el9_5.alma.1.ppc64le.rpm 002e82f52f9af97d8e29e12adbb1b47066cdc9bba935e86224fb5b0d155cf6f9
ppc64le osbuild-composer-worker-118.2-1.el9_5.alma.1.ppc64le.rpm 01bd666e5ded8aec3850e9c9d7a56c4adb856874a5097b5d8ece7c2ed37f0840
ppc64le osbuild-composer-118.2-1.el9_5.alma.1.ppc64le.rpm 227fc20cd1e8f4aee2a7c140776696a4c6e5ec3f0cc54d2bcb8a7acba53fa0d3
s390x osbuild-composer-118.2-1.el9_5.alma.1.s390x.rpm 2f24325cee471b9a417a98d5470cc8f7fa30cf940c1d149d7d5e8913fd08c494
s390x osbuild-composer-core-118.2-1.el9_5.alma.1.s390x.rpm a0220e1f7a98a9f09cbb4dd2d1399cc74104548c887c1d611d80c9174c01c510
s390x osbuild-composer-worker-118.2-1.el9_5.alma.1.s390x.rpm ee673c3d365bce22bdfa4b6d96b6a21a9b2f551f43b219e6cc02d55796c649aa
x86_64 osbuild-composer-118.2-1.el9_5.alma.1.x86_64.rpm 294e70c65a3caebc25c320055776bd45706d32b6f9f138e99eb25737d83ed885
x86_64 osbuild-composer-core-118.2-1.el9_5.alma.1.x86_64.rpm 98615149ca99cceb0f872412408b89c5d0741eab0a8cd7681b331b60d449677d
x86_64 osbuild-composer-worker-118.2-1.el9_5.alma.1.x86_64.rpm bcb4336a53ba74383b601efe63653ea8739e99b30eee6eb06545413dc8713f74
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.