ALSA-2025:7118

[ALSA-2025:7118] Important: osbuild and osbuild-composer security update

Type:

security

Severity:

important

Release date:

2025-07-02

Description:

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.  

Security Fix(es):  

  * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
  * go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)
  * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	osbuild-composer-132-1.el9.alma.1.aarch64.rpm	219051c91d368481a6d342e6e081b8fedbea3ec86b75faef45dd002479912e9d
aarch64	osbuild-composer-worker-132-1.el9.alma.1.aarch64.rpm	511657c832b4d337c20ce241b7460016b131b1ce439ad3e64e852d5ef41eefae
aarch64	osbuild-composer-core-132-1.el9.alma.1.aarch64.rpm	59316f91714b54fac275fb72cd09a98a30759a62043682fcb8e04070b8f0887d
noarch	osbuild-luks2-141-1.el9.alma.1.noarch.rpm	52b194f8df542ea8e88d1c60f5180d5d1e5cc9f935cbfb1d8f366c46f8fe3034
noarch	python3-osbuild-141-1.el9.alma.1.noarch.rpm	562af1b3dc20c3bb6f488844c8137259d770f84759567a31b4c8ea44462b0631
noarch	osbuild-ostree-141-1.el9.alma.1.noarch.rpm	667e2ba8623ecb6582030899218616f3a903550c995a74c5c0d0fbc7ce17c9c5
noarch	osbuild-selinux-141-1.el9.alma.1.noarch.rpm	7f5f30a05337341ac51825f404817af2e475b38e13fb5279a136cfc095fa061e
noarch	osbuild-depsolve-dnf-141-1.el9.alma.1.noarch.rpm	8b6be495c04b1c26b03b62c5ab2f16357f1d462466d6658744a8a2f999e397b8
noarch	osbuild-lvm2-141-1.el9.alma.1.noarch.rpm	b115c78ab66aa5e77d4eaf1db651cdaf37cc01a7612e684e4df22b6ca2efda7c
noarch	osbuild-141-1.el9.alma.1.noarch.rpm	c19104b6eb5c3ac9fc89dc773f6b18ef258db17759a95ea3ff466ede30fc5205
ppc64le	osbuild-composer-core-132-1.el9.alma.1.ppc64le.rpm	1651e74fc79f3e5a87c7b1da9dab05004c276f5986edffcbf77f8f286a5e9ddd
ppc64le	osbuild-composer-worker-132-1.el9.alma.1.ppc64le.rpm	8206acf559040b98b587a405db66a3235ab64cb41f352161b0b1a40b6e7de3e8
ppc64le	osbuild-composer-132-1.el9.alma.1.ppc64le.rpm	c9facaaf689bb5ed7edde90e918a1b3aebedba1b33d7be77fb5d1346a8c3a299
s390x	osbuild-composer-core-132-1.el9.alma.1.s390x.rpm	a9bb9b5e18f9963e73ff08d6e5a11469eeb6ed86ec6397ae4fd880e5ecfb797b
s390x	osbuild-composer-132-1.el9.alma.1.s390x.rpm	be3dcd55327927f399a29d49dbd9eaf586cecc73cf780cff4b9837f06fab1057
s390x	osbuild-composer-worker-132-1.el9.alma.1.s390x.rpm	e575c10aa47c772bb2821986a0dd0c01238f00c4e9f3bc6f30986e79bfc602df
x86_64	osbuild-composer-132-1.el9.alma.1.x86_64.rpm	7e22a4e9f9ea5c32607128a0e700d81ff92b6975ed87bc1040f441356c7cf104
x86_64	osbuild-composer-worker-132-1.el9.alma.1.x86_64.rpm	9d852421a8a5cf65fa11157edffa4b6bbae2483a5f3b4ec27cb646a21177a715
x86_64	osbuild-composer-core-132-1.el9.alma.1.x86_64.rpm	f860cef41e7d2a5469a7e44858ae5c55c38b96fc06d516b039d9591eb3d946dc

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.