[ALSA-2025:7425] Important: osbuild-composer security update
Type:
security
Severity:
important
Release date:
2025-05-26
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-core-132.2-1.el9_6.alma.1.aarch64.rpm 0e6a95e611c8e20981d008258a58a464838551b17eeb6d49eb3b5faa5d7ba81e
aarch64 osbuild-composer-132.2-1.el9_6.alma.1.aarch64.rpm 34fc1b7bb8b4b05dd026f31b3ce12d28f691bf3e0d869449c838a019757abc14
aarch64 osbuild-composer-worker-132.2-1.el9_6.alma.1.aarch64.rpm 38f5f639ae1a0ff5c77fc9e385d4d1b281871dd7e7c0ab0e6394819d95176622
ppc64le osbuild-composer-132.2-1.el9_6.alma.1.ppc64le.rpm 32892aaaf3c7b8550a32963756bde5ba23b1ff4a24e63180fce27dc1afe04bd5
ppc64le osbuild-composer-core-132.2-1.el9_6.alma.1.ppc64le.rpm 4d1e4c5cd273c78547414d2d497e74cfb8214776245a09b1751b8968670b1db5
ppc64le osbuild-composer-worker-132.2-1.el9_6.alma.1.ppc64le.rpm ea11ada613bb59be99b6045c9eef5eb5d7531bcfa973c0a4ef6b84441c3d2774
s390x osbuild-composer-worker-132.2-1.el9_6.alma.1.s390x.rpm 1b82f9544dfe8257184f5368cec49cfb6978550883080e5a3bdc579b878efc6e
s390x osbuild-composer-core-132.2-1.el9_6.alma.1.s390x.rpm 3e1dbd9e0bea2eeb117235a82a9094ed696c958e70b97fa1d69e18512563da64
s390x osbuild-composer-132.2-1.el9_6.alma.1.s390x.rpm a27cec4478b081337f4dc2b8f36c5f456c3a4a79adce55a7c7ef0b7577d131b3
x86_64 osbuild-composer-worker-132.2-1.el9_6.alma.1.x86_64.rpm 13e55026b078bd9085db98dac2623b7a25c4f4d3c98d1fd08b1a28be754734bd
x86_64 osbuild-composer-core-132.2-1.el9_6.alma.1.x86_64.rpm 7c83be5dc989ad24dc9290195771baade060f8874c768b3fbea5c32e96982088
x86_64 osbuild-composer-132.2-1.el9_6.alma.1.x86_64.rpm fc227998bc4748cbfd56a03264ee87497c67e236b480121ff88b8ea3482d7ae8
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.