[ALSA-2025:9634] Moderate: osbuild-composer security update
Type:
security
Severity:
moderate
Release date:
2025-06-30
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-132.2-2.el9_6.alma.1.aarch64.rpm 250e8008e2b797e32a4af0a037013840464c403221c4ffe664ca32b200a6a3e7
aarch64 osbuild-composer-core-132.2-2.el9_6.alma.1.aarch64.rpm 5c2dd606e21cdf494a64e42bb0d08ab74c7224b0c886dfbcc008a1b65064eada
aarch64 osbuild-composer-worker-132.2-2.el9_6.alma.1.aarch64.rpm e9bf68aba987da2c643ae329d5496fd669793052b1ff970fef139060b67322f0
ppc64le osbuild-composer-core-132.2-2.el9_6.alma.1.ppc64le.rpm 93b02713c7d80ac9540690e828425f078daafa1ed8775ea2940ee8c9aa61922b
ppc64le osbuild-composer-worker-132.2-2.el9_6.alma.1.ppc64le.rpm be8d251102caddaae0671004cb8fff9f47d3db6a8a4e51f2d4cd903f45cd5316
ppc64le osbuild-composer-132.2-2.el9_6.alma.1.ppc64le.rpm f4e4911b6b5964a8c8a89e185720cfbbb529196cf6508c9ba7f533959af49363
s390x osbuild-composer-core-132.2-2.el9_6.alma.1.s390x.rpm 3b05b90bc2707b6e01cb4ecc08b5a8f625996d47b2de7d8b3c8f32b28ef0493a
s390x osbuild-composer-132.2-2.el9_6.alma.1.s390x.rpm 869b997fc1df1929ae71a1beb5fdbeb6021801f770746ea20ed65b76536cc8f0
s390x osbuild-composer-worker-132.2-2.el9_6.alma.1.s390x.rpm e44574577428d779ee60bce97ff97381a78f60a58061e518dee16b6d6853a8ec
x86_64 osbuild-composer-132.2-2.el9_6.alma.1.x86_64.rpm 50e993a0d8e1bd133b34c3d3da2094f0ec5699ee42eeae8cf1c5cff8b16b1d4e
x86_64 osbuild-composer-worker-132.2-2.el9_6.alma.1.x86_64.rpm 910f8126e87e6ef4b335ca4d144f235afec3d00ee00905f765eb8bbdb4b9cec4
x86_64 osbuild-composer-core-132.2-2.el9_6.alma.1.x86_64.rpm fbb6bf20e67206760c80e1f7a0d8367d9be641d8e45c1fb82d08c572ad5d5f4b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.