[ALSA-2026:1377] Moderate: image-builder security update
Type:
security
Severity:
moderate
Release date:
2026-02-12
Description:
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fix(es): * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 image-builder-31-2.el9_7.aarch64.rpm 8456c3f1f2b8821faac07b95ee66f073e73ffce9c6b62b6cc7a09df91f870b24
ppc64le image-builder-31-2.el9_7.ppc64le.rpm 1c6ef2042a6c96b6c265375f6225ecb3848f990ba7f217215c2baf70f10b8ba7
s390x image-builder-31-2.el9_7.s390x.rpm 8d746f3ae721f77d89e09c4247f0e9dfa519e5a080d6d78f6504a8e33621e041
x86_64 image-builder-31-2.el9_7.x86_64.rpm f8839eb064a81394eb0cd715f83f78928a3a49157edfefcf6640afa2d29a4beb
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.