[ALSA-2026:1381] Moderate: osbuild-composer security update
Type:
security
Severity:
moderate
Release date:
2026-02-02
Description:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 osbuild-composer-core-149-3.el9_7.alma.3.aarch64.rpm 19917a5dbdff2226ef6a4a39128196eafe9a27eb5959a6988332005e64e5237b
aarch64 osbuild-composer-worker-149-3.el9_7.alma.3.aarch64.rpm 40e597bc7c3f42d1eabfe95a5ef05d8a7fed02e9ed71a5d72b939f43bb0d5e49
aarch64 osbuild-composer-149-3.el9_7.alma.3.aarch64.rpm e5041d2483e0c62fa3f59ebe033bdfec8f8b2e9ca9365a382a5ec010b0436e4d
ppc64le osbuild-composer-worker-149-3.el9_7.alma.3.ppc64le.rpm 518fcc3a11d8603470a3d9763bc7d32a79acf9e4e817a31f7e874ac1f33ecf17
ppc64le osbuild-composer-149-3.el9_7.alma.3.ppc64le.rpm 75a909eca921e74ba2c5871436c470a754720b96d5d4fd72837456756697694f
ppc64le osbuild-composer-core-149-3.el9_7.alma.3.ppc64le.rpm ae14ee52e79d03c043d693432a9dba1c766d1ac3e0de99cce40c01d1341d1a12
s390x osbuild-composer-worker-149-3.el9_7.alma.3.s390x.rpm 570709aea588b35e459dd24f687beb6053f7305dc87274bb7108354bce4e1de0
s390x osbuild-composer-149-3.el9_7.alma.3.s390x.rpm 5fa61fc4dd29dbd5d2197bdade84216ba0ccb2db5b0673be89acdba189658203
s390x osbuild-composer-core-149-3.el9_7.alma.3.s390x.rpm 9f78e63d2869f21e965195ee9ff83d80462ef2667da9ad0c995ff7e4f3d43bbf
x86_64 osbuild-composer-worker-149-3.el9_7.alma.3.x86_64.rpm 55cade98755101578398bc3e244c235ccb4f5a5cd3abfd62aef38c0cd47de7c1
x86_64 osbuild-composer-149-3.el9_7.alma.3.x86_64.rpm 9b9dc7b1de8f68fe487312933bb7a00f0d8f1c65fe7508788332d7900eb1654a
x86_64 osbuild-composer-core-149-3.el9_7.alma.3.x86_64.rpm a145b3a9931a8171c76643eaaf78a7ea283a1c3a2a186183a62c2466a3fa5fc6
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.