ELSA-2025-9634

Опубликовано: 25 июн. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-9634: osbuild-composer security update (MODERATE)

[132.2-2.0.1]

Switch to UEKR8 repositories for OL9.6 [Orabug: 37962207]
Add support to create OpenScap images [JIRA: OLDIS-35301]
Simplify repository names [JIRA: OLDIS-35893]
Refactor patches to fix some naming and set a correct kernel for Oracle Linux [Orabug: 37253643]
Support using OCI variables inside built images [JIRA: OLDIS-35302]
Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
Update repositories to contain OCI variables
Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
Increase default /boot size to 1GB [Orabug: 36827079]
Add support for OCI hybrid images [JIRA: OLDIS-33593]
enable aarch64 OCI image builds [JIRA: OLDIS-33593]
support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]

[132.2-2]

Resolves: RHEL-89319 (CVE-2025-22871)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

osbuild-composer

132.2-2.0.1.el9_6

osbuild-composer-core

132.2-2.0.1.el9_6

osbuild-composer-worker

132.2-2.0.1.el9_6

Oracle Linux x86_64

osbuild-composer

132.2-2.0.1.el9_6

osbuild-composer-core

132.2-2.0.1.el9_6

osbuild-composer-worker

132.2-2.0.1.el9_6

Связанные CVE

CVE-2025-22871

Ссылки на источники

Связанные уязвимости

CVE-2025-22871

CVSS3: 9.1

ubuntu

4 месяца назад

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.