ELSA-2026-1837

Опубликовано: 04 фев. 2026

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2026-1837: osbuild-composer security update (MODERATE)

[149-4.0.1]

Add missing dependency over dracut-config-rescue for image-installer [Orabug: 38587453]
Add OL10 support
Update repository URLs for baseos, appstream and UERK
Fix the label for UEKR repository
Simplify repository names [JIRA: OLDIS-35893]
Ensure build on latest golang: CVE-2024-34156
Refactor patches to fix some naming and set a correct kernel for Oracle Linux [Orabug: 37253643]
Support using OCI variables inside built images [JIRA: OLDIS-35302]
Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
Update repositories to contain OCI variables
Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
Increase default /boot size to 1GB [Orabug: 36827079]
Add support for OCI hybrid images [JIRA: OLDIS-33593]
enable aarch64 OCI image builds [JIRA: OLDIS-33593]
support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]

[149-4]

Rebuilt to fix:
- CVE-2025-58183
- RHEL-125637

[149-3]

Add Red Hat v4 key for RHEL 10.1 RPMs

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

osbuild-composer

149-4.0.1.el10_1

osbuild-composer-core

149-4.0.1.el10_1

osbuild-composer-worker

149-4.0.1.el10_1

Oracle Linux x86_64

osbuild-composer

149-4.0.1.el10_1

osbuild-composer-core

149-4.0.1.el10_1

osbuild-composer-worker

149-4.0.1.el10_1

Связанные CVE

CVE-2025-58183

Ссылки на источники

Связанные уязвимости

CVE-2025-58183

CVSS3: 4.3

ubuntu

3 месяца назад

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.