RLSA-2026:3898

Опубликовано: 21 мая 2026

Источник: rocky

Оценка: Important

Описание

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
osbuild-composer	x86_64	4.el8_10.rocky.0.6	osbuild-composer-101.4-4.el8_10.rocky.0.6.x86_64.rpm
osbuild-composer-core	x86_64	4.el8_10.rocky.0.6	osbuild-composer-core-101.4-4.el8_10.rocky.0.6.x86_64.rpm
osbuild-composer-worker	x86_64	4.el8_10.rocky.0.6	osbuild-composer-worker-101.4-4.el8_10.rocky.0.6.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-61726

CVE-2025-68121

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2434432
Red Hat - 2434432
https://bugzilla.redhat.com/show_bug.cgi?id=2437111
Red Hat - 2437111

Связанные уязвимости

RLSA-2026:4177

rocky

4 месяца назад

Important: opentelemetry-collector security update

RLSA-2026:3985

rocky

4 месяца назад

Important: git-lfs security update

RLSA-2026:3187

rocky

4 месяца назад

Important: grafana-pcp security update

RLSA-2026:3092

rocky

4 месяца назад

Important: golang-github-openprinting-ipp-usb security update

ELSA-2026-3985

oracle-oval

4 месяца назад

ELSA-2026-3985: git-lfs security update (IMPORTANT)

exploitDog

RLSA-2026:3898

Описание

Затронутые продукты

Rocky Linux 8: обновленные пакеты

Связанные CVE

Ссылки на источники

Исправления

Связанные уязвимости