Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:8456

Опубликовано: 21 мая 2026
Источник: rocky
Оценка: Important

Описание

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
osbuild-composerx86_645.el8_10.rocky.0.6osbuild-composer-101.4-5.el8_10.rocky.0.6.x86_64.rpm
osbuild-composer-corex86_645.el8_10.rocky.0.6osbuild-composer-core-101.4-5.el8_10.rocky.0.6.x86_64.rpm
osbuild-composer-workerx86_645.el8_10.rocky.0.6osbuild-composer-worker-101.4-5.el8_10.rocky.0.6.x86_64.rpm

Показывать по

Связанные CVE

CVE-2026-25679

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2026-25679

CVSS3: 7.5
ubuntu
4 месяца назад

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

redhat логотип

CVE-2026-25679

CVSS3: 7.5
redhat
4 месяца назад

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

nvd логотип

CVE-2026-25679

CVSS3: 7.5
nvd
4 месяца назад

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

msrc логотип

CVE-2026-25679

msrc
4 месяца назад

Incorrect parsing of IPv6 host literals in net/url

debian логотип

CVE-2026-25679

CVSS3: 7.5
debian
4 месяца назад

url.Parse insufficiently validated the host/authority component and ac ...