Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:7205 - Security Advisory
Issued:
2024-09-26
Updated:
2024-09-26

RHSA-2024:7205 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: osbuild-composer security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

An image building service based on osbuild It is inspired by lorax-composer and exposes the same API. As such, it is a drop-in replacement.

Security Fix(es):

  • encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2310528 - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

CVEs

  • CVE-2024-34156

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
osbuild-composer-28.7-2.el8_4.src.rpm SHA-256: ee9240955d0e4d1224b79fc9174145e4e087f3d5d9c0f6def9073b37586ac49c
x86_64
osbuild-composer-28.7-2.el8_4.x86_64.rpm SHA-256: 52c8e5e64b533a6b09c926eaf4e1d97cd42eaa4b7c4675f74e33a941cc1f08a8
osbuild-composer-core-28.7-2.el8_4.x86_64.rpm SHA-256: 8cf8ddf6a4e5a3719c2004d8c948f8798cab86f39bc6ee8f86cf70c124b3d739
osbuild-composer-core-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 6fc36f0da49c0dbb66b617ce95f7a42b2b8b5186b603cc3748f8fc2893feabdf
osbuild-composer-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 2183545e6d7474996610d7778b43b5648de40a8b548a6930156c94e5d3462314
osbuild-composer-debugsource-28.7-2.el8_4.x86_64.rpm SHA-256: 0d404ef8cb6028d80c4b26a176e0b4d699da6163cda3ae956430b49923322219
osbuild-composer-tests-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: efac0c0a17d6030831f638def4bc041d15bcad90a77d67912cb7a2647ccba6a6
osbuild-composer-worker-28.7-2.el8_4.x86_64.rpm SHA-256: 7dcbb067d0ccc0c3e2e618223fd567a68ba3ec0119db70ccaaa876c96184759f
osbuild-composer-worker-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: fbeb6200c8ee4c8f3e70d5ff6c40e70bc0a1fa842153e46c0c5ce5070aa9d13d

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
osbuild-composer-28.7-2.el8_4.src.rpm SHA-256: ee9240955d0e4d1224b79fc9174145e4e087f3d5d9c0f6def9073b37586ac49c
x86_64
osbuild-composer-28.7-2.el8_4.x86_64.rpm SHA-256: 52c8e5e64b533a6b09c926eaf4e1d97cd42eaa4b7c4675f74e33a941cc1f08a8
osbuild-composer-core-28.7-2.el8_4.x86_64.rpm SHA-256: 8cf8ddf6a4e5a3719c2004d8c948f8798cab86f39bc6ee8f86cf70c124b3d739
osbuild-composer-core-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 6fc36f0da49c0dbb66b617ce95f7a42b2b8b5186b603cc3748f8fc2893feabdf
osbuild-composer-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 2183545e6d7474996610d7778b43b5648de40a8b548a6930156c94e5d3462314
osbuild-composer-debugsource-28.7-2.el8_4.x86_64.rpm SHA-256: 0d404ef8cb6028d80c4b26a176e0b4d699da6163cda3ae956430b49923322219
osbuild-composer-tests-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: efac0c0a17d6030831f638def4bc041d15bcad90a77d67912cb7a2647ccba6a6
osbuild-composer-worker-28.7-2.el8_4.x86_64.rpm SHA-256: 7dcbb067d0ccc0c3e2e618223fd567a68ba3ec0119db70ccaaa876c96184759f
osbuild-composer-worker-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: fbeb6200c8ee4c8f3e70d5ff6c40e70bc0a1fa842153e46c0c5ce5070aa9d13d

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
osbuild-composer-28.7-2.el8_4.src.rpm SHA-256: ee9240955d0e4d1224b79fc9174145e4e087f3d5d9c0f6def9073b37586ac49c
x86_64
osbuild-composer-28.7-2.el8_4.x86_64.rpm SHA-256: 52c8e5e64b533a6b09c926eaf4e1d97cd42eaa4b7c4675f74e33a941cc1f08a8
osbuild-composer-core-28.7-2.el8_4.x86_64.rpm SHA-256: 8cf8ddf6a4e5a3719c2004d8c948f8798cab86f39bc6ee8f86cf70c124b3d739
osbuild-composer-core-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 6fc36f0da49c0dbb66b617ce95f7a42b2b8b5186b603cc3748f8fc2893feabdf
osbuild-composer-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 2183545e6d7474996610d7778b43b5648de40a8b548a6930156c94e5d3462314
osbuild-composer-debugsource-28.7-2.el8_4.x86_64.rpm SHA-256: 0d404ef8cb6028d80c4b26a176e0b4d699da6163cda3ae956430b49923322219
osbuild-composer-tests-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: efac0c0a17d6030831f638def4bc041d15bcad90a77d67912cb7a2647ccba6a6
osbuild-composer-worker-28.7-2.el8_4.x86_64.rpm SHA-256: 7dcbb067d0ccc0c3e2e618223fd567a68ba3ec0119db70ccaaa876c96184759f
osbuild-composer-worker-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: fbeb6200c8ee4c8f3e70d5ff6c40e70bc0a1fa842153e46c0c5ce5070aa9d13d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
osbuild-composer-28.7-2.el8_4.src.rpm SHA-256: ee9240955d0e4d1224b79fc9174145e4e087f3d5d9c0f6def9073b37586ac49c
ppc64le
osbuild-composer-28.7-2.el8_4.ppc64le.rpm SHA-256: 52828b6ac232d97b363dccf035e4a1665bd831b6c9269903df2256e41cb72e99
osbuild-composer-core-28.7-2.el8_4.ppc64le.rpm SHA-256: 2a2d42d266100bf435fc8b43586b460c93c873fd40bdb94a26559232d2dfbf6d
osbuild-composer-core-debuginfo-28.7-2.el8_4.ppc64le.rpm SHA-256: 4623614d39873c1883945f467cfdbe4839dad70ce6a2e5591783453f5280cbb9
osbuild-composer-debuginfo-28.7-2.el8_4.ppc64le.rpm SHA-256: ac6da66251bec740919b3a25148a6c55b58b472a5f946ce6bd25b5e2e4ecdf77
osbuild-composer-debugsource-28.7-2.el8_4.ppc64le.rpm SHA-256: bb2f0325ca233a1b6bbf9b4c7b873dce870fe100b8912d3d6d130486b915df76
osbuild-composer-tests-debuginfo-28.7-2.el8_4.ppc64le.rpm SHA-256: eaf9fa467d0f0b087b5b1319075a9300b81746c476e63a28d0cb21f082ceab73
osbuild-composer-worker-28.7-2.el8_4.ppc64le.rpm SHA-256: 18c3a441f16763734a0309a973d6d942cafceb51ebe8faefc88c61c8ef459709
osbuild-composer-worker-debuginfo-28.7-2.el8_4.ppc64le.rpm SHA-256: 8813ad08c218356c4d73b01be5b10b02fe6a315f9dc800d7bf05fe59a20dadc6

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
osbuild-composer-28.7-2.el8_4.src.rpm SHA-256: ee9240955d0e4d1224b79fc9174145e4e087f3d5d9c0f6def9073b37586ac49c
x86_64
osbuild-composer-28.7-2.el8_4.x86_64.rpm SHA-256: 52c8e5e64b533a6b09c926eaf4e1d97cd42eaa4b7c4675f74e33a941cc1f08a8
osbuild-composer-core-28.7-2.el8_4.x86_64.rpm SHA-256: 8cf8ddf6a4e5a3719c2004d8c948f8798cab86f39bc6ee8f86cf70c124b3d739
osbuild-composer-core-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 6fc36f0da49c0dbb66b617ce95f7a42b2b8b5186b603cc3748f8fc2893feabdf
osbuild-composer-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: 2183545e6d7474996610d7778b43b5648de40a8b548a6930156c94e5d3462314
osbuild-composer-debugsource-28.7-2.el8_4.x86_64.rpm SHA-256: 0d404ef8cb6028d80c4b26a176e0b4d699da6163cda3ae956430b49923322219
osbuild-composer-tests-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: efac0c0a17d6030831f638def4bc041d15bcad90a77d67912cb7a2647ccba6a6
osbuild-composer-worker-28.7-2.el8_4.x86_64.rpm SHA-256: 7dcbb067d0ccc0c3e2e618223fd567a68ba3ec0119db70ccaaa876c96184759f
osbuild-composer-worker-debuginfo-28.7-2.el8_4.x86_64.rpm SHA-256: fbeb6200c8ee4c8f3e70d5ff6c40e70bc0a1fa842153e46c0c5ce5070aa9d13d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility