Issued:: 2025-05-19
Updated:: 2025-05-19

RHSA-2025:7967 - Security Advisory

Overview
Updated Packages

Synopsis

Important: osbuild-composer security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2354195 - CVE-2025-30204 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

CVEs

CVE-2025-30204

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
osbuild-composer-101-3.el8_10.src.rpm	SHA-256: c69a493d58f3835eb5d7c987ebd815151c2af604a27af70299ba45ed1585052e
x86_64
osbuild-composer-101-3.el8_10.x86_64.rpm	SHA-256: 2efe9b2331ffba7754915a7984c6e3e65b3d282bc81eb75aed2d9f6591035fdf
osbuild-composer-core-101-3.el8_10.x86_64.rpm	SHA-256: c502e7ab2351ebe9de5c665cdfeb2ac5787a2d7b1063793cae7970137632a26f
osbuild-composer-core-debuginfo-101-3.el8_10.x86_64.rpm	SHA-256: 345e318472eff4fc78db86a5955d64954c3fe79eaccf13a629dcb8073fa870f7
osbuild-composer-debuginfo-101-3.el8_10.x86_64.rpm	SHA-256: 5ed8aec887016a5b18c4fc0d4a0e2059e921c192ddf18af9ee96880ac80d33a5
osbuild-composer-debugsource-101-3.el8_10.x86_64.rpm	SHA-256: 25e73e1f4d65a89103e16d9be76fd978e280a0f75cab9516f55d9967708594b9
osbuild-composer-tests-debuginfo-101-3.el8_10.x86_64.rpm	SHA-256: 8eae9cc69c5f4bc70e9a9002ae52e1ac36c16d84df55047b0adc7e89289bf50f
osbuild-composer-worker-101-3.el8_10.x86_64.rpm	SHA-256: 0fad446fc4b9114dbfcc207af1b9077de3990560471e569c725adc6fdf3f2560
osbuild-composer-worker-debuginfo-101-3.el8_10.x86_64.rpm	SHA-256: b3a55c45de62acd3b7a499aa2d3f658b00a705d2c8e56f89236d823188dc0564

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
osbuild-composer-101-3.el8_10.src.rpm	SHA-256: c69a493d58f3835eb5d7c987ebd815151c2af604a27af70299ba45ed1585052e
s390x
osbuild-composer-101-3.el8_10.s390x.rpm	SHA-256: fabb9ec2735651b0bd882a7c7ad79ba69812c17d3d4039e3f01e1b82aa1bfd3b
osbuild-composer-core-101-3.el8_10.s390x.rpm	SHA-256: 4a95e8184fb355fda24da1a595f28f665da5cd4b3b29e0985f318e7f7703ccae
osbuild-composer-core-debuginfo-101-3.el8_10.s390x.rpm	SHA-256: 5d466dac7219a8e6da1f238cc52319842a15d4574d7fba81ed1ff1cfb03ac8f3
osbuild-composer-debuginfo-101-3.el8_10.s390x.rpm	SHA-256: cea7e5daebb29b945ad8c396dced23c25d24067b4dfc4b3f57df47d599a080e3
osbuild-composer-debugsource-101-3.el8_10.s390x.rpm	SHA-256: b95e47a8b72942be540868c88921a8219601ea430671aa7229eb41a38257a27f
osbuild-composer-tests-debuginfo-101-3.el8_10.s390x.rpm	SHA-256: 52abc79671b60606ec500dbcb16a71c4cd261df4ea2db07f5e39f35228d91cd6
osbuild-composer-worker-101-3.el8_10.s390x.rpm	SHA-256: 7722ec541b9889d911598d862cca37ac063199d6028070203bf2ef0d0da0f75d
osbuild-composer-worker-debuginfo-101-3.el8_10.s390x.rpm	SHA-256: 7aa444eed5959b6472661b64ed470ab20a9717d30666011f1b0688ebe6b28fe4

Red Hat Enterprise Linux for Power, little endian 8

SRPM
osbuild-composer-101-3.el8_10.src.rpm	SHA-256: c69a493d58f3835eb5d7c987ebd815151c2af604a27af70299ba45ed1585052e
ppc64le
osbuild-composer-101-3.el8_10.ppc64le.rpm	SHA-256: 85463d7200928d930d94e77def94c76a5ce4b044ff771e84f8572c3012dfd0d7
osbuild-composer-core-101-3.el8_10.ppc64le.rpm	SHA-256: b8b8b632c7426b0fecd31cc4b2f9709a9eb431307615f4a5792a81ac08efe4a9
osbuild-composer-core-debuginfo-101-3.el8_10.ppc64le.rpm	SHA-256: 7c72f210b97a5e134aac52c98d03286e5a221cdb2ce50ffa1b147e67453ce724
osbuild-composer-debuginfo-101-3.el8_10.ppc64le.rpm	SHA-256: 04eefb63227f4f2626ccb4cce9b715e10e8095648722e59948e43846f244d419
osbuild-composer-debugsource-101-3.el8_10.ppc64le.rpm	SHA-256: db6cdda726e638652b40dcd385384afc7f9ca5a21d04d873212c6a2b7bb89107
osbuild-composer-tests-debuginfo-101-3.el8_10.ppc64le.rpm	SHA-256: 5fb217dd696918fc7cd5a90748c5f76004abaea5016d035ce2a1d180020eea8e
osbuild-composer-worker-101-3.el8_10.ppc64le.rpm	SHA-256: 4a0468aa6601f86608bcdf292297e635a6e8006504bcdf76846a7df58ed1697f
osbuild-composer-worker-debuginfo-101-3.el8_10.ppc64le.rpm	SHA-256: 39b92dfed5d75e26d9c872de6de9ffb4987f0a498aca7d582a73c49b58e6842b

Red Hat Enterprise Linux for ARM 64 8

SRPM
osbuild-composer-101-3.el8_10.src.rpm	SHA-256: c69a493d58f3835eb5d7c987ebd815151c2af604a27af70299ba45ed1585052e
aarch64
osbuild-composer-101-3.el8_10.aarch64.rpm	SHA-256: 22133f75cc18b00dbdf50ea059e68b9807d20d4f97c71124add160862cef2ef6
osbuild-composer-core-101-3.el8_10.aarch64.rpm	SHA-256: b384df18293ba1e4e463868284ffcfd5d56fe44bed9954312d70000b9cbccb3b
osbuild-composer-core-debuginfo-101-3.el8_10.aarch64.rpm	SHA-256: 73a641b84e09c4d7dd026d0c7fcc94ff2a21edcdf203e60d319716c72999a0e8
osbuild-composer-debuginfo-101-3.el8_10.aarch64.rpm	SHA-256: d91c3937c150ea3cc127b51ffbb10e922feb2ee8ad098819fa350dcc5580f5c6
osbuild-composer-debugsource-101-3.el8_10.aarch64.rpm	SHA-256: 284f6feb79374e25a94bbd760ad54e7d23c13114fc6cfef0d0ed993580ab4045
osbuild-composer-tests-debuginfo-101-3.el8_10.aarch64.rpm	SHA-256: 28a32f7956f1890dbaa33c73897a9531b3a5815813df08d2bdd2d658ad57e80c
osbuild-composer-worker-101-3.el8_10.aarch64.rpm	SHA-256: 92a74ae72f3f949a796765902ec8511c564e8086a6cc1dc519ff77020df989c3
osbuild-composer-worker-debuginfo-101-3.el8_10.aarch64.rpm	SHA-256: a74ee1763d0932a21ec4afc02a391af3ef30590bd3e6acfbbe4f46fa5fc001e1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation