Red Hat Product Errata RHSA-2025:9711 - Security Advisory
Issued:
2025-06-26
Updated:
2025-06-26

RHSA-2025:9711 - Security Advisory

Synopsis

Moderate: osbuild-composer security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

  • net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2358493 - CVE-2025-22871 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
osbuild-composer-75-4.el8_8.src.rpm SHA-256: 3011d782d9ed1a25dd624eb7f13f4e8487cb5b12fca1533b4188fb2139c82421
x86_64
osbuild-composer-75-4.el8_8.x86_64.rpm SHA-256: 46a4df418599395afcac0e9fe474ac83bc9af2895985835e6d16b0b3b5a7df0a
osbuild-composer-core-75-4.el8_8.x86_64.rpm SHA-256: 749c2e98c7522844b795077fdbb2a918dc6eee9313274aec6c714f42a83c973c
osbuild-composer-core-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 136663916cada37a83a50cce7b3dad28148c61ce362b86bbe4785a2c01ea6cc3
osbuild-composer-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 12911868afe29a610602ea735afe0e75dcc31ae380044993e4f77ef29f5eda6d
osbuild-composer-debugsource-75-4.el8_8.x86_64.rpm SHA-256: 746e66ae77d090d5c1cbd64918500bb4b1798b412d86c407debb297a1b9ce41b
osbuild-composer-dnf-json-75-4.el8_8.x86_64.rpm SHA-256: aa9a4f2194abe30b03e07ffd1e652a25ef7bfaaf0aa152b5ca5d27f26d8a3666
osbuild-composer-tests-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 83c3bc5ac359dde54ec759b09024e75a336f58cfbbe6d5e82163a513164033c8
osbuild-composer-worker-75-4.el8_8.x86_64.rpm SHA-256: 211f1cb03800970d1ce239f5c8275b3af5c0c039252ee688171ffb735e042797
osbuild-composer-worker-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 665bb0a4ffc214f1d2dbd508ea476213eea16505b764fa0e9f6145b1b45276ba

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
osbuild-composer-75-4.el8_8.src.rpm SHA-256: 3011d782d9ed1a25dd624eb7f13f4e8487cb5b12fca1533b4188fb2139c82421
x86_64
osbuild-composer-75-4.el8_8.x86_64.rpm SHA-256: 46a4df418599395afcac0e9fe474ac83bc9af2895985835e6d16b0b3b5a7df0a
osbuild-composer-core-75-4.el8_8.x86_64.rpm SHA-256: 749c2e98c7522844b795077fdbb2a918dc6eee9313274aec6c714f42a83c973c
osbuild-composer-core-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 136663916cada37a83a50cce7b3dad28148c61ce362b86bbe4785a2c01ea6cc3
osbuild-composer-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 12911868afe29a610602ea735afe0e75dcc31ae380044993e4f77ef29f5eda6d
osbuild-composer-debugsource-75-4.el8_8.x86_64.rpm SHA-256: 746e66ae77d090d5c1cbd64918500bb4b1798b412d86c407debb297a1b9ce41b
osbuild-composer-dnf-json-75-4.el8_8.x86_64.rpm SHA-256: aa9a4f2194abe30b03e07ffd1e652a25ef7bfaaf0aa152b5ca5d27f26d8a3666
osbuild-composer-tests-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 83c3bc5ac359dde54ec759b09024e75a336f58cfbbe6d5e82163a513164033c8
osbuild-composer-worker-75-4.el8_8.x86_64.rpm SHA-256: 211f1cb03800970d1ce239f5c8275b3af5c0c039252ee688171ffb735e042797
osbuild-composer-worker-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 665bb0a4ffc214f1d2dbd508ea476213eea16505b764fa0e9f6145b1b45276ba

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
osbuild-composer-75-4.el8_8.src.rpm SHA-256: 3011d782d9ed1a25dd624eb7f13f4e8487cb5b12fca1533b4188fb2139c82421
ppc64le
osbuild-composer-75-4.el8_8.ppc64le.rpm SHA-256: ddd584cc525bcf5e2937b5544ad48e08f2d734334bd60b612ca57ad3de928719
osbuild-composer-core-75-4.el8_8.ppc64le.rpm SHA-256: 58f0be851d38891176e9d159f0e26b897cbb460a63bc4195b1f916955ea08843
osbuild-composer-core-debuginfo-75-4.el8_8.ppc64le.rpm SHA-256: 866badd01f6c48d5b810bd17e874f196003e251f70758eba917469db21380e38
osbuild-composer-debuginfo-75-4.el8_8.ppc64le.rpm SHA-256: 0ae018012a8f1b20b1bbbb0f496eaa02b3891689f8cde74f766b2ed40e4b2732
osbuild-composer-debugsource-75-4.el8_8.ppc64le.rpm SHA-256: 196f490bf4040c817567bec61f35aeb50d70b3ce5ce2d09f987db7a29cdae895
osbuild-composer-dnf-json-75-4.el8_8.ppc64le.rpm SHA-256: 7cfdcb8ff58c22a2613af12baf2b738b72c36fc01697b78768d18c25a7b4d72e
osbuild-composer-tests-debuginfo-75-4.el8_8.ppc64le.rpm SHA-256: f63ce24c3f0c535ad2e4f57ff51acc0c9039adf0c0f52761fe6b0440330bebcf
osbuild-composer-worker-75-4.el8_8.ppc64le.rpm SHA-256: af7372fb16ef563a8a7160884ccbe341d6e4a5af1fd0ab014e63ce2150fe796c
osbuild-composer-worker-debuginfo-75-4.el8_8.ppc64le.rpm SHA-256: 1e3736f449e047eb51592896614759547226ebe17e726e2730e68aec160881c3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
osbuild-composer-75-4.el8_8.src.rpm SHA-256: 3011d782d9ed1a25dd624eb7f13f4e8487cb5b12fca1533b4188fb2139c82421
x86_64
osbuild-composer-75-4.el8_8.x86_64.rpm SHA-256: 46a4df418599395afcac0e9fe474ac83bc9af2895985835e6d16b0b3b5a7df0a
osbuild-composer-core-75-4.el8_8.x86_64.rpm SHA-256: 749c2e98c7522844b795077fdbb2a918dc6eee9313274aec6c714f42a83c973c
osbuild-composer-core-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 136663916cada37a83a50cce7b3dad28148c61ce362b86bbe4785a2c01ea6cc3
osbuild-composer-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 12911868afe29a610602ea735afe0e75dcc31ae380044993e4f77ef29f5eda6d
osbuild-composer-debugsource-75-4.el8_8.x86_64.rpm SHA-256: 746e66ae77d090d5c1cbd64918500bb4b1798b412d86c407debb297a1b9ce41b
osbuild-composer-dnf-json-75-4.el8_8.x86_64.rpm SHA-256: aa9a4f2194abe30b03e07ffd1e652a25ef7bfaaf0aa152b5ca5d27f26d8a3666
osbuild-composer-tests-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 83c3bc5ac359dde54ec759b09024e75a336f58cfbbe6d5e82163a513164033c8
osbuild-composer-worker-75-4.el8_8.x86_64.rpm SHA-256: 211f1cb03800970d1ce239f5c8275b3af5c0c039252ee688171ffb735e042797
osbuild-composer-worker-debuginfo-75-4.el8_8.x86_64.rpm SHA-256: 665bb0a4ffc214f1d2dbd508ea476213eea16505b764fa0e9f6145b1b45276ba

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.