Red Hat Product Errata RHSA-2026:0973 - Security Advisory
Issued:
2026-01-22
Updated:
2026-01-22

RHSA-2026:0973 - Security Advisory

Synopsis

Moderate: osbuild-composer security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
osbuild-composer-75-5.el8_8.src.rpm SHA-256: 8ca7a93f005a1fdffb3232d13efe39b2c395a927557127d8c35d84efc0e2e8c1
x86_64
osbuild-composer-75-5.el8_8.x86_64.rpm SHA-256: b76800f8c1a691a5175330486df619d5e2ef622094f2e6830d17ad326f52fbf2
osbuild-composer-core-75-5.el8_8.x86_64.rpm SHA-256: 4920b9d6286ad6d4d6a026d8f4d9409e3cd33e7eeab906025c255d726234ca76
osbuild-composer-core-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: 21e4ca98369747813c6ffb3ee192e74cb224273ef0b035d881ba33746420da39
osbuild-composer-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: 68b30ac9b0a8c8d81f0a09a98e9f9fbca3c98402582ff62296fa523947a1d719
osbuild-composer-debugsource-75-5.el8_8.x86_64.rpm SHA-256: 161ff0dbdec7cae56c17ce7b565f48d83f06b6059577e5cbca82bb2957f7d2ab
osbuild-composer-dnf-json-75-5.el8_8.x86_64.rpm SHA-256: 3a1ae68cddd84b2d45a873868965fb1cffc2ccb182c4c9f17aae471f067e4182
osbuild-composer-tests-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: f1c2c6691a49b199ec109306973ea8f5f23abcf5f441b41e9da1e7b58b59c1d6
osbuild-composer-worker-75-5.el8_8.x86_64.rpm SHA-256: 48b69f876abde3c7f0f18b60b93f493539944046814fe1ebd36325fc90f197b5
osbuild-composer-worker-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: d20a7c2dad2b37936e97e60617ccb54c6a54064fb212453c7db8e03b978de228

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
osbuild-composer-75-5.el8_8.src.rpm SHA-256: 8ca7a93f005a1fdffb3232d13efe39b2c395a927557127d8c35d84efc0e2e8c1
x86_64
osbuild-composer-75-5.el8_8.x86_64.rpm SHA-256: b76800f8c1a691a5175330486df619d5e2ef622094f2e6830d17ad326f52fbf2
osbuild-composer-core-75-5.el8_8.x86_64.rpm SHA-256: 4920b9d6286ad6d4d6a026d8f4d9409e3cd33e7eeab906025c255d726234ca76
osbuild-composer-core-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: 21e4ca98369747813c6ffb3ee192e74cb224273ef0b035d881ba33746420da39
osbuild-composer-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: 68b30ac9b0a8c8d81f0a09a98e9f9fbca3c98402582ff62296fa523947a1d719
osbuild-composer-debugsource-75-5.el8_8.x86_64.rpm SHA-256: 161ff0dbdec7cae56c17ce7b565f48d83f06b6059577e5cbca82bb2957f7d2ab
osbuild-composer-dnf-json-75-5.el8_8.x86_64.rpm SHA-256: 3a1ae68cddd84b2d45a873868965fb1cffc2ccb182c4c9f17aae471f067e4182
osbuild-composer-tests-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: f1c2c6691a49b199ec109306973ea8f5f23abcf5f441b41e9da1e7b58b59c1d6
osbuild-composer-worker-75-5.el8_8.x86_64.rpm SHA-256: 48b69f876abde3c7f0f18b60b93f493539944046814fe1ebd36325fc90f197b5
osbuild-composer-worker-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: d20a7c2dad2b37936e97e60617ccb54c6a54064fb212453c7db8e03b978de228

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
osbuild-composer-75-5.el8_8.src.rpm SHA-256: 8ca7a93f005a1fdffb3232d13efe39b2c395a927557127d8c35d84efc0e2e8c1
ppc64le
osbuild-composer-75-5.el8_8.ppc64le.rpm SHA-256: 9dede3606efbb69533863458ad54f440673d81a482f6960362981c4578e06e93
osbuild-composer-core-75-5.el8_8.ppc64le.rpm SHA-256: 12b071cb6939f32780811a1e7465dea5ce812e59265bd63026c538a88c367fba
osbuild-composer-core-debuginfo-75-5.el8_8.ppc64le.rpm SHA-256: b0e1b2e7c3aac7932ffe0840f1cc14a6fd34cc03af3867f7326d51fe3630d0be
osbuild-composer-debuginfo-75-5.el8_8.ppc64le.rpm SHA-256: 212702034a6a02b6f0f4045ed8a332af99af6502a2f0c9b2c4d70f91f2dec8fa
osbuild-composer-debugsource-75-5.el8_8.ppc64le.rpm SHA-256: 66d9af6b69695aacdcae77d4c9083bf11d848d557709142f934503ff0b9ed216
osbuild-composer-dnf-json-75-5.el8_8.ppc64le.rpm SHA-256: 691079e6384ba1f89e66e03d080bd03ce293f05ed07e16097665576dfe6fd214
osbuild-composer-tests-debuginfo-75-5.el8_8.ppc64le.rpm SHA-256: 55bea7449b3686cdf583d2827b966cb6d9f01388139d4fdaee7751c83cd03d73
osbuild-composer-worker-75-5.el8_8.ppc64le.rpm SHA-256: 8b7572ad7b267602feab8496e3176d184c8751639ab7ea85e4eddaa4927a0bf8
osbuild-composer-worker-debuginfo-75-5.el8_8.ppc64le.rpm SHA-256: 0ddd852cda1e0ebeb5a618c6c7c23df32aaf52d094d7fd050c8f610fb8506d02

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
osbuild-composer-75-5.el8_8.src.rpm SHA-256: 8ca7a93f005a1fdffb3232d13efe39b2c395a927557127d8c35d84efc0e2e8c1
x86_64
osbuild-composer-75-5.el8_8.x86_64.rpm SHA-256: b76800f8c1a691a5175330486df619d5e2ef622094f2e6830d17ad326f52fbf2
osbuild-composer-core-75-5.el8_8.x86_64.rpm SHA-256: 4920b9d6286ad6d4d6a026d8f4d9409e3cd33e7eeab906025c255d726234ca76
osbuild-composer-core-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: 21e4ca98369747813c6ffb3ee192e74cb224273ef0b035d881ba33746420da39
osbuild-composer-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: 68b30ac9b0a8c8d81f0a09a98e9f9fbca3c98402582ff62296fa523947a1d719
osbuild-composer-debugsource-75-5.el8_8.x86_64.rpm SHA-256: 161ff0dbdec7cae56c17ce7b565f48d83f06b6059577e5cbca82bb2957f7d2ab
osbuild-composer-dnf-json-75-5.el8_8.x86_64.rpm SHA-256: 3a1ae68cddd84b2d45a873868965fb1cffc2ccb182c4c9f17aae471f067e4182
osbuild-composer-tests-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: f1c2c6691a49b199ec109306973ea8f5f23abcf5f441b41e9da1e7b58b59c1d6
osbuild-composer-worker-75-5.el8_8.x86_64.rpm SHA-256: 48b69f876abde3c7f0f18b60b93f493539944046814fe1ebd36325fc90f197b5
osbuild-composer-worker-debuginfo-75-5.el8_8.x86_64.rpm SHA-256: d20a7c2dad2b37936e97e60617ccb54c6a54064fb212453c7db8e03b978de228

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.