Issued:: 2026-05-05
Updated:: 2026-05-05

RHSA-2026:13671 - Security Advisory

Overview
Updated Packages

Synopsis

Important: image-builder security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for image-builder is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood.

Security Fix(es):

net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

Fixes

BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url

CVEs

CVE-2026-25679

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
x86_64
image-builder-31-4.el9_7.x86_64.rpm	SHA-256: 0b3bd1da867ad7b835323bc37fb1fbb1969eafbb138ad2827dda2039e44fc769
image-builder-debuginfo-31-4.el9_7.x86_64.rpm	SHA-256: 7cc2a93b6a55f75249837fab031bb8d8d3401f5aed2cbed29368c34cca816396
image-builder-debugsource-31-4.el9_7.x86_64.rpm	SHA-256: 99ac1e0b942c69386a14d89bfab6decd0d8b5ac62bdbd43858b77af8c1d8873b

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
x86_64
image-builder-31-4.el9_7.x86_64.rpm	SHA-256: 0b3bd1da867ad7b835323bc37fb1fbb1969eafbb138ad2827dda2039e44fc769
image-builder-debuginfo-31-4.el9_7.x86_64.rpm	SHA-256: 7cc2a93b6a55f75249837fab031bb8d8d3401f5aed2cbed29368c34cca816396
image-builder-debugsource-31-4.el9_7.x86_64.rpm	SHA-256: 99ac1e0b942c69386a14d89bfab6decd0d8b5ac62bdbd43858b77af8c1d8873b

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
s390x
image-builder-31-4.el9_7.s390x.rpm	SHA-256: 90d2d5bcbaf89a11fd934c893bb48c8afdf36c5b1eb93e9b57b46688195e8fe3
image-builder-debuginfo-31-4.el9_7.s390x.rpm	SHA-256: e08c7bc75e2e68aef5a1c99f2816ef79eaf101a386b203025b6ec501fa61ab5c
image-builder-debugsource-31-4.el9_7.s390x.rpm	SHA-256: 91632dff2a1c2f30a37e16ed88a16e62b3962d458c91cd13e335be67ef152eb4

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
s390x
image-builder-31-4.el9_7.s390x.rpm	SHA-256: 90d2d5bcbaf89a11fd934c893bb48c8afdf36c5b1eb93e9b57b46688195e8fe3
image-builder-debuginfo-31-4.el9_7.s390x.rpm	SHA-256: e08c7bc75e2e68aef5a1c99f2816ef79eaf101a386b203025b6ec501fa61ab5c
image-builder-debugsource-31-4.el9_7.s390x.rpm	SHA-256: 91632dff2a1c2f30a37e16ed88a16e62b3962d458c91cd13e335be67ef152eb4

Red Hat Enterprise Linux for Power, little endian 9

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
ppc64le
image-builder-31-4.el9_7.ppc64le.rpm	SHA-256: 42297091970bb78dcb4bfa5c453ccb2d63624282b6f6c5eb911b32d2a9a24f13
image-builder-debuginfo-31-4.el9_7.ppc64le.rpm	SHA-256: f01cc0bbc7a8b1afeeddcac6a5f3203f823f26da8916d1451107a90275b433eb
image-builder-debugsource-31-4.el9_7.ppc64le.rpm	SHA-256: 05287b4316157fca0095355c267079c49c79d19f41b6db34ffcbc7a1e00fad70

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
ppc64le
image-builder-31-4.el9_7.ppc64le.rpm	SHA-256: 42297091970bb78dcb4bfa5c453ccb2d63624282b6f6c5eb911b32d2a9a24f13
image-builder-debuginfo-31-4.el9_7.ppc64le.rpm	SHA-256: f01cc0bbc7a8b1afeeddcac6a5f3203f823f26da8916d1451107a90275b433eb
image-builder-debugsource-31-4.el9_7.ppc64le.rpm	SHA-256: 05287b4316157fca0095355c267079c49c79d19f41b6db34ffcbc7a1e00fad70

Red Hat Enterprise Linux for ARM 64 9

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
aarch64
image-builder-31-4.el9_7.aarch64.rpm	SHA-256: c3e82d503ac924e0173a0c6300d94e5d206578167f83340e972adb53b1b62920
image-builder-debuginfo-31-4.el9_7.aarch64.rpm	SHA-256: 8b26aa2eab5aa02a9bb47078cb86662e3f805c2b30337d6bf9667cdd26de5b3a
image-builder-debugsource-31-4.el9_7.aarch64.rpm	SHA-256: a98dff71d5f6fcf99379b34d2eb80fdf39694352dc5351388e338c2a3960ec65

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
aarch64
image-builder-31-4.el9_7.aarch64.rpm	SHA-256: c3e82d503ac924e0173a0c6300d94e5d206578167f83340e972adb53b1b62920
image-builder-debuginfo-31-4.el9_7.aarch64.rpm	SHA-256: 8b26aa2eab5aa02a9bb47078cb86662e3f805c2b30337d6bf9667cdd26de5b3a
image-builder-debugsource-31-4.el9_7.aarch64.rpm	SHA-256: a98dff71d5f6fcf99379b34d2eb80fdf39694352dc5351388e338c2a3960ec65

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
ppc64le
image-builder-31-4.el9_7.ppc64le.rpm	SHA-256: 42297091970bb78dcb4bfa5c453ccb2d63624282b6f6c5eb911b32d2a9a24f13
image-builder-debuginfo-31-4.el9_7.ppc64le.rpm	SHA-256: f01cc0bbc7a8b1afeeddcac6a5f3203f823f26da8916d1451107a90275b433eb
image-builder-debugsource-31-4.el9_7.ppc64le.rpm	SHA-256: 05287b4316157fca0095355c267079c49c79d19f41b6db34ffcbc7a1e00fad70

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
x86_64
image-builder-31-4.el9_7.x86_64.rpm	SHA-256: 0b3bd1da867ad7b835323bc37fb1fbb1969eafbb138ad2827dda2039e44fc769
image-builder-debuginfo-31-4.el9_7.x86_64.rpm	SHA-256: 7cc2a93b6a55f75249837fab031bb8d8d3401f5aed2cbed29368c34cca816396
image-builder-debugsource-31-4.el9_7.x86_64.rpm	SHA-256: 99ac1e0b942c69386a14d89bfab6decd0d8b5ac62bdbd43858b77af8c1d8873b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
aarch64
image-builder-31-4.el9_7.aarch64.rpm	SHA-256: c3e82d503ac924e0173a0c6300d94e5d206578167f83340e972adb53b1b62920
image-builder-debuginfo-31-4.el9_7.aarch64.rpm	SHA-256: 8b26aa2eab5aa02a9bb47078cb86662e3f805c2b30337d6bf9667cdd26de5b3a
image-builder-debugsource-31-4.el9_7.aarch64.rpm	SHA-256: a98dff71d5f6fcf99379b34d2eb80fdf39694352dc5351388e338c2a3960ec65

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
s390x
image-builder-31-4.el9_7.s390x.rpm	SHA-256: 90d2d5bcbaf89a11fd934c893bb48c8afdf36c5b1eb93e9b57b46688195e8fe3
image-builder-debuginfo-31-4.el9_7.s390x.rpm	SHA-256: e08c7bc75e2e68aef5a1c99f2816ef79eaf101a386b203025b6ec501fa61ab5c
image-builder-debugsource-31-4.el9_7.s390x.rpm	SHA-256: 91632dff2a1c2f30a37e16ed88a16e62b3962d458c91cd13e335be67ef152eb4

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
x86_64
image-builder-31-4.el9_7.x86_64.rpm	SHA-256: 0b3bd1da867ad7b835323bc37fb1fbb1969eafbb138ad2827dda2039e44fc769
image-builder-debuginfo-31-4.el9_7.x86_64.rpm	SHA-256: 7cc2a93b6a55f75249837fab031bb8d8d3401f5aed2cbed29368c34cca816396
image-builder-debugsource-31-4.el9_7.x86_64.rpm	SHA-256: 99ac1e0b942c69386a14d89bfab6decd0d8b5ac62bdbd43858b77af8c1d8873b

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
aarch64
image-builder-31-4.el9_7.aarch64.rpm	SHA-256: c3e82d503ac924e0173a0c6300d94e5d206578167f83340e972adb53b1b62920
image-builder-debuginfo-31-4.el9_7.aarch64.rpm	SHA-256: 8b26aa2eab5aa02a9bb47078cb86662e3f805c2b30337d6bf9667cdd26de5b3a
image-builder-debugsource-31-4.el9_7.aarch64.rpm	SHA-256: a98dff71d5f6fcf99379b34d2eb80fdf39694352dc5351388e338c2a3960ec65

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
ppc64le
image-builder-31-4.el9_7.ppc64le.rpm	SHA-256: 42297091970bb78dcb4bfa5c453ccb2d63624282b6f6c5eb911b32d2a9a24f13
image-builder-debuginfo-31-4.el9_7.ppc64le.rpm	SHA-256: f01cc0bbc7a8b1afeeddcac6a5f3203f823f26da8916d1451107a90275b433eb
image-builder-debugsource-31-4.el9_7.ppc64le.rpm	SHA-256: 05287b4316157fca0095355c267079c49c79d19f41b6db34ffcbc7a1e00fad70

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
image-builder-31-4.el9_7.src.rpm	SHA-256: c66011a15792bbab6d1c5dcd2cd5a801154b213fe4388f215bc1bd0ddd4b1aea
s390x
image-builder-31-4.el9_7.s390x.rpm	SHA-256: 90d2d5bcbaf89a11fd934c893bb48c8afdf36c5b1eb93e9b57b46688195e8fe3
image-builder-debuginfo-31-4.el9_7.s390x.rpm	SHA-256: e08c7bc75e2e68aef5a1c99f2816ef79eaf101a386b203025b6ec501fa61ab5c
image-builder-debugsource-31-4.el9_7.s390x.rpm	SHA-256: 91632dff2a1c2f30a37e16ed88a16e62b3962d458c91cd13e335be67ef152eb4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation