Issued:: 2026-01-27
Updated:: 2026-01-27

RHSA-2026:1377 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: image-builder security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for image-builder is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood.

Security Fix(es):

golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

Fixes

BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

CVEs

CVE-2025-58183

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
x86_64
image-builder-31-2.el9_7.x86_64.rpm	SHA-256: 4a8ab25838666af5cb10e6b3910edcaed81f0a17a1d10225d22c317e641db48f
image-builder-debuginfo-31-2.el9_7.x86_64.rpm	SHA-256: 6844457329a514a93fd2b1d0ce4a9b2c5394b954262397f7ef4715c671a1e457
image-builder-debugsource-31-2.el9_7.x86_64.rpm	SHA-256: c248ea386193a9ae9f07cbaec35f6b77d00c632bd858a3f0a2996836e905b549

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
x86_64
image-builder-31-2.el9_7.x86_64.rpm	SHA-256: 4a8ab25838666af5cb10e6b3910edcaed81f0a17a1d10225d22c317e641db48f
image-builder-debuginfo-31-2.el9_7.x86_64.rpm	SHA-256: 6844457329a514a93fd2b1d0ce4a9b2c5394b954262397f7ef4715c671a1e457
image-builder-debugsource-31-2.el9_7.x86_64.rpm	SHA-256: c248ea386193a9ae9f07cbaec35f6b77d00c632bd858a3f0a2996836e905b549

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
s390x
image-builder-31-2.el9_7.s390x.rpm	SHA-256: bf0896a6fa36a14e3effb191b75c1c30821c53fa1554c2e436a321471d059daf
image-builder-debuginfo-31-2.el9_7.s390x.rpm	SHA-256: 302853f4166c31ab313ae5f7b8eefc3ce4dd932c475de1c4426b60ff5877dece
image-builder-debugsource-31-2.el9_7.s390x.rpm	SHA-256: 8c384b9acbf41db10338e43ca16e6cecd755bba24f15e209e443b8bc1c7cbf62

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
s390x
image-builder-31-2.el9_7.s390x.rpm	SHA-256: bf0896a6fa36a14e3effb191b75c1c30821c53fa1554c2e436a321471d059daf
image-builder-debuginfo-31-2.el9_7.s390x.rpm	SHA-256: 302853f4166c31ab313ae5f7b8eefc3ce4dd932c475de1c4426b60ff5877dece
image-builder-debugsource-31-2.el9_7.s390x.rpm	SHA-256: 8c384b9acbf41db10338e43ca16e6cecd755bba24f15e209e443b8bc1c7cbf62

Red Hat Enterprise Linux for Power, little endian 9

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
ppc64le
image-builder-31-2.el9_7.ppc64le.rpm	SHA-256: bd2e761a0456f85b7b1d3f8db2e0e8d2daeca34c753a224fcc303effe06ebe65
image-builder-debuginfo-31-2.el9_7.ppc64le.rpm	SHA-256: e4442110e0faafd6eac37d4d2c15ef87757968824f0aeb9a6676ddaa9b5b4232
image-builder-debugsource-31-2.el9_7.ppc64le.rpm	SHA-256: 2896ef0602197f4776c6404eeadc72c393a3531ca8ac86b8102409eaf2c50fd5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
ppc64le
image-builder-31-2.el9_7.ppc64le.rpm	SHA-256: bd2e761a0456f85b7b1d3f8db2e0e8d2daeca34c753a224fcc303effe06ebe65
image-builder-debuginfo-31-2.el9_7.ppc64le.rpm	SHA-256: e4442110e0faafd6eac37d4d2c15ef87757968824f0aeb9a6676ddaa9b5b4232
image-builder-debugsource-31-2.el9_7.ppc64le.rpm	SHA-256: 2896ef0602197f4776c6404eeadc72c393a3531ca8ac86b8102409eaf2c50fd5

Red Hat Enterprise Linux for ARM 64 9

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
aarch64
image-builder-31-2.el9_7.aarch64.rpm	SHA-256: 6ed01adc6aafc1ba07e660af76914ae151af1a710a430dd87793d635b810c1fa
image-builder-debuginfo-31-2.el9_7.aarch64.rpm	SHA-256: 4500d77586179d4a81a3800b87a9189f3f6743a94e133d3799e55913f2c49e53
image-builder-debugsource-31-2.el9_7.aarch64.rpm	SHA-256: b87b07fdb5e79da25a5c55206580f230513a90c5f206a2c0de7c3117a7465457

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
aarch64
image-builder-31-2.el9_7.aarch64.rpm	SHA-256: 6ed01adc6aafc1ba07e660af76914ae151af1a710a430dd87793d635b810c1fa
image-builder-debuginfo-31-2.el9_7.aarch64.rpm	SHA-256: 4500d77586179d4a81a3800b87a9189f3f6743a94e133d3799e55913f2c49e53
image-builder-debugsource-31-2.el9_7.aarch64.rpm	SHA-256: b87b07fdb5e79da25a5c55206580f230513a90c5f206a2c0de7c3117a7465457

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
ppc64le
image-builder-31-2.el9_7.ppc64le.rpm	SHA-256: bd2e761a0456f85b7b1d3f8db2e0e8d2daeca34c753a224fcc303effe06ebe65
image-builder-debuginfo-31-2.el9_7.ppc64le.rpm	SHA-256: e4442110e0faafd6eac37d4d2c15ef87757968824f0aeb9a6676ddaa9b5b4232
image-builder-debugsource-31-2.el9_7.ppc64le.rpm	SHA-256: 2896ef0602197f4776c6404eeadc72c393a3531ca8ac86b8102409eaf2c50fd5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
x86_64
image-builder-31-2.el9_7.x86_64.rpm	SHA-256: 4a8ab25838666af5cb10e6b3910edcaed81f0a17a1d10225d22c317e641db48f
image-builder-debuginfo-31-2.el9_7.x86_64.rpm	SHA-256: 6844457329a514a93fd2b1d0ce4a9b2c5394b954262397f7ef4715c671a1e457
image-builder-debugsource-31-2.el9_7.x86_64.rpm	SHA-256: c248ea386193a9ae9f07cbaec35f6b77d00c632bd858a3f0a2996836e905b549

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
aarch64
image-builder-31-2.el9_7.aarch64.rpm	SHA-256: 6ed01adc6aafc1ba07e660af76914ae151af1a710a430dd87793d635b810c1fa
image-builder-debuginfo-31-2.el9_7.aarch64.rpm	SHA-256: 4500d77586179d4a81a3800b87a9189f3f6743a94e133d3799e55913f2c49e53
image-builder-debugsource-31-2.el9_7.aarch64.rpm	SHA-256: b87b07fdb5e79da25a5c55206580f230513a90c5f206a2c0de7c3117a7465457

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
s390x
image-builder-31-2.el9_7.s390x.rpm	SHA-256: bf0896a6fa36a14e3effb191b75c1c30821c53fa1554c2e436a321471d059daf
image-builder-debuginfo-31-2.el9_7.s390x.rpm	SHA-256: 302853f4166c31ab313ae5f7b8eefc3ce4dd932c475de1c4426b60ff5877dece
image-builder-debugsource-31-2.el9_7.s390x.rpm	SHA-256: 8c384b9acbf41db10338e43ca16e6cecd755bba24f15e209e443b8bc1c7cbf62

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
x86_64
image-builder-31-2.el9_7.x86_64.rpm	SHA-256: 4a8ab25838666af5cb10e6b3910edcaed81f0a17a1d10225d22c317e641db48f
image-builder-debuginfo-31-2.el9_7.x86_64.rpm	SHA-256: 6844457329a514a93fd2b1d0ce4a9b2c5394b954262397f7ef4715c671a1e457
image-builder-debugsource-31-2.el9_7.x86_64.rpm	SHA-256: c248ea386193a9ae9f07cbaec35f6b77d00c632bd858a3f0a2996836e905b549

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
aarch64
image-builder-31-2.el9_7.aarch64.rpm	SHA-256: 6ed01adc6aafc1ba07e660af76914ae151af1a710a430dd87793d635b810c1fa
image-builder-debuginfo-31-2.el9_7.aarch64.rpm	SHA-256: 4500d77586179d4a81a3800b87a9189f3f6743a94e133d3799e55913f2c49e53
image-builder-debugsource-31-2.el9_7.aarch64.rpm	SHA-256: b87b07fdb5e79da25a5c55206580f230513a90c5f206a2c0de7c3117a7465457

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
ppc64le
image-builder-31-2.el9_7.ppc64le.rpm	SHA-256: bd2e761a0456f85b7b1d3f8db2e0e8d2daeca34c753a224fcc303effe06ebe65
image-builder-debuginfo-31-2.el9_7.ppc64le.rpm	SHA-256: e4442110e0faafd6eac37d4d2c15ef87757968824f0aeb9a6676ddaa9b5b4232
image-builder-debugsource-31-2.el9_7.ppc64le.rpm	SHA-256: 2896ef0602197f4776c6404eeadc72c393a3531ca8ac86b8102409eaf2c50fd5

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
image-builder-31-2.el9_7.src.rpm	SHA-256: 0cc8a8f0474b6de99cb8587464f55ec1624c8ea5c8425aa2bcf9381a8813a95e
s390x
image-builder-31-2.el9_7.s390x.rpm	SHA-256: bf0896a6fa36a14e3effb191b75c1c30821c53fa1554c2e436a321471d059daf
image-builder-debuginfo-31-2.el9_7.s390x.rpm	SHA-256: 302853f4166c31ab313ae5f7b8eefc3ce4dd932c475de1c4426b60ff5877dece
image-builder-debugsource-31-2.el9_7.s390x.rpm	SHA-256: 8c384b9acbf41db10338e43ca16e6cecd755bba24f15e209e443b8bc1c7cbf62

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation