红帽产品勘误 RHSA-2026:22937 - Security Advisory
发布:
2026-06-03
已更新:
2026-06-03

RHSA-2026:22937 - Security Advisory

概述

Important: image-builder security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for image-builder is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood.

Security Fix(es):

  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
  • crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)
  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
  • google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
  • github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
  • golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
  • crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

修复

  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
  • BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
  • BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509
  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url
  • BZ - 2449833 - CVE-2026-33186 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
  • BZ - 2455470 - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
  • BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
  • BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
  • RHEL-179248 - images: Generate manifests with the appropriate options for handling PQC keys

Red Hat Enterprise Linux for x86_64 10

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
x86_64
image-builder-52.1-1.el10_2.x86_64.rpm SHA-256: bb05db526b121850b23d116bac7798d3ee4e72cd9d1b8f57b7b037fabe122ef9
image-builder-debuginfo-52.1-1.el10_2.x86_64.rpm SHA-256: ce937c9b1afb21421d0b3d112bcb2af4a403d00d707f502ea3d7d80aaa640d7a
image-builder-debugsource-52.1-1.el10_2.x86_64.rpm SHA-256: cddb04346466d4298cdce4913aae5087779156a1aa40e9d160576ead559b767d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
x86_64
image-builder-52.1-1.el10_2.x86_64.rpm SHA-256: bb05db526b121850b23d116bac7798d3ee4e72cd9d1b8f57b7b037fabe122ef9
image-builder-debuginfo-52.1-1.el10_2.x86_64.rpm SHA-256: ce937c9b1afb21421d0b3d112bcb2af4a403d00d707f502ea3d7d80aaa640d7a
image-builder-debugsource-52.1-1.el10_2.x86_64.rpm SHA-256: cddb04346466d4298cdce4913aae5087779156a1aa40e9d160576ead559b767d

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
s390x
image-builder-52.1-1.el10_2.s390x.rpm SHA-256: 9fb8a1db7d26c9b2862f9f28f1b24bbe5f0e996b804380cbac9f51224de82073
image-builder-debuginfo-52.1-1.el10_2.s390x.rpm SHA-256: fe717c8290069808ab189e109e326b391d97c6b29bf9f0fee3848c73f24df79f
image-builder-debugsource-52.1-1.el10_2.s390x.rpm SHA-256: 2ac33f1c05ed859480ecb5b078e6847ac9b54549d42360b561265424978dee01

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
s390x
image-builder-52.1-1.el10_2.s390x.rpm SHA-256: 9fb8a1db7d26c9b2862f9f28f1b24bbe5f0e996b804380cbac9f51224de82073
image-builder-debuginfo-52.1-1.el10_2.s390x.rpm SHA-256: fe717c8290069808ab189e109e326b391d97c6b29bf9f0fee3848c73f24df79f
image-builder-debugsource-52.1-1.el10_2.s390x.rpm SHA-256: 2ac33f1c05ed859480ecb5b078e6847ac9b54549d42360b561265424978dee01

Red Hat Enterprise Linux for Power, little endian 10

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
ppc64le
image-builder-52.1-1.el10_2.ppc64le.rpm SHA-256: 5a66c1a5a5def576e6c367d2057b8c5a3bbd1968798a5f60ace68960f2a1438a
image-builder-debuginfo-52.1-1.el10_2.ppc64le.rpm SHA-256: e5dfeb61f19e3a64904041217049957411f507888b90a44d6d6e1426cbd8bf2f
image-builder-debugsource-52.1-1.el10_2.ppc64le.rpm SHA-256: 871f7ac5e56c2aa7d637cdf240fbae1d001e0d1735cfad3865b99c0b26ffed63

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
ppc64le
image-builder-52.1-1.el10_2.ppc64le.rpm SHA-256: 5a66c1a5a5def576e6c367d2057b8c5a3bbd1968798a5f60ace68960f2a1438a
image-builder-debuginfo-52.1-1.el10_2.ppc64le.rpm SHA-256: e5dfeb61f19e3a64904041217049957411f507888b90a44d6d6e1426cbd8bf2f
image-builder-debugsource-52.1-1.el10_2.ppc64le.rpm SHA-256: 871f7ac5e56c2aa7d637cdf240fbae1d001e0d1735cfad3865b99c0b26ffed63

Red Hat Enterprise Linux for ARM 64 10

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
aarch64
image-builder-52.1-1.el10_2.aarch64.rpm SHA-256: 9d393de515775f73c77097c56654678ee57d27e85d01d9d089219729728a136c
image-builder-debuginfo-52.1-1.el10_2.aarch64.rpm SHA-256: 1c8e760a7525da734fe8ce19b781dd27e050498c383112f2c0ad8edcba51c2fe
image-builder-debugsource-52.1-1.el10_2.aarch64.rpm SHA-256: 5fa92c6676ea7e6737006eb229c2adef578c86eca5885f7c59440c198029dd9a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
aarch64
image-builder-52.1-1.el10_2.aarch64.rpm SHA-256: 9d393de515775f73c77097c56654678ee57d27e85d01d9d089219729728a136c
image-builder-debuginfo-52.1-1.el10_2.aarch64.rpm SHA-256: 1c8e760a7525da734fe8ce19b781dd27e050498c383112f2c0ad8edcba51c2fe
image-builder-debugsource-52.1-1.el10_2.aarch64.rpm SHA-256: 5fa92c6676ea7e6737006eb229c2adef578c86eca5885f7c59440c198029dd9a

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
aarch64
image-builder-52.1-1.el10_2.aarch64.rpm SHA-256: 9d393de515775f73c77097c56654678ee57d27e85d01d9d089219729728a136c
image-builder-debuginfo-52.1-1.el10_2.aarch64.rpm SHA-256: 1c8e760a7525da734fe8ce19b781dd27e050498c383112f2c0ad8edcba51c2fe
image-builder-debugsource-52.1-1.el10_2.aarch64.rpm SHA-256: 5fa92c6676ea7e6737006eb229c2adef578c86eca5885f7c59440c198029dd9a

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
s390x
image-builder-52.1-1.el10_2.s390x.rpm SHA-256: 9fb8a1db7d26c9b2862f9f28f1b24bbe5f0e996b804380cbac9f51224de82073
image-builder-debuginfo-52.1-1.el10_2.s390x.rpm SHA-256: fe717c8290069808ab189e109e326b391d97c6b29bf9f0fee3848c73f24df79f
image-builder-debugsource-52.1-1.el10_2.s390x.rpm SHA-256: 2ac33f1c05ed859480ecb5b078e6847ac9b54549d42360b561265424978dee01

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
ppc64le
image-builder-52.1-1.el10_2.ppc64le.rpm SHA-256: 5a66c1a5a5def576e6c367d2057b8c5a3bbd1968798a5f60ace68960f2a1438a
image-builder-debuginfo-52.1-1.el10_2.ppc64le.rpm SHA-256: e5dfeb61f19e3a64904041217049957411f507888b90a44d6d6e1426cbd8bf2f
image-builder-debugsource-52.1-1.el10_2.ppc64le.rpm SHA-256: 871f7ac5e56c2aa7d637cdf240fbae1d001e0d1735cfad3865b99c0b26ffed63

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
x86_64
image-builder-52.1-1.el10_2.x86_64.rpm SHA-256: bb05db526b121850b23d116bac7798d3ee4e72cd9d1b8f57b7b037fabe122ef9
image-builder-debuginfo-52.1-1.el10_2.x86_64.rpm SHA-256: ce937c9b1afb21421d0b3d112bcb2af4a403d00d707f502ea3d7d80aaa640d7a
image-builder-debugsource-52.1-1.el10_2.x86_64.rpm SHA-256: cddb04346466d4298cdce4913aae5087779156a1aa40e9d160576ead559b767d

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
x86_64
image-builder-52.1-1.el10_2.x86_64.rpm SHA-256: bb05db526b121850b23d116bac7798d3ee4e72cd9d1b8f57b7b037fabe122ef9
image-builder-debuginfo-52.1-1.el10_2.x86_64.rpm SHA-256: ce937c9b1afb21421d0b3d112bcb2af4a403d00d707f502ea3d7d80aaa640d7a
image-builder-debugsource-52.1-1.el10_2.x86_64.rpm SHA-256: cddb04346466d4298cdce4913aae5087779156a1aa40e9d160576ead559b767d

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
aarch64
image-builder-52.1-1.el10_2.aarch64.rpm SHA-256: 9d393de515775f73c77097c56654678ee57d27e85d01d9d089219729728a136c
image-builder-debuginfo-52.1-1.el10_2.aarch64.rpm SHA-256: 1c8e760a7525da734fe8ce19b781dd27e050498c383112f2c0ad8edcba51c2fe
image-builder-debugsource-52.1-1.el10_2.aarch64.rpm SHA-256: 5fa92c6676ea7e6737006eb229c2adef578c86eca5885f7c59440c198029dd9a

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
ppc64le
image-builder-52.1-1.el10_2.ppc64le.rpm SHA-256: 5a66c1a5a5def576e6c367d2057b8c5a3bbd1968798a5f60ace68960f2a1438a
image-builder-debuginfo-52.1-1.el10_2.ppc64le.rpm SHA-256: e5dfeb61f19e3a64904041217049957411f507888b90a44d6d6e1426cbd8bf2f
image-builder-debugsource-52.1-1.el10_2.ppc64le.rpm SHA-256: 871f7ac5e56c2aa7d637cdf240fbae1d001e0d1735cfad3865b99c0b26ffed63

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
image-builder-52.1-1.el10_2.src.rpm SHA-256: 1d2ffea34cb246d01db461fee01b99d9c0e868631b4ff8e7bc58905780f34982
s390x
image-builder-52.1-1.el10_2.s390x.rpm SHA-256: 9fb8a1db7d26c9b2862f9f28f1b24bbe5f0e996b804380cbac9f51224de82073
image-builder-debuginfo-52.1-1.el10_2.s390x.rpm SHA-256: fe717c8290069808ab189e109e326b391d97c6b29bf9f0fee3848c73f24df79f
image-builder-debugsource-52.1-1.el10_2.s390x.rpm SHA-256: 2ac33f1c05ed859480ecb5b078e6847ac9b54549d42360b561265424978dee01

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/