红帽产品勘误 RHSA-2026:23228 - Security Advisory
发布:
2026-06-04
已更新:
2026-06-04

RHSA-2026:23228 - Security Advisory

概述

Important: image-builder security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for image-builder is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood.

Security Fix(es):

  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
  • crypto/x509: Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137)
  • net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
  • google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
  • github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
  • golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
  • crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

修复

  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
  • BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
  • BZ - 2445345 - CVE-2026-27137 crypto/x509: Incorrect enforcement of email constraints in crypto/x509
  • BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url
  • BZ - 2449833 - CVE-2026-33186 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
  • BZ - 2455470 - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object
  • BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
  • BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
  • RHEL-141689 - images: Generate RHEL manifests with the appropriate options for handling PQC keys

Red Hat Enterprise Linux for x86_64 9

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
x86_64
image-builder-52.1-1.el9_8.x86_64.rpm SHA-256: ce5be8c5d90e3b5dad913c2ef734134cd04d8693ebc6802c8d3d9513644c0a25
image-builder-debuginfo-52.1-1.el9_8.x86_64.rpm SHA-256: 1369394ae9d19665fa430f345425c7eaafdd9fcfc624a8e1ffa49c1befc3e64f
image-builder-debugsource-52.1-1.el9_8.x86_64.rpm SHA-256: cae018aaf728a62d603f67fde8f8fde3f9d2988c0aa618759a281163dce241ba

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
x86_64
image-builder-52.1-1.el9_8.x86_64.rpm SHA-256: ce5be8c5d90e3b5dad913c2ef734134cd04d8693ebc6802c8d3d9513644c0a25
image-builder-debuginfo-52.1-1.el9_8.x86_64.rpm SHA-256: 1369394ae9d19665fa430f345425c7eaafdd9fcfc624a8e1ffa49c1befc3e64f
image-builder-debugsource-52.1-1.el9_8.x86_64.rpm SHA-256: cae018aaf728a62d603f67fde8f8fde3f9d2988c0aa618759a281163dce241ba

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
s390x
image-builder-52.1-1.el9_8.s390x.rpm SHA-256: 762fbf10557f9ce43c940b7dc3e9063a97a8181a0a168942c01ab4cbcb4fd430
image-builder-debuginfo-52.1-1.el9_8.s390x.rpm SHA-256: b56d6c80e8966e09f4a21c1f913e033a9d460c1e893acfed50095d4fb3f6ee1c
image-builder-debugsource-52.1-1.el9_8.s390x.rpm SHA-256: 8208e0a517636bff049e704039021172bbb7ea09e5f4a1b378b0fa2988ad002e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
s390x
image-builder-52.1-1.el9_8.s390x.rpm SHA-256: 762fbf10557f9ce43c940b7dc3e9063a97a8181a0a168942c01ab4cbcb4fd430
image-builder-debuginfo-52.1-1.el9_8.s390x.rpm SHA-256: b56d6c80e8966e09f4a21c1f913e033a9d460c1e893acfed50095d4fb3f6ee1c
image-builder-debugsource-52.1-1.el9_8.s390x.rpm SHA-256: 8208e0a517636bff049e704039021172bbb7ea09e5f4a1b378b0fa2988ad002e

Red Hat Enterprise Linux for Power, little endian 9

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
ppc64le
image-builder-52.1-1.el9_8.ppc64le.rpm SHA-256: 51562634f6136aacad6d6e2f90d5322ba24902ad4294b752fba5201c3d0c88c6
image-builder-debuginfo-52.1-1.el9_8.ppc64le.rpm SHA-256: 2a900253db8782b8803d01c5efd1517af3d0e7cf243681a325e644a789088ef0
image-builder-debugsource-52.1-1.el9_8.ppc64le.rpm SHA-256: 8ee09b36f9afb85535d7da245e1e5166697a46d97c03ec34ea7d0f00c566c78d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
ppc64le
image-builder-52.1-1.el9_8.ppc64le.rpm SHA-256: 51562634f6136aacad6d6e2f90d5322ba24902ad4294b752fba5201c3d0c88c6
image-builder-debuginfo-52.1-1.el9_8.ppc64le.rpm SHA-256: 2a900253db8782b8803d01c5efd1517af3d0e7cf243681a325e644a789088ef0
image-builder-debugsource-52.1-1.el9_8.ppc64le.rpm SHA-256: 8ee09b36f9afb85535d7da245e1e5166697a46d97c03ec34ea7d0f00c566c78d

Red Hat Enterprise Linux for ARM 64 9

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
aarch64
image-builder-52.1-1.el9_8.aarch64.rpm SHA-256: d0a70a7d6c47201da373535379e8107d474e104f9195a5e85916604be34cf7fd
image-builder-debuginfo-52.1-1.el9_8.aarch64.rpm SHA-256: 1ec4346f824372085e0a969c581eb14b284cb784b1481f8e826564df482d1689
image-builder-debugsource-52.1-1.el9_8.aarch64.rpm SHA-256: cace3a8633ac1fafe041df2076954a6550d508cc24c308c8a31ce6acf4260f37

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
aarch64
image-builder-52.1-1.el9_8.aarch64.rpm SHA-256: d0a70a7d6c47201da373535379e8107d474e104f9195a5e85916604be34cf7fd
image-builder-debuginfo-52.1-1.el9_8.aarch64.rpm SHA-256: 1ec4346f824372085e0a969c581eb14b284cb784b1481f8e826564df482d1689
image-builder-debugsource-52.1-1.el9_8.aarch64.rpm SHA-256: cace3a8633ac1fafe041df2076954a6550d508cc24c308c8a31ce6acf4260f37

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
ppc64le
image-builder-52.1-1.el9_8.ppc64le.rpm SHA-256: 51562634f6136aacad6d6e2f90d5322ba24902ad4294b752fba5201c3d0c88c6
image-builder-debuginfo-52.1-1.el9_8.ppc64le.rpm SHA-256: 2a900253db8782b8803d01c5efd1517af3d0e7cf243681a325e644a789088ef0
image-builder-debugsource-52.1-1.el9_8.ppc64le.rpm SHA-256: 8ee09b36f9afb85535d7da245e1e5166697a46d97c03ec34ea7d0f00c566c78d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
x86_64
image-builder-52.1-1.el9_8.x86_64.rpm SHA-256: ce5be8c5d90e3b5dad913c2ef734134cd04d8693ebc6802c8d3d9513644c0a25
image-builder-debuginfo-52.1-1.el9_8.x86_64.rpm SHA-256: 1369394ae9d19665fa430f345425c7eaafdd9fcfc624a8e1ffa49c1befc3e64f
image-builder-debugsource-52.1-1.el9_8.x86_64.rpm SHA-256: cae018aaf728a62d603f67fde8f8fde3f9d2988c0aa618759a281163dce241ba

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
aarch64
image-builder-52.1-1.el9_8.aarch64.rpm SHA-256: d0a70a7d6c47201da373535379e8107d474e104f9195a5e85916604be34cf7fd
image-builder-debuginfo-52.1-1.el9_8.aarch64.rpm SHA-256: 1ec4346f824372085e0a969c581eb14b284cb784b1481f8e826564df482d1689
image-builder-debugsource-52.1-1.el9_8.aarch64.rpm SHA-256: cace3a8633ac1fafe041df2076954a6550d508cc24c308c8a31ce6acf4260f37

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
s390x
image-builder-52.1-1.el9_8.s390x.rpm SHA-256: 762fbf10557f9ce43c940b7dc3e9063a97a8181a0a168942c01ab4cbcb4fd430
image-builder-debuginfo-52.1-1.el9_8.s390x.rpm SHA-256: b56d6c80e8966e09f4a21c1f913e033a9d460c1e893acfed50095d4fb3f6ee1c
image-builder-debugsource-52.1-1.el9_8.s390x.rpm SHA-256: 8208e0a517636bff049e704039021172bbb7ea09e5f4a1b378b0fa2988ad002e

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
x86_64
image-builder-52.1-1.el9_8.x86_64.rpm SHA-256: ce5be8c5d90e3b5dad913c2ef734134cd04d8693ebc6802c8d3d9513644c0a25
image-builder-debuginfo-52.1-1.el9_8.x86_64.rpm SHA-256: 1369394ae9d19665fa430f345425c7eaafdd9fcfc624a8e1ffa49c1befc3e64f
image-builder-debugsource-52.1-1.el9_8.x86_64.rpm SHA-256: cae018aaf728a62d603f67fde8f8fde3f9d2988c0aa618759a281163dce241ba

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
aarch64
image-builder-52.1-1.el9_8.aarch64.rpm SHA-256: d0a70a7d6c47201da373535379e8107d474e104f9195a5e85916604be34cf7fd
image-builder-debuginfo-52.1-1.el9_8.aarch64.rpm SHA-256: 1ec4346f824372085e0a969c581eb14b284cb784b1481f8e826564df482d1689
image-builder-debugsource-52.1-1.el9_8.aarch64.rpm SHA-256: cace3a8633ac1fafe041df2076954a6550d508cc24c308c8a31ce6acf4260f37

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
ppc64le
image-builder-52.1-1.el9_8.ppc64le.rpm SHA-256: 51562634f6136aacad6d6e2f90d5322ba24902ad4294b752fba5201c3d0c88c6
image-builder-debuginfo-52.1-1.el9_8.ppc64le.rpm SHA-256: 2a900253db8782b8803d01c5efd1517af3d0e7cf243681a325e644a789088ef0
image-builder-debugsource-52.1-1.el9_8.ppc64le.rpm SHA-256: 8ee09b36f9afb85535d7da245e1e5166697a46d97c03ec34ea7d0f00c566c78d

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
image-builder-52.1-1.el9_8.src.rpm SHA-256: de7e838368961323ae01f8b8d9911cedf44491376b2dc10a4fc4f1ac6a8dac5c
s390x
image-builder-52.1-1.el9_8.s390x.rpm SHA-256: 762fbf10557f9ce43c940b7dc3e9063a97a8181a0a168942c01ab4cbcb4fd430
image-builder-debuginfo-52.1-1.el9_8.s390x.rpm SHA-256: b56d6c80e8966e09f4a21c1f913e033a9d460c1e893acfed50095d4fb3f6ee1c
image-builder-debugsource-52.1-1.el9_8.s390x.rpm SHA-256: 8208e0a517636bff049e704039021172bbb7ea09e5f4a1b378b0fa2988ad002e

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/