Red Hat Product Errata RHSA-2026:2688 - Security Advisory
Issued:
2026-02-12
Updated:
2026-02-12

RHSA-2026:2688 - Security Advisory

Synopsis

Moderate: osbuild-composer security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.

Security Fix(es):

  • github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2418900 - CVE-2025-65637 github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
osbuild-composer-76.1-4.el9_2.src.rpm SHA-256: 723e9b03c7ed334995d1904d95bc95ef196be04e86a13e6d621534cd5fb9b5ed
x86_64
osbuild-composer-76.1-4.el9_2.x86_64.rpm SHA-256: 9fa832daaa878067ca78d890a3e89cb9ac46244415b3789513ab60576dada423
osbuild-composer-core-76.1-4.el9_2.x86_64.rpm SHA-256: 750827d603d68bc201a34821c85e3cc63ba6402e13b33300ec6f459138bbade7
osbuild-composer-core-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: 8bf9cdaf28deca495acc11d611a0873ea7b7e8614f31fa1e610e492c2d5801ba
osbuild-composer-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: b5dbf791cb71fce15bdeb6d0985bd70fa9bcade431d581a882295a61643a80ca
osbuild-composer-debugsource-76.1-4.el9_2.x86_64.rpm SHA-256: 090303b480d3ad656b1f9df2e87033fe200b19613176b4ee788a035de3f7d3eb
osbuild-composer-dnf-json-76.1-4.el9_2.x86_64.rpm SHA-256: b83f7dc1f4d833ebf3ccc3299fc388212eb7baf7e48e7f8122c98aba8bacae2e
osbuild-composer-tests-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: cc1ee6d21d1a17fab934c8e5f47c314facb0a3ae66b7da9bc2ed5271edb2084d
osbuild-composer-worker-76.1-4.el9_2.x86_64.rpm SHA-256: 08e635d0fab6a2f04a0004b8564315423c6fa4842532b77c2e382f2b2914178e
osbuild-composer-worker-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: 60e09673401a26af1f34229459c8da092ce3071aa645bae180db591f85fedfba

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
osbuild-composer-76.1-4.el9_2.src.rpm SHA-256: 723e9b03c7ed334995d1904d95bc95ef196be04e86a13e6d621534cd5fb9b5ed
ppc64le
osbuild-composer-76.1-4.el9_2.ppc64le.rpm SHA-256: a5691a8f82f54f7c40bd4109e00e1c9007e65b4daff40f006c8e730101f9da1d
osbuild-composer-core-76.1-4.el9_2.ppc64le.rpm SHA-256: 7da525973d7c12e66a9a015a76064886094eb500fbdcb541275b3927b77749ac
osbuild-composer-core-debuginfo-76.1-4.el9_2.ppc64le.rpm SHA-256: 630c9a758d74b9476ce8bd6b33975653e77f0c7e7e6fe9fc07fb4149c89bb823
osbuild-composer-debuginfo-76.1-4.el9_2.ppc64le.rpm SHA-256: 725b7615cf27a5aef49706684cccc5dab96d0616db91a06f7bb2e2438d49f531
osbuild-composer-debugsource-76.1-4.el9_2.ppc64le.rpm SHA-256: 6a73bc433445a68cb49cf3fcb790e7752045db5c828c03e290be5f576a7dbfcb
osbuild-composer-dnf-json-76.1-4.el9_2.ppc64le.rpm SHA-256: 4c73159fc171205dee6dc58d64e090ee070d9f164e9ab850fc3cfcb9cb8cbff3
osbuild-composer-tests-debuginfo-76.1-4.el9_2.ppc64le.rpm SHA-256: 128874290ecbdc814c2aae889556e1c479ae040d49808a26a250b9229e05abd1
osbuild-composer-worker-76.1-4.el9_2.ppc64le.rpm SHA-256: 82f2ce04b3b030e0a9a13545c8599e758be5d2f80b02e210b5c3af74f2209689
osbuild-composer-worker-debuginfo-76.1-4.el9_2.ppc64le.rpm SHA-256: 349308c012c9f64f2f7fbf241adfec4a387c9e1cd24ae235ccd461f3d0df55ae

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
osbuild-composer-76.1-4.el9_2.src.rpm SHA-256: 723e9b03c7ed334995d1904d95bc95ef196be04e86a13e6d621534cd5fb9b5ed
x86_64
osbuild-composer-76.1-4.el9_2.x86_64.rpm SHA-256: 9fa832daaa878067ca78d890a3e89cb9ac46244415b3789513ab60576dada423
osbuild-composer-core-76.1-4.el9_2.x86_64.rpm SHA-256: 750827d603d68bc201a34821c85e3cc63ba6402e13b33300ec6f459138bbade7
osbuild-composer-core-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: 8bf9cdaf28deca495acc11d611a0873ea7b7e8614f31fa1e610e492c2d5801ba
osbuild-composer-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: b5dbf791cb71fce15bdeb6d0985bd70fa9bcade431d581a882295a61643a80ca
osbuild-composer-debugsource-76.1-4.el9_2.x86_64.rpm SHA-256: 090303b480d3ad656b1f9df2e87033fe200b19613176b4ee788a035de3f7d3eb
osbuild-composer-dnf-json-76.1-4.el9_2.x86_64.rpm SHA-256: b83f7dc1f4d833ebf3ccc3299fc388212eb7baf7e48e7f8122c98aba8bacae2e
osbuild-composer-tests-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: cc1ee6d21d1a17fab934c8e5f47c314facb0a3ae66b7da9bc2ed5271edb2084d
osbuild-composer-worker-76.1-4.el9_2.x86_64.rpm SHA-256: 08e635d0fab6a2f04a0004b8564315423c6fa4842532b77c2e382f2b2914178e
osbuild-composer-worker-debuginfo-76.1-4.el9_2.x86_64.rpm SHA-256: 60e09673401a26af1f34229459c8da092ce3071aa645bae180db591f85fedfba

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
osbuild-composer-76.1-4.el9_2.src.rpm SHA-256: 723e9b03c7ed334995d1904d95bc95ef196be04e86a13e6d621534cd5fb9b5ed
aarch64
osbuild-composer-76.1-4.el9_2.aarch64.rpm SHA-256: 9628997edb678bc43bb798174c64e64f5950de582eb45c855ad0d99683513e1e
osbuild-composer-core-76.1-4.el9_2.aarch64.rpm SHA-256: e5372b8721ee22682581c934d5af49b8bb077a5bf88ab9f69f6f4f185279497a
osbuild-composer-core-debuginfo-76.1-4.el9_2.aarch64.rpm SHA-256: e65b53205d2734a9984117c6f8c10f1612ed67fd4f4850b0b08ce32768e09bab
osbuild-composer-debuginfo-76.1-4.el9_2.aarch64.rpm SHA-256: ba5a91e68f3fba7e9fa9c6577cd31dd7418bf5c7ecaba1be000e09c1bba2c05f
osbuild-composer-debugsource-76.1-4.el9_2.aarch64.rpm SHA-256: 4c393292d1898d513d34045f9ce63bdedb28111a3f692220fe2344298e5ec562
osbuild-composer-dnf-json-76.1-4.el9_2.aarch64.rpm SHA-256: 797b2388ccdf5b536e82a6aaf4beace14970a306fcf7c92677b96a9db493b95d
osbuild-composer-tests-debuginfo-76.1-4.el9_2.aarch64.rpm SHA-256: 461b4a4bcd85dcd94f9a8b471c50fa02ce24d48fd65f5250b947027055479580
osbuild-composer-worker-76.1-4.el9_2.aarch64.rpm SHA-256: bf9ada7d4b729296d16a4c9d87b933a098c56a0e89c1f7302962974b8098a246
osbuild-composer-worker-debuginfo-76.1-4.el9_2.aarch64.rpm SHA-256: 0856199917c81448fed27e82290105fe42eb95fff7f82d66783c32921e5d8bda

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
osbuild-composer-76.1-4.el9_2.src.rpm SHA-256: 723e9b03c7ed334995d1904d95bc95ef196be04e86a13e6d621534cd5fb9b5ed
s390x
osbuild-composer-76.1-4.el9_2.s390x.rpm SHA-256: de3e7219a0e246d1b2f0e87d38b8769e8f6574c3a4f9f73a664981141bb49e7e
osbuild-composer-core-76.1-4.el9_2.s390x.rpm SHA-256: f9c8c848d1ceef84690360633f07d3752fdd2e7e0f200b5fb48adab731691962
osbuild-composer-core-debuginfo-76.1-4.el9_2.s390x.rpm SHA-256: b9a015d2c946808a85fc1d883f36661323f0dba743a2ee0a54ef7428198b0c3e
osbuild-composer-debuginfo-76.1-4.el9_2.s390x.rpm SHA-256: 3a0dccb69fd147b34267523e52312fedc5546195ae415ea2d70d4a586af19b31
osbuild-composer-debugsource-76.1-4.el9_2.s390x.rpm SHA-256: 6a91dbb1fd374205b09bad8d271b2d6df9867e0b9ce8ded7e906091533f1551f
osbuild-composer-dnf-json-76.1-4.el9_2.s390x.rpm SHA-256: 6400440eb737f50dea4030e84ce364dae800b6e043cfb813b658e42440377859
osbuild-composer-tests-debuginfo-76.1-4.el9_2.s390x.rpm SHA-256: e978b1ed1257c16c4bb717989df53edd99070f41d4f58030e9284f6f622b0a6a
osbuild-composer-worker-76.1-4.el9_2.s390x.rpm SHA-256: 3cb6b87167a3827c12578de7d96f1714460a81a9f0c40660c1b4193461107f0a
osbuild-composer-worker-debuginfo-76.1-4.el9_2.s390x.rpm SHA-256: facb6b4bf48720fc10ef633b8974eccc19db579d40d46b9ed8cbb8f176496167

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.