概述
Important: image-builder security update
类型/严重性
Security Advisory: Important
标题
An update for image-builder is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood.
Security Fix(es):
- crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
- golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
- crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x
修复
-
BZ - 2418462
- CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
-
BZ - 2434432
- CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
-
BZ - 2437111
- CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls
备注:
可能有这些软件包的更新版本。
点击软件包名称查看详情。
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| x86_64 |
|
image-builder-31-3.el9_7.x86_64.rpm
|
SHA-256: 02a7af44c9a2285a8a77efd66a7797169ab98c8e77f0aaaf18f6809f007fae3e |
|
image-builder-debuginfo-31-3.el9_7.x86_64.rpm
|
SHA-256: d568a6b7ab573bf2356b4e769689602456bde60339a793914af0b43c7cb62c80 |
|
image-builder-debugsource-31-3.el9_7.x86_64.rpm
|
SHA-256: b43f28aa61dc3e053191e7eb1e634794e9daaf8dbd5d251341feca7d5b08ebba |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| x86_64 |
|
image-builder-31-3.el9_7.x86_64.rpm
|
SHA-256: 02a7af44c9a2285a8a77efd66a7797169ab98c8e77f0aaaf18f6809f007fae3e |
|
image-builder-debuginfo-31-3.el9_7.x86_64.rpm
|
SHA-256: d568a6b7ab573bf2356b4e769689602456bde60339a793914af0b43c7cb62c80 |
|
image-builder-debugsource-31-3.el9_7.x86_64.rpm
|
SHA-256: b43f28aa61dc3e053191e7eb1e634794e9daaf8dbd5d251341feca7d5b08ebba |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| s390x |
|
image-builder-31-3.el9_7.s390x.rpm
|
SHA-256: 0988590769c3c53eca5427c5240dc4c8881b4c2ed6ca4ab53473b03625f1e665 |
|
image-builder-debuginfo-31-3.el9_7.s390x.rpm
|
SHA-256: b94fc33e9d3407db75dcfa19d3b1fc38836fb4271698d7c5af5f66a1b0b2ef9b |
|
image-builder-debugsource-31-3.el9_7.s390x.rpm
|
SHA-256: 0c0e350f883e923b69d8ffe7ee11dc6d23ac9cc6113bb6124c06cc692c1d3344 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| s390x |
|
image-builder-31-3.el9_7.s390x.rpm
|
SHA-256: 0988590769c3c53eca5427c5240dc4c8881b4c2ed6ca4ab53473b03625f1e665 |
|
image-builder-debuginfo-31-3.el9_7.s390x.rpm
|
SHA-256: b94fc33e9d3407db75dcfa19d3b1fc38836fb4271698d7c5af5f66a1b0b2ef9b |
|
image-builder-debugsource-31-3.el9_7.s390x.rpm
|
SHA-256: 0c0e350f883e923b69d8ffe7ee11dc6d23ac9cc6113bb6124c06cc692c1d3344 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| ppc64le |
|
image-builder-31-3.el9_7.ppc64le.rpm
|
SHA-256: 05cfc3b26b1f43ed287edc5794327a24392094ce16851113a9dd55977cccc4a2 |
|
image-builder-debuginfo-31-3.el9_7.ppc64le.rpm
|
SHA-256: d09fed79fe1bba51189c2f2ef20cc02d219c78838deeb31d5ebfa1a9e6862989 |
|
image-builder-debugsource-31-3.el9_7.ppc64le.rpm
|
SHA-256: fa263f4e12bb47c0059c6d06a316e7d0c10b56d5bd2fd4dd742e2f9cec6d005e |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| ppc64le |
|
image-builder-31-3.el9_7.ppc64le.rpm
|
SHA-256: 05cfc3b26b1f43ed287edc5794327a24392094ce16851113a9dd55977cccc4a2 |
|
image-builder-debuginfo-31-3.el9_7.ppc64le.rpm
|
SHA-256: d09fed79fe1bba51189c2f2ef20cc02d219c78838deeb31d5ebfa1a9e6862989 |
|
image-builder-debugsource-31-3.el9_7.ppc64le.rpm
|
SHA-256: fa263f4e12bb47c0059c6d06a316e7d0c10b56d5bd2fd4dd742e2f9cec6d005e |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| aarch64 |
|
image-builder-31-3.el9_7.aarch64.rpm
|
SHA-256: e86abf7dd499ae77067a0ca7607e23edbf0a2d6b7ab7f7c04142160a27f29605 |
|
image-builder-debuginfo-31-3.el9_7.aarch64.rpm
|
SHA-256: 567a1ce3e9cb5733eda17bbb6617e0e8cf8a6491942d8b1e6bd578702dccf682 |
|
image-builder-debugsource-31-3.el9_7.aarch64.rpm
|
SHA-256: 19177cffdb26bca47a7ade9323f8b4c25d037e05be9f34c59cc3a25b80b84df5 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| aarch64 |
|
image-builder-31-3.el9_7.aarch64.rpm
|
SHA-256: e86abf7dd499ae77067a0ca7607e23edbf0a2d6b7ab7f7c04142160a27f29605 |
|
image-builder-debuginfo-31-3.el9_7.aarch64.rpm
|
SHA-256: 567a1ce3e9cb5733eda17bbb6617e0e8cf8a6491942d8b1e6bd578702dccf682 |
|
image-builder-debugsource-31-3.el9_7.aarch64.rpm
|
SHA-256: 19177cffdb26bca47a7ade9323f8b4c25d037e05be9f34c59cc3a25b80b84df5 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| ppc64le |
|
image-builder-31-3.el9_7.ppc64le.rpm
|
SHA-256: 05cfc3b26b1f43ed287edc5794327a24392094ce16851113a9dd55977cccc4a2 |
|
image-builder-debuginfo-31-3.el9_7.ppc64le.rpm
|
SHA-256: d09fed79fe1bba51189c2f2ef20cc02d219c78838deeb31d5ebfa1a9e6862989 |
|
image-builder-debugsource-31-3.el9_7.ppc64le.rpm
|
SHA-256: fa263f4e12bb47c0059c6d06a316e7d0c10b56d5bd2fd4dd742e2f9cec6d005e |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| x86_64 |
|
image-builder-31-3.el9_7.x86_64.rpm
|
SHA-256: 02a7af44c9a2285a8a77efd66a7797169ab98c8e77f0aaaf18f6809f007fae3e |
|
image-builder-debuginfo-31-3.el9_7.x86_64.rpm
|
SHA-256: d568a6b7ab573bf2356b4e769689602456bde60339a793914af0b43c7cb62c80 |
|
image-builder-debugsource-31-3.el9_7.x86_64.rpm
|
SHA-256: b43f28aa61dc3e053191e7eb1e634794e9daaf8dbd5d251341feca7d5b08ebba |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| aarch64 |
|
image-builder-31-3.el9_7.aarch64.rpm
|
SHA-256: e86abf7dd499ae77067a0ca7607e23edbf0a2d6b7ab7f7c04142160a27f29605 |
|
image-builder-debuginfo-31-3.el9_7.aarch64.rpm
|
SHA-256: 567a1ce3e9cb5733eda17bbb6617e0e8cf8a6491942d8b1e6bd578702dccf682 |
|
image-builder-debugsource-31-3.el9_7.aarch64.rpm
|
SHA-256: 19177cffdb26bca47a7ade9323f8b4c25d037e05be9f34c59cc3a25b80b84df5 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| s390x |
|
image-builder-31-3.el9_7.s390x.rpm
|
SHA-256: 0988590769c3c53eca5427c5240dc4c8881b4c2ed6ca4ab53473b03625f1e665 |
|
image-builder-debuginfo-31-3.el9_7.s390x.rpm
|
SHA-256: b94fc33e9d3407db75dcfa19d3b1fc38836fb4271698d7c5af5f66a1b0b2ef9b |
|
image-builder-debugsource-31-3.el9_7.s390x.rpm
|
SHA-256: 0c0e350f883e923b69d8ffe7ee11dc6d23ac9cc6113bb6124c06cc692c1d3344 |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| x86_64 |
|
image-builder-31-3.el9_7.x86_64.rpm
|
SHA-256: 02a7af44c9a2285a8a77efd66a7797169ab98c8e77f0aaaf18f6809f007fae3e |
|
image-builder-debuginfo-31-3.el9_7.x86_64.rpm
|
SHA-256: d568a6b7ab573bf2356b4e769689602456bde60339a793914af0b43c7cb62c80 |
|
image-builder-debugsource-31-3.el9_7.x86_64.rpm
|
SHA-256: b43f28aa61dc3e053191e7eb1e634794e9daaf8dbd5d251341feca7d5b08ebba |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| aarch64 |
|
image-builder-31-3.el9_7.aarch64.rpm
|
SHA-256: e86abf7dd499ae77067a0ca7607e23edbf0a2d6b7ab7f7c04142160a27f29605 |
|
image-builder-debuginfo-31-3.el9_7.aarch64.rpm
|
SHA-256: 567a1ce3e9cb5733eda17bbb6617e0e8cf8a6491942d8b1e6bd578702dccf682 |
|
image-builder-debugsource-31-3.el9_7.aarch64.rpm
|
SHA-256: 19177cffdb26bca47a7ade9323f8b4c25d037e05be9f34c59cc3a25b80b84df5 |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| ppc64le |
|
image-builder-31-3.el9_7.ppc64le.rpm
|
SHA-256: 05cfc3b26b1f43ed287edc5794327a24392094ce16851113a9dd55977cccc4a2 |
|
image-builder-debuginfo-31-3.el9_7.ppc64le.rpm
|
SHA-256: d09fed79fe1bba51189c2f2ef20cc02d219c78838deeb31d5ebfa1a9e6862989 |
|
image-builder-debugsource-31-3.el9_7.ppc64le.rpm
|
SHA-256: fa263f4e12bb47c0059c6d06a316e7d0c10b56d5bd2fd4dd742e2f9cec6d005e |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8
| SRPM |
|
image-builder-31-3.el9_7.src.rpm
|
SHA-256: 4de013efcdaf7652ddc7096e4eeb8f79956a3fff6570ac7a1dbd73b0d345fbc5 |
| s390x |
|
image-builder-31-3.el9_7.s390x.rpm
|
SHA-256: 0988590769c3c53eca5427c5240dc4c8881b4c2ed6ca4ab53473b03625f1e665 |
|
image-builder-debuginfo-31-3.el9_7.s390x.rpm
|
SHA-256: b94fc33e9d3407db75dcfa19d3b1fc38836fb4271698d7c5af5f66a1b0b2ef9b |
|
image-builder-debugsource-31-3.el9_7.s390x.rpm
|
SHA-256: 0c0e350f883e923b69d8ffe7ee11dc6d23ac9cc6113bb6124c06cc692c1d3344 |
