Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Low (2)

CVE-2026-42487 (1)

OpenSUSE (3772)

buffer overflow (11041)

important (27885)

security advisory (115207)

threat (1689)

update (16612)

xen (575)

denial of service (18357)

security issue (14660)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.63%)

78.63% votes

Formal training or courses (4.27%)

4.27% votes

A job that required it (4.84%)

4.84% votes

Other (12.25%)

12.25% votes

[{"id":483,"title":"Self-taught through trial and error","votes":552,"type":"x","order":1,"pct":78.63,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.27,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.84,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Explore Latest Linux Security advisories

We found -6 articles for you...

security advisoryRed Hat Enterprise Linuxmemory issues

Red Hat Enterprise Linux 9 RHSA-2023:2204-01 Moderate Image Builder Fix

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Image Builder security, bug fix, and enhancement update Advisory ID: RHSA-2023:2204-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2204 Issue date: 2023-05-09 CVE Names: CVE-2022-2879 CVE-2022-2880 CVE-2022-27664 CVE-2022-41715 CVE-2022-41717 ==================================================================== 1. Summary: An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): * golang: archive/tar: unbounded memory consumption when reading headers(CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2119980 - edge-installer ISO install failed at dracut-initqueue timeout 2122843 - coreos-installer-0.15.0-2.el9 does not work with osbuild-composer-62-1.el9 2123373 - edge images default to LVM [rhel-9.2.0] 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2125249 - podman network backend does not switch to netavark when embedding container in image [rhel-9.2.0] 2132250 - Update Image Builder suite of projects to their latest upstream releases [RHEL-9.2] 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2136504 - osbuild-composer can't access /var/cache/osbuild-composer/rpmmd on package upgrade from 9.0 2137364 - composer-cli blueprints show command fails when firewall customization is included in a blueprint 2139645 - [cockpit-composer] RHEL 9.2 Tier 0 Localization 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2164560 - Rebase to weldr-client v35.9 2174158 - systemd units aren't enabled/started using ignition 2177699 - Composer is not setting the rpm stage options in the os pipeline correctly for payload repositories 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: cockpit-composer-45-1.el9_2.src.rpm osbuild-81-1.el9.src.rpm osbuild-composer-76-2.el9_2.src.rpm weldr-client-35.9-1.el9.src.rpm aarch64: osbuild-composer-76-2.el9_2.aarch64.rpm osbuild-composer-core-76-2.el9_2.aarch64.rpm osbuild-composer-core-debuginfo-76-2.el9_2.aarch64.rpm osbuild-composer-debuginfo-76-2.el9_2.aarch64.rpm osbuild-composer-debugsource-76-2.el9_2.aarch64.rpm osbuild-composer-dnf-json-76-2.el9_2.aarch64.rpm osbuild-composer-tests-debuginfo-76-2.el9_2.aarch64.rpm osbuild-composer-worker-76-2.el9_2.aarch64.rpm osbuild-composer-worker-debuginfo-76-2.el9_2.aarch64.rpm weldr-client-35.9-1.el9.aarch64.rpm weldr-client-debuginfo-35.9-1.el9.aarch64.rpm weldr-client-debugsource-35.9-1.el9.aarch64.rpm weldr-client-tests-debuginfo-35.9-1.el9.aarch64.rpm noarch: cockpit-composer-45-1.el9_2.noarch.rpm osbuild-81-1.el9.noarch.rpm osbuild-luks2-81-1.el9.noarch.rpm osbuild-lvm2-81-1.el9.noarch.rpm osbuild-ostree-81-1.el9.noarch.rpm osbuild-selinux-81-1.el9.noarch.rpm python3-osbuild-81-1.el9.noarch.rpm ppc64le: osbuild-composer-76-2.el9_2.ppc64le.rpm osbuild-composer-core-76-2.el9_2.ppc64le.rpm osbuild-composer-core-debuginfo-76-2.el9_2.ppc64le.rpm osbuild-composer-debuginfo-76-2.el9_2.ppc64le.rpm osbuild-composer-debugsource-76-2.el9_2.ppc64le.rpm osbuild-composer-dnf-json-76-2.el9_2.ppc64le.rpm osbuild-composer-tests-debuginfo-76-2.el9_2.ppc64le.rpm osbuild-composer-worker-76-2.el9_2.ppc64le.rpm osbuild-composer-worker-debuginfo-76-2.el9_2.ppc64le.rpm weldr-client-35.9-1.el9.ppc64le.rpm weldr-client-debuginfo-35.9-1.el9.ppc64le.rpm weldr-client-debugsource-35.9-1.el9.ppc64le.rpm weldr-client-tests-debuginfo-35.9-1.el9.ppc64le.rpm s390x: osbuild-composer-76-2.el9_2.s390x.rpm osbuild-composer-core-76-2.el9_2.s390x.rpm osbuild-composer-core-debuginfo-76-2.el9_2.s390x.rpm osbuild-composer-debuginfo-76-2.el9_2.s390x.rpm osbuild-composer-debugsource-76-2.el9_2.s390x.rpm osbuild-composer-dnf-json-76-2.el9_2.s390x.rpm osbuild-composer-tests-debuginfo-76-2.el9_2.s390x.rpm osbuild-composer-worker-76-2.el9_2.s390x.rpm osbuild-composer-worker-debuginfo-76-2.el9_2.s390x.rpm weldr-client-35.9-1.el9.s390x.rpm weldr-client-debuginfo-35.9-1.el9.s390x.rpm weldr-client-debugsource-35.9-1.el9.s390x.rpm weldr-client-tests-debuginfo-35.9-1.el9.s390x.rpm x86_64: osbuild-composer-76-2.el9_2.x86_64.rpm osbuild-composer-core-76-2.el9_2.x86_64.rpm osbuild-composer-core-debuginfo-76-2.el9_2.x86_64.rpm osbuild-composer-debuginfo-76-2.el9_2.x86_64.rpm osbuild-composer-debugsource-76-2.el9_2.x86_64.rpm osbuild-composer-dnf-json-76-2.el9_2.x86_64.rpm osbuild-composer-tests-debuginfo-76-2.el9_2.x86_64.rpm osbuild-composer-worker-76-2.el9_2.x86_64.rpm osbuild-composer-worker-debuginfo-76-2.el9_2.x86_64.rpm weldr-client-35.9-1.el9.x86_64.rpm weldr-client-debuginfo-35.9-1.el9.x86_64.rpm weldr-client-debugsource-35.9-1.el9.x86_64.rpm weldr-client-tests-debuginfo-35.9-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZFo0YNzjgjWX9erEAQifuA/+PkemZDLvpIEurj3RfuiqWEHWVfNeZykF IaduyRNaNZA5nkErwV6D5X+bm0YUdgMB6H7Rn5HhxdckGlE6k3Oq2mZillW2wKDe gZ3kwRmyIlkQLnuOZgVkTUInYUzhvBdPhlVXD/kNnYACMSX9jbx1xNE0zvxN92LR t2APv2qGfvZNkpckaqJInWo7TAitoihRJUozy1KsCohE1NAGbS9qMlWFaH89f9rO 3etteClVQ/z2KQXqXgqkuykxuhJut75Uvvicw+sP4YM5bn4D/S+dxTrIzlg2QO7/ amdkYRuL6GFa0mWIm83rbBcQELdMxHDjyLLU55nq+1P6SzxdON9PZD9uMjkRIpqK EptDRmAjCRsejolK1Lo+vjxLZ3ZpSOznUh5LBVDkFvDoJfFmokqMEneIt1U6wB+q Me5IffE+bpQrdyg0IWYnoefDrgQXaiM27q5MJeUsHiOI8OGoJFFfrnUmHtCJNrzq XF7X3rt4sAiqR764uJoiiPEDadc4Vaor8hH9h1yQbmIe2Sk4g/56yREBk8Ozvif4 lm/W7b7njMfUk+mmPAxKI7Ycl+nriqJ+PHIHJ8DFzRIC/H8g1hK2i2EZL8SZQxma r+7FeuGuayfYh42tFryan43AcwqPNs4UZen7YKTiQY6nQ3WOcR+h5bjnKtHWPc/3 dTmHXPE5js0=kIXE -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat publishes security notice regarding vulnerabilities in Image Builder, impacting several components. Implement the resolution for moderate level concerns.. Red Hat Enterprise Linux, Image Builder, osbuild, security advisory. . LinuxSecurity.com Team

May 09, 2023 Red Hat

security advisoryRed Hat Enterprise LinuxdoS

Red Hat Enterprise Linux 9 RHSA-2022-7950-01 Low: Image Builder DoS

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Image Builder security, bug fix, and enhancement update Advisory ID: RHSA-2022:7950-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7950 Issue date: 2022-11-15 CVE Names: CVE-2022-32189 ==================================================================== 1. Summary: An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on howto apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2059869 - Update osbuild to the newest upstream version in RHEL 9.1 2059870 - Update osbuild-composer to the newest upstream version in RHEL 9.1 2060061 - Rebase cockpit-composer to newest release for RHEL 9.1 2062597 - [cockpit-composer] RHEL 9.1 Tier 0 Localization 2064087 - suggest to exclude dracut-config-rescue in rhel ec2 images 2088459 - [osbuild-composer] cannot build an edge container with sssd 2105961 - edge-installer (anaconda) fails if user has ssh-key defined 2110864 - edge-installer ISO image can't boot on BIOS VM 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2118831 - Backport test changes for new osbuild-composer 2123055 - edge images default to LVM 2123210 - podman network backend does not switch to netavark when embedding container in image 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: cockpit-composer-41-1.el9.src.rpm osbuild-65-1.el9.src.rpm osbuild-composer-62.1-1.el9.src.rpm weldr-client-35.5-4.el9.src.rpm aarch64: osbuild-composer-62.1-1.el9.aarch64.rpm osbuild-composer-core-62.1-1.el9.aarch64.rpm osbuild-composer-core-debuginfo-62.1-1.el9.aarch64.rpm osbuild-composer-debugsource-62.1-1.el9.aarch64.rpm osbuild-composer-dnf-json-62.1-1.el9.aarch64.rpm osbuild-composer-tests-debuginfo-62.1-1.el9.aarch64.rpm osbuild-composer-worker-62.1-1.el9.aarch64.rpm osbuild-composer-worker-debuginfo-62.1-1.el9.aarch64.rpm weldr-client-35.5-4.el9.aarch64.rpm weldr-client-debuginfo-35.5-4.el9.aarch64.rpm weldr-client-debugsource-35.5-4.el9.aarch64.rpm weldr-client-tests-debuginfo-35.5-4.el9.aarch64.rpm noarch: cockpit-composer-41-1.el9.noarch.rpm osbuild-65-1.el9.noarch.rpm osbuild-luks2-65-1.el9.noarch.rpm osbuild-lvm2-65-1.el9.noarch.rpm osbuild-ostree-65-1.el9.noarch.rpm osbuild-selinux-65-1.el9.noarch.rpm python3-osbuild-65-1.el9.noarch.rpm ppc64le: osbuild-composer-62.1-1.el9.ppc64le.rpm osbuild-composer-core-62.1-1.el9.ppc64le.rpm osbuild-composer-core-debuginfo-62.1-1.el9.ppc64le.rpm osbuild-composer-debugsource-62.1-1.el9.ppc64le.rpm osbuild-composer-dnf-json-62.1-1.el9.ppc64le.rpm osbuild-composer-tests-debuginfo-62.1-1.el9.ppc64le.rpm osbuild-composer-worker-62.1-1.el9.ppc64le.rpm osbuild-composer-worker-debuginfo-62.1-1.el9.ppc64le.rpm weldr-client-35.5-4.el9.ppc64le.rpm weldr-client-debuginfo-35.5-4.el9.ppc64le.rpm weldr-client-debugsource-35.5-4.el9.ppc64le.rpm weldr-client-tests-debuginfo-35.5-4.el9.ppc64le.rpm s390x: osbuild-composer-62.1-1.el9.s390x.rpm osbuild-composer-core-62.1-1.el9.s390x.rpm osbuild-composer-core-debuginfo-62.1-1.el9.s390x.rpm osbuild-composer-debugsource-62.1-1.el9.s390x.rpm osbuild-composer-dnf-json-62.1-1.el9.s390x.rpm osbuild-composer-tests-debuginfo-62.1-1.el9.s390x.rpm osbuild-composer-worker-62.1-1.el9.s390x.rpm osbuild-composer-worker-debuginfo-62.1-1.el9.s390x.rpm weldr-client-35.5-4.el9.s390x.rpm weldr-client-debuginfo-35.5-4.el9.s390x.rpm weldr-client-debugsource-35.5-4.el9.s390x.rpm weldr-client-tests-debuginfo-35.5-4.el9.s390x.rpm x86_64: osbuild-composer-62.1-1.el9.x86_64.rpm osbuild-composer-core-62.1-1.el9.x86_64.rpm osbuild-composer-core-debuginfo-62.1-1.el9.x86_64.rpm osbuild-composer-debugsource-62.1-1.el9.x86_64.rpm osbuild-composer-dnf-json-62.1-1.el9.x86_64.rpm osbuild-composer-tests-debuginfo-62.1-1.el9.x86_64.rpm osbuild-composer-worker-62.1-1.el9.x86_64.rpm osbuild-composer-worker-debuginfo-62.1-1.el9.x86_64.rpm weldr-client-35.5-4.el9.x86_64.rpm weldr-client-debuginfo-35.5-4.el9.x86_64.rpm weldr-client-debugsource-35.5-4.el9.x86_64.rpm weldr-client-tests-debuginfo-35.5-4.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3PhT9zjgjWX9erEAQg9fhAAkAAGWeWiPDsQJ/TXFnrTis24eChQ9WHU XGffqSbHSQAjupkyGhzPsn8jau+HPOfvUARnI77Fz6hKM+pt8IdVWmM0cVfXKVqE CFL78X2pLnSnn3fIld5gEvPrLv6VzrxJ8wlm6wNln43KaZ//z9mrJ7qPW6RpIWvE c+A5Xx14tTMUMZ/Wh21DA2mKEgSO40wfPEXvBu0pb2XbN/+oaCmUmJV6oMx88b3U onMnRqvl+kFl1SCI8158AvkZj6NKMNeD23cjuHyT0KttoIOft+I0DCsDI5W/qRup Q0JYQ0VTbPx7hQHc/TOSO6bg1dBJbrwWHdqgjoQhP9inhdKFWUtnFj0/nw5Ddc76 IOL88AneTceR/5vomLl5dCCM4kCOHzqnwCK/G/zINkoeRyHn8zsWJ83M34Pxatr/ hWUugBz8lw0rL38qwEbssFCLXUYHLCIpr+pPnMiy90lwGDPY2Ydg1vfujMbZL9q9 BNl9U7Olz4rIH+libn8Q7VkBOEz9DpYXGnWA+CbIDgUosHyixzEvNlZxemoGtQYI n36mwgE/QbNaAhfrzXL7DZ20tGcZHzBrsoGHZImu5CQwheSO+cdm3Wx2+y6u4lk9 1N2xHiG/VRkOPxDZX1OLQ8jBPq+2ZyGIuwYNP7QOCU2wgIDUBnbOI0gAUZO1dZnK x3zLrMtLyho=zP99 -----END PGPSIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat releases minor update addressing vulnerability in Image Builder linked to cockpit-composer and osbuild for RHEL 9.. Red Hat Enterprise Linux, Image Builder, security patch, bug fix, denial of service. . Severity: Low. LinuxSecurity.com Team

Nov 15, 2022 •Low Red Hat

security advisoryRed Hatbug fix

RedHat: RHSA-2022-7548 Low: Image Builder DoS Security Fix

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Image Builder security, bug fix, and enhancement update Advisory ID: RHSA-2022:7548-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7548 Issue date: 2022-11-08 CVE Names: CVE-2022-32189 ==================================================================== 1. Summary: An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on howto apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2059867 - Update osbuild to the newest upstream version in RHEL 8.7 2059868 - Update osbuild-composer to the newest upstream version in RHEL 8.7 2060063 - Rebase cockpit-composer to newest release for RHEL 8.7 2062694 - [cockpit-composer] RHEL 8.7 Tier 0 Localization 2065734 - Build fails for packages in blueprint that contain conditional dependencies 2104464 - [osbuild] Image builder does not support the use of a dot inside a username 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2118829 - Backport test changes for new osbuild-composer 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: cockpit-composer-41-1.el8.src.rpm osbuild-65-1.el8.src.rpm osbuild-composer-62-1.el8.src.rpm weldr-client-35.5-4.el8.src.rpm aarch64: osbuild-composer-62-1.el8.aarch64.rpm osbuild-composer-core-62-1.el8.aarch64.rpm osbuild-composer-core-debuginfo-62-1.el8.aarch64.rpm osbuild-composer-debuginfo-62-1.el8.aarch64.rpm osbuild-composer-debugsource-62-1.el8.aarch64.rpm osbuild-composer-dnf-json-62-1.el8.aarch64.rpm osbuild-composer-tests-debuginfo-62-1.el8.aarch64.rpm osbuild-composer-worker-62-1.el8.aarch64.rpm osbuild-composer-worker-debuginfo-62-1.el8.aarch64.rpm weldr-client-35.5-4.el8.aarch64.rpm weldr-client-debuginfo-35.5-4.el8.aarch64.rpm weldr-client-debugsource-35.5-4.el8.aarch64.rpm weldr-client-tests-debuginfo-35.5-4.el8.aarch64.rpm noarch: cockpit-composer-41-1.el8.noarch.rpm osbuild-65-1.el8.noarch.rpm osbuild-luks2-65-1.el8.noarch.rpm osbuild-lvm2-65-1.el8.noarch.rpm osbuild-ostree-65-1.el8.noarch.rpm osbuild-selinux-65-1.el8.noarch.rpm python3-osbuild-65-1.el8.noarch.rpm ppc64le: osbuild-composer-62-1.el8.ppc64le.rpm osbuild-composer-core-62-1.el8.ppc64le.rpm osbuild-composer-core-debuginfo-62-1.el8.ppc64le.rpm osbuild-composer-debuginfo-62-1.el8.ppc64le.rpm osbuild-composer-debugsource-62-1.el8.ppc64le.rpm osbuild-composer-dnf-json-62-1.el8.ppc64le.rpm osbuild-composer-tests-debuginfo-62-1.el8.ppc64le.rpm osbuild-composer-worker-62-1.el8.ppc64le.rpm osbuild-composer-worker-debuginfo-62-1.el8.ppc64le.rpm weldr-client-35.5-4.el8.ppc64le.rpm weldr-client-debuginfo-35.5-4.el8.ppc64le.rpm weldr-client-debugsource-35.5-4.el8.ppc64le.rpm weldr-client-tests-debuginfo-35.5-4.el8.ppc64le.rpm s390x: osbuild-composer-62-1.el8.s390x.rpm osbuild-composer-core-62-1.el8.s390x.rpm osbuild-composer-core-debuginfo-62-1.el8.s390x.rpm osbuild-composer-debuginfo-62-1.el8.s390x.rpm osbuild-composer-debugsource-62-1.el8.s390x.rpm osbuild-composer-dnf-json-62-1.el8.s390x.rpm osbuild-composer-tests-debuginfo-62-1.el8.s390x.rpm osbuild-composer-worker-62-1.el8.s390x.rpm osbuild-composer-worker-debuginfo-62-1.el8.s390x.rpm weldr-client-35.5-4.el8.s390x.rpm weldr-client-debuginfo-35.5-4.el8.s390x.rpm weldr-client-debugsource-35.5-4.el8.s390x.rpm weldr-client-tests-debuginfo-35.5-4.el8.s390x.rpm x86_64: osbuild-composer-62-1.el8.x86_64.rpm osbuild-composer-core-62-1.el8.x86_64.rpm osbuild-composer-core-debuginfo-62-1.el8.x86_64.rpm osbuild-composer-debuginfo-62-1.el8.x86_64.rpm osbuild-composer-debugsource-62-1.el8.x86_64.rpm osbuild-composer-dnf-json-62-1.el8.x86_64.rpm osbuild-composer-tests-debuginfo-62-1.el8.x86_64.rpm osbuild-composer-worker-62-1.el8.x86_64.rpm osbuild-composer-worker-debuginfo-62-1.el8.x86_64.rpm weldr-client-35.5-4.el8.x86_64.rpm weldr-client-debuginfo-35.5-4.el8.x86_64.rpm weldr-client-debugsource-35.5-4.el8.x86_64.rpm weldr-client-tests-debuginfo-35.5-4.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY2pShNzjgjWX9erEAQiA5g/+INhThcOhn6BKpM/vrdLV9/2VkjIAfM2T tk8cUhCDRrgJexvXzAugexPMMDpvlho5JTW6Jwhkx9bWRqER6rlMMIqawD0b6mNT BwPSyERnHyJjXupx+XzdSSsy6W1ZqnQfDNW3boIHUmA5MCt8mwkUe4jGhJzS1rWZ 7qtQU/j08E+MgiKFbTgjMJHSCwQHz/FE/w+Og9QL9t+dbf4Z2sIMDgr0cS8yKrsl 6c3EMM0BXGvfPO+Ja0QI/15lD5xkPpdk8MceoYCH8TeJ9abiqzKH4HyebdOubTVB cgrvLK20AuF2Bx4kbbm7RPsM6ZvqIIXthmkHuGTou5Imseb+FoCAxmt/Av9ZqaPW NgvCdx9Ga9JPNm9jb8nGkJDZZ/1wlQa8/QJFIPIBQRZH2yck7nngfMOK/fovlvOh f+4tzQ3UdhNFdWIRlSkEkGK37o+xYGcGjcNpoA1LRZN0ziG2tx+ZhY6Pu3FKMZCW wE2DSm/qR2YvoD28ouVquo9AGN+uGd5aXUhWVHnsQZz0O9kUxXT6s56BemZ3ZPAJ P/Aap8cuiYEFav9GhvMbV2Y/fj7RWxFjS65XfkgGtnvn44H3YiPKO4Tfffda1zev XR3v2rmC7RkgJNEt2N8osrMv8bE2GydAe1d4B/wz6DQQO0Zb1aAyPoGeqf37dNh0 l7B8d7/fcGo=nPMt -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat's newest Image Builder update enhances security by fixing a critical bug, ensuring minimal disruptions while improving operational integrity for users. Red Hat Advisory, Image Builder Fix, DoS Issue, osbuild Update. . Severity: Low. LinuxSecurity.com Team

Nov 08, 2022 •Low Red Hat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.63%)

78.63% votes

Formal training or courses (4.27%)

4.27% votes

A job that required it (4.84%)

4.84% votes

Other (12.25%)

12.25% votes

bottom 200

Stay Secure with the Latest Linux Advisories

openSUSE Security Notice 2026-2328-1 Significant Updates on Four Xen Risks

openSUSE 2026-2328-1 Xen Important Buffer Overflow Patch

openSUSE Leap 15.6 Important Xen Denial of Service Fix SUSE-SU-2026-2329-1

openSUSE Important xen Patch for Multiple Threats SUSE-2026-2329-1

SUSE MariaDB Critical Security Fix 12 Vulnerabilities 2026-2330-1

Ubuntu 22.04 LTS Exim4 Moderate Regression CVE-2023-42117

SUSE StrongSwan Important Double-Free CVE-2026-47895 Advisory 2026-2312-1

SUSE vim Important Command Injection Buffer Overflow Update 2026-2313-1

openSUSE Important libsoup HTTP Request Smuggling Vulnerability 2026-2314-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Explore Latest Linux Security advisories

Red Hat Enterprise Linux 9 RHSA-2023:2204-01 Moderate Image Builder Fix

Red Hat Enterprise Linux 9 RHSA-2022-7950-01 Low: Image Builder DoS

RedHat: RHSA-2022-7548 Low: Image Builder DoS Security Fix

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE Security Notice 2026-2328-1 Significant Updates on Four Xen Risks

openSUSE 2026-2328-1 Xen Important Buffer Overflow Patch

openSUSE Leap 15.6 Important Xen Denial of Service Fix SUSE-SU-2026-2329-1

openSUSE Important xen Patch for Multiple Threats SUSE-2026-2329-1

SUSE MariaDB Critical Security Fix 12 Vulnerabilities 2026-2330-1

Ubuntu 22.04 LTS Exim4 Moderate Regression CVE-2023-42117

SUSE StrongSwan Important Double-Free CVE-2026-47895 Advisory 2026-2312-1

SUSE vim Important Command Injection Buffer Overflow Update 2026-2313-1

openSUSE Important libsoup HTTP Request Smuggling Vulnerability 2026-2314-1

Refine advisories

severity

Topics

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!