ELSA-2025-9844

ELSA-2025-9844 - osbuild-composer security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-06-27

Description

[101-4.0.1]
- Rebuilt to fix:
- CVE-2024-34156
- CVE-2024-1394
- RHEL-24303
- RHEL-57905
- Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
- Update repositories to contain OCI variables
- Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
- Increase default /boot size to 1GB [Orabug: 36827079]
- support for building OL8/9 images on Oracle Linux 8 [Orabug: 36400619]

[101-4]
- Resolves: RHEL-89279 (CVE-2025-22871)

Related CVEs

CVE-2025-22871

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	osbuild-composer-101-4.0.1.el8_10.src.rpm	297035ee55c02ffd5cb8ef6d7ea6279a0f1bffd9e651e502ff7e76d8d32abbc1	-	ol8_aarch64_appstream
	osbuild-composer-101-4.0.1.el8_10.aarch64.rpm	e265c18feb50ea392ee16b5fe310b2dc4babfbafe23b055cdf02f6a0793487fe	-	ol8_aarch64_appstream
	osbuild-composer-core-101-4.0.1.el8_10.aarch64.rpm	0806728812e94be42e08608526bd07695e4bcb0f07aa73a5bbc4c1d640a8faed	-	ol8_aarch64_appstream
	osbuild-composer-worker-101-4.0.1.el8_10.aarch64.rpm	7509d599dcd3a6974a4699d9bfd4859f8922b1a32f9956a34c57faa2f4aa37e9	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	osbuild-composer-101-4.0.1.el8_10.src.rpm	297035ee55c02ffd5cb8ef6d7ea6279a0f1bffd9e651e502ff7e76d8d32abbc1	-	ol8_x86_64_appstream
	osbuild-composer-101-4.0.1.el8_10.x86_64.rpm	530c10e58be7385f2e2ea17b058335471e15eb9843bf091c2282c45e656d744e	-	ol8_x86_64_appstream
	osbuild-composer-core-101-4.0.1.el8_10.x86_64.rpm	fb871c5f48f1a3ef2ed138340d4126445a19a384e812387771960211a67371c0	-	ol8_x86_64_appstream
	osbuild-composer-worker-101-4.0.1.el8_10.x86_64.rpm	d7d36146a487d1c2676ecbe86c64ffeb53b86008be4188e97bbd52c01dfa63c9	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team