|
|
Subscribe / Log in / New account

Oracle alert ELSA-2025-19566 (osbuild-composer)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2025-19566 Moderate: Oracle Linux 10 osbuild-composer security update


Date:
              Thu, 06 Nov 2025 15:58:49 -0800


Message-ID:
              <mailman.110.1762473538.31.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2025-19566

http://linux.oracle.com/errata/ELSA-2025-19566.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux
Network:

x86_64:
osbuild-composer-134.1-3.0.1.el10_0.x86_64.rpm
osbuild-composer-core-134.1-3.0.1.el10_0.x86_64.rpm
osbuild-composer-worker-134.1-3.0.1.el10_0.x86_64.rpm

aarch64:
osbuild-composer-134.1-3.0.1.el10_0.aarch64.rpm
osbuild-composer-core-134.1-3.0.1.el10_0.aarch64.rpm
osbuild-composer-worker-134.1-3.0.1.el10_0.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/osbuild-composer...

Related CVEs:

CVE-2025-27144




Description of changes:

[134.1-3.0.1]
- Add OL10 support
- Update repository URLs for baseos, appstream and UERK
- Fix the label for UEKR repository
- Simplify repository names [JIRA: OLDIS-35893]
- Ensure build on latest golang: CVE-2024-34156
- Refactor patches to fix some naming and set a correct kernel for Oracle Linux [Orabug: 37253643]
- Support using OCI variables inside built images [JIRA: OLDIS-35302]
- Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
- Update repositories to contain OCI variables
- Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
- Increase default /boot size to 1GB [Orabug: 36827079]
- Add support for OCI hybrid images [JIRA: OLDIS-33593]
- enable aarch64 OCI image builds [JIRA: OLDIS-33593]
- support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]
- Rebuild for CVE-2025-22871

[134.1-3]
- Fix json tailoring blueprint conversion
  Resolves: RHEL-115392
- Fix unclosed logrus logging pipes
  Resolves: RHEL-121533
- Update go-jose dependency
  Resolves: RHEL-82957 (CVE-2025-27144)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds