[CLSA-2026:1782154116] osbuild-composer: Fix of CVE-2026-32281
Type:
security
Severity:
Important
Release date:
2026-06-22 18:48:50 UTC
Description:
- CVE-2026-32281: rebuild against golang >= 1.25.7-1.el9_6.tuxcare.els7 to fix denial-of-service in crypto/x509 policy validation, which is unexpectedly inefficient when a certificate chain contains a very large number of policy mappings
CVEs fixed:
Updated packages:
  • osbuild-composer-132.2-3.el9_6.alma.1.tuxcare.els4.x86_64.rpm
    sha:28f17bd84aec866ec153b87844d2570737f48067bf3e7dec44ca3509f8d64c78
  • osbuild-composer-core-132.2-3.el9_6.alma.1.tuxcare.els4.x86_64.rpm
    sha:0028ea966743420e099259637dd2686feed0fead747fac6fba374c675d2943dd
  • osbuild-composer-tests-132.2-3.el9_6.alma.1.tuxcare.els4.x86_64.rpm
    sha:7f540ffd1cee6393dfdd78c78fd80b6e3f23b475482ff9510605610203e9f06d
  • osbuild-composer-worker-132.2-3.el9_6.alma.1.tuxcare.els4.x86_64.rpm
    sha:4963a7923df40cf38ed84d2aebac17fecc8adb11a5b55000de3385afef3addd4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.