Red Hat Product Errata RHSA-2026:9044 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:9044 - Security Advisory Overview Updated Packages Synopsis Important: osbuild-composer security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM osbuild-composer-149-5.el9_7.src.rpm SHA-256: a1b3cf669f04fd1d9ffe232fc84b9114d68afd77bcfed46a872b410bfb1d610e x86_64 osbuild-composer-149-5.el9_7.x86_64.rpm SHA-256: 17a1f77a6f9efe626cdb595cb2b56bf2377fb6ef4d8b6de7e436ba2123e3a440 osbuild-composer-core-149-5.el9_7.x86_64.rpm SHA-256: 0fbfbda3093f5b95da461a0e4c3685dbcd926a2cceea2d8d0a5a911290f7ad3b osbuild-composer-core-debuginfo-149-5.el9_7.x86_64.rpm SHA-256: cbcf118028f56c66d6a6de10ab72c3d96d24c22fa87c5239d9200550dd16fd87 osbuild-composer-debuginfo-149-5.el9_7.x86_64.rpm SHA-256: cd4d134a95a9b1785c0e2e8f7d5d0ce3e623970fb6cc47d1b1864b3bbec49c61 osbuild-composer-debugsource-149-5.el9_7.x86_64.rpm SHA-256: b754353d047e9b0f8c967e719da20ca50ecf7ea368c411dd47d97ec0a11ccbd8 osbuild-composer-tests-debuginfo-149-5.el9_7.x86_64.rpm SHA-256: 309f4fa4aba7a4a6ec233bd18966f1ad77ca47d87513ebb6b47335dc10a28afc osbuild-composer-worker-149-5.el9_7.x86_64.rpm SHA-256: d430ef0b231e378f8fde75a1a5da59999a7192bea578b1bb5e6597f3e02dfe52 osbuild-composer-worker-debuginfo-149-5.el9_7.x86_64.rpm SHA-256: e258b1d2d87fc7e19432c0842b25e47f8ac260da8ed7c897b058efa604babd3d Red Hat Enterprise Linux for IBM z Systems 9 SRPM osbuild-composer-149-5.el9_7.src.rpm SHA-256: a1b3cf669f04fd1d9ffe232fc84b9114d68afd77bcfed46a872b410bfb1d610e s390x osbuild-composer-149-5.el9_7.s390x.rpm SHA-256: 5d51d341e4e6b6a383003c75484145de3079c0a92ae7dbbb3ab0b35539298b54 osbuild-composer-core-149-5.el9_7.s390x.rpm SHA-256: f2d9701adce927fba2c97034f7565f6b979ebb32c67856dd397490989d1349f5 osbuild-composer-core-debuginfo-149-5.el9_7.s390x.rpm SHA-256: d986aa3e30f26641878a4a477981718a7c4503faaad4f2156add634a852b7935 osbuild-composer-debuginfo-149-5.el9_7.s390x.rpm SHA-256: a824b36263fbc3644173f763268f4eb90bfe0d7ab6effe8b3d025b8e12d4b2f3 osbuild-composer-debugsource-149-5.el9_7.s390x.rpm SHA-256: 2f4112aaedc85bddd4a3d05a0f259110e94f0d30ad9fe8bfc21810643b3d90b4 osbuild-composer-tests-debuginfo-149-5.el9_7.s390x.rpm SHA-256: ac68134810ccbe15db993c98368de8b621e21653396b9cfdebc1ff824a177578 osbuild-composer-worker-149-5.el9_7.s390x.rpm SHA-256: d73f0f08b87e973b4b0bd452ca478b5883bbbff6d6cfa7830b5f4a300ba34457 osbuild-composer-worker-debuginfo-149-5.el9_7.s390x.rpm SHA-256: 0c397dd77d20826f28d0ddabec3d978d86ecc99c84d34a708e42446b0a8570b3 Red Hat Enterprise Linux for Power, little endian 9 SRPM osbuild-composer-149-5.el9_7.src.rpm SHA-256: a1b3cf669f04fd1d9ffe232fc84b9114d68afd77bcfed46a872b410bfb1d610e ppc64le osbuild-composer-149-5.el9_7.ppc64le.rpm SHA-256: 4fae8187007a09209e37ef2e85c181a9a2ace074ae8fc2f3d0cdac5e0f43d3df osbuild-composer-core-149-5.el9_7.ppc64le.rpm SHA-256: 3157bf207cea87bc40dd5cb73144309286c3bbf86c8d47a2cf451e1ca144a0d2 osbuild-composer-core-debuginfo-149-5.el9_7.ppc64le.rpm SHA-256: 3d56261e524a1a7d5caa15bca00cd571c8364efd2240cad3cb2a48ee95379f43 osbuild-composer-debuginfo-149-5.el9_7.ppc64le.rpm SHA-256: 4e2ecf4d211917029ee4ebf92de767da70a95cae8b14f9f1b6c49ae3fd54b286 osbuild-composer-debugsource-149-5.el9_7.ppc64le.rpm SHA-256: d61b29fcaaf7df86ec130d4aad07fc1681c49687d14f800c2eacfa95874ea9ad osbuild-composer-tests-debuginfo-149-5.el9_7.ppc64le.rpm SHA-256: 696c6da991b6e2a643b3b09338a8ff19b7c1abc1611837b5a0728a2064579fd8 osbuild-composer-worker-149-5.el9_7.ppc64le.rpm SHA-256: 47d220885c2b13fe5021729168eff934a05c612fc50984d97a9b8868027fa1a7 osbuild-composer-worker-debuginfo-149-5.el9_7.ppc64le.rpm SHA-256: 7bd07b4ba633701bdd11a4b7f2429c39cb4e25215ab03fb1d4c4a8abd1e2d7a0 Red Hat Enterprise Linux for ARM 64 9 SRPM osbuild-composer-149-5.el9_7.src.rpm SHA-256: a1b3cf669f04fd1d9ffe232fc84b9114d68afd77bcfed46a872b410bfb1d610e aarch64 osbuild-composer-149-5.el9_7.aarch64.rpm SHA-256: 15b1d77b0a1fb7b916e74caf8f24733e05b0b073c6dea009c9a7a1954852c051 osbuild-composer-core-149-5.el9_7.aarch64.rpm SHA-256: 7be79f872ad02fc45e8876c72f7a368251a8005520343aae250cd4e8d95dad95 osbuild-composer-core-debuginfo-149-5.el9_7.aarch64.rpm SHA-256: 1579d1153e1479ed8c64423eeafeed5c4736080d4e603806a4bb64545821a595 osbuild-composer-debuginfo-149-5.el9_7.aarch64.rpm SHA-256: d0cda3473ab04331fccabf1b89622061f310c8ed16213c6757792526cd8eecad osbuild-composer-debugsource-149-5.el9_7.aarch64.rpm SHA-256: 9f9891f07d7701da09a6f0e6b462ffd316ca5fc63cb2631572d2f9bb7f32c8a9 osbuild-composer-tests-debuginfo-149-5.el9_7.aarch64.rpm SHA-256: d3788bf4c1e79d3bf29048bb7a9f04ad0befb0bfa9c9c4fdff58846cdec93429 osbuild-composer-worker-149-5.el9_7.aarch64.rpm SHA-256: 15d6999e4cd8efb0c6bc78584eefd2d1fd56a3fc9128f384cd3cdb385e5edb4e osbuild-composer-worker-debuginfo-149-5.el9_7.aarch64.rpm SHA-256: d633ba3dcb0c0a84802daeadde12907dc3f831d40399f1c24c573bee0ebca3d2 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .