Red Hat Product Errata RHSA-2026:13643 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13643 - Security Advisory Overview Updated Packages Synopsis Important: osbuild-composer security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for osbuild-composer is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM osbuild-composer-149-6.el10_1.src.rpm SHA-256: 86a98541dbf2dd50f434963aaad678a7b74e3ab9cd77d204f4fee83eddf04f7c x86_64 osbuild-composer-149-6.el10_1.x86_64.rpm SHA-256: 4764a23a4b91f33c84b98f6716c545ef77ba263ba939be6450a86d79b04c0647 osbuild-composer-core-149-6.el10_1.x86_64.rpm SHA-256: 8495b310cc4bd7607aec63e09d8db650b5497f05268fb7669ebf58bfce7ec5c7 osbuild-composer-core-debuginfo-149-6.el10_1.x86_64.rpm SHA-256: 8eac5942347a2a9a15f62bbcc5abf05f1c9d2a0c8383f82de3314612bf3a2e29 osbuild-composer-debugsource-149-6.el10_1.x86_64.rpm SHA-256: 94ba49ade7a03396a746802a8b01012ad03ea7437b025f06bcafba5b8bf441bf osbuild-composer-tests-debuginfo-149-6.el10_1.x86_64.rpm SHA-256: fd08a4c3e9a6d65de7177ba755eb6a356aaa4f38141f2861b56aafe1870dda4c osbuild-composer-worker-149-6.el10_1.x86_64.rpm SHA-256: ceb55372916dee358072e1031409d3d913b96e15a666fae26dd1861eb651773c osbuild-composer-worker-debuginfo-149-6.el10_1.x86_64.rpm SHA-256: df02c23ac086f7d7fb2f2a79953dc3338dd7b18967ba3cd6b2d9bb2b2ee58b30 Red Hat Enterprise Linux for IBM z Systems 10 SRPM osbuild-composer-149-6.el10_1.src.rpm SHA-256: 86a98541dbf2dd50f434963aaad678a7b74e3ab9cd77d204f4fee83eddf04f7c s390x osbuild-composer-149-6.el10_1.s390x.rpm SHA-256: 7a38a0acb2c494048d6783502903fdc3cce1ef78932f4ad197be150b07ccbf94 osbuild-composer-core-149-6.el10_1.s390x.rpm SHA-256: ebeb512d5cfdab6dd4466f2ba4c7f0e542a4278d72ff7f9c0409fdc91d2b0d35 osbuild-composer-core-debuginfo-149-6.el10_1.s390x.rpm SHA-256: 8cd37ba5c243ca1df2c0018807daa74e89c0b2627c3a1e17abd1db4e28d0524d osbuild-composer-debugsource-149-6.el10_1.s390x.rpm SHA-256: 32aeb4ae5bd08e2e5e856b2cff0d2f5d1b9f3eeca044e384a509b991c89f7f0a osbuild-composer-tests-debuginfo-149-6.el10_1.s390x.rpm SHA-256: e1a94eaeefda95525ebf0bd131119011c3ce94dbc4b76078d437595a17da3c22 osbuild-composer-worker-149-6.el10_1.s390x.rpm SHA-256: d465c1c4b4c43f89e469fe07c2779081de57ccb7f4375094a153c2444b9cdd3d osbuild-composer-worker-debuginfo-149-6.el10_1.s390x.rpm SHA-256: be8d90f6e933031c58f26cb420b064b702bdbed3f25070ca07f4fc7ee9eca16d Red Hat Enterprise Linux for Power, little endian 10 SRPM osbuild-composer-149-6.el10_1.src.rpm SHA-256: 86a98541dbf2dd50f434963aaad678a7b74e3ab9cd77d204f4fee83eddf04f7c ppc64le osbuild-composer-149-6.el10_1.ppc64le.rpm SHA-256: 8077faf8f87cc1432b620b9a7f0ea74fa705071ec24770690789c699b02a5db0 osbuild-composer-core-149-6.el10_1.ppc64le.rpm SHA-256: e1771351220fa4cf33db85b871acbc5cc7e85e743cfaea24a6cd112318ca55c5 osbuild-composer-core-debuginfo-149-6.el10_1.ppc64le.rpm SHA-256: a7c9df199a14639199dfe279e1eabc2f82d5ebe96c9b03f558886254d39ab5e1 osbuild-composer-debugsource-149-6.el10_1.ppc64le.rpm SHA-256: b6d37aa5adc4fbdac00ad1614407e5316f0b694ef5bc7ddf4bfaada1f8f4869c osbuild-composer-tests-debuginfo-149-6.el10_1.ppc64le.rpm SHA-256: d264151120604f8e80dc1ac4bedb72516ebcc13d42c2be06638046f51c1f7d42 osbuild-composer-worker-149-6.el10_1.ppc64le.rpm SHA-256: 37e5c91818e0dc3a78b638afc8906167caf8f01306aafec9953ab487c810fd95 osbuild-composer-worker-debuginfo-149-6.el10_1.ppc64le.rpm SHA-256: 474dc799a851075302e72b362ed60a1cf3369b080cbbb2219fdb77711f6685d2 Red Hat Enterprise Linux for ARM 64 10 SRPM osbuild-composer-149-6.el10_1.src.rpm SHA-256: 86a98541dbf2dd50f434963aaad678a7b74e3ab9cd77d204f4fee83eddf04f7c aarch64 osbuild-composer-149-6.el10_1.aarch64.rpm SHA-256: 5b6beb0f5fca46fbfdf718e234bdd04c4756631b09e0a21bbd088b284c62e9c5 osbuild-composer-core-149-6.el10_1.aarch64.rpm SHA-256: 458c134046490bafe21cd2b61f9646cc404d504d75599e9bfc92cd637eec7289 osbuild-composer-core-debuginfo-149-6.el10_1.aarch64.rpm SHA-256: 443eb900ba0e223042bd53509bf4725b71e449b6dccd0a76416de0fb5e991749 osbuild-composer-debugsource-149-6.el10_1.aarch64.rpm SHA-256: ce756981677d6215c33e5ed527bead03aeefa8611f652abc2596984ce784ee6c osbuild-composer-tests-debuginfo-149-6.el10_1.aarch64.rpm SHA-256: 7e9689ad633f8fab5f5ffe2de88d9f605f285791ce66e0d235af746fe9039734 osbuild-composer-worker-149-6.el10_1.aarch64.rpm SHA-256: a2d14fec578d02b1834b0abb2eba7845ce21d1bec8f3bda91c27673bed05cf1b osbuild-composer-worker-debuginfo-149-6.el10_1.aarch64.rpm SHA-256: d4b6dc356463b175035a8b5f86eaaccfa01ec24253c5303af8a44b855afee66c The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .