Red Hat Product Errata RHSA-2026:17686 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17686 - Security Advisory Overview Updated Packages Synopsis Moderate: osbuild-composer security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fix(es): crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVEs CVE-2025-68121 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 x86_64 osbuild-composer-134.1-6.el10_0.x86_64.rpm SHA-256: d13b02980f6dd3fe1da5dfdee5f022d06813b98ea64dba56656fe7ac285d48e7 osbuild-composer-core-134.1-6.el10_0.x86_64.rpm SHA-256: c0703aa566665ddc3f01c2dfe0504d00c897b7174cd3ba7422562a861b3185ab osbuild-composer-core-debuginfo-134.1-6.el10_0.x86_64.rpm SHA-256: c77bdcfc5a1c373509b28b2d9bae7179ac0a1071353290eb6dddb0eb79de5e92 osbuild-composer-debugsource-134.1-6.el10_0.x86_64.rpm SHA-256: 822923920adce9dd67c8629399dfcc876a821ff10464304a81fe659e880aed82 osbuild-composer-tests-debuginfo-134.1-6.el10_0.x86_64.rpm SHA-256: 930a4309eaf10b327ccc2ff53938e02e92305316ebf667ed8ecce9ba391b2af1 osbuild-composer-worker-134.1-6.el10_0.x86_64.rpm SHA-256: 29e88aa4a33982cff6cc01c65d42ca71080686149c8a60d7c2a0c2552ffe27c0 osbuild-composer-worker-debuginfo-134.1-6.el10_0.x86_64.rpm SHA-256: 06e99a109cac6d6346a3f0daba7eb85b8e048f76efcf316503cb8eee9cbc153c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 s390x osbuild-composer-134.1-6.el10_0.s390x.rpm SHA-256: 6ec8f0234395979423d5d85a71322e82c5699623f12f61f0f3aef826f69ec1c9 osbuild-composer-core-134.1-6.el10_0.s390x.rpm SHA-256: d9eabd8208c0465abeeb0044675671fc33e6497ffcc05d1d087dff25d5ce1633 osbuild-composer-core-debuginfo-134.1-6.el10_0.s390x.rpm SHA-256: 0f61d8a63e612f9995477a95166f51541d2613f1d99cad1489d272db93952999 osbuild-composer-debugsource-134.1-6.el10_0.s390x.rpm SHA-256: a6add0ac84cf1cd14599d5201d9d2e2d69d0e32d633a1e36fb3c3b7ce2279768 osbuild-composer-tests-debuginfo-134.1-6.el10_0.s390x.rpm SHA-256: 18a59e84d525e3cc9cffca2877aa0ea4e1b184e3ebb1fa115e8ddbfb11a65843 osbuild-composer-worker-134.1-6.el10_0.s390x.rpm SHA-256: 1f027bbd27af2705b2aaacf71d847b3c18a4bc3f7642f45eea3a44b3dd438907 osbuild-composer-worker-debuginfo-134.1-6.el10_0.s390x.rpm SHA-256: 20b4bba2c75554011ac7db9dedf4c9e838e50de5e885125e8884f14448f293fa Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 ppc64le osbuild-composer-134.1-6.el10_0.ppc64le.rpm SHA-256: 10abfb826bf59e0a3abeba2783a86dc6d1041511db0ed45e338bc09331b949c5 osbuild-composer-core-134.1-6.el10_0.ppc64le.rpm SHA-256: 494ada72e50c20c8af7e637f0367a302d0d8e5528a0e2f7e696ca4385d77d25f osbuild-composer-core-debuginfo-134.1-6.el10_0.ppc64le.rpm SHA-256: 82bf27c65888dfa69ad8a5845dfce3d2d4735d2be4332ba2cb986b0a01f67952 osbuild-composer-debugsource-134.1-6.el10_0.ppc64le.rpm SHA-256: d5771a3c1a7175bc3b4eb3201a878a2164099e2cab25fdf0104aee9e5871ad89 osbuild-composer-tests-debuginfo-134.1-6.el10_0.ppc64le.rpm SHA-256: 53e290caf61a0fcbd4dca90bf4c9e8e2b462288d7c241d68bce98bdd7c6218b1 osbuild-composer-worker-134.1-6.el10_0.ppc64le.rpm SHA-256: d531a2e5db6583f210b1f3ccf17d747809871050fdc30c66d21fda53acb6de9c osbuild-composer-worker-debuginfo-134.1-6.el10_0.ppc64le.rpm SHA-256: 3dd8254a8080c0e888bfa04adc60b33105347a3b9606608b8c80498b2f6320e7 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 aarch64 osbuild-composer-134.1-6.el10_0.aarch64.rpm SHA-256: 068dd8861d0ec10cbd9073997a8f3daf2fc96889d5ed674a4b7ee7ed60281e08 osbuild-composer-core-134.1-6.el10_0.aarch64.rpm SHA-256: f4418617b0a0cac39ca49cf22b46905517745acee18a84994e19f1840ea31a7b osbuild-composer-core-debuginfo-134.1-6.el10_0.aarch64.rpm SHA-256: ad169cdb28b6eb5595716070bf3676391752a84cefb209824966fd24b06006fa osbuild-composer-debugsource-134.1-6.el10_0.aarch64.rpm SHA-256: 3ea1295e4a0711878d9e40960799e3db05c6bb1a9e67658268f317e863410f42 osbuild-composer-tests-debuginfo-134.1-6.el10_0.aarch64.rpm SHA-256: 1c756fba1cfe03ff3e8042bea24b9df1444565d8cfa19d88103887a31c52ee77 osbuild-composer-worker-134.1-6.el10_0.aarch64.rpm SHA-256: 0aba25f78be44fbf3542a3a8ca01befdf4feb45af70894632bcbd9ef625394b6 osbuild-composer-worker-debuginfo-134.1-6.el10_0.aarch64.rpm SHA-256: 9497ab6572a393cf40c77d3e3ea57281b8caa8ea5e05d52445f80803d0c620da Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 aarch64 osbuild-composer-134.1-6.el10_0.aarch64.rpm SHA-256: 068dd8861d0ec10cbd9073997a8f3daf2fc96889d5ed674a4b7ee7ed60281e08 osbuild-composer-core-134.1-6.el10_0.aarch64.rpm SHA-256: f4418617b0a0cac39ca49cf22b46905517745acee18a84994e19f1840ea31a7b osbuild-composer-core-debuginfo-134.1-6.el10_0.aarch64.rpm SHA-256: ad169cdb28b6eb5595716070bf3676391752a84cefb209824966fd24b06006fa osbuild-composer-debugsource-134.1-6.el10_0.aarch64.rpm SHA-256: 3ea1295e4a0711878d9e40960799e3db05c6bb1a9e67658268f317e863410f42 osbuild-composer-tests-debuginfo-134.1-6.el10_0.aarch64.rpm SHA-256: 1c756fba1cfe03ff3e8042bea24b9df1444565d8cfa19d88103887a31c52ee77 osbuild-composer-worker-134.1-6.el10_0.aarch64.rpm SHA-256: 0aba25f78be44fbf3542a3a8ca01befdf4feb45af70894632bcbd9ef625394b6 osbuild-composer-worker-debuginfo-134.1-6.el10_0.aarch64.rpm SHA-256: 9497ab6572a393cf40c77d3e3ea57281b8caa8ea5e05d52445f80803d0c620da Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 s390x osbuild-composer-134.1-6.el10_0.s390x.rpm SHA-256: 6ec8f0234395979423d5d85a71322e82c5699623f12f61f0f3aef826f69ec1c9 osbuild-composer-core-134.1-6.el10_0.s390x.rpm SHA-256: d9eabd8208c0465abeeb0044675671fc33e6497ffcc05d1d087dff25d5ce1633 osbuild-composer-core-debuginfo-134.1-6.el10_0.s390x.rpm SHA-256: 0f61d8a63e612f9995477a95166f51541d2613f1d99cad1489d272db93952999 osbuild-composer-debugsource-134.1-6.el10_0.s390x.rpm SHA-256: a6add0ac84cf1cd14599d5201d9d2e2d69d0e32d633a1e36fb3c3b7ce2279768 osbuild-composer-tests-debuginfo-134.1-6.el10_0.s390x.rpm SHA-256: 18a59e84d525e3cc9cffca2877aa0ea4e1b184e3ebb1fa115e8ddbfb11a65843 osbuild-composer-worker-134.1-6.el10_0.s390x.rpm SHA-256: 1f027bbd27af2705b2aaacf71d847b3c18a4bc3f7642f45eea3a44b3dd438907 osbuild-composer-worker-debuginfo-134.1-6.el10_0.s390x.rpm SHA-256: 20b4bba2c75554011ac7db9dedf4c9e838e50de5e885125e8884f14448f293fa Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM osbuild-composer-134.1-6.el10_0.src.rpm SHA-256: e39740847763a118d3ac187c5cd2557c841c6549c2506e474266a03ed8035210 ppc64le osbuild-composer-134.1-6.el10_0.ppc64le.rpm SHA-256: 10abfb826bf59e0a3abeba2783a86dc6d1041511db0ed45e338bc09331b949c5 osbuild-composer-core-134.1-6.el10_0.ppc64le.rpm SHA-256: 494ada72e50c20c8af7e637f0367a302d0d8e5528a0e2f7e696ca4385d77d25f osbuild-composer-core-debuginfo-134.1-6.el10_0.ppc64le.rpm SHA-256: 82bf27c65888dfa69ad8a5845dfce3d2d4735d2be4332ba2cb986b0a01f67952 osbuild-composer-debugsource-134.1-6.el10_0.ppc64le.rpm SHA-256: d5771a3c1a7175bc3b4eb3201a878a2164099e2cab25fdf0104aee9e5871ad89 osbuild-composer-tests-debuginfo-134.1-6.el10_0.ppc64le.rpm SHA-256: 53e290caf61a0fcbd4dca90bf4c9e8e2b462288d7c241d68bce98bdd7c6218b1 osbuild-composer-worker-134.1-6.el10_0.ppc64le.rpm SHA-256: d531a2e5db6583f210b1f3ccf17d747809871050fdc30c66d21fda53acb6de9c osbuild-composer-worker-debuginfo-134.1-6.el10_0.ppc64le.rpm SHA-256: 3dd8254