Release date:
2026-03-12 18:45:26 UTC
Description:
- rebuild with newer golang version 1.25.7-1.el9_6.tuxcare.els1 to fix the following CVEs
- CVE-2025-68121: fix TLS session resumption bypass by preventing shared
auto-rotated ticket keys in Config and validating full certificate chain expiry
- CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory
consumption during form parsing
- CVE-2025-61728: fix denial-of-service in archive/zip by replacing super-linear
index construction with an efficient algorithm
- CVE-2025-61729: fix excessive resource consumption when constructing hostname
error messages for certificates with many SANs
Updated packages:
-
osbuild-composer-132.2-3.el9_6.alma.1.tuxcare.els1.x86_64.rpm
sha:b0e3ef5d0cb3ded8a099185648529a2dbf0a3ec8064678dff2fc143f2724b6ac
-
osbuild-composer-core-132.2-3.el9_6.alma.1.tuxcare.els1.x86_64.rpm
sha:3bb103556b4afad2015e0b9782305f78e23b44b01b07ec4f842fd2ab80ed6b5d
-
osbuild-composer-tests-132.2-3.el9_6.alma.1.tuxcare.els1.x86_64.rpm
sha:c05185e22d3d21e39e53c9920638b4e7dafe129a9ba04be709ed2fbe39b6fb47
-
osbuild-composer-worker-132.2-3.el9_6.alma.1.tuxcare.els1.x86_64.rpm
sha:422cee0ba0c75fe5097e5fe1e00aaef44df99bf6760608135cb656ddec3a50e6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
