RLSA-2026:1838 Moderate: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS scor...

CVE-2026-33055 affecting package rpm-ostree for versions less than 2024.4-10

CVE-2026-33055 affecting package rpm-ostree for versions less than 2024.4-10. A patched version of the package is available...

CVE-2026-33056 affecting package rpm-ostree for versions less than 2024.4-10

CVE-2026-33056 affecting package rpm-ostree for versions less than 2024.4-10. A patched version of the package is available...

ALSA-2026:13642 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score,...

CVE-2025-58160 affecting package rpm-ostree for versions less than 2024.4-8

CVE-2025-58160 affecting package rpm-ostree for versions less than 2024.4-8. A patched version of the package is available...

CVE-2026-25541 affecting package rpm-ostree for versions less than 2024.4-8

CVE-2026-25541 affecting package rpm-ostree for versions less than 2024.4-8. A patched version of the package is available...

CVE-2025-58160 affecting package rpm-ostree for versions less than 2022.1-8

CVE-2025-58160 affecting package rpm-ostree for versions less than 2022.1-8. A patched version of the package is available...

ALSA-2026:2124 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...

AZL-76715 CVE-2026-25541 affecting package rpm-ostree 2024.4-6

Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "vcapacity = newcap + offset" uses an unchecked addition. When newcap + offset...

Azure Linux 3.0 Security Update: rpm-ostree (CVE-2024-2905)

The version of rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2905 advisory. - A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in...

Azure Linux 3.0 Security Update: rpm-ostree (CVE-2021-32715)

The version of rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-32715 advisory. - hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and...

Azure Linux 3.0 Security Update: rpm-ostree (CVE-2021-32714)

The version of rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-32714 advisory. - hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had...

Azure Linux 3.0 Security Update: rpm-ostree (CVE-2021-45707)

The version of rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-45707 advisory. - An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22....

MiracleLinux 9 : rpm-ostree-2024.3-3.el9_4 (AXSA:2024-8423:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8423:04 advisory. rpm-ostree: world-readable /etc/shadow file 9.4.z JIRA:RHEL-31852 CVE-2024-2905 A security vulnerability has been discovered within rpm-ostree, pertaining to...

MiracleLinux 9 : rpm-ostree-2025.5-1.el9 (AXSA:2025-10337:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10337:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...

EUVD-2017-11784

Malware in sbrugna...

EUVD-2025-6496

Malicious code in bioql PyPI...

EUVD-2024-27849

Malicious code in bioql PyPI...

EUVD-2022-43034

Malicious code in bioql PyPI...

AZL-73217 CVE-2025-58160 affecting package rpm-ostree 2024.4-6

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...