Skip to main content
Services
How We Work
Technology
Results
Resources
Company
Log in
Get Assessment
Vulnerability Intelligence
ELSA-2026-3753
ELSA-2026-3753
UNKNOWN
ELSA-2026-3753: osbuild-composer security update (IMPORTANT)
Published Mar 5, 2026
Modified 1 months ago
Fix available
Details
[149-4.0.1]
Add missing dependency over dracut-config-rescue for image-installer [ORABUG: 38587453]
Switch to UEKR8 repositories for OL9.6 [Orabug: 37962207]
Add support to create OpenScap images [JIRA: OLDIS-35301]
Simplify repository names [JIRA: OLDIS-35893]
Refactor patches to fix some naming and set a correct kernel for Oracle Linux [Orabug: 37253643]
Support using OCI variables inside built images [JIRA: OLDIS-35302]
Support using repository definitons with OCI variables [JIRA: OLDIS-38657]
Update repositories to contain OCI variables
Remove image types Minimal-raw and wsl [JIRA: OLDIS-38123]
Increase default /boot size to 1GB [Orabug: 36827079]
Add support for OCI hybrid images [JIRA: OLDIS-33593]
enable aarch64 OCI image builds [JIRA: OLDIS-33593]
support for building OL8/9 images on Oracle Linux 9 [Orabug: 36400619]
[149-4]
Rebuilt to fix:
CVE-2025-61726
CVE-2025-61728
CVE-2025-61729
CVE-2025-68121
RHEL-146868
RHEL-147086
RHEL-147371
RHEL-149626
Affected Packages
osbuild-composer
OracleLinux 9
Fixed in:
0:149-4.0.1.el9_7
osbuild-composer-core
OracleLinux 9
Fixed in:
0:149-4.0.1.el9_7
osbuild-composer-worker
OracleLinux 9
Fixed in:
0:149-4.0.1.el9_7
Related
CVE-2025-61726
CVE-2025-61728
CVE-2025-61729
CVE-2025-68121
Ecosystems
OracleLinux 9
Timeline
Published
Mar 5, 2026
Modified
Mar 5, 2026
ELSA-2026-3753 | Mondoo Vulnerability Intelligence