image-builder-31-2.el9_7

エラータID: AXSA:2026-149:01

Release date: 
Friday, February 6, 2026 - 19:23
Subject: 
image-builder-31-2.el9_7
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood.

Security Fix(es):

* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

Solution: 

Update packages.

CVEs: 
CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Additional Info: 

N/A

Download: 

SRPMS
  1. image-builder-31-2.el9_7.src.rpm
    MD5: 3b427daeb103496e13da24c29d278161
    SHA-256: cab963b6b085fae6943a04f266a7499b7cd25ccc465b2da111f8587af1ef6f72
    Size: 12.01 MB

Asianux Server 9 for x86_64
  1. image-builder-31-2.el9_7.x86_64.rpm
    MD5: 648d76eb413d2c671d9e0c29b8fcc3b7
    SHA-256: e1f9e415ac9117d291c9de17642c0e64af62c822700c668705c76f3d5f020939
    Size: 13.86 MB