rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additional packages, providing a "best of both worlds" approach.
Security Fix(es):
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.(CVE-2024-12224)
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.(CVE-2025-3416)
{
"severity": "High"
}{
"src": [
"rpm-ostree-2024.4-7.oe2403sp1.src.rpm"
],
"aarch64": [
"rpm-ostree-2024.4-7.oe2403sp1.aarch64.rpm",
"rpm-ostree-debuginfo-2024.4-7.oe2403sp1.aarch64.rpm",
"rpm-ostree-debugsource-2024.4-7.oe2403sp1.aarch64.rpm",
"rpm-ostree-devel-2024.4-7.oe2403sp1.aarch64.rpm",
"rpm-ostree-libs-2024.4-7.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"rpm-ostree-2024.4-7.oe2403sp1.x86_64.rpm",
"rpm-ostree-debuginfo-2024.4-7.oe2403sp1.x86_64.rpm",
"rpm-ostree-debugsource-2024.4-7.oe2403sp1.x86_64.rpm",
"rpm-ostree-devel-2024.4-7.oe2403sp1.x86_64.rpm",
"rpm-ostree-libs-2024.4-7.oe2403sp1.x86_64.rpm"
]
}