skopeo-0.1.40-7.0.1.el7.AXS7
エラータID: AXSA:2020-072:01
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Skopeo doesn't handle HTTP 429 errors properly
* skopeo does not show manifest manifest.list.v2 for special cases
* skopeo inspect results in panic: runtime error: invalid memory address or nil pointer dereference
* skopeo should be linked against gpgme-pthread
* docker won't start because registries service won't start
CVE-2020-8945
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
Update packages.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
N/A
SRPMS
- skopeo-0.1.40-7.0.1.el7.AXS7.src.rpm
MD5: 22e3f79c5609bf8c938aeab13efbf645
SHA-256: fc7e088e246b90a5f667b2df2c24bb3113aa43c5c2b8c5f40044d53ee3be1a1c
Size: 3.68 MB
Asianux Server 7 for x86_64
- containers-common-0.1.40-7.0.1.el7.AXS7.x86_64.rpm
MD5: 9a55f5e86089ff42c6925dda2c7db730
SHA-256: 28129d93338226c06058d208bc4d3243f9990537854c176463d6d8092868869b
Size: 41.36 kB - skopeo-0.1.40-7.0.1.el7.AXS7.x86_64.rpm
MD5: d3a1ecfa25ae34fd8f866d728620d054
SHA-256: fb021c4a35c9807cebbf53e4fad3a240d2728089ddad4a96098b522509c82a1a
Size: 5.78 MB