skopeo-0.1.40-12.0.1.el7.AXS7

エラータID: AXSA:2020-902:03

Release date: 
Friday, November 13, 2020 - 05:37
Subject: 
skopeo-0.1.40-12.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-14040
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. skopeo-0.1.40-12.0.1.el7.AXS7.src.rpm
    MD5: 588c6a90b23ef2644da76188276a8c1b
    SHA-256: 7b747a1fd8146dc9e31a29e43bbb047518753681aaa348e03867f7944f999146
    Size: 3.97 MB

Asianux Server 7 for x86_64
  1. containers-common-0.1.40-12.0.1.el7.AXS7.x86_64.rpm
    MD5: 3e309cbefac1c93664c55e9becfa6d41
    SHA-256: bdff0e1ea734ac32014bd80b02468075ad287203709e866e80eaeec3a3fdb144
    Size: 42.84 kB
  2. skopeo-0.1.40-12.0.1.el7.AXS7.x86_64.rpm
    MD5: 19263b3882b3f1ccf97eb903378561d0
    SHA-256: b868c5ab0dd2a8794b640713358c87eaf728b64bb02b605d135016ab5e510035
    Size: 5.79 MB