skopeo-0.1.40-12.0.1.el7.AXS7
エラータID: AXSA:2020-902:03
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-14040
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
Update packages.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
N/A
SRPMS
- skopeo-0.1.40-12.0.1.el7.AXS7.src.rpm
MD5: 588c6a90b23ef2644da76188276a8c1b
SHA-256: 7b747a1fd8146dc9e31a29e43bbb047518753681aaa348e03867f7944f999146
Size: 3.97 MB
Asianux Server 7 for x86_64
- containers-common-0.1.40-12.0.1.el7.AXS7.x86_64.rpm
MD5: 3e309cbefac1c93664c55e9becfa6d41
SHA-256: bdff0e1ea734ac32014bd80b02468075ad287203709e866e80eaeec3a3fdb144
Size: 42.84 kB - skopeo-0.1.40-12.0.1.el7.AXS7.x86_64.rpm
MD5: 19263b3882b3f1ccf97eb903378561d0
SHA-256: b868c5ab0dd2a8794b640713358c87eaf728b64bb02b605d135016ab5e510035
Size: 5.79 MB