skopeo-1.13.3-4.el9_3

エラータID: AXSA:2024-7582:01

Release date: 
Friday, March 8, 2024 - 14:23
Subject: 
skopeo-1.13.3-4.el9_3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-39326
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. skopeo-1.13.3-4.el9_3.src.rpm
    MD5: 28a2e1cf55fc38a351254252af808322
    SHA-256: 9c17f44fbd3e8f4703e3bb617c82810e8e15caa44a9bc96c6172d217854451f3
    Size: 7.47 MB

Asianux Server 9 for x86_64
  1. skopeo-1.13.3-4.el9_3.x86_64.rpm
    MD5: c768ef49f1180dd2b622e35f242bfc6a
    SHA-256: 62bb963fac8fe50c3e131f2091ce20f2d67f60466eb67a5d98ef4e43193ce0c2
    Size: 7.89 MB
  2. skopeo-tests-1.13.3-4.el9_3.x86_64.rpm
    MD5: b7547a5601ea85e7bc6e2e4daacaf655
    SHA-256: 296c078bbc4d11d0c7eda1f4825dfe4b95ad25fc7d8bb8df7c65628551496a3f
    Size: 764.50 kB