skopeo-1.14.5-1.el9_4

エラータID: AXSA:2024-8757:04

Release date: 
Wednesday, September 4, 2024 - 16:40
Subject: 
skopeo-1.14.5-1.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

Solution: 

Update packages.

CVEs: 
CVE-2024-24783
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
Additional Info: 

N/A

Download: 

SRPMS
  1. skopeo-1.14.5-1.el9_4.src.rpm
    MD5: f064cd01ad3d9ebabd49906360fc1c31
    SHA-256: 0912932fed9a2b3becafcdda3f6c70c49bc95e046f88440351edbe268ac97e25
    Size: 9.98 MB

Asianux Server 9 for x86_64
  1. skopeo-1.14.5-1.el9_4.x86_64.rpm
    MD5: 33c36c60e8f9f2e015674599ac1f032f
    SHA-256: 78775df82feaf51bdc226fd5533e7894cc3764cc039b21ffc5fcb2997848d8d0
    Size: 8.54 MB
  2. skopeo-tests-1.14.5-1.el9_4.x86_64.rpm
    MD5: 3aaaa9905a7e2fd5bac12a6d5dd28c8c
    SHA-256: 9d3af468787efb02b82586c7963cdc32e55b259917e60b69fef74b4b9fbee836
    Size: 764.91 kB