skopeo-1.16.1-2.el9_5
エラータID: AXSA:2024-9497:07
Release date:
Wednesday, December 25, 2024 - 14:55
Subject:
skopeo-1.16.1-2.el9_5
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Solution:
Update packages.
CVEs:
CVE-2024-34156
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Additional Info:
N/A
Download:
SRPMS
- skopeo-1.16.1-2.el9_5.src.rpm
MD5: 4815abf7e078f36241e0adfd74337101
SHA-256: cc9284600fe2a390e71699273831403763e109cb1351733adc90e847f0949d98
Size: 9.91 MB
Asianux Server 9 for x86_64
- skopeo-1.16.1-2.el9_5.x86_64.rpm
MD5: 2d8832f3d2051cabe6df5d62b451d906
SHA-256: d456844d1bf6a2e8a8f24defebaadd660e580a61b47df2486b961fdbea94e7a9
Size: 8.78 MB - skopeo-tests-1.16.1-2.el9_5.x86_64.rpm
MD5: 34babf9198c3bdb64cf428ced9dcefaf
SHA-256: d2cb8875752679e4e790425e867ecda28f4ab6bd2c66e874b845f0f37d3d2e9b
Size: 764.55 kB
日本語