skopeo-1.9.2-1.el9
エラータID: AXSA:2023-5066:01
リリース日:
2023/02/13 Monday - 04:10
題名:
skopeo-1.9.2-1.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- containers/storage には、コンテナイメージ実行時にそれぞれのレイヤ
が tar によってアンパックされる際に、レイヤーの 1 つが有効な tar
アーカイブでない場合、コードがtar の解凍されたストリームを無期限に
待機するという予期しないエラーが発生する問題があり、攻撃者が巧妙に
細工された悪意のあるイメージを利用して、サービス拒否につながる
デッドロックを引き起こす脆弱性があります。(CVE-2021-20291)
- Go には math/big.Rat の SetStringメソッド、または UnmarshalText
メソッドへ大きな指数を指定するとパニックが発生する脆弱性があります。
(CVE-2021-33198)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
CVE-2021-33198
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
追加情報:
N/A
ダウンロード:
SRPMS
- skopeo-1.9.2-1.el9.src.rpm
MD5: 437cb111694272183bd5d44abe8abb80
SHA-256: 6bc9b34fb7d9f412f00a404b483e1b65f7305c920b6fdaffce11f46552a104fc
Size: 6.37 MB
Asianux Server 9 for x86_64
- skopeo-1.9.2-1.el9.x86_64.rpm
MD5: bb567eb0e2497ce5f32aaca3db52d6ae
SHA-256: 06656e227f9633063d5bdd05e7e02de373b5f03df23dc3ecef45c45653f11013
Size: 6.65 MB - skopeo-tests-1.9.2-1.el9.x86_64.rpm
MD5: e3aa654a93c0dd0e5f2437fef7b2e1ba
SHA-256: 92377ab878a0b99749627cef38bb35c2a1992ff8331a5a1c1cbc29fe5e8d751a
Size: 767.88 kB
English