skopeo-1.20.0-2.el9_7
エラータID: AXSA:2025-11601:05
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Update packages.
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
N/A
SRPMS
- skopeo-1.20.0-2.el9_7.src.rpm
MD5: 03065511e9ac7e62176845b7ddea94ca
SHA-256: a521b69b00e54f4827f3b8ef5464eae8d5c1a756ff94b577e51544353a628316
Size: 9.86 MB
Asianux Server 9 for x86_64
- skopeo-1.20.0-2.el9_7.x86_64.rpm
MD5: fbb244ab5dbff36ce5972073c345fee0
SHA-256: 7d64b8f80749277ffc182cee4a4c3b1555f2ff3bef0c29917a07b15287c17959
Size: 8.26 MB - skopeo-tests-1.20.0-2.el9_7.x86_64.rpm
MD5: b6894de86e77ed25a984f6d206eee90b
SHA-256: 201682693b0848bc9578e34927809fba514a52343b0764eac427e4cc2a013862
Size: 767.40 kB