Description:
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
skopeo-tests-1.13.3-3.el9_3.aarch64.rpm |
091689f31da62dfe858a9aa4458b52f91b5faffe8e9ac44b6ddf37dfcb6b3d10 |
| aarch64 |
skopeo-1.13.3-3.el9_3.aarch64.rpm |
7d912a59c8513d73d36bbe08a565c455cc9eedd9c36774bdbd0f6b7098fc1bae |
| ppc64le |
skopeo-tests-1.13.3-3.el9_3.ppc64le.rpm |
3df002a518773cf6dbf28d5b5d7186ef7d7795f59bd03e27021165472319b74b |
| ppc64le |
skopeo-1.13.3-3.el9_3.ppc64le.rpm |
e2374129c431acd88005714e96d97df85cf009eb9401d7a5deae9d5239c412fe |
| s390x |
skopeo-tests-1.13.3-3.el9_3.s390x.rpm |
40f439741f357957f1fde35deaf4914fbb87ea994963b978177ead40be4e797d |
| s390x |
skopeo-1.13.3-3.el9_3.s390x.rpm |
a8d4d1b803e3d37b3194585ec118385721f25e500adda6b088e4312abd5ba172 |
| x86_64 |
skopeo-1.13.3-3.el9_3.x86_64.rpm |
08e9b10967f7f505b9e15541bff9b17aa64a314b452f860e95d9451d94706449 |
| x86_64 |
skopeo-tests-1.13.3-3.el9_3.x86_64.rpm |
65172c7d0d2747143e1128e8a5098f451a6d0c2292532e64ebed66a315b9ff6e |
