[ALSA-2024:2549] Moderate: skopeo security and bug fix update
Type:
security
Severity:
moderate
Release date:
2024-05-07
Description:
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786) Bug Fix(es): * TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [almalinux-9] - AlmaLinux 9.4 0day (JIRA:AlmaLinux-28235) * skopeo: jose-go: improper handling of highly compressed data [almalinux-9] (JIRA:AlmaLinux-28736)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 skopeo-1.14.3-2.el9_4.aarch64.rpm 1e01575315c39716c99a6c16618e726de60100c58f9c3914f13f101f11562ffe
aarch64 skopeo-tests-1.14.3-2.el9_4.aarch64.rpm 98c1e4c47165f609611d618c4a437cf84c83d4e370df63f116cbdfbbdba0f19f
ppc64le skopeo-1.14.3-2.el9_4.ppc64le.rpm 3f7865fd7536a843cc42fb8657a1b2d8941a4d023aaf9660b1fbc8f978b7f0b3
ppc64le skopeo-tests-1.14.3-2.el9_4.ppc64le.rpm e758bf5584e728915459e8cb1fe63db3d3faa336d80ccc02cfe0a4d3567a428a
s390x skopeo-tests-1.14.3-2.el9_4.s390x.rpm 337a9c0a5b3833120b8416e9f59593a895387a2b47ebc567564e98f0f77377c0
s390x skopeo-1.14.3-2.el9_4.s390x.rpm e95a30993a7de472be93715ef4c0aeb14d0a91f7972e3d09ca759f5cc8d6c23f
x86_64 skopeo-1.14.3-2.el9_4.x86_64.rpm 54d444395c81cb51cb3ebdb5985bd4fd3b5689743128132634515c496491aba8
x86_64 skopeo-tests-1.14.3-2.el9_4.x86_64.rpm b6dcc87c2216ed72ec89846a93993cf29d4559ec0a976b3e63b8b8da524c06b7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.