[ALSA-2024:8111] Important: skopeo security update
Type:
security
Severity:
important
Release date:
2024-10-15
Description:
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 skopeo-1.14.5-2.el9_4.aarch64.rpm bfd9e5929bb5a0f313f8e4ef23ff538d5454ceffed8221cfc606626dae0efbf1
aarch64 skopeo-tests-1.14.5-2.el9_4.aarch64.rpm c41236252805bcd701ac6f6932ec1cc2ee4468bb2d950d54752cb6a5ec68fcac
ppc64le skopeo-1.14.5-2.el9_4.ppc64le.rpm 0befd6f28c7bc926b9c9823dcb088644b3760105b915fa2115a0657c6b7ea102
ppc64le skopeo-tests-1.14.5-2.el9_4.ppc64le.rpm 248e5a96a359d01ba5c39d474df68b44c8664e6a145049bddeade53728627797
s390x skopeo-1.14.5-2.el9_4.s390x.rpm 38068598312b01d9dc316035ed250864414cd6107f72414e60b851701013409f
s390x skopeo-tests-1.14.5-2.el9_4.s390x.rpm d1d01bdc10e9ca1f8f563a652fd41bffab5a11b234da156b0b46cd1346a1f1a7
x86_64 skopeo-tests-1.14.5-2.el9_4.x86_64.rpm 161fee5013b25978fa1bd3d495514d3d2a5b3b74df3ae9b138e9dc9938d8e8a9
x86_64 skopeo-1.14.5-2.el9_4.x86_64.rpm c1979218f9ee995f60c8e7fb72a6f42416509e53e45562e140a32ccfb12e7878
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.