ALSA-2026:28074

[ALSA-2026:28074] Important: skopeo security update

Type:

security

Severity:

important

Release date:

2026-06-23

Description:

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.   

Security Fix(es):  

  * crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
  * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
  * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	skopeo-tests-1.22.2-6.el9_8.aarch64.rpm	a08c511c8208ae48ff147fc99252cb84249fb42a94e2434785a91e5f29d0bcac
aarch64	skopeo-1.22.2-6.el9_8.aarch64.rpm	eee08f9bc9ebd8f220db8752d50e1da5987a0f964a5a6a17a5f0bb0590e97a49
ppc64le	skopeo-1.22.2-6.el9_8.ppc64le.rpm	104915dffc9da3c810053d70ad7e004193e13c29606921e4945d88eab0980c51
ppc64le	skopeo-tests-1.22.2-6.el9_8.ppc64le.rpm	334d40444844a052a055cb39e49f7298a1117897dfa2418e370850512ca60bb9
s390x	skopeo-tests-1.22.2-6.el9_8.s390x.rpm	5a62b5df66f9072307a9bec92ca01c94415230882336e6c752cdab473f725246
s390x	skopeo-1.22.2-6.el9_8.s390x.rpm	cae3a02a5763fcc100a7777f23d3a2e51fb788ca08b6573e3efa8d20975cb16a
x86_64	skopeo-1.22.2-6.el9_8.x86_64.rpm	6342707579525e40c2f7234326333f230d6193ac1c2435b74eec4f26d924f108
x86_64	skopeo-tests-1.22.2-6.el9_8.x86_64.rpm	a6fb22c4c1550a2314504bdc9d92dc689e8c22520089e6fea9428c42ed3e9f57

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.