You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa skopeo

Sigurnosni nedostatak programskog paketa skopeo

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: skopeo security update
Advisory ID: RHSA-2020:5054-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5054
Issue date: 2020-11-10
CVE Names: CVE-2020-14040
=====================================================================

1. Summary:

An update for skopeo is now available for Red Hat Enterprise Linux 7
Extras.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras – ppc64le, s390x, x86_64

3. Description:

The skopeo command lets you inspect images from container image registries,
get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1853652 – CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
skopeo-0.1.40-12.el7_9.src.rpm

ppc64le:
containers-common-0.1.40-12.el7_9.ppc64le.rpm
skopeo-0.1.40-12.el7_9.ppc64le.rpm
skopeo-debuginfo-0.1.40-12.el7_9.ppc64le.rpm

s390x:
containers-common-0.1.40-12.el7_9.s390x.rpm
skopeo-0.1.40-12.el7_9.s390x.rpm
skopeo-debuginfo-0.1.40-12.el7_9.s390x.rpm

x86_64:
containers-common-0.1.40-12.el7_9.x86_64.rpm
skopeo-0.1.40-12.el7_9.x86_64.rpm
skopeo-debuginfo-0.1.40-12.el7_9.x86_64.rpm

Red Hat Enterprise Linux 7 Extras:

Source:
skopeo-0.1.40-12.el7_9.src.rpm

x86_64:
containers-common-0.1.40-12.el7_9.x86_64.rpm
skopeo-0.1.40-12.el7_9.x86_64.rpm
skopeo-debuginfo-0.1.40-12.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX6qb/9zjgjWX9erEAQiEkQ/+M9nZ4ZCek9EPK9I++Hq89ffTkpxQJd1o
9CArfwmK/lePUOVZAJ0DFmwgh8VHxU14JN1kvvQ9OJ2GAZcB9EzAqLcO0ivzBhCb
eYrE2mQx0mQo0HOrU25ThZxsogkEy+3gKFrupXmf/aOPbRjoxz30bnUnsNAQMyR6
5rkVjxJKn5gyloa9xPKLVCG6lkFl7RROa2Si0hu3V7rZq2i/7X2sC/t0Vp8kcyQy
Of65c/0cV3gJsIyPXu7GIwz9c3PeowTXShD3PBIL+m0oXK5ZxjDpqp1e0Gm5pA8Z
Ihr+6CCmWgIl0YmOm1DqKT9dYQNo24tZxRcCWEWTC2xaXwajGlefE+tGKnDRd8IH
pnniNBiQpaxN07ZvR+Ym7L8eFkwlMKng/104DlQ26RhefgvBCYXh1FAM9j26Jwg6
T8McoJ7Kn0xcVHZHZH3chlOqxFw/jLtUKn5ldTzuTM9QEaHMu19n9Rzurz0JXNA9
5AyE5oI+lHk0KfyaoXCxsqZIAMpreGhsDpm8GCpoCAzfNDIypmTAjXtbCDBpHIaZ
Kp5LLHvnnfV0j4hlVWngHVv7+z49FohLHAa1v3JNEinlpKc/6lRWMbaikUdX85V9
kI8C0pxRol59ffHNPVVMH7kUQYVITtplbQH/LyndCUJ9CL36Aq0W36VWj6dDhpdx
VG+vLjbKoVw=
=cgym
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

AutorDona Seruga
Cert idNCERT-REF-2020-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostataci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostataci jezgre operacijskog sustava RHEL. Otkriveni nedostataci potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija, zaobilaženje sigurnosnih ograničenja ili...

Close