Описание
ELSA-2020-1230: skopeo security and bug fix update (MODERATE)
[1:0.1.40-7]
- fix 'CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull'
- Resolves: #1806944
[1:0.1.40-6]
- resurrect s390x arch as kernel there now has the renameat2 syscall (#1773504)
[1:0.1.40-5]
- Fix thread safety of gpgme (#1792243)
[1:0.1.40-4]
- temporary disable s390x arch due to #1773504 causing fuse-overlayfs failing to build - skopeo/contaners-common requires it
[1:0.1.40-3]
- increment version to avoid dist tag clash with RHAOS
[1:0.1.40-2]
- change the search order of registries and remove quay.io (#1784265)
[1:0.1.40-1]
- update to v0.1.40
- Related: RHELPLAN-26239
[1:0.1.37-4]
- Fix CVE-2019-10214.
Обновленные пакеты
Oracle Linux 7
containers-common
0.1.40-7.el7_8
skopeo
0.1.40-7.el7_8
Связанные CVE
Связанные уязвимости
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...
