Описание
ELSA-2020-2681: skopeo security and bug fix update (LOW)
[1:0.1.40-11.0.1]
- Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483]
- Add oracle registry into the conf file [Orabug: 29845934]
- Fix oracle registry login issues [Orabug: 29937192]
- Removed upstream references [Orabug: 31175132]
[1:0.1.40-11]
- synchronize reistries.conf accross all RHELs
- Related: #1810052
[1:0.1.40-10]
- fix 'CVE-2020-1702 skopeo: containers/image: Container images read entire image manifest into memory'
- Resolves: #1810613
[1:0.1.40-9]
- Resolves: #1812505 - revert registries.conf change
[1:0.1.40-8]
- modify registries.conf default configuration to be more secure by default
- Resolves: #1810052
[1:0.1.40-7]
- fix 'CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull'
- Resolves: #1806944
[1:0.1.40-6]
- resurrect s390x arch as kernel there now has the renameat2 syscall (#1773504)
[1:0.1.40-5]
- Fix thread safety of gpgme (#1792243)
[1:0.1.40-4]
- temporary disable s390x arch due to #1773504 causing fuse-overlayfs failing to build - skopeo/contaners-common requires it
[1:0.1.40-3]
- increment version to avoid dist tag clash with RHAOS
[1:0.1.40-2]
- change the search order of registries and remove quay.io (#1784265)
[1:0.1.40-1]
- update to v0.1.40
- Related: RHELPLAN-26239
[1:0.1.37-4]
- Fix CVE-2019-10214.
Обновленные пакеты
Oracle Linux 7
containers-common
0.1.40-11.0.1.el7_8
skopeo
0.1.40-11.0.1.el7_8
Связанные CVE
Связанные уязвимости
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
Уязвимость пакета podman операционной системы Red Hat Enterprise Linux и корпоративной платформы Red Hat OpenShift Container Platform, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Moderate: container-tools:rhel8 security, bug fix, and enhancement update