Описание
Security update for skopeo
This update for skopeo fixes the following issues:
Security issues fixed:
- CVE-2019-10214: Fixed missing enforcement of TLS connections (bsc#1144065).
Список пакетов
Container suse/sles/15.3/cdi-importer:1.37.1
skopeo-0.1.32-4.8.1
Container suse/sles/15.4/cdi-importer:1.43.0
skopeo-0.1.32-4.8.1
Container suse/sles/15.5/cdi-importer:1.55.0
skopeo-0.1.32-4.8.1
SUSE Linux Enterprise Module for Server Applications 15
skopeo-0.1.32-4.8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1
skopeo-0.1.32-4.8.1
Ссылки
- Link for SUSE-SU-2019:2340-1
- E-Mail link for SUSE-SU-2019:2340-1
- SUSE Security Ratings
- SUSE Bug 1144065
- SUSE CVE CVE-2019-10214 page
Описание
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.
Затронутые продукты
Container suse/sles/15.3/cdi-importer:1.37.1:skopeo-0.1.32-4.8.1
Container suse/sles/15.4/cdi-importer:1.43.0:skopeo-0.1.32-4.8.1
Container suse/sles/15.5/cdi-importer:1.55.0:skopeo-0.1.32-4.8.1
SUSE Linux Enterprise Module for Server Applications 15 SP1:skopeo-0.1.32-4.8.1
Ссылки
- CVE-2019-10214
- SUSE Bug 1144065