SUSE-SU-2024:2383-1

Опубликовано: 10 июл. 2024

Источник: suse-cvrf

Описание

Security update for skopeo

This update for skopeo fixes the following issues:

CVE-2024-3727: Added missing image digest verification (bsc#1224123).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

skopeo-0.1.41-150000.4.23.1

SUSE Linux Enterprise Server 15 SP2-LTSS

skopeo-0.1.41-150000.4.23.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

skopeo-0.1.41-150000.4.23.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242383-1/
Link for SUSE-SU-2024:2383-1
https://lists.suse.com/pipermail/sle-security-updates/2024-July/018918.html
E-Mail link for SUSE-SU-2024:2383-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1224123
SUSE Bug 1224123
https://www.suse.com/security/cve/CVE-2024-3727/
SUSE CVE CVE-2024-3727 page

Описание

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:skopeo-0.1.41-150000.4.23.1

SUSE Linux Enterprise Server 15 SP2-LTSS:skopeo-0.1.41-150000.4.23.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2:skopeo-0.1.41-150000.4.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3727.html
CVE-2024-3727
https://bugzilla.suse.com/1224112
SUSE Bug 1224112

SUSE-SU-2024:2383-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

Ссылки

Уязвимость: CVE-2024-3727

Описание

Затронутые продукты

Ссылки