[RHSA-2024:2549] skopeo security and bug fix update

Severity Moderate

Affected Packages 8

CVEs 2

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

Bug Fix(es):

TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhel-9] - RHEL 9.4 0day (JIRA:RHEL-28235)
skopeo: jose-go: improper handling of highly compressed data rhel-9

Package	Affected Version
pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo-tests?arch=x86_64&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo-tests?arch=s390x&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo-tests?arch=ppc64le&distro=redhat-9.4	< 1.14.3-2.el9_4
pkg:rpm/redhat/skopeo-tests?arch=aarch64&distro=redhat-9.4	< 1.14.3-2.el9_4

ID

RHSA-2024:2549

Severity

moderate

URL

https://access.redhat.com/errata/RHSA-2024:2549

Published

2024-04-30T00:00:00
(4 months ago)

Modified

2024-04-30T00:00:00
(4 months ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	2268046	https://bugzilla.redhat.com/2268046
Bugzilla	2268854	https://bugzilla.redhat.com/2268854
RHSA	RHSA-2024:2549	https://access.redhat.com/errata/RHSA-2024:2549
CVE	CVE-2024-24786	https://access.redhat.com/security/cve/CVE-2024-24786
CVE	CVE-2024-28180	https://access.redhat.com/security/cve/CVE-2024-28180

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/skopeo?arch=x86_64&distro=redhat-9.4	redhat	skopeo	< 1.14.3-2.el9_4	redhat-9.4	x86_64
Affected	pkg:rpm/redhat/skopeo?arch=s390x&distro=redhat-9.4	redhat	skopeo	< 1.14.3-2.el9_4	redhat-9.4	s390x
Affected	pkg:rpm/redhat/skopeo?arch=ppc64le&distro=redhat-9.4	redhat	skopeo	< 1.14.3-2.el9_4	redhat-9.4	ppc64le
Affected	pkg:rpm/redhat/skopeo?arch=aarch64&distro=redhat-9.4	redhat	skopeo	< 1.14.3-2.el9_4	redhat-9.4	aarch64
Affected	pkg:rpm/redhat/skopeo-tests?arch=x86_64&distro=redhat-9.4	redhat	skopeo-tests	< 1.14.3-2.el9_4	redhat-9.4	x86_64
Affected	pkg:rpm/redhat/skopeo-tests?arch=s390x&distro=redhat-9.4	redhat	skopeo-tests	< 1.14.3-2.el9_4	redhat-9.4	s390x
Affected	pkg:rpm/redhat/skopeo-tests?arch=ppc64le&distro=redhat-9.4	redhat	skopeo-tests	< 1.14.3-2.el9_4	redhat-9.4	ppc64le
Affected	pkg:rpm/redhat/skopeo-tests?arch=aarch64&distro=redhat-9.4	redhat	skopeo-tests	< 1.14.3-2.el9_4	redhat-9.4	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date