[Apollo] Advisories Statistics light light Login

RLSA-2024:2549

Security Mirrored from RHSA-2024:2549
Issued at: 2024-05-10
Updated at: 2024-05-10

Synopsis

Moderate: skopeo security and bug fix update



Description

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

Bug Fix(es):

* TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhel-9] - Rocky Linux 9.4 0day (JIRA:Rocky Linux-28235)

* skopeo: jose-go: improper handling of highly compressed data [rhel-9] (JIRA:Rocky Linux-28736)



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2268046

CVEs

CVE-2024-24786 CVE-2024-28180

Affected packages

Rocky Linux 9 aarch64 - AppStream

skopeo-2:1.14.3-2.el9_4.aarch64.rpm skopeo-2:1.14.3-2.el9_4.src.rpm skopeo-debuginfo-2:1.14.3-2.el9_4.aarch64.rpm skopeo-debugsource-2:1.14.3-2.el9_4.aarch64.rpm skopeo-tests-2:1.14.3-2.el9_4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

skopeo-2:1.14.3-2.el9_4.ppc64le.rpm skopeo-2:1.14.3-2.el9_4.src.rpm skopeo-debuginfo-2:1.14.3-2.el9_4.ppc64le.rpm skopeo-debugsource-2:1.14.3-2.el9_4.ppc64le.rpm skopeo-tests-2:1.14.3-2.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

skopeo-2:1.14.3-2.el9_4.s390x.rpm skopeo-2:1.14.3-2.el9_4.src.rpm skopeo-debuginfo-2:1.14.3-2.el9_4.s390x.rpm skopeo-debugsource-2:1.14.3-2.el9_4.s390x.rpm skopeo-tests-2:1.14.3-2.el9_4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

skopeo-2:1.14.3-2.el9_4.src.rpm skopeo-2:1.14.3-2.el9_4.x86_64.rpm skopeo-debuginfo-2:1.14.3-2.el9_4.x86_64.rpm skopeo-debugsource-2:1.14.3-2.el9_4.x86_64.rpm skopeo-tests-2:1.14.3-2.el9_4.x86_64.rpm