what you don't know can hurt you

Red Hat Security Advisory 2020-2681-01

Red Hat Security Advisory 2020-2681-01
Posted Jun 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2681-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. An issue was addressed where container images read the entire image manifest into memory.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-1702
MD5 | fe7ad823990ac643011a522b9d1e9c27

Red Hat Security Advisory 2020-2681-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: skopeo security and bug fix update
Advisory ID: RHSA-2020:2681-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2681
Issue date: 2020-06-23
CVE Names: CVE-2020-1702
====================================================================
1. Summary:

An update for skopeo is now available for Red Hat Enterprise Linux 7
Extras.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux 7 Extras - ppc64le, s390x, x86_64

3. Description:

The skopeo command lets you inspect images from container image registries,
get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* containers/image: Container images read entire image manifest into memory
(CVE-2020-1702)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Proposed registries.conf for RHEL 7.8 (BZ#1810052)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1792796 - CVE-2020-1702 containers/image: Container images read entire image manifest into memory
1810052 - Proposed registries.conf for RHEL 7.8

6. Package List:

Red Hat Enterprise Linux 7 Extras:

Source:
skopeo-0.1.40-11.el7_8.src.rpm

ppc64le:
containers-common-0.1.40-11.el7_8.ppc64le.rpm
skopeo-0.1.40-11.el7_8.ppc64le.rpm
skopeo-debuginfo-0.1.40-11.el7_8.ppc64le.rpm

s390x:
containers-common-0.1.40-11.el7_8.s390x.rpm
skopeo-0.1.40-11.el7_8.s390x.rpm
skopeo-debuginfo-0.1.40-11.el7_8.s390x.rpm

x86_64:
containers-common-0.1.40-11.el7_8.x86_64.rpm
skopeo-0.1.40-11.el7_8.x86_64.rpm
skopeo-debuginfo-0.1.40-11.el7_8.x86_64.rpm

Red Hat Enterprise Linux 7 Extras:

Source:
skopeo-0.1.40-11.el7_8.src.rpm

x86_64:
containers-common-0.1.40-11.el7_8.x86_64.rpm
skopeo-0.1.40-11.el7_8.x86_64.rpm
skopeo-debuginfo-0.1.40-11.el7_8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-1702
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXvIR1tzjgjWX9erEAQjhTA//TFpUaaCKw87NDy6MGseasmqrgVBlctX+
sxJVJlwFQhtQQKmHn3gbzHlBipgU8mnPauLg02PCiH7e1J37SPwfSbeUZYSqfm1a
T8L+UuOt4Bry3sTISmOTRj1xSGSpaPajcb1UkITMZMuM9z6EQYSCiUqMbuA8Hll5
Jl4mI0QHyr6MIiQrac1e8fm2cYKi2u3VyyS3MFO7hoFZfVP+cs9sSUmeGs3RroCX
YX28Q/3wjmR3Z13g3qsFL9gfoGP6MX3V3VaH2tlHL8J/9PlzVgy9o4AzN2+50uuC
g90Lh2k1jCyFLwP5VcBonP8qnGaT9fKQuNiLrTBn5r2txK5Cdcth0FmpgS8cvN0R
LFFG5WmteOJjgyTyHt0udEOySSw2GX70iQ2HaTIahspcUXl/l/Jrd5HyRcL5dz61
r73P0fcJ/N2J87WyO14kBJE+2YdsBLPEi+xbAuuHL9Hqxtl1fESvhiY1UqpKOe1S
AtMKeonbuPIZXAE6UzPmUkaqvMKEwvmN1Ggve53GATyctt6nGaPQDrnQOeioXQEv
qwnqrQkAmBFB7z37RIlxirHrfRWKjt97dRu4naJRI1T6gCAxOLawM7EnomOPJPE/
q5KFO4Ylyii62sn1VuIslpwXbsOTfvr61/iRhO39Js7CeXQKdJGUsKFVeiGLUfwh
lX/1S1jlZ1Q=3ns5
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    17 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close