RLSA-2024:2549
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2024:2549.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2024:2549
- Related
- Published
- 2024-05-10T14:32:42.380544Z
- Modified
- 2024-05-10T14:34:29.658353Z
- Summary
- Moderate: skopeo security and bug fix update
- Details
-
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
- golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
Bug Fix(es):
TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhel-9] - Rocky Linux 9.4 0day (JIRA:Rocky Linux-28235)
skopeo: jose-go: improper handling of highly compressed data [rhel-9] (JIRA:Rocky Linux-28736)
- References
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:9 / skopeo
Package
- Name
- skopeo
- Purl
- pkg:rpm/rocky-linux/skopeo?distro=rocky-linux-9&epoch=2